Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,442 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

11442 Commits

Author SHA1 Message Date
aSemy e7880b1815
Javadoc typo 'sue' -> 'use' 2022-09-12 10:43:03 -05:00
Dan Allen d22ee32c7d reconfigure branch for local builds and as scheduler for docs workflows 
- set up placeholder and trigger for Deploy Docs workflow in docs-build branch
- set up placeholder and trigger for Rebuild Search Index workflow in docs-build branch
- remove obsolete Deploy Reference workflow
- upgrade Antora to 3.1
- reconfigure docs build for local build only
- add patch to support using linked worktree as Antora content source
- remove Antora extensions only needed for the production docs build
 2022-09-09 12:57:00 -05:00
Rob Winch 929b334588 Merge branch '5.8.x' 2022-09-08 10:16:00 -05:00
Rob Winch 0248421df1 Merge branch '5.8.x' 2022-09-08 10:15:24 -05:00
Rob Winch 5ae492b1c1 Add What's New @WithMockUser Supported as Merged Annotation 2022-09-08 09:49:00 -05:00
mariusz b478e5bc93 gh-6899: @WithMockUser as metaannotation 2022-09-08 09:44:32 -05:00
Rob Winch d996c2a2c6 Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` 
This method is insecure. Users should instead encrypt with their database.

Closes gh-8980
 2022-09-07 13:51:58 -05:00
Steve Riesenberg 088ebe2e00
Default CsrfTokenRequestProcessor.csrfRequestAttributeName = _csrf 
Issue gh-11764
Issue gh-4001
 2022-09-06 12:28:52 -05:00
Steve Riesenberg ed41a60aae
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
#	config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
#	web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
 2022-09-06 11:51:55 -05:00
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing 
Issue gh-4001
Issue gh-11456
 2022-09-06 11:43:33 -05:00
Marcus Da Coregio e17989d92d Merge branch '5.8.x' 2022-09-01 09:39:33 -03:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
Rob Winch 7bf2d3dc4e Update DeferHttpSession Tests 
Closes gh-11764
 2022-08-31 14:40:06 -05:00
Rob Winch 8cb97a090b Default CsrfFilter.csrfRequestAttributeName = _csrf 2022-08-31 14:26:26 -05:00
ch4mpy 7d6552b3f4 gh-11772 2022-08-31 13:33:53 -05:00
Marcus Da Coregio 3de421be3a Remove setAuthenticationManager from HttpSecurityConfiguration 
Closes gh-11776
 2022-08-31 15:14:45 -03:00
Steve Riesenberg f1b79e08cb
Merge branch '5.8.x' 2022-08-30 13:10:51 -05:00
Steve Riesenberg 6b297cc3a3
Polish javadoc in Kotlin DSL 
Issue gh-11646
 2022-08-30 13:10:35 -05:00
Steve Riesenberg 3eac274317
Merge branch '5.8.x' 2022-08-30 12:59:19 -05:00
Steve Riesenberg 5bdbc3f78d
Polish javadoc in Kotlin DSL 
Issue gh-11646
 2022-08-30 12:53:37 -05:00
Steve Riesenberg 2e26e875c8
Remove WebSecurityConfigurerAdapter in Kotlin DSL 
Issue gh-11277
Closes gh-11646
 2022-08-30 12:53:18 -05:00
Marcus Da Coregio 00584327bd Merge branch '5.8.x' 
Closes gh-11769
 2022-08-30 11:01:15 -03:00
Marcus Da Coregio c4a4524f4b Merge branch '5.7.x' into 5.8.x 
Closes gh-11768
 2022-08-30 10:56:34 -03:00
Marcus Da Coregio db95f6d5c5 Merge branch '5.6.x' into 5.7.x 
Closes gh-11767
 2022-08-30 10:54:50 -03:00
Marcus Da Coregio 40abf87ae6 Add buildScan to checkRemote 
Closes gh-11766
 2022-08-30 09:11:08 -03:00
Steve Riesenberg 0aa5850d22
Fix formatting 
Issue gh-11762
 2022-08-29 16:26:30 -05:00
Steve Riesenberg 41ede20712
Add method-security.mode to spring-security-6.0.xsd 2022-08-29 16:05:20 -05:00
Steve Riesenberg 8474acebf2
Merge branch '5.8.x' 2022-08-29 15:12:48 -05:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Rob Winch 2efc8dcd15 Default Require Explicit Save SecurityContext 
Closes gh-11762
 2022-08-29 10:16:04 -05:00
Josh Cummings b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-26 16:01:40 -06:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00
Rob Winch f84f08c4b9 Default HttpSessionRequestCache.matchingRequestParameterName=continue 
Closes gh-11757
 2022-08-26 14:44:55 -05:00
Josh Cummings b28efbc4b8
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 15:44:31 -06:00
Bert Vanwolleghem a5351f3d89
LogoutPageGeneratingWebFilter Uses Context Path 
Closes gh-11716
 2022-08-25 15:36:04 -06:00
Josh Cummings 210693eb6b
Add @Configuration 
Issue gh-6613
Issue gh-9401
 2022-08-25 15:30:48 -06:00
Josh Cummings 84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 14:46:48 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements 
Issue gh-9401
 2022-08-25 14:36:03 -06:00
Josh Cummings e990174c89
Polish ReactiveMethodSecurity Support 
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
 2022-08-25 14:36:03 -06:00
Josh Cummings 6fd23d2567
Add MockMethodInvocation Constructor 
Issue gh-9401
 2022-08-25 14:36:02 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support 
Closes gh-10920
 2022-08-25 14:36:02 -06:00
Evgeniy Cheban cbb4f40f0c ReactiveAuthorizationManager + Reactive Method Security 
Closes gh-9401
 2022-08-25 14:35:04 -06:00
Steve Riesenberg 76c39fa490
Merge branch '5.8.x' 
Closes gh-11750
 2022-08-24 16:47:08 -05:00
Steve Riesenberg 87e5cb07fd
Merge branch '5.8.x' 2022-08-24 16:46:37 -05:00
shinD 4ff0724c87
slight improvement in HttpSessionRequestCache 
Closes gh-11666
 2022-08-24 16:44:23 -05:00
Steve Riesenberg afc087102b
Merge branch '5.7.x' into 5.8.x 2022-08-24 16:42:01 -05:00
Steve Riesenberg 517631eb8c
Merge branch '5.6.x' into 5.7.x 2022-08-24 16:41:16 -05:00
Steve Riesenberg 1c014eb512
Use 6.0.x instead of 3.0.x as default branch 2022-08-24 16:38:27 -05:00