5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
c6978fba7c
Disable tests that need Spring MVC mocked in classpath
...
Issue gh-11347
2022-10-04 08:56:06 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
c847efd3fd
Fix servlet import
...
Issue gh-11347
Issue gh-9159
2022-10-03 15:10:56 -05:00
c98de7af2f
Add xss-protection.header-value in 6.0
...
Issue gh-9631
2022-10-03 14:31:04 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
ea777a3d7b
Merge branch '5.8.x'
...
Merged using the ours strategy.
2022-10-03 10:05:57 -05:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
d9a682a414
Polish gh-11896
2022-10-03 10:00:43 -05:00
bf9339d88e
Merge branch '5.8.x'
2022-10-03 09:57:40 -05:00
7f9600ae08
Polish gh-11896
2022-10-03 09:57:08 -05:00
5f2744db33
Merge branch '5.8.x'
...
Closes gh-11937
2022-10-03 11:43:22 -03:00
64a19de4dc
Deprecate HPKP security header
...
Closes gh-10144
2022-10-03 11:36:19 -03:00
80f6bdf50b
Merge branch '5.8.x'
2022-10-03 10:10:36 -03:00
7be2eb05d5
Merge branch '5.7.x' into 5.8.x
2022-10-03 10:10:06 -03:00
cd4ddde779
Merge branch '5.6.x' into 5.7.x
2022-10-03 10:09:42 -03:00
26bb60c567
Add rncToXsd task description to CONTRIBUTING.adoc
2022-10-03 10:09:27 -03:00
4479cefade
Default Require Explicit Session Management = true
...
Closes gh-11763
2022-09-30 21:49:05 -05:00
0d58c5180e
Remove Explicit RequestCache Config from DeferHttpSession Tests
...
Issue gh-11757
2022-09-30 21:49:05 -05:00
12a0ccf6de
Remove Explicit CSRF Config from DeferHttpSessionTests
...
Issue gh-11764
2022-09-30 21:49:04 -05:00
617353eaa8
Merge branch '5.8.x'
...
Closes gh-11928
2022-09-30 21:46:26 -05:00
6d56af7b65
SessionManagementDsl.requireExplicitAuthenticationStrategy
2022-09-30 21:37:44 -05:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
76fbca9f46
Merge branch '5.8.x'
2022-09-30 09:50:02 -05:00
93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity
...
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".
This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.
This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.
Issue gh-9631
2022-09-30 09:38:08 -05:00
43a1f8249c
Update What's New for 6.0
2022-09-29 15:57:48 -05:00
e0e6467d9b
Remove UsernamePasswordAuthenticationToken check
...
This commit reverts 21dd050d7b
2022-09-29 15:25:53 -05:00
1e0e9a2c98
Allow authenticationIsRequired to be overridden
...
Issue gh-10347
2022-09-29 15:25:53 -05:00
4d62621094
Merge branch '5.8.x'
2022-09-29 14:09:21 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
3bfdf6dd0f
Merge branch '5.8.x'
...
Closes gh-11922
2022-09-29 11:21:24 -03:00
cf3349f31a
Configure ContentNegotiationStrategy in HttpSecurityConfiguration
...
Closes gh-11916
2022-09-29 11:21:08 -03:00
7f0140278e
Add native hint for OAuth2 Client's schemas
...
Closes gh-11920
2022-09-29 10:01:51 -03:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
88e4b8b556
Merge remote-tracking branch 'origin/5.8.x'
2022-09-26 11:42:34 -06:00
506e50bfd0
Move Saml2 Authentication Filters
...
Issue gh-8819
2022-09-26 10:44:27 -06:00
6c6aedf772
Update What's New for 6.0
2022-09-26 10:07:50 -05:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
7527fd811c
Merge branch '5.8.x'
2022-09-26 09:56:55 -05:00
bbac85e20b
Reduce severity of invalid registrationId to warn
...
This prevents filling the log file with error messages when routine
scans are being performed.
Closes gh-11344
2022-09-26 09:56:20 -05:00
c0e784b16d
Update What's New for 6.0
2022-09-26 09:48:52 -05:00
80a6ce940e
Merge remote-tracking branch 'origin/5.8.x'
2022-09-23 16:32:12 -06:00
ae6fb8c681
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 16:31:22 -06:00
Steve Riesenberg
Marcus Da Coregio
Daniel Garnier-Moiroux
Rob Winch
Josh Cummings
Emil Sierżęga
Daniel Garnier-Moiroux
shazin
Dan Allen