Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 06:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,892 Commits 33 Branches 337 Tags
Commit Graph

793 Commits

Author SHA1 Message Date
Eric Deandrea
26f53a20b3 Add CsrfServerLogoutHandler 
Create a CsrfServerLogoutHandler which invalidates the current CsrfToken

Fixes gh-4840
 2018-05-11 04:16:48 -05:00
Eric Deandrea
21750242cf Add HttpStatusReturningServerLogoutSuccessHandler 
An HttpStatusReturningServerLogoutSuccessHandler is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusReturningLogoutSuccessHandler.

Fixes gh-5081
 2018-05-11 04:03:21 -05:00
Eric Deandrea
bc9f8ec430 Add HttpStatusServerEntryPoint 
An HttpStatusServerEntryPoint is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusEntryPoint.

Fixes gh-5082
 2018-05-11 04:00:49 -05:00
Artyom Emelyanenko
902fc0f657 Fixed confused word in the class javadoc 2018-05-07 16:54:40 -05:00
Eric Deandrea
b3c5bfe4db CookieServerCsrfTokenRepository fails when cookie is null/empty 
The CookieServerCsrfTokenRepository fails with an IllegalArgumentException
 when a cookie is present but the value is null or empty.

Fixes gh-5315
 2018-05-07 16:16:51 -05:00
Rob Winch
3ba15a16bf Polish CookieServerCsrfTokenRepository 
- Only do work if subscribed to
- use test naming conventions
- Refactor tests to avoid extracting
  - Uses String for member names which are not type safe
  - Uses long argument list which makes assertions difficult to read

Issue: gh-5083
 2018-05-04 16:54:48 -05:00
Rob Winch
37b1136c0c Remove CookieServerCsrfTokenRepository builder methods 
This is inconsistent with the rest of the code base.

Issue: gh-5083
 2018-05-04 16:54:48 -05:00
Eric Deandrea
1eaecc12ec Add CookieServerCsrfTokenRepository 
A cookie implementation of ServerCsrfTokenRepository (like CookieCsrfTokenRepository)
is missing. In this implementation it would be nice to allow the setting of the domain as well.

Fixes: gh-5083
 2018-05-04 16:54:48 -05:00
Alexander Münch
0570cebbce Avoid unnecessary grow of ArrayList 
Adapted ArrayList size in CacheControlHeadersWriter::createHeaders()
 2018-05-04 14:23:31 -05:00
XYUU
3740d33e64 The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
XYUU
23dd136efb The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
Rob Winch
9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch
afdefe7b13 Fixes: gh-5190 2018-04-16 17:52:27 -05:00
Rob Winch
8fbec3f0f1 Polish NegatedServerWebExchangeMatcher 
Issue: gh-5170
 2018-03-29 21:17:40 -05:00
Tao Qian
d83b67e4cb Add NegatedServerWebExchangeMatcher 
Fixes: gh-5170
 2018-03-29 21:16:11 -05:00
Rob Winch
fb7394c1de Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:57 -05:00
Mark Hobson
3c07d99b0a Close quoted expected path in log when matching 2018-03-27 11:14:14 -05:00
Johnny Lim
d20ed9f5c9 Fix @since for StrictHttpFirewall 2018-03-27 11:01:26 -05:00
Christoph Dreis
d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch
b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch
7e6ed52603 CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-2325
 2018-03-19 16:51:22 -05:00
Rob Winch
d21338d212 Support errorOnInvalidType for Reactive AuthenticationPrincipal 
Fixes: gh-5096
 2018-03-09 12:05:55 -06:00
Rob Winch
a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Rob Winch
949c7d68b8 Fix StrictHttpFirewall rules 
Fixes: gh-5044
 2018-03-08 21:30:23 -06:00
Rob Winch
055a2ca917 Polish Javadoc HttpStatusServerAccessDeniedHandler 2018-03-07 12:35:25 -06:00
Rob Winch
9f23212e43 HttpStatusServerAccessDeniedHandler use injected HttpStatus 
Fixes: gh-5078
 2018-03-07 12:35:25 -06:00
Rob Winch
8d75554b6b Lazily Create Throwables 
Fixes: gh-5040
 2018-02-26 16:24:40 -06:00
Rob Winch
0fc67f765a Polish StrictHttpFirewall Javadoc 
Also cleanup DefaultHttpFirewall Javadoc

Issue: gh-5008
 2018-02-15 17:18:28 -06:00
Rob Winch
fcf967687b Add FilterSecurityInterceptor once per request test 
Issue: gh-4997
 2018-02-08 17:11:37 -06:00
json20080301
40a1281c66 FilterSecurityInterceptor once per request set attr 
Only set the attribute if once per request is true
 2018-02-08 17:10:45 -06:00
Rob Winch
ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch
66298dcf5d Clean ReactorContextWebFilterTests imports 
Issue: gh-4962
 2018-02-08 16:15:29 -06:00
Rob Winch
141e3f581f ReactorContextWebFilter preserves main Context 
Previously ReactorContextWebFilter overrode
the main Context.

Fixes: gh-4962
 2018-02-08 14:58:08 -06:00
Rob Winch
c399987450 Polish StrictHttpFirewall Javadoc 
Fixes: gh-5008
 2018-02-08 14:08:54 -06:00
Rob Winch
ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch
8b7f772761 Update to Jackson 2.9.4 
Fixes: gh-4985
 2018-02-01 13:45:06 -06:00
Rob Winch
0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Rob Winch
6a0833165a AuthorizationWebFilter handles null Authentication 
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
 2018-01-22 15:16:58 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Eddú Meléndez
c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Rob Winch
70be0f3619 Mono<CsrfToken> saveToken->Mono<Void> 
Issue: gh-4856
 2017-11-20 16:30:29 -06:00
Rob Winch
d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00