Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,984 Commits 32 Branches 334 Tags 112 MiB
Commit Graph

1838 Commits

Author SHA1 Message Date
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Rob Winch ba922dcdf0 Exclude javax from hibernate dependency 
Issue gh-10501
 2022-01-19 14:35:25 -06:00
Rob Winch 27e1a2ca69 Remove javax.transaction 
Issue gh-10501
 2022-01-19 14:35:05 -06:00
Rob Winch 9d4ecc9c37 Additional removal of javax.inject 
Issue gh-10501
 2022-01-19 14:34:45 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Rob Winch 3c641dee75 Remove commons-logging 
Closes gh-10499
 2022-01-19 14:33:44 -06:00
Eleftheria Stein a537b636c1 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:11:30 +01:00
Josh Cummings 75f25bff82 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 16:49:38 -07:00
Adam Ostrožlík 4ea57f3e3f Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 16:46:15 -07:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
heowc 1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio 18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Josh Cummings cd8983d4e5 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:14:40 -07:00
James Howe 5598688fa6 Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:06:30 -07:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Marcus Da Coregio ed3b0fbaad Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:47:49 -03:00
Steve Riesenberg df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi 925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg 074e38d565 Add missing since 
Issue gh-7765
 2021-12-02 12:09:57 -06:00
Steve Riesenberg 3af619d565 Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 12:01:11 -06:00
Josh Cummings a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Igor Pelesic a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Guirong Hu 43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
« Christophe 4318a51971 Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:22:35 -06:00
Stephane Nicoll 61ee4e5a76 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:00 -06:00
Onur Kagan Ozcan aa0f788f59 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:18 -06:00
Josh Cummings 7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Josh Cummings 76ebbb84f7 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Marcus Da Coregio 2f1638ec57 Fix javadoc 
Closes gh-10382
 2021-10-22 11:20:37 -03:00
Emil Sierżęga cb70b6a39b Fixed invalid usage of & tag in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Emil Sierżęga 6b26032ce7 Fixed invalid usege of > tag in Javadocs 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Philipp Neuschwander 6db58cbf8a Conditionally resolve bearer token from request parameters 
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
 2021-10-13 17:10:50 -05:00
Gaurav Tiwari 33708e61fb Add postProcess support to Saml2LogoutConfigurer 
Closes gh-10311
 2021-10-13 12:05:48 -06:00
Josh Cummings fbb7691be4 Polish SecurityNamespaceHandler Tests 
Issue gh-8974
 2021-10-13 11:50:14 -06:00
Emil Sierżęga 8daa6ec1fd SecurityNamespaceHandler: update schema version to 5.6 
Closes gh-8974
 2021-10-13 11:49:57 -06:00
Eleftheria Stein ba8844a67e Deprecate Kotlin methods that don't use reified types 
Closes gh-10365
 2021-10-13 10:16:37 +02:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Marcus Da Coregio 7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId 
Closes gh-10176
 2021-10-04 09:54:40 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package 
Moving to solve package tangles

Issue gh-9185
 2021-09-29 14:10:39 -03:00
Rob Winch 3b64cdfc03 Fix XsdDocumentedTests 
Issue gh-5835
 2021-09-24 10:25:26 -05:00
Josh Cummings c3ba2332da Wire BeanResolver into DefaultMethodSecurityExpressionHandler 
Closes gh-10305
 2021-09-22 14:14:29 -06:00
Josh Cummings 7b599d4770 Share JWKSource Instances 
Closes gh-10312
 2021-09-22 13:28:08 -06:00