Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 21:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,027 Commits 54 Branches 369 Tags
Commit Graph

425 Commits

Author SHA1 Message Date
Josh Cummings
3c46727be1 Transient Authentication Tokens 
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
 2018-07-16 10:40:45 -05:00
Rob Winch
a3210c96d9 Default Log Out Page 
Fixes: gh-5516
 2018-07-15 19:45:20 -05:00
Rob Winch
c3177a84a3 Override toString() in all RequestMatcher 
It makes it easier to debug having custom
toString().

Fixes: gh-5446
 2018-06-15 11:27:28 -05:00
Joe Grandja
48ef7c966d DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations 
Fixes gh-5394
 2018-05-29 10:14:50 -04:00
Rob Winch
6a12415d23 Add DelegatingServerLogoutHandler(List<ServerLogoutHandler> delegates) 
Issue: gh-4839
 2018-05-24 09:44:29 -05:00
Eric Deandrea
8c3fdb3bcf DelegatingServerLogoutHandler 
Create a ServerLogoutHandler which delegates to a group of
ServerLogoutHandler implementations.

Fixes gh-4839
 2018-05-24 09:39:12 -05:00
Rob Winch
73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Rob Winch
d874c4954e AuthenticationWebFilter handle empty Authentication 
Fixes: gh-5333
 2018-05-11 04:19:50 -05:00
Rob Winch
e78457d3a1 Fix checkstyle for CsrfServerLogoutHandlerTests 
Issue: gh-4840
 2018-05-11 04:16:48 -05:00
Eric Deandrea
26f53a20b3 Add CsrfServerLogoutHandler 
Create a CsrfServerLogoutHandler which invalidates the current CsrfToken

Fixes gh-4840
 2018-05-11 04:16:48 -05:00
Eric Deandrea
21750242cf Add HttpStatusReturningServerLogoutSuccessHandler 
An HttpStatusReturningServerLogoutSuccessHandler is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusReturningLogoutSuccessHandler.

Fixes gh-5081
 2018-05-11 04:03:21 -05:00
Eric Deandrea
bc9f8ec430 Add HttpStatusServerEntryPoint 
An HttpStatusServerEntryPoint is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusEntryPoint.

Fixes gh-5082
 2018-05-11 04:00:49 -05:00
Eric Deandrea
b3c5bfe4db CookieServerCsrfTokenRepository fails when cookie is null/empty 
The CookieServerCsrfTokenRepository fails with an IllegalArgumentException
 when a cookie is present but the value is null or empty.

Fixes gh-5315
 2018-05-07 16:16:51 -05:00
Rob Winch
3ba15a16bf Polish CookieServerCsrfTokenRepository 
- Only do work if subscribed to
- use test naming conventions
- Refactor tests to avoid extracting
  - Uses String for member names which are not type safe
  - Uses long argument list which makes assertions difficult to read

Issue: gh-5083
 2018-05-04 16:54:48 -05:00
Eric Deandrea
1eaecc12ec Add CookieServerCsrfTokenRepository 
A cookie implementation of ServerCsrfTokenRepository (like CookieCsrfTokenRepository)
is missing. In this implementation it would be nice to allow the setting of the domain as well.

Fixes: gh-5083
 2018-05-04 16:54:48 -05:00
XYUU
3740d33e64 The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
XYUU
23dd136efb The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
Rob Winch
9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch
afdefe7b13 Fixes: gh-5190 2018-04-16 17:52:27 -05:00
Tao Qian
d83b67e4cb Add NegatedServerWebExchangeMatcher 
Fixes: gh-5170
 2018-03-29 21:16:11 -05:00
Christoph Dreis
d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch
7e6ed52603 CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-2325
 2018-03-19 16:51:22 -05:00
Rob Winch
d21338d212 Support errorOnInvalidType for Reactive AuthenticationPrincipal 
Fixes: gh-5096
 2018-03-09 12:05:55 -06:00
Rob Winch
a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Rob Winch
949c7d68b8 Fix StrictHttpFirewall rules 
Fixes: gh-5044
 2018-03-08 21:30:23 -06:00
Rob Winch
9f23212e43 HttpStatusServerAccessDeniedHandler use injected HttpStatus 
Fixes: gh-5078
 2018-03-07 12:35:25 -06:00
Rob Winch
fcf967687b Add FilterSecurityInterceptor once per request test 
Issue: gh-4997
 2018-02-08 17:11:37 -06:00
Rob Winch
ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch
66298dcf5d Clean ReactorContextWebFilterTests imports 
Issue: gh-4962
 2018-02-08 16:15:29 -06:00
Rob Winch
141e3f581f ReactorContextWebFilter preserves main Context 
Previously ReactorContextWebFilter overrode
the main Context.

Fixes: gh-4962
 2018-02-08 14:58:08 -06:00
Rob Winch
ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch
0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Rob Winch
6a0833165a AuthorizationWebFilter handles null Authentication 
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
 2018-01-22 15:16:58 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Eddú Meléndez
c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Rob Winch
70be0f3619 Mono<CsrfToken> saveToken->Mono<Void> 
Issue: gh-4856
 2017-11-20 16:30:29 -06:00
Rob Winch
d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Rob Winch
64ad08e96d ServerRedirectCache.getRequest->getRedirectUri 
Issue: gh-4789
 2017-11-15 15:10:47 -06:00
Rob Winch
1d9b0760d5 ServerRequestCache uses URI 
Issue: gh-4789
 2017-11-15 12:54:05 -06:00
Rob Winch
1c977ca15f serverRedirectStrategy->redirectStrategy 
Issue: gh-4822
 2017-11-14 16:42:30 -06:00