Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,690 Commits 32 Branches 333 Tags 112 MiB
Commit Graph

2212 Commits

Author SHA1 Message Date
Josh Cummings abe68abfe4
Merge remote-tracking branch 'origin/5.8.x' 2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler 
Closes gh-11363
 2022-10-26 16:44:23 -06:00
Rob Winch 9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository 
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
 2022-10-20 10:57:47 -05:00
Rob Winch a4858d9eaa Add SpringTestContext.addFilter 
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.

Closes gh-12071
 2022-10-20 10:54:24 -05:00
Steve Riesenberg 33b492df54
Default to DelegatingSecurityContextRepository 
Closes gh-12023
Closes gh-12049
 2022-10-17 20:04:43 -05:00
Steve Riesenberg bd43c1f28a
Merge branch '5.8.x' 
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
 2022-10-17 19:35:27 -05:00
Steve Riesenberg c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Steve Riesenberg 819529f5ea
Remove CsrfSpec.tokenFromMultipartDataEnabled 
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled

Closes gh-12020
 2022-10-13 11:29:15 -05:00
Joe Grandja 753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny 
Closes gh-11958
 2022-10-13 11:12:00 -04:00
Steve Riesenberg 2407d07890
Default to Xor CSRF tokens in CsrfWebFilter 
Closes gh-11960
 2022-10-13 09:39:57 -05:00
Steve Riesenberg 2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter 
Issue gh-11960
 2022-10-13 09:39:55 -05:00
Josh Cummings 2713075d08
Mark Observations with Firewall Failures 
Closes gh-11994
 2022-10-12 20:32:24 -06:00
Josh Cummings 46ab84684b
Mark Observations with CSRF Failures 
Closes gh-11993
 2022-10-12 20:32:23 -06:00
Josh Cummings 99a87179dd
Instrument Filter Chain 
Closes gh-11911
 2022-10-12 20:32:22 -06:00
Josh Cummings 8c610684f3
Instrument Authentication and Authorization 
Closes gh-11989
Closes gh-11990
 2022-10-12 20:32:21 -06:00
Steve Riesenberg 7c872cf7fd
Merge branch '5.8.x' 2022-10-12 15:02:40 -05:00
Steve Riesenberg 440748ec65
Add test support for Xor CSRF tokens 
Issue gh-4001
 2022-10-12 15:02:15 -05:00
Daniel Garnier-Moiroux 27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg dcda899c8c
Merge branch '5.8.x' 2022-10-07 17:40:37 -05:00
Steve Riesenberg 37fa49b32d
Polish gh-11952 2022-10-07 17:40:12 -05:00
Steve Riesenberg 6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg f4ca90e719
Add reactive interfaces for CSRF request handling 
Issue gh-11959
 2022-10-07 16:34:16 -05:00
Marcus Da Coregio 398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration 
Closes gh-11939
 2022-10-07 15:26:46 -03:00
Marcus Da Coregio 9fd195d419 Default to shouldFilterAllDispatcherTypes=true in XML 
Closes gh-11970
 2022-10-07 11:46:20 -03:00
Marcus Da Coregio 146d3269bc Merge branch '5.8.x' 
Closes gh-11971
 2022-10-07 10:28:14 -03:00
Marcus Da Coregio f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Marcus Da Coregio f650ebe545 Merge branch '5.8.x' 2022-10-06 13:50:50 -03:00
Marcus Da Coregio 8a5aed2983 Add deprecation warning to CsrfDsl#ignoringAntMatchers 
Issue gh-11347
 2022-10-06 13:50:38 -03:00
Marcus Da Coregio d6302aabbc Merge branch '5.8.x' 2022-10-06 13:21:52 -03:00
Marcus Da Coregio bc4ad52feb Add deprecation warning to mvcMatchers methods 
Issue gh-11347
 2022-10-06 13:21:27 -03:00
Josh Cummings 12b9f2e196
use-authorization-manager defaults to true 
Closes gh-11929
 2022-10-06 08:12:46 -06:00
Marcus Da Coregio 52ab2303da Fix failing test 
Issue gh-11061
 2022-10-06 09:28:06 -03:00
Marcus Da Coregio c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present 
Closes gh-11899
 2022-10-06 09:12:04 -03:00
Josh Cummings 12ac7acb2c
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 23:53:40 -06:00
Josh Cummings 2079309c5a
Add SecurityContextHolderStrategy XML Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:59 -06:00
Josh Cummings 7543effe89
Add SecurityContextHolderStrategy Java Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:58 -06:00
Josh Cummings 7e3841105b
Add SecurityContextHolderStrategy XML Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:57 -06:00
Josh Cummings 19181a5afd
Add SecurityContextHolderStrategy Java Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:56 -06:00
Josh Cummings 0c0e298aa7
Polish Saml2 XML Use of SecurityContextHolderStrategy 
Issue gh-11061
 2022-10-05 23:38:14 -06:00
Josh Cummings 72a46ddd31
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 22:48:33 -06:00
Josh Cummings b4d13e7726
Polish use-authorization-manager 
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together

Issue gh-11305
 2022-10-05 22:21:09 -06:00
Josh Cummings 7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests 
Issue gh-11665
 2022-10-05 22:18:41 -06:00
Steve Riesenberg 8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg 6bbf20be93
Fix failing tests 
Issue gh-11952
 2022-10-05 14:19:40 -05:00
Steve Riesenberg a7000a053b
Merge branch '5.8.x' 2022-10-05 13:46:26 -05:00
Steve Riesenberg 1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl 
Closes gh-11952
 2022-10-05 13:35:23 -05:00
Marcus Da Coregio c2ed65c67a Fix failing tests 
Issue gh-9159
 2022-10-05 14:59:33 -03:00
Marcus Da Coregio 22ba358e57 Merge branch '5.8.x' 2022-10-05 13:44:54 -03:00