Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,706 Commits 34 Branches 337 Tags
Commit Graph

1019 Commits

Author SHA1 Message Date
Joe Grandja
26c6570b10 Revert "Lock Dependencies" 
This reverts commit b3250c06a922f74c8d77589b3c9a5768fe345f8c.
 2021-04-12 14:42:38 -04:00
Joe Grandja
b3250c06a9 Lock Dependencies 2021-04-12 14:19:19 -04:00
佚名
22d7043d01
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:55:30 -06:00
Rob Winch
71f9876c48 Revert "Lock dependencies" 
This reverts commit dca4858d812e2beb1263cac4d85be01416178f3d.
 2021-02-11 13:38:50 -06:00
Rob Winch
dca4858d81 Lock dependencies 2021-02-11 13:00:32 -06:00
Rob Winch
419839d05c Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 13:00:31 -06:00
Rob Winch
38e9e8ca52 Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 13:00:31 -06:00
Rob Winch
ec8f6014d4 Revert "Lock dependencies" 
This reverts commit fa5f789bebe26da0e9b49dde0b0563755b43a25d.
 2021-02-11 09:51:54 -06:00
Rob Winch
fa5f789beb Lock dependencies 2021-02-11 08:53:40 -06:00
Josh Cummings
10946e8153
Polish Tests 
Issue gh-9331
 2021-02-03 09:30:27 -07:00
happier233
3cb98ebed0
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:24:22 -07:00
Rob Winch
e6d6b39767 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:17:25 -06:00
Rob Winch
b08075a721 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:30:12 -06:00
Josh Cummings
7c2010f507
Revert "Lock Dependencies for 5.3.6" 
This reverts commit a153012056d4678109a0085ae43b1b146d203fa6.
 2020-12-02 19:32:03 -07:00
Josh Cummings
a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
Josh Cummings
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE" 
This reverts commit 846a5a962c1bb9de82e8ddbbc995ce4c83830f6e.
 2020-10-07 16:39:28 -06:00
Josh Cummings
846a5a962c
Lock Dependencies for 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Tomoki Tsubaki
e44471331b
Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 09:01:45 -06:00
Eleftheria Stein
d8bef76a0f Unlock dependencies 
This reverts commit b619d298aa9f0477311397e261aae217c239d5d9.
 2020-08-05 18:18:02 +02:00
Eleftheria Stein
b619d298aa Lock Dependencies for 5.3.4.RELEASE 2020-08-05 12:33:31 +02:00
Rob Winch
070706d948 LoginPageGeneratingWebFilter honors context path 
Closes gh-8807
 2020-07-07 13:36:35 -05:00
Joe Grandja
38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Josh Cummings
bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE" 
This reverts commit 116bfe01e6de3bf7cfa06a94f20373f6345b89f0.
 2020-06-03 16:11:59 -06:00
Josh Cummings
116bfe01e6
Lock Dependencies for 5.3.3.RELEASE 2020-06-03 13:14:07 -06:00
Eleftheria Stein
2ebbb6f80a Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 15:38:53 -04:00
cbornet
b6efd5ba76 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:05:50 -05:00
Artyom Tarynin
9e665388d2 Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-13 17:07:45 -04:00
Rob Winch
06a02ed4bb Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:28:40 -05:00
Joe Grandja
413dfc8679 Unlock dependencies 
This reverts commit a61145f74c1b39dc3bc0620da3988daa9a02bb85.
 2020-05-06 15:29:45 -04:00
Joe Grandja
a61145f74c Lock dependencies for 5.3.2.RELEASE 2020-05-06 15:06:08 -04:00
Rob Winch
566c25aa10 Fix example in javadoc of FilterChainProxy 
Closes gh-8344
 2020-04-08 09:12:56 -05:00
Joe Grandja
a78872f268 Unlock dependencies for 5.3.1.RELEASE 
This reverts commit 88c02684bb54effb483d460031f5007610851f80.
 2020-03-31 17:53:13 -04:00
Joe Grandja
88c02684bb Lock dependencies for 5.3.1.RELEASE 2020-03-31 17:28:36 -04:00
Rob Winch
0e6e2b2a21 Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 20:50:12 -05:00
Josh Cummings
034c23d46c
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 14:25:28 -06:00
Zeeshan Adnan
dfa78804a8 Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 16:05:14 -04:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7e449e1e8347f9a0b3959c7abf095dc.
 2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
AmitB
2ce9eef95e Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:14:27 -06:00
Joe Grandja
82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Josh Cummings
5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Josh Cummings
bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java 
Issue gh-4939
 2020-02-10 10:38:39 -07:00
Eleftheria Stein
84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef077cf23028d64b61b1452be0ec9eb1.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein
064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings
cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Peter Keller
e62fb755e8 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 15:34:35 +01:00
Onur Kağan Özcan
1f6381d970 Set secure on cookie when logging out 
Mark cookie secure flag to ensure cookie identity is the same
 2020-01-13 11:01:33 +01:00
Rob Winch
ffccec953f Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-09 14:24:35 -06:00
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f11e2811b7d4241b26f712674978f3f7.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00