Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,732 Commits 33 Branches 337 Tags
Commit Graph

10732 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
002a770f13 NamespaceLdapAuthenticationProviderTests use Dynamic Port 
Closes gh-11710
 2022-08-15 15:26:12 -05:00
Rob Winch
f33d7253b6 GitHubMilestoneApiTests due_on Uses LocalDate 
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
 2022-08-15 13:04:29 -05:00
Rob Winch
d8ae2c8763 GitHubMilestoneApiTests due_on Uses LocalDate 
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
 2022-08-15 13:03:10 -05:00
Rob Winch
4473c3f7d0 GitHubMilestoneApiTests due_on Uses LocalDate 
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
 2022-08-15 13:01:58 -05:00
github-actions[bot]
1510460a1a Next development version 2022-08-15 16:14:19 +00:00
github-actions[bot]
db74e9d128 Next development version 2022-08-15 16:07:33 +00:00
github-actions[bot]
c188b70c88 Next development version 2022-08-15 16:06:45 +00:00
github-actions[bot]
4559d269e0 Release 5.6.7 5.6.7 2022-08-15 15:25:05 +00:00
github-actions[bot]
173d74d693 Release 5.7.3 5.7.3 2022-08-15 15:24:54 +00:00
github-actions[bot]
063e56ce8b Release 5.8.0-M2 5.8.0-M2 2022-08-15 15:24:27 +00:00
Josh Cummings
66cb3e02d0
Update org.springframework.data to 2021.2.2 
Closes gh-11698
 2022-08-11 14:20:52 -06:00
Josh Cummings
74675ef793
Update org.springframework to 5.3.22 
Closes gh-11697
 2022-08-11 14:20:48 -06:00
Josh Cummings
a92ac82c4b
Update jsonassert to 1.5.1 
Closes gh-11696
 2022-08-11 14:20:45 -06:00
Josh Cummings
db638c2a77
Update org.jetbrains.kotlinx to 1.6.4 
Closes gh-11695
 2022-08-11 14:20:41 -06:00
Josh Cummings
f884527c1b
Update hibernate-entitymanager to 5.6.10.Final 
Closes gh-11694
 2022-08-11 14:20:38 -06:00
Josh Cummings
dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622 
Closes gh-11693
 2022-08-11 14:20:35 -06:00
Josh Cummings
2eeee99d2e
Update io.projectreactor to 2020.0.22 
Closes gh-11691
 2022-08-11 14:20:28 -06:00
Josh Cummings
e8c56420bf
Update mockk to 1.12.5 
Closes gh-11690
 2022-08-11 14:20:24 -06:00
Marcus Da Coregio
627809d2dc Update org.springframework.data to 2021.1.6 
Closes gh-11686
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
4b1d7e9479 Update org.springframework to 5.3.22 
Closes gh-11685
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
d9980a4dfe Update jsonassert to 1.5.1 
Closes gh-11684
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
8eb7e589eb Update hibernate-entitymanager to 5.6.10.Final 
Closes gh-11683
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
0d7dce9d71 Update org.eclipse.jetty to 9.4.48.v20220622 
Closes gh-11682
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
da09788be9 Update io.projectreactor to 2020.0.22 
Closes gh-11680
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio
ead587c597 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:32:42 -03:00
Marcus Da Coregio
6a2ca52aae Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:32:10 -03:00
Marcus Da Coregio
1c4d6ed098 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:30:15 -03:00
Igor Bolic
efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Rob Winch
269c711a64 RequestAttributeSecurityContextRepository never null SecurityContext 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
 2022-08-08 13:52:56 -05:00
Rob Winch
c9f8d2b111 RequestAttributeSecurityContextRepository never null SecurityContext 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
 2022-08-08 13:52:12 -05:00
Josh Cummings
c2d79fcbd6
Add Conditions to Generating AuthnRequest 
Closes gh-11657
 2022-08-03 17:34:31 -06:00
Josh Cummings
aa225943d2
Polish Tests 
Issue gh-11657
 2022-08-03 17:34:26 -06:00
Steve Riesenberg
99f768bab9 Polish HttpSecurity 2022-07-29 17:43:00 -05:00
Steve Riesenberg
984355e637 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:43:00 -05:00
Steve Riesenberg
09173c95d6 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:43:00 -05:00
Steve Riesenberg
07ea139ebf Polish HttpSecurity 2022-07-29 17:42:39 -05:00
Steve Riesenberg
67544f36f9 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:42:39 -05:00
Steve Riesenberg
05725af4d8 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:42:39 -05:00
Steve Riesenberg
02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg
57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg
539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg
37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg
043fdd6f03
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:13:52 -05:00
Steve Riesenberg
3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen
f957e3c051
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:13:51 -05:00
Steve Riesenberg
24033be046
Skip workflows on forks of spring-security 2022-07-28 15:11:09 -05:00
Steve Riesenberg
47a5665767
Use cache and user.name system property on Windows 2022-07-28 15:11:08 -05:00
Steve Riesenberg
aad60cc6af
Only run prerequisites job if on upstream repo 2022-07-28 15:11:07 -05:00
Steve Riesenberg
13e94935ae
Simplify dependency graph 2022-07-28 15:11:06 -05:00
Steve Riesenberg
6c29007fac
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:11:05 -05:00