Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-05 12:59:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,520 Commits 36 Branches 337 Tags
Commit Graph

1394 Commits

Author SHA1 Message Date
j3graham
f3c96fa9cd Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:49:39 -06:00
Zhivko Delchev
cf69cdf008 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:46:28 -05:00
Zhivko Delchev
1483a57018 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
 2022-06-06 15:45:55 -05:00
Josh Cummings
57fe5b8b5c
Fix Import Order Checkstyle Error 
Issue gh-9667
 2022-05-23 15:55:21 -06:00
Evgeniy Cheban
5540bbcf0b
createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:36:17 -06:00
Evgeniy Cheban
362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch
5b0dab5d3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:54:16 -05:00
Rob Winch
7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Rob Winch
472c25b5e8 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch
0df5ece758 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch
538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch
04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Josh Cummings
0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Josh Cummings
ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban
07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Rob Winch
f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio
000b87f9aa Revert "Use Spring Framework version 6.0.0-M3" 
This reverts commit b803e845e75da8e8927182dd5cb392bb592d51b6.
 2022-05-11 08:36:14 -03:00
Marcus Da Coregio
806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio
b803e845e7 Use Spring Framework version 6.0.0-M3 
Closes gh-11193
 2022-05-10 14:49:02 -03:00
Marcus Da Coregio
ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth
57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Marcus Da Coregio
195d767d98 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:43:34 -03:00
David Herberth
0e2fc51bad Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:43:34 -03:00
Rob Winch
768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch
3c259b4be5 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:08:51 -05:00
Rob Winch
dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch
1ef738ba34 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:15:22 -05:00
Rob Winch
9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Rob Winch
aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio
5367524030 Change the default of shouldFilterAllDispatchTypes to true 
Closes gh-11107
 2022-04-14 16:30:42 -03:00
Marcus Da Coregio
84b5c76a7b Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 16:10:36 -03:00
Marcus Da Coregio
7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Rob Winch
3a9b080bbe Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:36:08 -05:00
Rob Winch
0c2b9758fc Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:35:38 -05:00
Marcus Da Coregio
50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Marcus Da Coregio
bc50146f60 Fix tests in AntPathRequestMatcherTests 
Closes gh-11090
 2022-04-11 09:19:56 -03:00
Rob Winch
39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Rob Winch
7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Eleftheria Stein
c4e88415a5 Remove MessageSourceAware from ExceptionTranslationWebFilter 
Closes gh-11057
 2022-04-05 16:13:41 +02:00
Eleftheria Stein
ae8e77f9ff Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 14:05:56 +02:00
Eleftheria Stein
725a57fccc Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 13:12:17 +02:00
Josh Cummings
1edfa07d27
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:40:06 -06:00
Josh Cummings
c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings
bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Parikshit Dutta
990831db85
Add authorization events 
Closes gh-9288
 2022-03-29 16:22:43 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta
bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Marcus Da Coregio
8c34af711e Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:01:51 -03:00
Marcus Da Coregio
6c52c52a68 Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 09:45:23 -03:00