Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,344 Commits 34 Branches 337 Tags
Commit Graph

11344 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
c2d79fcbd6
Add Conditions to Generating AuthnRequest 
Closes gh-11657
 2022-08-03 17:34:31 -06:00
Josh Cummings
aa225943d2
Polish Tests 
Issue gh-11657
 2022-08-03 17:34:26 -06:00
Marcus Da Coregio
f8971742f2 Remove FilterSecurityInterceptor from WebSecurity 
Closes gh-11325
 2022-08-02 15:34:02 -03:00
Scott Shidlovsky
508f7d7b8a Update OpenSamlAuthenticationRequestResolverTests from Junit 4 to Junit 5 2022-08-02 08:02:22 -06:00
Scott Shidlovsky
947445fcc5 Add ID to Saml2 Post and Redirect Requests 
Closes gh-11468
 2022-08-02 08:02:22 -06:00
Joshua Sattler
040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
Steve Riesenberg
99f768bab9 Polish HttpSecurity 2022-07-29 17:43:00 -05:00
Steve Riesenberg
984355e637 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:43:00 -05:00
Steve Riesenberg
09173c95d6 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:43:00 -05:00
Steve Riesenberg
07ea139ebf Polish HttpSecurity 2022-07-29 17:42:39 -05:00
Steve Riesenberg
67544f36f9 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:42:39 -05:00
Steve Riesenberg
05725af4d8 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:42:39 -05:00
Steve Riesenberg
15f525c614 Polish HttpSecurity 2022-07-29 17:42:20 -05:00
Steve Riesenberg
0c0c75ce22 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:42:20 -05:00
Steve Riesenberg
9861769b02 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:42:20 -05:00
Steve Riesenberg
02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg
57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg
539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg
37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg
043fdd6f03
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:13:52 -05:00
Steve Riesenberg
3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen
f957e3c051
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:13:51 -05:00
Steve Riesenberg
24033be046
Skip workflows on forks of spring-security 2022-07-28 15:11:09 -05:00
Steve Riesenberg
47a5665767
Use cache and user.name system property on Windows 2022-07-28 15:11:08 -05:00
Steve Riesenberg
aad60cc6af
Only run prerequisites job if on upstream repo 2022-07-28 15:11:07 -05:00
Steve Riesenberg
13e94935ae
Simplify dependency graph 2022-07-28 15:11:06 -05:00
Steve Riesenberg
6c29007fac
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:11:05 -05:00
Steve Riesenberg
6ad567f0fa
Polish gh-11367 2022-07-28 15:11:05 -05:00
naveen
8c634f8a9d
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:11:04 -05:00
Steve Riesenberg
4fbbfd2c8b
Skip workflows on forks of spring-security 2022-07-28 15:07:02 -05:00
Steve Riesenberg
66da4301fc
Use cache and user.name system property on Windows 2022-07-28 15:07:02 -05:00
Steve Riesenberg
8929bd5abc
Only run prerequisites job if on upstream repo 2022-07-28 15:07:02 -05:00
Steve Riesenberg
e3d1405f67
Simplify dependency graph 2022-07-28 15:07:02 -05:00
Steve Riesenberg
e756a1df19
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:07:02 -05:00
Steve Riesenberg
81fae2db2c
Polish gh-11367 2022-07-28 15:07:01 -05:00
naveen
054a3f0bc0
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:07:00 -05:00
Steve Riesenberg
9d248c7185
Skip workflows on forks of spring-security 2022-07-28 14:17:42 -05:00
Steve Riesenberg
865bf23ecc
Use cache and user.name system property on Windows 2022-07-28 13:00:15 -05:00
Ulrich Grave
4393c2ea02
Add hash-based Content-Security-Policy for SAML pages 
Closes gh-11631
 2022-07-27 18:04:39 -06:00
Ulrich Grave
409998a3fe Add hash-based Content-Security-Policy for SAML pages 
Closes gh-11631
 2022-07-27 17:59:42 -06:00
Steve Riesenberg
f86d30f4a1
Only run prerequisites job if on upstream repo 2022-07-27 16:01:16 -05:00
Steve Riesenberg
dc59d12405
Simplify dependency graph 2022-07-27 16:01:15 -05:00
Steve Riesenberg
bdeb32854e
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-27 16:01:15 -05:00
Marcus Da Coregio
7f2c797086 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:39:56 -03:00
Marcus Da Coregio
e5ae35ab71 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:39:33 -03:00
Marcus Da Coregio
a996dfc55b Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:38:50 -03:00
Marcus Da Coregio
d66ad22652 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:32:44 -03:00
Steve Riesenberg
a72c5a55db
Revert "Remove @Configuration from webflux config examples" 
This reverts commit aec9effb88f70151912971b2f8b05dc4a9afaa2f.
 2022-07-26 16:46:01 -05:00
Joshua Sattler
aec9effb88 Remove @Configuration from webflux config examples 2022-07-26 16:34:10 -05:00
Rob Winch
7a860e1568 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 16:26:31 -05:00