Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,133 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

9133 Commits

Author SHA1 Message Date
Josh Cummings 18d04f2551
Fix Getting Started Link 
Closes gh-6502
 2021-06-08 13:49:14 -06:00
Josh Cummings b9e1901f19
Format PayloadInterceptorRSocket 
Issue gh-9345
 2021-06-04 12:56:37 -06:00
Josh Cummings 5666246187
PayloadInterceptorRSocket retains all payloads 
Flux#skip discards its corresponding elements, meaning that they
aren't intended for reuse. When using RSocket's ByteBufPayloads,
this means that the bytes are releaseed back into RSocket's pool.

Since the downstream request may still need the skipped payload,
we should construct the publisher in a different way so as to
avoid the preemptive release.

Deferring Spring JavaFormat to clarify what changed.

Closes gh-9345
 2021-06-04 12:55:33 -06:00
Steve Riesenberg 5243b1b8a8 URL encode client credentials 
Closes gh-9610
 2021-06-03 09:29:25 -05:00
Eleftheria Stein 43f3de7de1 Fix Resource Server clock skew default value in docs 
Closes gh-6611
 2021-06-02 12:46:52 +03:00
Josh Cummings 24c3c52254
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 13:58:28 -06:00
Hans Hosea Schaefer 499701e67a
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 13:58:23 -06:00
Marcus Hert da Coregio 4d18d06d9c Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 13:51:52 -03:00
Steve Riesenberg 9d0db200eb Handle encoded spaces in the root dn 
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.

Closes gh-9742
 2021-05-26 11:26:24 -05:00
Steve Riesenberg 589eccc547 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 15:08:05 -05:00
Rob Winch f3436f25fb Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 14:01:04 -04:00
Craig Andrews e447a35cf2 HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 14:00:53 -04:00
Rob Winch 4a2f493be0 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:30:41 -05:00
kevin ec46ce08c9
Release ByteBuf 
Closes gh-9661
 2021-04-26 13:22:06 -06:00
Josh Cummings 2c625f30e0
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:28:25 -06:00
Joe Grandja 6725b1324a WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 09:09:42 -04:00
Craig Andrews b97e93a486
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:37:48 -06:00
Rob Winch 26788a7309 Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 17:49:33 -05:00
Denis Washington 67d5520194 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 05:36:57 -04:00
Joe Grandja c381503f7b Next Development Version 2021-04-12 13:47:56 -04:00
Joe Grandja 8850ccb1c6 Revert "Lock Dependencies" 
This reverts commit 924ceac681.
 2021-04-12 13:47:04 -04:00
Joe Grandja 321e6a8742 Release 5.4.6 2021-04-12 13:36:39 -04:00
Joe Grandja 924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
Joe Grandja 951cb844dd Update to Spring Boot 2.4.4 2021-04-12 13:36:28 -04:00
佚名 9570d0cada
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:47:11 -06:00
Eleftheria Stein e7ee70384d Consider Order on SecurityFilterChain bean definitions 
Closes gh-9154
 2021-03-24 11:08:49 +02:00
Josh Cummings d192b3eb91
Next Development Version 2021-02-17 16:00:33 -07:00
Josh Cummings 71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264.
 2021-02-17 15:59:48 -07:00
Josh Cummings 45bca751c7
Release 5.4.5 2021-02-17 14:59:57 -07:00
Josh Cummings 8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Andy Wilkinson 7db6c9189e Downgrade to Nimbus JOSE JWT 8.+ 2021-02-12 10:56:35 +00:00
Josh Cummings f6a2850753
Next Development Version 2021-02-11 18:38:25 -07:00
Josh Cummings cf032d86d6
Revert "Lock Dependencies" 
This reverts commit 9535a41d5a.
 2021-02-11 18:38:07 -07:00
Josh Cummings abc523c063
Release 5.4.4 2021-02-11 18:00:01 -07:00
Josh Cummings 9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Rob Winch 4b6b417d5a
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 17:39:49 -07:00
Rob Winch c72a6fac04
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 17:39:48 -07:00
Josh Cummings 357446ba9d
Next Development Version 2021-02-11 17:35:08 -07:00
Josh Cummings f449da8b78
Revert "Lock Dependencies" 
This reverts commit d17ebf53f9.
 2021-02-11 17:28:01 -07:00
Josh Cummings 9fbcfd9513
Release 5.4.3 2021-02-11 16:56:28 -07:00
Josh Cummings d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings c241f643ad
Update to GAE 1.9.86 
Closes gh-9448
 2021-02-11 16:56:21 -07:00
Josh Cummings d4461dc856
Update to Spring Boot 2.4.2 
Closes gh-9447
 2021-02-11 16:56:12 -07:00
Josh Cummings ad0ad06705
Update to Kotlin 1.4.30 
Closes gh-9446
 2021-02-11 16:55:59 -07:00
Josh Cummings db76882f75
Fix Test Configuration 
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable

Closes gh-9421
 2021-02-10 11:34:43 -07:00
kavi87 27e6743fd6
Update saml2-login.adoc 
Fix example on registering custom marshaller for saml request
 2021-02-04 10:10:04 -07:00
Josh Cummings e79141a188
Downgrade nimbus-jose-jwt to 8.+ 
Closes gh-9399
 2021-02-03 13:18:18 -07:00
Josh Cummings da7141eb5b
Polish Tests 
Issue gh-9331
 2021-02-03 09:13:38 -07:00
happier233 e30d78086a
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:13:28 -07:00
Mayur Patel fc24c7991c Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-01 17:26:56 -05:00