Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-30 03:50:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,803 Commits 54 Branches 369 Tags
Commit Graph

1135 Commits

Author SHA1 Message Date
Josh Cummings
3d96878d43
Cache RequestPath 
In this way PathPatternRequestMatcher won't need to reparse for each
request matcher.

Issue gh-16771
 2025-03-21 14:43:05 -06:00
Josh Cummings
86599afd43
Rename servletPath to basePath 
Closes gh-16765
 2025-03-21 12:04:46 -06:00
Josh Cummings
c53bf2befe
PathPatternRequestParser Retains Servlet Path 
Issue gh-16765
 2025-03-21 12:04:45 -06:00
Josh Cummings
861a9a914e
OneTimeToken Missing Token Propagates Request 
Closes gh-16780
 2025-03-20 17:23:06 -06:00
Daeho Kwon
24b7287d55 Replace dynamic error message with static "Access Denied" 
Closes gh-16514

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-03-20 15:20:54 -05:00
Steve Riesenberg
0938ca01a4
Add support for automatic context-propagation with Micrometer 
Closes gh-16665
 2025-03-13 15:29:08 -05:00
Max Batischev
c7673e8f2f Polish AbstractAuthenticationTargetUrlRequestHandler 
PR gh-16557

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 14:03:13 -07:00
Max Batischev
47630ca354 Fix JdbcUserCredentialRepository Save 
Closes gh-16620

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 13:57:41 -07:00
Max Batischev
58a665e5aa Add Support SingleResultAuthorizationManager 
Closes gh-16590

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 13:46:23 -07:00
Josh Cummings
2d96fba5cf
Add HttpsRedirectFilter 
Closes gh-16678
 2025-02-28 09:30:53 -07:00
Josh Cummings
e569c7a39e
Fix Tests 
Issue gh-16517
 2025-02-27 14:07:49 -07:00
topiam
85f0f3f34a
Support Custom RequestMatchers for WebAuthn 
Closes gh-16517

Signed-off-by: topiam <support@topiam.cn>
 2025-02-27 14:07:49 -07:00
Rob Winch
9417f02790
Deprecate PortResolver 
Closes gh-15972
 2025-02-26 16:13:10 -06:00
Josh Cummings
588220a020
Add PathPatterRequestMatcher 
Closes gh-16429
Clsoes gh-16430
 2025-02-21 13:40:23 -07:00
Steve Riesenberg
7fc5d50adf Polish gh-16551 2025-02-19 13:53:30 -06:00
Max Batischev
0ccbd20f0a Add Support ServerFormPostRedirectStrategy 
Closes gh-16542

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-19 13:53:30 -06:00
tejas-teju
c4b223266c Return Invalid Credentials message on login error 
Closes gh-16484

Signed-off-by: tejas-teju <tejas8196@gmail.com>
 2025-02-14 16:01:22 -07:00
Josh Cummings
e42865b926
Merge branch '6.4.x' 2025-02-14 13:08:17 -07:00
Max Batischev
b5a4218a0b Make WebAuthnAuthenticationRequestToken Serializable 
Closes gh-16481

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-14 11:51:46 -07:00
Daniel Garnier-Moiroux
5ee6b83953 Introduce OneTimeTokenAuthenticationFilter 
closes gh-16539

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
Max Batischev
be81377235 Add Support ServerGenerateOneTimeTokenRequestResolver 
Closes gh-16488

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Steve Riesenberg
54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews
58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Steve Riesenberg
b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02
1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Max Batischev
fd267dfb71 Add Support JdbcPublicKeyCredentialUserEntityRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
7b07ef5ff3 Add Support JdbcUserCredentialRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Josh Cummings
1104b45832
Polish SessionLimit 
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation

Issue gh-16206
 2024-12-18 18:32:28 -07:00
Claudenir Machado
1864577e98 Address SessionLimitStrategy 
Closes gh-16206
 2024-12-18 18:32:12 -07:00
Josh Cummings
3eeb4317f6 Add setFavorRelativeUris 
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.

Issue gh-7273
 2024-12-17 22:35:41 -07:00
Michal Okosy
7848b959da Use relative URLs in /login redirects 
Closes gh-7273
 2024-12-17 22:35:41 -07:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00
Josh Cummings
0f85da77be
Merge branch '6.2.x' into 6.3.x 
Closes gh-16219
 2024-12-05 09:52:32 -07:00
Josh Cummings
96a9cf0d2d
Restore Previous Behavior for Servlet 5 
Closes gh-16173
 2024-12-05 09:52:06 -07:00
Rob Winch
9c3b11914d webauthn registerCredential returns transports 
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
 2024-12-04 15:22:26 -06:00
Daniel Garnier-Moiroux
46fe0124ba Add RuntimeHints for webauthn Javascript resource 2024-11-25 13:06:50 -06:00
Steve Riesenberg
ddf4542a9e
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527

(cherry picked from commit 3a298196512de5f3002707e2af8298d650033df7)
 2024-11-15 10:17:39 -06:00
Steve Riesenberg
554df6fab6
Fix NPE in IpAddressMatcher 
Closes gh-15527

(cherry picked from commit 52de894c3c0a812562d6822db30f5c6c88526181)
 2024-11-15 10:17:38 -06:00
Steve Riesenberg
3a29819651
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527
 2024-11-15 09:33:31 -06:00
Steve Riesenberg
52de894c3c
Fix NPE in IpAddressMatcher 
Closes gh-15527
 2024-11-15 09:33:30 -06:00
Daniel Garnier-Moiroux
a1526361b6 webauthn: introduce DefaultResourcesFilter#webauthn 2024-11-14 12:11:43 -06:00