Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 13:01:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,683 Commits 54 Branches 369 Tags
Commit Graph

544 Commits

Author SHA1 Message Date
Rob Winch
4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed 
Issue gh-8149
 2020-05-11 17:20:16 -05:00
Parikshit Dutta
0f92415395 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8149
 2020-05-11 17:19:57 -05:00
Rob Winch
0483b3e042 Polish RequestRejectedHandler 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Leonard Brünings
b826c798f7 Add RequestRejectedHandler 
Closes gh-5007
 2020-05-01 10:51:01 -05:00
Oh Myung Woon
b7d3acc02c Add constructors to AbstractAuthenticationProcessingFilter 
Closes gh-8309
 2020-04-09 13:53:06 -05:00
Josh Cummings
eed71243cb
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 13:41:49 -06:00
Zeeshan Adnan
935c547dde Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 12:57:13 -04:00
Eleftheria Stein
47011eb9e2 Polish transfer session's max inactive interval 
Issue: gh-2693
 2020-03-12 12:11:14 -04:00
Venkata Jaswanth U
02b7d04027 Transfer session's max inactive interval 
Fixes: gh-2693
 2020-03-12 10:11:59 -04:00
Venkata Jaswanth
5fc6414377 SessionRegistryImpl is now aware of SessionIdChangedEvent 2020-03-06 12:04:01 -05:00
Eleftheria Stein
ae532c080c Add server request cache that uses cookie 
Fixes: gh-8033
 2020-03-05 15:36:47 -05:00
Eleftheria Stein
38979b1b09 Add test for ServerRequestCacheWebFilter 2020-03-05 14:57:07 -05:00
Joe Grandja
82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Josh Cummings
bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java 
Issue gh-4939
 2020-02-10 10:38:39 -07:00
Josh Cummings
cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Peter Keller
e62fb755e8 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 15:34:35 +01:00
Onur Kağan Özcan
1f6381d970 Set secure on cookie when logging out 
Mark cookie secure flag to ensure cookie identity is the same
 2020-01-13 11:01:33 +01:00
Rob Winch
ffccec953f Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-09 14:24:35 -06:00
Onur Kağan Özcan
2015f392ef Set secure when cancelling remember-me cookie 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
 2019-12-20 16:04:31 +01:00
Rob Winch
a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:23:56 -06:00
David Herberth
64e063d948 switches web authentication principal resolver to use reactive context 
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
 2019-12-12 15:33:23 +01:00
Rob Winch
8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:32:44 -06:00
Rob Winch
73babc3314 DelegatingServerLogoutHandler Executes Sequentially 
Fixes gh-7723
 2019-12-11 15:39:27 -06:00
Rob Winch
635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Michel Palourdio
d26f40f062 DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path. 2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo
62c7de03c3 Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter 
Moved the existing auth check logic to the matcher.

Issue: gh-5928
 2019-10-22 16:55:54 -04:00
Eleftheria Stein
264daec697 Test context relative URL with multiple schemes 2019-10-16 15:32:02 -04:00
Josh Cummings
b764af6b9b
CookieServerCsrfTokenRepositoryTests Leading Dot 
ResponseCookie removed support for having a leading dot in the cookie
domain.

Fixes gh-7500
 2019-09-30 08:39:45 -06:00
Josh Cummings
7949dd492a
Move DelegatingServerAuthenticationSuccessHandlerTests 
Moved from src/test/groovy to src/test/java

Issue gh-5332
 2019-09-27 16:57:43 -06:00
Josh Cummings
5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Rob Winch
00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan
034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Josh Cummings
7576dc44d7
AuthenticationFilter Session Fixation Protection 
Fixes gh-7446
 2019-09-17 08:17:09 -06:00
Josh Cummings
aa12748c9b Add Request-level CSRF Skip 
Fixes gh-7367
 2019-09-13 19:04:05 +01:00
Filip Hanik
e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00
Josh Cummings
39e84013f7
ClearSiteDataHeaderWriter Directives 
Fixes gh-7347
 2019-09-03 15:57:10 -06:00
Eleftheria Stein
ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00
Lars Grefer
95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Lars Grefer
34dd5fea30 Remove redundant throws clauses 
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
 2019-08-23 01:03:54 +02:00
Daniel Wegener
1a233a58c7 Add OnCommittedResponseWrapper.setContentLengthLong 
Add setContentLengthLong tracking to OnCommittedResponseWrapper in
order to detect commits on servlets that use setContentLengthLong to
announce the entity size they are about to write (as used in the
Apache Tomcat's DefaultServlet).

Fixes gh-7261
 2019-08-19 21:14:41 -04:00
Eleftheria Stein
4bc231872f Expire as many sessions as exceed maximum allowed 
Fixes: gh-7166
 2019-08-15 09:48:42 -05:00
Josh Cummings
9735a718cc
Remove MultiTenantAuthenticationManagerResolver 
Fixes gh-7259
 2019-08-14 11:14:47 -06:00
Lars Grefer
ec6ca97226 Fix tests 2019-08-11 21:09:10 +02:00
Lars Grefer
ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer
fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer
05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Lars Grefer
2306d987e9 Cleanup unnecessary boxing 2019-08-06 10:17:38 -04:00
Eddú Meléndez
496579dde2 Add match result for servlet requests 
Fixes gh-7148
 2019-08-05 19:43:00 -04:00
Eddú Meléndez
f712c5598c Add support for allowedHostnames in StrictHttpFirewall 
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
 2019-08-03 21:16:45 -04:00
Lars Grefer
776a4c3760 Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers 2019-08-03 12:28:37 -04:00