spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 21:21:37 +00:00

Author	SHA1	Message	Date
Josh Cummings	229325a0bb	Merge branch '5.8.x' into 6.0.x	2023-03-20 16:22:23 -06:00
Josh Cummings	a74008cc79	Merge branch '5.7.x' into 5.8.x	2023-03-20 16:20:46 -06:00
twosom	3d7e22a4e9	Add test to SimpleUrlAuthenticationSuccessHandlerTests	2023-03-20 16:20:30 -06:00
Josh Cummings	6935045172	Merge branch '5.8.x' into 6.0.x Closes gh-12909	2023-03-20 16:10:35 -06:00
twosom	abd51f7b63	Polished DefaultLoginPageGeneratingFilterTests Validation Closes gh-12694	2023-03-20 15:31:59 -06:00
Marcus Da Coregio	cdc0fa0e5b	Merge branch '5.8.x' into 6.0.x Closes gh-12836	2023-03-07 13:28:31 -03:00
Marcus Da Coregio	2e92dad761	Merge branch '5.7.x' into 5.8.x Closes gh-12835	2023-03-07 13:27:57 -03:00
Marcus Da Coregio	84cca81edf	Use HttpSessionSecurityContextRepository by default in SwitchUserFilter Closes gh-12834	2023-03-07 13:27:18 -03:00
Josh Cummings	8ca726f4fa	Specify query string Issue gh-12665	2023-02-14 08:24:07 -07:00
Josh Cummings	e7d65966fd	Merge branch '5.8.x' into 6.0.x Closes gh-12671	2023-02-14 08:01:31 -07:00
Josh Cummings	0d4c619648	Include continue in query string Closes gh-12665	2023-02-14 08:00:19 -07:00
Steve Riesenberg	1363a4eece	Merge branch '5.8.x' into 6.0.x	2023-01-26 15:44:47 -06:00
Steve Riesenberg	c306df9b46	Add XorCsrfChannelInterceptor Issue gh-12378	2023-01-23 16:00:35 -06:00
Marcus Da Coregio	d1fc789ae2	Merge branch '5.8.x' into 6.0.x Closes gh-12511	2023-01-10 09:42:48 -03:00
Marcus Da Coregio	ae46032ced	Merge branch '5.7.x' into 5.8.x Closes gh-12510	2023-01-10 09:39:40 -03:00
Marcus Da Coregio	ffdb397830	Save the SecurityContext when switching user Closes gh-12504	2023-01-10 09:27:56 -03:00
Josh Cummings	c308e4665a	Polish Event Name Provide a name with no spaces separate from the human-friendly one with spaces. Closes gh-12490	2023-01-06 11:13:11 -07:00
Marcus Da Coregio	898c36287c	Merge branch '5.8.x' into 6.0.x Closes gh-12368	2022-12-12 16:55:14 -03:00
Marcus Da Coregio	99d6d21554	Apply SecurityContextHolderFilter to all dispatcher types Closes gh-11962	2022-12-12 11:45:24 -08:00
Josh Cummings	701f754e37	Cast FilterChainObservationContext Safely Closes gh-12268	2022-11-29 16:24:56 -07:00
Steve Riesenberg	fd547321e8	Default to XorCsrfTokenRequestAttributeHandler As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit makes CsrfAuthenticationStrategy consistent with CsrfFilter. Issue gh-11960 Closes gh-12235	2022-11-18 22:50:26 -06:00
Steve Riesenberg	5da78f44f2	Merge branch '5.8.x'	2022-11-18 14:54:33 -06:00
Steve Riesenberg	2ed7cff643	Check for existing token before clearing Closes gh-12236	2022-11-18 13:12:59 -06:00
Marcus Da Coregio	063f06e7bf	Register FilterChainProxy for all dispatcher types Closes gh-12180	2022-11-16 09:55:21 -03:00
Marcus Da Coregio	3b5d19c8a4	Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1 Closes gh-12146 Closes gh-12148	2022-11-08 08:34:21 -03:00
Steve Riesenberg	36f668dd9c	Merge branch '5.8.x' Closes gh-12142	2022-11-04 18:12:34 -05:00
Steve Riesenberg	6b0ed0205b	Re-generate tokens in CookieCsrfTokenRepository Fixes support for re-generating tokens within a request such as when CsrfAuthenticationStrategy removes a null token and saves an empty cookie value on the response. Closes gh-12141	2022-11-04 18:10:15 -05:00
Steve Riesenberg	801ceb0832	Merge branch '5.8.x'	2022-10-31 08:58:14 -05:00
Steve Riesenberg	66f2f1cde7	Merge branch '5.7.x' into 5.8.x	2022-10-31 08:55:03 -05:00
Steve Riesenberg	2915a70bf7	Merge branch '5.6.x' into 5.7.x	2022-10-28 13:05:48 -05:00
Steve Riesenberg	6530777742	Merge branch '5.5.x' into 5.6.x Closes gh-dry-run	2022-10-28 11:31:50 -05:00
Marcus Da Coregio	1f481aafff	Fix AuthorizationFilter incorrectly extending OncePerRequestFilter Closes gh-12102	2022-10-28 11:29:35 -05:00
Josh Cummings	d651da5ac3	Merge remote-tracking branch 'origin/5.8.x' Closes gh-12077	2022-10-24 16:54:03 -06:00
Josh Cummings	dd30694979	Merge remote-tracking branch 'origin/5.7.x' into 5.8.x Closes gh-12076	2022-10-24 16:46:08 -06:00
David Becker	2b426872a3	Use InetSocketAddress#getHostString Sometimes InetSocketAddress#getAddress#getHostAddress retuns null. In that case, call InetSocketAddress#getHostString instead. There is no performance loss since IpAddressMatcher#matches attemptsi to re-parse and resolve the address anyway. Closes gh-11888	2022-10-24 16:32:19 -06:00
Steve Riesenberg	8554e70c09	Remove deprecated loadContext(request) Closes gh-12048	2022-10-17 20:13:51 -05:00
Steve Riesenberg	bd43c1f28a	Merge branch '5.8.x' # Conflicts: # web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java # web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java	2022-10-17 19:35:27 -05:00
Steve Riesenberg	acc35aeb18	Add DelegatingSecurityContextRepository Issue gh-12023	2022-10-17 19:33:58 -05:00
Steve Riesenberg	c75ca10900	Add DeferredSecurityContext Issue gh-12023	2022-10-17 19:33:58 -05:00
Josh Cummings	f4cc27c375	Change Default for (Server)AuthenticationEntryPointFailureHandler Closes gh-9429	2022-10-13 20:03:03 -06:00
Josh Cummings	5afc7cb04f	Merge remote-tracking branch 'origin/5.8.x'	2022-10-13 19:48:05 -06:00
Josh Cummings	099aaa33ff	Remove Deprecation Markers Since Spring Security still needs these methods and classes, we should wait on deprecating them if we can. Instead, this commit changes the original classes to have a boolean property that is currently false, but will switch to true in 6.0. At that time, BearerTokenAuthenticationFilter can change to use the handler. Closes gh-11932	2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux	200b7fecd3	Add (Server)AuthenticationEntryPointFailureHandlerAdapter Issue gh-11932, gh-9429 (Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead when an AuthenticationServiceException is thrown, instead of HTTP 401. This commit deprecates the current behavior and introduces an opt-in (Server)AuthenticationEntryPointFailureHandlerAdapter with the expected behavior. BearerTokenAuthenticationFilter uses the new adapter, but with a closure to keep the current behavior re: entrypoint.	2022-10-13 19:25:04 -06:00
Steve Riesenberg	9090f62d9b	Merge branch '5.8.x'	2022-10-13 16:46:53 -05:00
Evgeniy Cheban	56b9badcfe	AnonymousAuthenticationFilter should cache its Supplier<SecurityContext> Closes gh-11900	2022-10-13 16:44:48 -05:00
Joe Grandja	753e113a13	RequestMatcherDelegatingAuthorizationManager defaults to deny Closes gh-11958	2022-10-13 11:12:00 -04:00
Steve Riesenberg	2407d07890	Default to Xor CSRF tokens in CsrfWebFilter Closes gh-11960	2022-10-13 09:39:57 -05:00
Steve Riesenberg	2a2051cd7b	Default to Xor CSRF tokens in CsrfFilter Issue gh-11960	2022-10-13 09:39:55 -05:00
Joe Grandja	6026f9f70f	Merge branch '5.8.x'	2022-10-13 06:31:37 -04:00
Joe Grandja	185991a606	Revert "Add default AuthorizationManager" This reverts commit 4ddec07d0e13c2fe994a8720e22215402d49edd5.	2022-10-13 06:18:00 -04:00

1 2 3 4 5 ...

912 Commits