Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,767 Commits 48 Branches 362 Tags
Commit Graph

1770 Commits

Author SHA1 Message Date
Rob Winch
0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Rob Winch
6a0833165a AuthorizationWebFilter handles null Authentication 
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
 2018-01-22 15:16:58 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Eddú Meléndez
c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Rob Winch
70be0f3619 Mono<CsrfToken> saveToken->Mono<Void> 
Issue: gh-4856
 2017-11-20 16:30:29 -06:00
Rob Winch
d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Rob Winch
64ad08e96d ServerRedirectCache.getRequest->getRedirectUri 
Issue: gh-4789
 2017-11-15 15:10:47 -06:00
Rob Winch
1d9b0760d5 ServerRequestCache uses URI 
Issue: gh-4789
 2017-11-15 12:54:05 -06:00
Rob Winch
942b51dba7 Reactive Basic does not create session by default 
Fixes: gh-4825
 2017-11-15 12:50:29 -06:00
Rob Winch
5f79fdd3eb requiresLogoutMatcher naming polish 
Issue: gh-4822
 2017-11-14 16:42:41 -06:00
Rob Winch
c1f94156f9 serverWebExchange->exchange 
Issue: gh-4822
 2017-11-14 16:42:38 -06:00
Rob Winch
11f6e0477c serverLogoutSuccessHandler->logoutSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:36 -06:00
Rob Winch
bf570854b8 serverLogoutHandler->logoutHandler 
Issue: gh-4822
 2017-11-14 16:42:33 -06:00
Rob Winch
1c977ca15f serverRedirectStrategy->redirectStrategy 
Issue: gh-4822
 2017-11-14 16:42:30 -06:00
Rob Winch
2cbdb4ba02 serverCsrfTokenRepository->csrfTokenRepository 
Issue: gh-4822
 2017-11-14 16:42:27 -06:00
Rob Winch
3bfda6cff7 serverAccessDeniedHandler->accessDeniedHandler 
Issue: gh-4822
 2017-11-14 16:42:24 -06:00
Rob Winch
9e82fc0b83 serverAuthenticationEntryPoint->authenticationEntryPoint 
Issue: gh-4822
 2017-11-14 16:42:20 -06:00
Rob Winch
9cf0dc6b38 serverWebExchange->webExchange 
Issue: gh-4822
 2017-11-14 16:42:17 -06:00
Rob Winch
520e0a5a68 serverAuthenticationSuccessHandler->authenticationSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:14 -06:00
Rob Winch
5c83f92ddc serverAuthenticationFailureHandler->authenticationFailureHandler 
Issue: gh-4822
 2017-11-14 16:42:10 -06:00
Rob Winch
692233e431 ServerSecurityContextRepository members to securityContextRepository 
Issue: gh-4822
 2017-11-14 16:42:06 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch
1b70efce2b Add ServerRequestCache 
Fixes: gh-4789
 2017-11-13 15:49:34 -06:00
Rob Winch
8f6491b281 Add RedirectServerAuthenticationFailureHandler 
Fixes gh-4816
 2017-11-13 15:49:20 -06:00
Rob Winch
060d8689fe Make RedirectServer*Tests less specific 
Issue: gh-4816
 2017-11-13 15:49:06 -06:00
Johnny Lim
99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch
676020321e Add reactive CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:36 -06:00
Rob Winch
7622826b69 WebSessionServerCsrfTokenRepository saves on getToken 
Fixes gh-4801
 2017-11-07 22:25:23 -06:00
Rob Winch
776364d403 ServerCsrfTokenRepository.saveToken return Mono<CsrfToken> 
Fixes gh-4800
 2017-11-07 22:24:53 -06:00
Rob Winch
3f18881493 Remove additional attribute name from CsrfWebFilter 
Fixes gh-4799
 2017-11-07 22:24:42 -06:00
Frank Pavageau
35706ad60a Deserialize the principal in a neutral way 
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
 2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b Map values directly from the JSON nodes 
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
 2017-10-30 00:53:31 -05:00
SignleMR
a1fdb7dcb3 Update AbstractRememberMeServices.java 
this file`s file encode is unkown,maybe is "Eddu Melendez"
 2017-10-30 00:50:23 -05:00
Jeremy Waters
832f5c39c1 SEC-3190: Add support for colons in remember-me token values 
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
 2017-10-30 00:33:14 -05:00
Rob Winch
93ac706d86 Polish XFrameOptionsHeaderWriter 
Issue: gh-4559
 2017-10-29 23:32:53 -05:00
Nathan Wong
02a78b17b9 Add check to see if return value is DENY 
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
 2017-10-29 23:32:53 -05:00
Antoine
bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine
0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch
5a5ec58ca4 Add LogoutPageGeneratingWebFilter 
Fixes gh-4735
 2017-10-29 00:12:23 -05:00