Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-07 19:22:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,664 Commits 46 Branches 348 Tags
Commit Graph

7664 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
486722e5c0
Revert "Create the CSRF token on the bounded elactic scheduler" 
This reverts commit 5bce912446eec508bb2c2fca1fb139b34809c86e.
 2020-09-24 13:58:10 -06:00
ilee
41e6347523
Update ssl setup guide link in tomcat server 2020-09-24 13:54:30 -06:00
Tomoki Tsubaki
5bce912446
Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 09:21:38 -06:00
Josh Cummings
dfa741f6a4
Next Development Version 2020-08-05 09:55:32 -06:00
Josh Cummings
8407ba4f4d
Release 5.1.12.RELEASE 5.1.12.RELEASE 2020-08-05 08:59:44 -06:00
Josh Cummings
7bdd1b4d83
Update to Spring Ldap 2.3.3 
Closes gh-8943
 2020-08-05 09:01:25 -06:00
Josh Cummings
1a2e9390ca
Update to Hibernate Validator 6.0.20 
Closes gh-8942
 2020-08-05 09:01:18 -06:00
Josh Cummings
8a3f5d5ffe
Update to Hibernate Entitymanager 5.3.17 
Closes gh-8941
 2020-08-05 09:01:09 -06:00
Josh Cummings
010817e9e1
Update to Groovy 2.4.20 
Closes gh-8940
 2020-08-05 09:01:03 -06:00
Josh Cummings
3dcd022f93
Update to Spring Boot 2.1.16.RELEASE 
Closes gh-8939
 2020-08-05 09:00:52 -06:00
Josh Cummings
7f5b24bed0
Update to Google App Engine 1.9.81 
Closes gh-8938
 2020-08-05 09:00:44 -06:00
Josh Cummings
670c99e7ea
Update to Jackson Databind 2.9.10.5 
Closes gh-8937
 2020-08-05 09:00:37 -06:00
Josh Cummings
641de854d7
Update to Project Reactor Californium-SR20 
Closes gh-8936
 2020-08-05 09:00:29 -06:00
Josh Cummings
1f386b1db3
Update to Spring Framework 5.1.17 
Closes gh-8935
 2020-08-05 09:00:20 -06:00
Josh Cummings
4f0172d0f0
Update to Spring Data Lovelace-SR19 
Closes gh-8934
 2020-08-05 08:59:44 -06:00
Dávid Kováč
ca272e4267 Resolve Bearer token after subscribing to publisher 
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.

Closes gh-8865
 2020-08-03 11:11:56 -05:00
Josh Cummings
d956ebf59b
Fix Broken Test 
Issue gh-8589
 2020-07-31 13:45:10 -06:00
Josh Cummings
acfe4bdcfb
Polish to Avoid NPE 
Issue gh-5648

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-31 09:00:24 -06:00
Josh Cummings
48a0514965
Additional Jwt Validation Debug Messages 
Closes gh-8589

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-31 09:00:16 -06:00
Josh Cummings
e937366f50
Polish WebSecurityConfigurerAdapter JavaDoc 
Issue gh-8784
 2020-07-20 15:25:02 -06:00
Romil Patel
0c85dd9cd1
WebSecurityConfigurerAdapter JavaDoc 
Closes gh-8784
 2020-07-20 15:24:59 -06:00
Josh Cummings
7e7f85c18c
Polish Bearer Token Padding 
Issue gh-8502
 2020-07-16 13:15:06 -06:00
kothasa
157498bf44
Bearer Token Padding 
Closes gh-8502
 2020-07-16 13:13:04 -06:00
wangsong
ce4345b0ed Fix ProviderManager Javadoc typo 
Closes gh-8800
 2020-07-07 17:17:39 -05:00
Rob Winch
7859970ff6 LoginPageGeneratingWebFilter honors context path 
Closes gh-8807
 2020-07-07 14:02:32 -05:00
Ellie Bahadori
fa09295fd6 Use Github Actions workflow for PRs and remove Travis 
Closes gh-8717
 2020-06-30 05:23:30 -04:00
Rob Winch
9a8d324d72 Better scp Retry Settings 2020-06-25 11:36:36 -05:00
Evgeniy Cheban
6f4d05193e DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 17:20:52 -04:00
Joe Grandja
e146a7c16b OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:10:07 -04:00
Joe Grandja
a372ec9ef5 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:10:07 -04:00
Eleftheria Stein
0b0abfb911 Next development version 2020-06-03 18:04:07 -04:00
Eleftheria Stein
37568780a1 Release 5.1.11.RELEASE 5.1.11.RELEASE 2020-06-03 17:48:40 -04:00
Josh Cummings
d80b1865a5
Polish setAllowedHostnames 
Added JavaDoc to method, including @since attribute

Issue gh-4310
 2020-06-03 08:54:06 -06:00
Eddú Meléndez
52c80c78e5
Add support for allowedHostnames in StrictHttpFirewall 
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
 2020-06-03 08:53:59 -06:00
Eleftheria Stein
ded83cc1b3 Update to jaxb-impl 2.3.3 
Fixes gh-8634
 2020-06-02 18:45:14 -04:00
Eleftheria Stein
7a1833c1df Update to okhttp 3.12.12 
Fixes gh-8635
 2020-06-02 18:45:14 -04:00
Eleftheria Stein
e6630ea0f1 Update to mockwebserver 3.12.12 
Fixes gh-8633
 2020-06-02 18:45:14 -04:00
Eleftheria Stein
2400e8fde2 Update to Spring Boot 2.1.14.RELEASE 
Fixes gh-8632
 2020-06-02 18:45:14 -04:00
justmehyp
f05d70a4a5 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.

Closes gh-8553
 2020-05-21 11:21:40 -05:00
Maksim Vinogradov
8bb4e72aff Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 10:08:56 -05:00
Rob Winch
f58a262eb4 Revert "Create the CSRF token on the bounded elactic scheduler" 
Reactor did not add bounded elastic until a later version.

This reverts commit c0154f2315a40e36b1c319b74c91a9953c9dfe34.
 2020-05-18 11:10:41 -05:00
cbornet
c0154f2315 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:07:08 -05:00
Artyom Tarynin
cea2b556d6 Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-14 10:36:30 -04:00
Dávid Kovács
faa02e8bc0 Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:56:22 -05:00
Rob Winch
d9f57492d4 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-12 13:21:22 -05:00
Eleftheria Stein
b007fdc333 Next development version 2020-05-06 16:27:44 -04:00
Eleftheria Stein
16c350a7bc Release 5.1.10.RELEASE 5.1.10.RELEASE 2020-05-06 15:55:12 -04:00
Eleftheria Stein
6d6a22eda1 Update to org.powermock 2.0.7 
Closes gh-8475
 2020-05-06 09:23:32 -04:00
Eleftheria Stein
1e957e96b9 Update to Spring Data Lovelace-SR17 
Closes gh-8474
 2020-05-06 09:22:47 -04:00
Eleftheria Stein
9986a33177 Update to Reactor Californium-SR18 
Closes gh-8473
 2020-05-06 09:21:59 -04:00