1873 Commits

Author SHA1 Message Date
Steve Riesenberg
c7ffd2513a Update copyright year
Issue gh-10557
2021-12-01 17:36:19 -06:00
Steve Riesenberg
bb2d80fea3 Update copyright year
Issue gh-10557
2021-12-01 17:35:43 -06:00
Steve Riesenberg
5dd2565348 Update copyright year
Issue gh-10557
2021-12-01 17:34:16 -06:00
Steve Riesenberg
828cac8889 Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:19:33 -06:00
Steve Riesenberg
f49c286050 Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:05:13 -06:00
Steve Riesenberg
b3e0f167ff Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:01:06 -06:00
Steve Riesenberg
41c6776455 Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 14:55:50 -06:00
Josh Cummings
1251cde04c Add Missing Since
Issue gh-10482
2021-11-30 15:17:48 -07:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
2021-11-30 15:17:22 -07:00
Josh Cummings
7e55c84cfc Add Missing Since
Issue gh-10482
2021-11-30 15:15:35 -07:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
2021-11-30 15:00:04 -07:00
Steve Riesenberg
204f0b4599 Polish gh-10007 2021-11-30 15:27:58 -06:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux
Closes gh-7765
2021-11-30 15:27:58 -06:00
Steve Riesenberg
898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux
Closes gh-7765
2021-11-30 13:59:55 -06:00
Steve Riesenberg
9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg
c6a27d44e5 Remove failing test due to HttpMethod changes
Closes gh-10569
2021-11-30 13:31:39 -06:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code
Issue https://github.com/spring-projects/spring-framework/issues/27686
2021-11-19 13:06:13 -03:00
Marcus Da Coregio
2bf7a5ae80 Improve log message when no CSRF token found
Closes gh-10436
2021-11-19 08:37:25 -03:00
Rob Winch
bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
2021-11-16 14:45:34 -06:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
2021-11-16 14:44:49 -06:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
caad3d57e2 Improve log message when no CSRF token found
Closes gh-10436
2021-10-29 14:06:17 -03:00
Marcus Da Coregio
00f4033b9b Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
Closes gh-10208
2021-10-22 13:22:12 -03:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-22 10:19:34 -05:00
Emil Sierżęga
04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Rob Winch
e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Josh Cummings
6e86fab19d Restructure SwitchUserFilter Logs
Issue gh-6311
2021-10-18 13:02:42 -05:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
Closes gh-10208
2021-10-14 09:27:02 -03:00
Josh Cummings
7b98c2ea95 Restructure SwitchUserFilter Logs
Issue gh-6311
2021-10-12 13:32:29 -06:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Eleftheria Stein
7d81a52780 Allow AuthenticationPrincipal argument type to be primitive
Closes gh-10172
2021-10-04 16:22:21 +02:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler
Closes gh-4838
2021-08-16 13:08:35 -06:00
Hiroshi Shirosaki
6f3e346b76 Add SecurityContextHolder#addListener
Closes gh-10032
2021-08-11 17:12:13 -06:00
Josh Cummings
b8d51725c7 Immutable SecurityContext
Issue gh-10032
2021-08-11 17:12:13 -06:00
Rob Winch
f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch
f800d2c993 Add hamcrest dependency 2021-07-09 15:57:21 -05:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords
Closes gh-8657
2021-07-01 16:57:53 -06:00
Alexey Markevich
3219fd554d DigestAuthenticationFilter decodes nonce only once
Closes gh-8455
2021-06-18 15:25:00 -04:00
Steve Riesenberg
3bb8e1d200 Remove redundant translations in spring-security-web 2021-06-15 09:18:13 -05:00
Ruben Suarez Alvarez
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
Josh Cummings
ca76c54471
Polish CsrfWebFilterTests
Issue gh-9113
2021-06-04 16:41:08 -06:00
Tomoki Tsubaki
0c8b6df82a
Cache Mono that generate the CSRF token
Closes gh-9113
2021-06-04 16:41:08 -06:00