Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,601 Commits 34 Branches 337 Tags
Commit Graph

1576 Commits

Author SHA1 Message Date
Rob Winch
0bf985ed7c AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:51:12 -05:00
Rob Winch
415a674edc AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:34:21 -05:00
Rob Winch
6510274854 Request Cache supports matchingRequestParameterName 
Closes gh-7157 gh-11453
 2022-07-01 16:51:49 -05:00
Rob Winch
28c0d1459c Request Cache supports matchingRequestParameterName 2022-07-01 16:35:06 -05:00
Josh Cummings
d18ff25b95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:33:06 -06:00
Josh Cummings
05b788d1ac
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:33:05 -06:00
Josh Cummings
5357cb8c95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:32:20 -06:00
Josh Cummings
03a5c3b08a
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:32:05 -06:00
Josh Cummings
a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings
27de315e5e
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:46:52 -06:00
Josh Cummings
5086409dcf
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:56 -06:00
Josh Cummings
135e602472
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:29 -06:00
Josh Cummings
44d99f41a3
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:35:39 -06:00
Josh Cummings
e1c211c11f
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:34:04 -06:00
Josh Cummings
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings
98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:04:37 -06:00
Josh Cummings
944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings
4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:08:57 -06:00
Josh Cummings
b316a3217b
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:35:54 -06:00
Josh Cummings
ee66850aed
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings
f3d99f557b
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:28:37 -06:00
Josh Cummings
0fee05d023
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:26:42 -06:00
Josh Cummings
a7b58c2299
Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:17:44 -06:00
Josh Cummings
772f29e063
Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:00:24 -06:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Alonso Araya Calvo
7841827169
Adds the ability to set the CSRF Token cookie max age value 
Closes gh-11432
 2022-06-24 16:42:32 -06:00
Alonso Araya Calvo
1ac1271972 Adds the ability to set the CSRF Token cookie max age value 
Closes gh-11432
 2022-06-24 16:42:05 -06:00
Rob Winch
d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00
Rob Winch
b6d43e58c0 SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 16:59:09 -05:00
Rob Winch
d4a03dc2b1 Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 15:28:57 -05:00
Rob Winch
29db051f7a Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:35 -05:00
Rob Winch
591d1edc7d Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:01 -05:00
Josh Cummings
a31a99b591
Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:58:36 -06:00
Josh Cummings
31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
j3graham
29ba67b6d7 Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:50:01 -06:00
j3graham
f3c96fa9cd Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:49:39 -06:00
Zhivko Delchev
e97c5a533b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:35 -05:00
Zhivko Delchev
d882bfcf2b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:14 -05:00
Zhivko Delchev
cf69cdf008 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:46:28 -05:00
Zhivko Delchev
1483a57018 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
 2022-06-06 15:45:55 -05:00
Josh Cummings
57fe5b8b5c
Fix Import Order Checkstyle Error 
Issue gh-9667
 2022-05-23 15:55:21 -06:00
Evgeniy Cheban
5540bbcf0b
createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:36:17 -06:00
Evgeniy Cheban
362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch
5b0dab5d3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:54:16 -05:00
Rob Winch
7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Rob Winch
66d1cd592a StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:04:46 -05:00
Rob Winch
077c9e0b3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 08:56:57 -05:00
Rob Winch
e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch
5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch
e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00