Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-30 03:50:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,900 Commits 54 Branches 369 Tags
Commit Graph

1154 Commits

Author SHA1 Message Date
Josh Cummings
4cdc6dab21
Fix Formatting 
Issue gh-16604
 2025-04-03 12:55:51 -06:00
Vasanth
04d7130975
Update WebAuthn Test Objects Class Names 
Renamed the WebAuthn test object class names

Closes gh-16604

Signed-off-by: Vasanth <76898064+vasanth-79@users.noreply.github.com>
 2025-04-03 12:55:50 -06:00
Josh Cummings
b7d399ab89
Merge branch '6.4.x' 2025-04-01 12:02:53 -06:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Max Batischev
9a897d0b62 Add Support Postgres To JdbcUserCredentialRepository 
Closes gh-16832

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-31 16:43:36 -06:00
wtigerhyunsu
bdbf6a2be3 Add toString() to IpAddressMatcher.java 
Closes gh-16795

Signed-off-by: wtigerhyunsu <jack951@naver.com>
 2025-03-27 16:38:53 -06:00
Josh Cummings
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Josh Cummings
1eec51ab6c
Polish SwitchUserFilterTests 
Ensure that the appropriate HTTP Method is specified in tests

Issue gh-16417
 2025-03-26 16:38:38 -06:00
Josh Cummings
de07b1108f
Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00
Josh Cummings
50ad378a29
Polish MockHttpServletRequest Usage 
This commit makes so that the requestURI is set to a value that makes
sense with the other properties being mocked.

Issue gh-16632
 2025-03-26 13:27:17 -06:00
Rob Winch
491d28b6bb
Merge branch '6.4.x' 
- Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity

Closes gh-16821
 2025-03-25 16:19:14 -05:00
Rob Winch
a6b5c05da9
Additional WebAuthn4jRelyingPartyOperationTests 
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
9c054474a8
Use Test Name Conventions 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Borghi
e3a715b8f5 Fix issues identified in PR review 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:00:27 -03:00
Josh Cummings
56e757a2a1 Provide Authentication to AuthenticationExceptions 
Issue gh-16444
 2025-03-21 21:54:32 -06:00
Josh Cummings
464e506429 Polish ExceptionTranslateWebFilter 
- Isolated exception construction
- Isolated entry point subscription

Issue gh-16444
 2025-03-21 21:54:32 -06:00
Josh Cummings
bfc12d55eb
Polish Tests 
Issue gh-16771
 2025-03-21 14:43:05 -06:00
Josh Cummings
3d96878d43
Cache RequestPath 
In this way PathPatternRequestMatcher won't need to reparse for each
request matcher.

Issue gh-16771
 2025-03-21 14:43:05 -06:00
Josh Cummings
86599afd43
Rename servletPath to basePath 
Closes gh-16765
 2025-03-21 12:04:46 -06:00
Josh Cummings
c53bf2befe
PathPatternRequestParser Retains Servlet Path 
Issue gh-16765
 2025-03-21 12:04:45 -06:00
Josh Cummings
861a9a914e
OneTimeToken Missing Token Propagates Request 
Closes gh-16780
 2025-03-20 17:23:06 -06:00
Daeho Kwon
24b7287d55 Replace dynamic error message with static "Access Denied" 
Closes gh-16514

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-03-20 15:20:54 -05:00
Steve Riesenberg
0938ca01a4
Add support for automatic context-propagation with Micrometer 
Closes gh-16665
 2025-03-13 15:29:08 -05:00
Max Batischev
c7673e8f2f Polish AbstractAuthenticationTargetUrlRequestHandler 
PR gh-16557

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 14:03:13 -07:00
Max Batischev
47630ca354 Fix JdbcUserCredentialRepository Save 
Closes gh-16620

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 13:57:41 -07:00
Max Batischev
58a665e5aa Add Support SingleResultAuthorizationManager 
Closes gh-16590

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-07 13:46:23 -07:00
Josh Cummings
2d96fba5cf
Add HttpsRedirectFilter 
Closes gh-16678
 2025-02-28 09:30:53 -07:00
Josh Cummings
e569c7a39e
Fix Tests 
Issue gh-16517
 2025-02-27 14:07:49 -07:00
topiam
85f0f3f34a
Support Custom RequestMatchers for WebAuthn 
Closes gh-16517

Signed-off-by: topiam <support@topiam.cn>
 2025-02-27 14:07:49 -07:00
Rob Winch
9417f02790
Deprecate PortResolver 
Closes gh-15972
 2025-02-26 16:13:10 -06:00
Josh Cummings
588220a020
Add PathPatterRequestMatcher 
Closes gh-16429
Clsoes gh-16430
 2025-02-21 13:40:23 -07:00
Steve Riesenberg
7fc5d50adf Polish gh-16551 2025-02-19 13:53:30 -06:00
Max Batischev
0ccbd20f0a Add Support ServerFormPostRedirectStrategy 
Closes gh-16542

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-19 13:53:30 -06:00
Borghi
0bc9313fdd Fix bug PublicKeyCredentialUserEntityRepository saves anonymousUser 
Issue gh-16385

Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-02-16 22:50:34 -03:00
tejas-teju
c4b223266c Return Invalid Credentials message on login error 
Closes gh-16484

Signed-off-by: tejas-teju <tejas8196@gmail.com>
 2025-02-14 16:01:22 -07:00
Josh Cummings
e42865b926
Merge branch '6.4.x' 2025-02-14 13:08:17 -07:00
Max Batischev
b5a4218a0b Make WebAuthnAuthenticationRequestToken Serializable 
Closes gh-16481

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-14 11:51:46 -07:00
Daniel Garnier-Moiroux
5ee6b83953 Introduce OneTimeTokenAuthenticationFilter 
closes gh-16539

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
Max Batischev
be81377235 Add Support ServerGenerateOneTimeTokenRequestResolver 
Closes gh-16488

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Steve Riesenberg
54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews
58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Steve Riesenberg
b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02
1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Max Batischev
fd267dfb71 Add Support JdbcPublicKeyCredentialUserEntityRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00