Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,496 Commits 34 Branches 337 Tags
Commit Graph

1906 Commits

Author SHA1 Message Date
Josh Cummings
7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00
m0k045e
3aa7a65cb4 OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager 
Closes gh-10846
 2022-02-28 15:30:19 -07:00
Eleftheria Stein
e97c643870 Deprecate WebSecurityConfigurerAdapter 
Closes gh-10822
 2022-02-17 12:13:50 +01:00
Eleftheria Stein
c2635ba6bf Apply configurers from spring.factories to HttpSecurity bean 
Closes gh-10814
 2022-02-09 14:40:57 +01:00
Josh Cummings
f53c65b3a0 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 15:07:29 -07:00
Manuel Jordan
0be772ff5b Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 15:07:29 -07:00
Josh Cummings
cbd87fac89 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:50:28 -07:00
Manuel Jordan
01ed617d5f Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:50:19 -07:00
Josh Cummings
d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Rob Winch
4f3072b3d9 Exclude javax from hibernate dependency 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
13c467734a Remove javax.transaction 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
c01b2b946b Additional removal of javax.inject 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
58090c37ea jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
04f3bbcefa javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
5902b46e9b Remove jcl-over-slf4j 
Issue gh-10499

# Conflicts:
#	dependencies/spring-security-dependencies.gradle
 2022-01-19 15:32:01 -06:00
Rob Winch
62449d6fa2 Remove commons-logging 
Closes gh-10499
 2022-01-19 15:31:22 -06:00
Rob Winch
ba922dcdf0 Exclude javax from hibernate dependency 
Issue gh-10501
 2022-01-19 14:35:25 -06:00
Rob Winch
27e1a2ca69 Remove javax.transaction 
Issue gh-10501
 2022-01-19 14:35:05 -06:00
Rob Winch
9d4ecc9c37 Additional removal of javax.inject 
Issue gh-10501
 2022-01-19 14:34:45 -06:00
Rob Winch
678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch
0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 14:34:16 -06:00
Rob Winch
8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Rob Winch
f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Rob Winch
3c641dee75 Remove commons-logging 
Closes gh-10499
 2022-01-19 14:33:44 -06:00
Eleftheria Stein
a537b636c1 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:11:30 +01:00
Josh Cummings
75f25bff82 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 16:49:38 -07:00
Adam Ostrožlík
4ea57f3e3f Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 16:46:15 -07:00
Marcus Da Coregio
e1cb375fbf Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-12 16:39:50 -03:00
Marcus Da Coregio
60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
heowc
1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio
994e93741b Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Josh Cummings
cd8983d4e5 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:14:40 -07:00
James Howe
5598688fa6 Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:06:30 -07:00
Marcus Da Coregio
65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Marcus Da Coregio
ed3b0fbaad Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:47:49 -03:00
Steve Riesenberg
df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi
925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg
074e38d565 Add missing since 
Issue gh-7765
 2021-12-02 12:09:57 -06:00
Steve Riesenberg
3af619d565 Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 12:01:11 -06:00
Josh Cummings
a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki
2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
« Christophe
4318a51971 Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:22:35 -06:00
Stephane Nicoll
61ee4e5a76 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:00 -06:00
Onur Kagan Ozcan
aa0f788f59 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:18 -06:00
Josh Cummings
7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Josh Cummings
76ebbb84f7 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00