2079309c5a
Add SecurityContextHolderStrategy XML Configuration for OAuth2
...
Issue gh-11061
2022-10-05 23:50:59 -06:00
7543effe89
Add SecurityContextHolderStrategy Java Configuration for OAuth2
...
Issue gh-11061
2022-10-05 23:50:58 -06:00
7e3841105b
Add SecurityContextHolderStrategy XML Configuration for Saml2
...
Issue gh-11061
2022-10-05 23:50:57 -06:00
19181a5afd
Add SecurityContextHolderStrategy Java Configuration for Saml2
...
Issue gh-11061
2022-10-05 23:50:56 -06:00
e90a11b1c0
Add SecurityContextHolderStrategy to Saml2
...
Issue gh-11060
2022-10-05 23:50:55 -06:00
14584b0562
Add SecurityContextHolderStrategy to OAuth2
...
Issue gh-11060
2022-10-05 23:50:54 -06:00
72a46ddd31
Merge remote-tracking branch 'origin/5.8.x'
2022-10-05 22:48:33 -06:00
b4d13e7726
Polish use-authorization-manager
...
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together
Issue gh-11305
2022-10-05 22:21:09 -06:00
7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests
...
Issue gh-11665
2022-10-05 22:18:41 -06:00
f16d47c7b5
Polish DefaultHttpSecurityExpressionHandler
...
Issue gh-11105
2022-10-05 21:47:14 -06:00
eeb28e4f91
Merge remote-tracking branch 'origin/5.8.x'
2022-10-05 21:45:26 -06:00
4ddec07d0e
Add default AuthorizationManager
...
Closes gh-11963
2022-10-05 21:37:41 -06:00
ee9449dbfe
Fix tests for deferred CSRF tokens
...
Issue gh-4001
2022-10-05 16:10:36 -05:00
521cdfd738
Use correct servlet imports
...
Issue gh-4001
2022-10-05 16:10:35 -05:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
6bbf20be93
Fix failing tests
...
Issue gh-11952
2022-10-05 14:19:40 -05:00
22cbd2c42e
Merge branch '5.8.x'
...
Closes gh-11957
2022-10-05 14:00:13 -05:00
a5cc1f0b60
Merge branch '5.7.x' into 5.8.x
...
Closes gh-11956
2022-10-05 13:58:44 -05:00
37dd896d4b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-11955
2022-10-05 13:57:25 -05:00
e0843aabb1
automatically manage docs version (with collector)
2022-10-05 13:56:22 -05:00
19fb7e5499
Merge branch '5.8.x'
...
Merged using the ours strategy.
2022-10-05 13:48:35 -05:00
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
a7000a053b
Merge branch '5.8.x'
2022-10-05 13:46:26 -05:00
1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl
...
Closes gh-11952
2022-10-05 13:35:23 -05:00
c2ed65c67a
Fix failing tests
...
Issue gh-9159
2022-10-05 14:59:33 -03:00
22ba358e57
Merge branch '5.8.x'
2022-10-05 13:44:54 -03:00
bf6e85ec15
Accept String varargs in securityMatcher
...
Issue gh-9159
2022-10-05 13:44:08 -03:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
76d7a85bc0
Use modified classpath test support for tests that depend on the classpath
...
Issue gh-11347
2022-10-04 15:32:19 -03:00
77dcc691b3
Add modified classpath test support
...
Closes gh-11951
2022-10-04 15:32:18 -03:00
5002199be3
Revert "Disable tests that need Spring MVC mocked in classpath"
...
This reverts commit c6978fba7c
2022-10-04 15:32:18 -03:00
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
a10b0f526f
Merge branch 'main'
2022-10-04 12:01:57 -05:00
60181e22d3
Upgrade com.unboundid:unboundid-ldapsdk to 6.0.6
...
Closes gh-10210
2022-10-04 13:39:42 -03:00
3bc76815c2
Update csrf.request-handler-ref in 6.0
...
Issue gh-11918
2022-10-04 11:24:54 -05:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
c6978fba7c
Disable tests that need Spring MVC mocked in classpath
...
Issue gh-11347
2022-10-04 08:56:06 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
c847efd3fd
Fix servlet import
...
Issue gh-11347
Issue gh-9159
2022-10-03 15:10:56 -05:00
c98de7af2f
Add xss-protection.header-value in 6.0
...
Issue gh-9631
2022-10-03 14:31:04 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
ea777a3d7b
Merge branch '5.8.x'
...
Merged using the ours strategy.
2022-10-03 10:05:57 -05:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
d9a682a414
Polish gh-11896
2022-10-03 10:00:43 -05:00
bf9339d88e
Merge branch '5.8.x'
2022-10-03 09:57:40 -05:00
Josh Cummings
Steve Riesenberg
Rob Winch
Dan Allen
Marcus Da Coregio
Daniel Garnier-Moiroux