Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,958 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1167 Commits

Author SHA1 Message Date
Marcus Da Coregio 750dcafbd2 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:21:26 -03:00
Marcus Da Coregio d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio 51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Eleftheria Stein c68a75bcde Correct imports to jakarta 
Issue gh-9385, gh-10118
 2021-12-08 11:43:13 +01:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Steve Riesenberg aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg 5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg 41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Josh Cummings 7e55c84cfc Add Missing Since 
Issue gh-10482
 2021-11-30 15:15:35 -07:00
Igor Pelesic 72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Steve Riesenberg 898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg 9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Rob Winch bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio caad3d57e2 Improve log message when no CSRF token found 
Closes gh-10436
 2021-10-29 14:06:17 -03:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Marcus Da Coregio faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Josh Cummings 7b98c2ea95 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-12 13:32:29 -06:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Eleftheria Stein 7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc 84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Hiroshi Shirosaki 6f3e346b76 Add SecurityContextHolder#addListener 
Closes gh-10032
 2021-08-11 17:12:13 -06:00
Josh Cummings b8d51725c7 Immutable SecurityContext 
Issue gh-10032
 2021-08-11 17:12:13 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch f800d2c993 Add hamcrest dependency 2021-07-09 15:57:21 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Alexey Markevich 3219fd554d DigestAuthenticationFilter decodes nonce only once 
Closes gh-8455
 2021-06-18 15:25:00 -04:00
Steve Riesenberg 3bb8e1d200 Remove redundant translations in spring-security-web 2021-06-15 09:18:13 -05:00
Ruben Suarez Alvarez 7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
Josh Cummings ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki 0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio 2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Craig Andrews 0e6d47b082 Add guard around debug logging involving string concatenation 2021-05-26 09:11:38 -05:00