Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,052 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

946 Commits

Author SHA1 Message Date
Eleftheria Stein 9f0986a093 Fix javadoc typo for invalid session strategy 2019-09-09 16:51:14 -04:00
Filip Hanik 08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp 
Add SAML Service Provider Support
 2019-09-05 17:04:14 -07:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00
Rob Winch 2a1f3f6aa7 Remove Package Tangle in HeaderWriterFilter 
Fixes gh-7380
 2019-09-05 16:08:45 -05:00
Josh Cummings 39e84013f7
ClearSiteDataHeaderWriter Directives 
Fixes gh-7347
 2019-09-03 15:57:10 -06:00
Eleftheria Stein ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00
Scott Murphy 26ae590c68 Check that userdetails for username exists. #7251 2019-09-03 11:48:46 -04:00
kostya05983 f6c650db47
Replace Streams with Loops 
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
 2019-09-02 15:30:48 -06:00
watsta 2c2e8e5f24 Remove internal Optional usage in favor of null checks 
Issue gh-7155
 2019-08-26 09:27:40 -04:00
Daniel Wegener 1a233a58c7 Add OnCommittedResponseWrapper.setContentLengthLong 
Add setContentLengthLong tracking to OnCommittedResponseWrapper in
order to detect commits on servlets that use setContentLengthLong to
announce the entity size they are about to write (as used in the
Apache Tomcat's DefaultServlet).

Fixes gh-7261
 2019-08-19 21:14:41 -04:00
Eleftheria Stein 4bc231872f Expire as many sessions as exceed maximum allowed 
Fixes: gh-7166
 2019-08-15 09:48:42 -05:00
Josh Cummings 9735a718cc
Remove MultiTenantAuthenticationManagerResolver 
Fixes gh-7259
 2019-08-14 11:14:47 -06:00
Rob Winch c1db1aad91
Cleanup Code Style Issues 
Cleanup Code Style Issues
 2019-08-12 13:06:49 -05:00
Lars Grefer ec6ca97226 Fix tests 2019-08-11 21:09:10 +02:00
Lars Grefer ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer 38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00
Lars Grefer 7b2a7847e5 Java 8: Single Map method can be used 2019-08-09 16:59:07 -05:00
Lars Grefer 25c06be1eb Java 7: Identical 'catch' branches in 'try' statement 2019-08-09 16:59:07 -05:00
Lars Grefer 578d628774 'Collection.toArray()' call style 2019-08-09 16:57:31 -05:00
Lars Grefer b388976ac8 fix checkstyle 2019-08-09 02:46:20 +02:00
Lars Grefer 35bdf1f009 Unnecessary semicolon 2019-08-09 00:43:13 +02:00
Lars Grefer d9c1f03b84 Unnecessary interface modifier 2019-08-09 00:42:35 +02:00
Lars Grefer 40bee457f9 Unnecessary enum modifier 2019-08-09 00:42:07 +02:00
Lars Grefer 8d0ca14e55 Unnecessary conversion to String 2019-08-09 00:41:46 +02:00
Lars Grefer fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer 05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Lars Grefer 2056834432 Cleanup unnecessary unboxing 
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
 2019-08-06 10:17:38 -04:00
Lars Grefer 2306d987e9 Cleanup unnecessary boxing 2019-08-06 10:17:38 -04:00
Filip Hanik 2055466ad7 Add Javadoc 2019-08-05 19:43:00 -04:00
Filip Hanik ddf68821cb Add RequestMatcher.matcher(HttpServletRequest) 
Step 3 - Usage of RequestVariablesExtractor or types that are assigned
to AntPathRequestMatcher should be replaced with the new method.

[closes #7148]
 2019-08-05 19:43:00 -04:00
Eddú Meléndez 496579dde2 Add match result for servlet requests 
Fixes gh-7148
 2019-08-05 19:43:00 -04:00
Josh Cummings 774a2e669c
Polish setAllowedHostnames 
Added JavaDoc to method, including @since attribute

Issue gh-4310
 2019-08-03 19:19:44 -06:00
Eddú Meléndez f712c5598c Add support for allowedHostnames in StrictHttpFirewall 
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
 2019-08-03 21:16:45 -04:00
Khy a5cfd9fdb9 Downgrade AuthenticationFilter modifier 
Fixes gh-7177
 2019-08-03 21:14:33 -04:00
Lars Grefer 776a4c3760 Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers 2019-08-03 12:28:37 -04:00
Rob Winch ad2f999c25 Polish BasicAuthenticationConverter 
This reverts to the old behavior from BasicAuthenticationFilter.
Specifically, if a token has an empty password, it still parses a username
and an empty String password.

Issue gh-7025
 2019-08-02 09:04:55 -05:00
Josh Cummings d157125c8e
Polish AuthenticationFilter 
Updated member variable references to be prefixed with "this.".
Fixed typo in authentication manager resolver error message.

Issue: gh-6506
 2019-08-01 16:26:54 -06:00
Eddú Meléndez 50adb6abcb Fix javadoc 2019-07-31 15:36:30 -04:00
Eleftheria Stein 0b4502b2c5 Remove exceptions from lambda security configuration 
Fixes: gh-7128
 2019-07-30 08:31:37 -05:00
Eleftheria Stein b55322b2cb Make basic authentication scheme case-insensitive 
Fixes: gh-7163
 2019-07-29 16:30:03 -04:00
sbespalov f1187bdfc2 issue/6506: AuthenticationConverter implementation 2019-07-23 17:31:21 -05:00
Clement Ng ab6440db10 Throws exception when passed IP address with too long mask 
Fixes gh-2790
 2019-07-19 06:25:58 -04:00
Rob Winch ea54d9014d
DSL nested builder for HTTP security 
DSL nested builder for HTTP security

Fixes gh-5557
 2019-07-12 16:09:19 -05:00
Lars Grefer 3ea9d376b2 Cleanup explicit type arguments 2019-07-10 09:32:41 -05:00
Lars Grefer c5b5cc507c Cleanup redundant type casts 2019-07-10 09:31:09 -05:00
Eleftheria Stein 758397f102 Allow configuration of headers through nested builder 
Issue: gh-5557
 2019-07-09 15:35:37 -04:00
Lars Grefer 43737a56bd Use foreach where possible 2019-07-09 06:11:45 -06:00
Bruno Studer 8016a193b9
Optimize IpAddressMatcher 
Get rid of byte array allocation in matcher and small optimizations
 2019-07-03 23:27:12 -06:00
Lars Grefer 4b0fb19fff Use MessageDigest.isEqual() where possible 
fixes #7058
 2019-07-03 05:40:20 -06:00
Lars Grefer 400e0c83b0 Add missing nullability annotation 2019-06-27 14:54:14 -05:00