Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,608 Commits 32 Branches 334 Tags 113 MiB
Commit Graph

992 Commits

Author SHA1 Message Date
Rob Winch 91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Josh Cummings eed71243cb
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 13:41:49 -06:00
Zeeshan Adnan 935c547dde Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 12:57:13 -04:00
Eleftheria Stein 47011eb9e2 Polish transfer session's max inactive interval 
Issue: gh-2693
 2020-03-12 12:11:14 -04:00
Venkata Jaswanth U 02b7d04027 Transfer session's max inactive interval 
Fixes: gh-2693
 2020-03-12 10:11:59 -04:00
Eleftheria Stein b2ea0ba775 Polish SessionIdChangedEvent 
Add AbstractSessionEvent; clean up license headers and Javadocs

Fixes: gh-5438
 2020-03-06 12:04:49 -05:00
Venkata Jaswanth 5fc6414377 SessionRegistryImpl is now aware of SessionIdChangedEvent 2020-03-06 12:04:01 -05:00
Eleftheria Stein ae532c080c Add server request cache that uses cookie 
Fixes: gh-8033
 2020-03-05 15:36:47 -05:00
Eleftheria Stein 38979b1b09 Add test for ServerRequestCacheWebFilter 2020-03-05 14:57:07 -05:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
AmitB 2ce9eef95e Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:14:27 -06:00
Joe Grandja 82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Josh Cummings 5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Josh Cummings bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java 
Issue gh-4939
 2020-02-10 10:38:39 -07:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Peter Keller e62fb755e8 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 15:34:35 +01:00
Onur Kağan Özcan 1f6381d970 Set secure on cookie when logging out 
Mark cookie secure flag to ensure cookie identity is the same
 2020-01-13 11:01:33 +01:00
Rob Winch ffccec953f Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-09 14:24:35 -06:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Onur Kağan Özcan 2015f392ef Set secure when cancelling remember-me cookie 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
 2019-12-20 16:04:31 +01:00
Rob Winch a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:23:56 -06:00
David Herberth 64e063d948 switches web authentication principal resolver to use reactive context 
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
 2019-12-12 15:33:23 +01:00
Rob Winch 8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:32:44 -06:00
Rob Winch 73babc3314 DelegatingServerLogoutHandler Executes Sequentially 
Fixes gh-7723
 2019-12-11 15:39:27 -06:00
Joe Grandja 4d9cee116c Display general error message when WebFlux oauth2Login() fails 
Issue gh-5562 gh-6484
 2019-12-05 16:54:31 -05:00
Filip Hrisafov 796859333f Log full failed authentication exception in BasicAuthenticationFilter 2019-11-27 14:56:24 +01:00
Josh Cummings 5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch 635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Filip Hrisafov b9f122230b Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour 2019-10-23 14:50:57 -04:00
Michel Palourdio d26f40f062 DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path. 2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo 62c7de03c3 Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter 
Moved the existing auth check logic to the matcher.

Issue: gh-5928
 2019-10-22 16:55:54 -04:00
Eleftheria Stein 264daec697 Test context relative URL with multiple schemes 2019-10-16 15:32:02 -04:00
Josh Cummings b764af6b9b
CookieServerCsrfTokenRepositoryTests Leading Dot 
ResponseCookie removed support for having a leading dot in the cookie
domain.

Fixes gh-7500
 2019-09-30 08:39:45 -06:00
Josh Cummings 7949dd492a
Move DelegatingServerAuthenticationSuccessHandlerTests 
Moved from src/test/groovy to src/test/java

Issue gh-5332
 2019-09-27 16:57:43 -06:00
Josh Cummings 5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan 034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Josh Cummings 7576dc44d7
AuthenticationFilter Session Fixation Protection 
Fixes gh-7446
 2019-09-17 08:17:09 -06:00
Josh Cummings 496a2cdc60
Make AuthenticationFilter methods private 
Fixes gh-7447
 2019-09-17 08:06:21 -06:00
Josh Cummings aa12748c9b Add Request-level CSRF Skip 
Fixes gh-7367
 2019-09-13 19:04:05 +01:00
Eleftheria Stein 9f0986a093 Fix javadoc typo for invalid session strategy 2019-09-09 16:51:14 -04:00
Filip Hanik 08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp 
Add SAML Service Provider Support
 2019-09-05 17:04:14 -07:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00
Rob Winch 2a1f3f6aa7 Remove Package Tangle in HeaderWriterFilter 
Fixes gh-7380
 2019-09-05 16:08:45 -05:00
Josh Cummings 39e84013f7
ClearSiteDataHeaderWriter Directives 
Fixes gh-7347
 2019-09-03 15:57:10 -06:00
Eleftheria Stein ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00