Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,261 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

1223 Commits

Author SHA1 Message Date
Rob Winch 472c25b5e8 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch 0df5ece758 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Josh Cummings 0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Rob Winch f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio 000b87f9aa Revert "Use Spring Framework version 6.0.0-M3" 
This reverts commit b803e845e7.
 2022-05-11 08:36:14 -03:00
Marcus Da Coregio 806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio b803e845e7 Use Spring Framework version 6.0.0-M3 
Closes gh-11193
 2022-05-10 14:49:02 -03:00
Marcus Da Coregio 195d767d98 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:43:34 -03:00
David Herberth 0e2fc51bad Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:43:34 -03:00
Rob Winch 3c259b4be5 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:08:51 -05:00
Rob Winch 1ef738ba34 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:15:22 -05:00
Rob Winch 9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Marcus Da Coregio 5367524030 Change the default of shouldFilterAllDispatchTypes to true 
Closes gh-11107
 2022-04-14 16:30:42 -03:00
Marcus Da Coregio 84b5c76a7b Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 16:10:36 -03:00
Rob Winch 0c2b9758fc Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:35:38 -05:00
Marcus Da Coregio 50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Marcus Da Coregio bc50146f60 Fix tests in AntPathRequestMatcherTests 
Closes gh-11090
 2022-04-11 09:19:56 -03:00
Rob Winch 7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Eleftheria Stein c4e88415a5 Remove MessageSourceAware from ExceptionTranslationWebFilter 
Closes gh-11057
 2022-04-05 16:13:41 +02:00
Eleftheria Stein ae8e77f9ff Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 14:05:56 +02:00
Josh Cummings 1edfa07d27
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:40:06 -06:00
Josh Cummings bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Parikshit Dutta 990831db85
Add authorization events 
Closes gh-9288
 2022-03-29 16:22:43 -06:00
Marcus Da Coregio 8c34af711e Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:01:51 -03:00
Rob Winch e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Rob Winch 1e3106f3a2 HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:03:33 -05:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Steve Riesenberg 946e24e1c2
Polish gh-10911 2022-03-17 12:34:16 -05:00
David Kirstein 2b6bc5dd0b
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:34:16 -05:00
ShinDongHun1 90fe1b3a69 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:41:03 +01:00
Rob Winch 972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Rob Winch cbba7ea4de AbstractAuthenticationProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-12 13:23:47 -06:00
Norbert Nowak abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Rob Winch 4462b73fd9 AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch ba7fb0cb14 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 09e730734b BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch d909d3bc40 RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 7c5b939bbd AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Marcus Da Coregio 8c94c2e15a AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:14 -03:00
Rob Winch 2abeff2089 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:21:51 -06:00
Rob Winch bab5d252a2 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-08 15:00:22 -06:00
Josh Cummings 20d21f8eeb Invert Log Messages 
Closes gh-10909
 2022-02-28 13:16:06 -07:00
Josh Cummings a99a04f050 Update JavaDoc 
Issue gh-10564
 2022-02-15 12:51:09 -07:00
Yuriy Savchenko d6cbacb27a Make WebAuthenticationDetails constructor public 
Closes gh-10564
 2022-02-15 12:50:48 -07:00
Josh Cummings 84616543a3 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:58:20 -07:00
Manuel Jordan 6ae651bd67 Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:58:20 -07:00
Rob Winch 6f0029fc44 Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-02 17:04:44 -06:00
Marcus Da Coregio 0048805c2a RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 10:17:40 -03:00
Josh Cummings 08821369a3 Add Request-based AuthenticationManagerResolvers 
Closes gh-6762
 2022-01-26 09:21:07 -07:00