Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 08:58:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,185 Commits 34 Branches 337 Tags
Commit Graph

1108 Commits

Author SHA1 Message Date
Steve Riesenberg
0be66d2cc0 Update copyright year 
Issue gh-10557
 2021-12-01 17:37:17 -06:00
Steve Riesenberg
414e096ae4 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 16:05:23 -06:00
Marcus Da Coregio
e05c9f4bba Improve log message when no CSRF token found 
Closes gh-10436
 2021-11-19 08:43:48 -03:00
Marcus Da Coregio
89db1c37a3 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-22 14:49:13 -03:00
Steve Riesenberg
0704c709dc Revert "Lock Dependencies for Release" 
This reverts commit 03c2c49d66fe395374ecb3bed696087e882a6bbc.
 2021-10-18 17:38:07 -05:00
Steve Riesenberg
03c2c49d66 Lock Dependencies for Release 2021-10-18 17:34:42 -05:00
Steve Riesenberg
c83bd075a2 Revert "Lock Dependencies for Release" 
This reverts commit bedb569f0d41a46a92665a4e45adcc525cc10290.
 2021-10-18 16:49:15 -05:00
Steve Riesenberg
bedb569f0d Lock Dependencies for Release 2021-10-18 15:38:17 -05:00
Josh Cummings
ba468c7e6e Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-18 15:38:16 -05:00
Joe Grandja
ec6b2203ca Revert "Lock Dependencies for Release" 
This reverts commit 067bdd0dd91038678a414e6609a585f0ed0ded9d.
 2021-08-16 11:55:39 -04:00
Joe Grandja
067bdd0dd9 Lock Dependencies for Release 2021-08-16 11:12:40 -04:00
Steve Riesenberg
c17767883f Revert "Lock Dependencies for Release" 
This reverts commit d71be4ca28afa6e9ed9c0d30ee5dae74a5eb1987.
 2021-06-21 12:57:05 -05:00
Josh Cummings
d71be4ca28
Lock Dependencies for Release 2021-06-21 10:33:10 -06:00
Marcus Hert da Coregio
4d18d06d9c Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 13:51:52 -03:00
Josh Cummings
2c625f30e0
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:28:25 -06:00
Craig Andrews
b97e93a486
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:37:48 -06:00
Joe Grandja
8850ccb1c6 Revert "Lock Dependencies" 
This reverts commit 924ceac681eae11cabdf1af1d37ff4550b9d350d.
 2021-04-12 13:47:04 -04:00
Joe Grandja
924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
佚名
9570d0cada
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:47:11 -06:00
Josh Cummings
71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264e95f670503c63d6501eb5cc0aa4966.
 2021-02-17 15:59:48 -07:00
Josh Cummings
8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Josh Cummings
cf032d86d6
Revert "Lock Dependencies" 
This reverts commit 9535a41d5a5867a5766aebb72470587eb1c5be52.
 2021-02-11 18:38:07 -07:00
Josh Cummings
9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Rob Winch
4b6b417d5a
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 17:39:49 -07:00
Rob Winch
c72a6fac04
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 17:39:48 -07:00
Josh Cummings
f449da8b78
Revert "Lock Dependencies" 
This reverts commit d17ebf53f95586a009bc9464a92dfcd4a283f6c7.
 2021-02-11 17:28:01 -07:00
Josh Cummings
d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings
da7141eb5b
Polish Tests 
Issue gh-9331
 2021-02-03 09:13:38 -07:00
happier233
e30d78086a
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:13:28 -07:00
Rob Winch
acb5ae607b Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:09:21 -06:00
Rob Winch
77a1befcc2 Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:38:01 -06:00
Rob Winch
61b75bb2d6 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:19:11 -06:00
Josh Cummings
1af21a9d02
Revert "Lock Dependencies for 5.4.2" 
This reverts commit 046bc9789f97804b04324b99a9c4f3a7041c68e9.
 2020-12-02 22:21:02 -07:00
Josh Cummings
046bc9789f
Lock Dependencies for 5.4.2 2020-12-02 17:36:26 -07:00
Eleftheria Stein
1d96579265 Fix CookieRequestCache for URL encoded query parameters 
Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request.

Closes gh-9203
 2020-11-26 18:35:59 +01:00
Josh Cummings
84737e7b23
Revert "Lock Dependencies for 5.4.1" 
This reverts commit 48ac47418d75f9ef46e63fca3f485475b6280d43.
 2020-10-07 16:38:48 -06:00
Josh Cummings
48ac47418d
Lock Dependencies for 5.4.1 2020-10-07 16:01:34 -06:00
Phillip Webb
c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb
20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb
910b81928f Replace try/catch with AssertJ 
Replace manual try/catch/fail blocks with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Tomoki Tsubaki
65f788532e Fix broken Mono chain 
This commit restore broken Mono chain in WebSessionServerCsrfTokenRepository.generateToken(ServerWebExchange).

Closes gh-9017
 2020-09-16 09:53:23 -06:00
Tomoki Tsubaki
2c297fbd63 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 08:48:00 -06:00
Joe Grandja
7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182868c94ea5967b1cd3a1a6b6ba24609.
 2020-09-09 18:14:12 -04:00
Joe Grandja
3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Eleftheria Stein-Kousathana
02d1516c56
Restructure BasicAuthenticationFilter Logs 
Issue gh-6311
 2020-09-02 07:42:03 -06:00
Josh Cummings
fa7baf551d
Restructure Logs 
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
 2020-09-02 07:37:59 -06:00
Phillip Webb
319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
ef8f113619 Use assertThat instead of Java assert 
Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather
than Java's `assert` keyword.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
5bdd757108 Polish spring-security-web main code 
Manually polish `spring-security-web` following the formatting
and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00