Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 14:24:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,890 Commits 33 Branches 337 Tags
Commit Graph

1149 Commits

Author SHA1 Message Date
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:44:49 -06:00
Marcus Da Coregio
caad3d57e2 Improve log message when no CSRF token found 
Closes gh-10436
 2021-10-29 14:06:17 -03:00
Emil Sierżęga
04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch
e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Josh Cummings
7b98c2ea95 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-12 13:32:29 -06:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Eleftheria Stein
7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Hiroshi Shirosaki
6f3e346b76 Add SecurityContextHolder#addListener 
Closes gh-10032
 2021-08-11 17:12:13 -06:00
Josh Cummings
b8d51725c7 Immutable SecurityContext 
Issue gh-10032
 2021-08-11 17:12:13 -06:00
Rob Winch
f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch
f800d2c993 Add hamcrest dependency 2021-07-09 15:57:21 -05:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Alexey Markevich
3219fd554d DigestAuthenticationFilter decodes nonce only once 
Closes gh-8455
 2021-06-18 15:25:00 -04:00
Steve Riesenberg
3bb8e1d200 Remove redundant translations in spring-security-web 2021-06-15 09:18:13 -05:00
Ruben Suarez Alvarez
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
Josh Cummings
ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki
0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev
baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio
2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert
cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews
a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Craig Andrews
0e6d47b082 Add guard around debug logging involving string concatenation 2021-05-26 09:11:38 -05:00
Craig Andrews
0af74ce134 Use ServletUriComponentsBuilder instead of UrlPathHelper 2021-05-26 09:11:38 -05:00
Craig Andrews
2bcd4627fa Eliminate use of Optional 2021-05-26 09:11:38 -05:00
Craig Andrews
10a264c144 Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy 
Performs a redirect to the original request URL when an invalid requested session is detected.

In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
 2021-05-26 09:11:38 -05:00
Josh Cummings
df6ebc7051
Rename DelegatingAuthorizationManager 
Closes gh-9692
 2021-04-28 09:53:25 -06:00
Thomas Vitale
e2993d93e1 Make Csrf cookie secure flag configurable (WebFlux) 
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
 2021-04-27 09:34:12 +02:00
Josh Cummings
cb6e4f4a11
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:22:19 -06:00
Craig Andrews
7dc4de05b1 Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled
 2021-04-16 10:32:58 -06:00
Josh Cummings
4f7d529c5d
Polish Csrf Tests 
Issue gh-9561
 2021-04-09 22:47:31 -06:00
佚名
87ed527023
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
 2021-04-09 21:43:19 -06:00
Rob Winch
f3f1106624 Update io.spring.javaformat to 0.0.27 
Closes gh-9553
 2021-04-05 22:23:59 -05:00
Rob Winch
60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch
1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Eleftheria Stein
4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c8f4c9531d512ed7939a37d94a815e4.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein
f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Rob Winch
95da12110b
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 15:58:29 -07:00
Rob Winch
3116369f02
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 15:58:28 -07:00
Josh Cummings
c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098589b0080d75e428f0d262090b6a1f1.
 2021-02-11 15:49:59 -07:00
Josh Cummings
a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00