Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.
Closes gh-9742
# Conflicts:
# ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
# ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.
Closes gh-9742
# Conflicts:
# ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
# ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.
Closes gh-9741
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.
Closes gh-5145
Intentionally regresses gh-5110
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
Steve Riesenberg
Eleftheria Stein
Josh Cummings
Hans Hosea Schaefer
Marcus Hert da Coregio
Rob Winch
Craig Andrews
kevin
Joe Grandja
Denis Washington
佚名