Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,783 Commits 32 Branches 334 Tags 113 MiB
Commit Graph

203 Commits

Author SHA1 Message Date
Josh Cummings 39f4fcd5f2
Add AuthenticationEntryPointFailureHandler Preparation Steps 
Issue gh-9429
 2022-10-31 16:33:25 -06:00
Josh Cummings ac7f726a24
Add RunAsManager Preparation Steps 
Closes gh-11337
 2022-10-31 15:46:19 -06:00
Josh Cummings c5badbc631
Add AccessDecisionManager Preparation Steps 
Issue gh-11337
 2022-10-31 15:25:05 -06:00
Josh Cummings 86c9d5cfbe
Remove Stray Horizontal Rules 
Issue gh-11337
 2022-10-31 15:24:59 -06:00
Rob Winch 4112adf6a0 Document Configure Default CsrfTOken BREACH Protection 
Closes gh-12107
 2022-10-28 15:57:25 -05:00
Rob Winch 96d7c78b67 Polish Document Defer load CsrfToken 
Issue gh-12105
 2022-10-28 15:51:28 -05:00
Rob Winch d860775b45 Document Defer load CsrfToken 
Closes gh-12105
 2022-10-28 15:41:25 -05:00
Josh Cummings 4938c394e4
Move Opt-out Steps 
Closes gh-12104
 2022-10-28 13:52:02 -06:00
Josh Cummings 8da916fa1c
Add Request Security Preparation Steps 
Issue gh-11337
 2022-10-28 11:48:21 -06:00
Josh Cummings e900ca3a86
Polish Method Security Preparation Steps 
- Add instruction to declare 5.8 defaults

Issue gh-11337
 2022-10-28 09:46:48 -06:00
Josh Cummings b4974bbce9
Polish Message Security Preparation Steps 
- Added step to declare the 5.8 default in case later preparation steps
cannot be taken yet

Issue gh-11337
 2022-10-28 09:26:04 -06:00
Josh Cummings 31a1486b88
Add Message Security Preparation Steps 
Issue gh-11337
 2022-10-27 20:08:13 -06:00
Rob Winch aac1261f0c Document Migration to SecurityContextHolderFilter 
Closes gh-12098
 2022-10-27 15:12:45 -05:00
Josh Cummings 1dd13e69a4
Standardize Preparation Guide Layout 
Closes gh-12096
 2022-10-27 10:34:20 -06:00
Josh Cummings 2a95a24390
Add Link to 6.0 Migration Guide 
Issue gh-12093
 2022-10-26 16:15:36 -06:00
Rob Winch 24cc7ff178 Document Saved Requests Migration 
Closes gh-12089
 2022-10-26 14:24:00 -05:00
Rob Winch c17e258a6f Document Saved Requests 
Closes gh-12088
 2022-10-26 14:22:30 -05:00
Josh Cummings f6731e89db
Polish Method Security Preparation Steps 2022-10-26 12:37:54 -06:00
Josh Cummings 04fa5af794
Add Missing Doc Header 
The EnableMethodSecurity section
 2022-10-25 14:41:11 -06:00
Josh Cummings e505bc3af4
Add Method Security Preparation Steps 2022-10-25 14:41:10 -06:00
Steve Riesenberg 5a55987d6e
Add links to reference in What's New for 5.8 
Issue gh-4001
Issue gh-11959
 2022-10-13 12:52:01 -05:00
Josh Cummings 59c4538798
Update What's New 
Closes gh-12021
 2022-10-13 10:13:20 -06:00
Joe Grandja ffbcaca24a Update reference for PasswordEncoders 
Issue gh-10506
 2022-10-12 07:32:30 -04:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Steve Riesenberg f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Marcus Da Coregio f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Steve Riesenberg dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg c1fcf275d9
Update What's New for 5.8 
Issue gh-11952
 2022-10-05 13:48:18 -05:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux 0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio 039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg 46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Marcus Da Coregio 983ca6ea27 Update What's New for 5.8 2022-09-20 08:33:38 -03:00
Steve Riesenberg 8f44f74d44
Update What's New for 5.8 2022-09-14 15:13:41 -05:00
Steve Riesenberg 70eea8dc67
Update What's New for 5.8 2022-09-14 14:58:48 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Rob Winch 5ae492b1c1 Add What's New @WithMockUser Supported as Merged Annotation 2022-09-08 09:49:00 -05:00
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing 
Issue gh-4001
Issue gh-11456
 2022-09-06 11:43:33 -05:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements 
Issue gh-9401
 2022-08-25 14:36:03 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support 
Closes gh-10920
 2022-08-25 14:36:02 -06:00
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option 
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
 2022-08-18 17:00:47 -05:00