Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 17:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,187 Commits 34 Branches 337 Tags
Commit Graph

1109 Commits

Author SHA1 Message Date
Rob Winch
ca1252be94 Replace whitelist with allowlist 
Issue gh-8676
 2020-06-10 11:49:21 -05:00
Rob Winch
a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Eleftheria Stein
0a42aa26c8 Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 10:16:56 -04:00
Astushi Yoshikawa
f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch
dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00
cbornet
bfb401eeed Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:04:54 -05:00
Mathieu Ouellet
cd08102b93 Add debug logging 
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
 2020-05-12 09:03:24 -05:00
Rob Winch
4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed 
Issue gh-8149
 2020-05-11 17:20:16 -05:00
Parikshit Dutta
0f92415395 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8149
 2020-05-11 17:19:57 -05:00
Artyom Tarynin
6db514a4e2 Update AntPathRequestMatcher.java 
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
 2020-05-11 17:11:22 -04:00
Joe Grandja
86ca6b013c Unlock dependencies 
This reverts commit 206960cf448b38e643045468b2291e66bfbbd4a9.
 2020-05-06 17:27:35 -04:00
Joe Grandja
206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Rob Winch
0483b3e042 Polish RequestRejectedHandler 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Leonard Brünings
b826c798f7 Add RequestRejectedHandler 
Closes gh-5007
 2020-05-01 10:51:01 -05:00
Oh Myung Woon
b7d3acc02c Add constructors to AbstractAuthenticationProcessingFilter 
Closes gh-8309
 2020-04-09 13:53:06 -05:00
Mustafa Ulu
6bdd5f710f
Fix example in javadoc of FilterChainProxy 2020-04-07 21:05:12 +03:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Josh Cummings
eed71243cb
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 13:41:49 -06:00
Zeeshan Adnan
935c547dde Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 12:57:13 -04:00
Eleftheria Stein
47011eb9e2 Polish transfer session's max inactive interval 
Issue: gh-2693
 2020-03-12 12:11:14 -04:00
Venkata Jaswanth U
02b7d04027 Transfer session's max inactive interval 
Fixes: gh-2693
 2020-03-12 10:11:59 -04:00
Eleftheria Stein
b2ea0ba775 Polish SessionIdChangedEvent 
Add AbstractSessionEvent; clean up license headers and Javadocs

Fixes: gh-5438
 2020-03-06 12:04:49 -05:00
Venkata Jaswanth
5fc6414377 SessionRegistryImpl is now aware of SessionIdChangedEvent 2020-03-06 12:04:01 -05:00
Eleftheria Stein
ae532c080c Add server request cache that uses cookie 
Fixes: gh-8033
 2020-03-05 15:36:47 -05:00
Eleftheria Stein
38979b1b09 Add test for ServerRequestCacheWebFilter 2020-03-05 14:57:07 -05:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7e449e1e8347f9a0b3959c7abf095dc.
 2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
AmitB
2ce9eef95e Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:14:27 -06:00
Joe Grandja
82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Josh Cummings
5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Josh Cummings
bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java 
Issue gh-4939
 2020-02-10 10:38:39 -07:00
Eleftheria Stein
84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef077cf23028d64b61b1452be0ec9eb1.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein
064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings
cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Peter Keller
e62fb755e8 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 15:34:35 +01:00
Onur Kağan Özcan
1f6381d970 Set secure on cookie when logging out 
Mark cookie secure flag to ensure cookie identity is the same
 2020-01-13 11:01:33 +01:00
Rob Winch
ffccec953f Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-09 14:24:35 -06:00
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f11e2811b7d4241b26f712674978f3f7.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Onur Kağan Özcan
2015f392ef Set secure when cancelling remember-me cookie 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
 2019-12-20 16:04:31 +01:00
Rob Winch
a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:23:56 -06:00
David Herberth
64e063d948 switches web authentication principal resolver to use reactive context 
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
 2019-12-12 15:33:23 +01:00
Rob Winch
8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:32:44 -06:00
Rob Winch
73babc3314 DelegatingServerLogoutHandler Executes Sequentially 
Fixes gh-7723
 2019-12-11 15:39:27 -06:00
Joe Grandja
4d9cee116c Display general error message when WebFlux oauth2Login() fails 
Issue gh-5562 gh-6484
 2019-12-05 16:54:31 -05:00
Filip Hrisafov
796859333f Log full failed authentication exception in BasicAuthenticationFilter 2019-11-27 14:56:24 +01:00
Josh Cummings
5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch
635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Filip Hrisafov
b9f122230b Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour 2019-10-23 14:50:57 -04:00