Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-07 22:47:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,999 Commits 35 Branches 343 Tags
Commit Graph

155 Commits

Author SHA1 Message Date
Josh Cummings
383e0c2cf0
Merge branch '5.7.x' into 5.8.x 2023-02-28 12:47:06 -07:00
Josh Cummings
0421e25cba
Document Common SAML URI Endpoints 
Issue gh-12764
 2023-02-28 12:45:48 -07:00
Josh Cummings
1c885cf3a3
Document Federation Usecase 
Closes gh-12764
 2023-02-28 12:35:04 -07:00
Josh Cummings
a1b282ff03
Merge branch '5.7.x' into 5.8.x 
Closes gh-12693
 2023-02-17 10:09:32 -07:00
Josh Cummings
2db4430dcd Preserve OpenSamlAssertingPartyDetails Instance 
Closes gh-12667
 2023-02-17 10:02:17 -07:00
Marcus Da Coregio
82c86b822f Polish session-management.adoc 
Remove unresolved anchor

Issue gh-12519
 2023-02-16 10:57:02 -03:00
Marcus Da Coregio
4f3faa78f7 Revisit Session Management docs 
Closes gh-12519
 2023-02-16 10:39:59 -03:00
Rob Winch
5beabbe357 Merge branch '5.7.x' into 5.8.x 
Closes gh-12553
 2023-01-17 15:03:14 -06:00
Dan Allen
f5bc6ce665 fix unclosed block in docs 2023-01-17 15:02:30 -06:00
Josh Cummings
6f43104eb3
Merge branch '5.7.x' into 5.8.x 
Closes gh-12516
 2023-01-10 10:42:45 -07:00
Josh Cummings
2028507bf8
Fix Typo in Sample 
Closes gh-11095
 2023-01-10 10:38:28 -07:00
Marcus Da Coregio
5406fed5dc Merge branch '5.7.x' into 5.8.x 2022-12-19 16:53:05 -03:00
Eleftheria Stein-Kousathana
fbfa13bd47 Fix OAuth 2.0 testing docs 2022-12-19 16:52:25 -03:00
Marcus Da Coregio
7aaa25b88e Merge branch '5.7.x' into 5.8.x 2022-12-05 14:40:54 -08:00
Marcus Da Coregio
fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Sellami
626e53d121 Fix: Replace tenantRepository with tenants 2022-12-05 14:31:24 -08:00
Marcus Da Coregio
d2b33a2583 Fix docs 
Closes gh-11396
 2022-12-05 12:25:26 -08:00
Marcus Da Coregio
5db7ac4ce3 Merge branch '5.7.x' into 5.8.x 
Closes gh-12286
 2022-11-24 08:48:05 -03:00
Marcus Da Coregio
9b3f834bff Merge branch '5.6.x' into 5.7.x 
Closes gh-12285
 2022-11-24 08:47:46 -03:00
Marcus Da Coregio
70bfc39418 Fix AuthorizationFilter diagram in docs 
Closes gh-12274
 2022-11-24 08:46:16 -03:00
Steve Riesenberg
9071f10759
Document DelegatingSecurityContextRepository 
Closes gh-12069
 2022-11-09 12:19:43 -06:00
Marcus Da Coregio
4d646a2978 Merge branch '5.7.x' into 5.8.x 2022-11-03 08:23:26 -03:00
Marcus Da Coregio
067fc1678c Merge branch '5.6.x' into 5.7.x 2022-11-03 08:22:09 -03:00
Rivaldi
01a37dd678 Fix typo 
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
 2022-11-03 08:21:48 -03:00
Márk Kővári
aad01447c3 docs: fix realm typo 2022-11-03 08:21:26 -03:00
Josh Cummings
d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Josh Cummings
c5badbc631
Add AccessDecisionManager Preparation Steps 
Issue gh-11337
 2022-10-31 15:25:05 -06:00
Rob Winch
aac1261f0c Document Migration to SecurityContextHolderFilter 
Closes gh-12098
 2022-10-27 15:12:45 -05:00
Rob Winch
c17e258a6f Document Saved Requests 
Closes gh-12088
 2022-10-26 14:22:30 -05:00
Josh Cummings
04fa5af794
Add Missing Doc Header 
The EnableMethodSecurity section
 2022-10-25 14:41:11 -06:00
Marcus Da Coregio
4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Marcus Da Coregio
f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Steve Riesenberg
dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Marcus Da Coregio
ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux
0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio
039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Rob Winch
d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Steve Riesenberg
355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Steve Riesenberg
86fbb8db07 Add new interfaces for CSRF request processing 
Issue gh-4001
Issue gh-11456
 2022-09-06 11:43:33 -05:00
Marcus Da Coregio
ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio
0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill
8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
he1ex-tG
568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings
0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00
Rob Winch
89f8310d6c Add Explicit SessionAuthenticationStrategy Option 
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
 2022-08-18 17:00:47 -05:00