Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,783 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

209 Commits

Author SHA1 Message Date
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option 
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
 2022-08-18 17:00:47 -05:00
jujunChen 13feb87171
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:51:36 -06:00
jujunChen d93bde7465
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:51:06 -06:00
jujunChen e3d85881e9
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:48:14 -06:00
Rob Winch 5b64526ba9 Add CsrfFilter.csrfRequestAttributeName 
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.

This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.

Issue gh-11699
 2022-08-15 17:07:02 -05:00
Igor Bolic efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Desmond Silveira 0d3c3c676d
"Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
Desmond Silveira 06aa3362dd
"Well-Know" should be "Well-Known" 2022-07-26 15:44:41 -05:00
Desmond Silveira 2a336d4f49 "Well-Know" should be "Well-Known" 2022-07-26 15:41:05 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 14:04:16 -03:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:56:41 -03:00
Yuriy Savchenko 5322352427 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:49:21 -03:00
Marcus Da Coregio f45c4d4b8e Add SHA256 as an algorithm option for Remember Me token hashing 
Closes gh-8549
 2022-07-15 10:41:03 -03:00
Marcus Da Coregio 57d6ab7134 Improve docs on dispatcherTypeMatcher 
Closes gh-11467
 2022-07-14 09:13:46 -03:00
Josh Cummings 624fdfa731
Add AuthorizationManager for protect-pointcut 
Closes gh-11323
 2022-07-13 17:58:16 -06:00
Tim te Beek ce67fb08fd
Clearly end sentence in note before next sentence 2022-07-11 17:38:44 -06:00
Tim te Beek 6e63278ab9
Use Collection<ConfigAttribute> in examples 
To match `org.springframework.security.access.ConfigAttribute`.
 2022-07-11 17:38:44 -06:00
Josh Cummings 74a007dc91
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 12:54:05 -06:00
Josh Cummings 74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 15:55:28 -06:00
Josh Cummings 9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:05:07 -06:00
Josh Cummings 2a70707c35 Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00
sKai.fun a3e996a66b Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 17:33:41 -05:00
sKai.fun 953b54f63d Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 15:15:03 -05:00
André Luis Gomes aca3fc2412 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:51:44 -03:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
André Luis Gomes 24701b547f Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:49:47 -03:00
Josh Cummings 9dbd1f3e25
Use AuthorizationManager in <http> 
Closes gh-11305
 2022-05-31 15:10:00 -06:00
Josh Cummings d7077b441a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 15:00:15 -06:00
Josh Cummings 292585080a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:59:06 -06:00
Josh Cummings 0abc54c7de
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:52:20 -06:00
Josh Cummings 101f11ba94
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 13:12:56 -06:00
Josh Cummings 18b903f6e3
Polish ExtendWith Docs 
Use spring-framework-reference-url placeholder

Issue gh-10934
 2022-05-27 13:12:56 -06:00
nor-ek 038266a94f
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 13:12:55 -06:00
Josh Cummings 8690accd57
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 12:57:57 -06:00
Josh Cummings e3c15260e7
Polish ExtendWith Docs 
Use spring-framework-reference-url placeholder

Issue gh-10934
 2022-05-27 12:57:57 -06:00
nor-ek 9625382b22
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:57:56 -06:00
Josh Cummings dda026b5fc
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 12:57:02 -06:00
Josh Cummings 2363dbb4e4
Polish ExtendWith Docs 
Use spring-framework-reference-url placeholder

Issue gh-10934
 2022-05-27 12:56:57 -06:00
nor-ek 23cc1eb32b
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:56:51 -06:00
Josh Cummings 8a03d1fcec Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-05-27 12:20:48 -06:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Marcus Da Coregio 86c3ce7efc Update What's New 2022-04-13 11:24:36 -03:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Pascal Verdage b71d9bfdc2 Fix typo 2022-04-06 11:09:41 +02:00
Johannes Graf 4ee5800ec9
use okta as registration id 
looks like `ping` is some registration id used in the past.

Closes gh-11034
 2022-03-30 14:41:03 -06:00
Johannes Graf d4931ecf2b
use okta as registration id 
looks like `ping` is some registration id used in the past.
 2022-03-30 14:40:25 -06:00
Josh Cummings 04c483387e
Document Authorization Events 
Issue gh-9288
 2022-03-29 16:03:20 -06:00
Eleftheria Stein d4d6ddbaae Fix formatting in reference docs 2022-03-24 15:13:50 +01:00
Steve Riesenberg 28dd7dabfb
Update What's New for 5.7 2022-03-17 12:56:17 -05:00
Steve Riesenberg c38c722473
Update What's New for 5.7 2022-03-17 09:56:45 -05:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Joe Grandja 4a8219d16c Update whats-new.adoc with gh-9812 2022-03-17 04:41:33 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Rob Winch fabeabd2db Fix docs SecurityContextHolder Diagram 
Issue gh-9635
 2022-03-12 13:44:45 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch 6e45a376cd Remove "Hi ... there" From Docs 
Close gh-10963
 2022-03-11 13:42:38 -06:00
Rob Winch e4f1826622 Remove "Hi ... there" From Docs 
Close gh-10963
 2022-03-11 13:41:19 -06:00
Rob Winch b71b2f81e1 Add Persistence to documentation 
Closes gh-10962
 2022-03-11 13:41:19 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Lijamaija bc2bb8cb96 Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket 
Closes gh-10932
 2022-03-09 16:18:09 +01:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Talerngpong Virojwutikul 440ffce2eb Update PasswordEncoder declaration 
Closes gh-10910
 2022-03-01 07:50:55 -07:00
Talerngpong Virojwutikul ff15bec02d update PasswordEncoder declaration 2022-03-01 07:48:31 -07:00
Talerngpong Virojwutikul 45a88fc391 add Kotlin examples for Spring Data Integration of servlet application 2022-02-18 08:49:27 -03:00
Talerngpong Virojwutikul 8a56e4f35e add Kotlin examples for Spring Data Integration of servlet application 2022-02-18 08:46:20 -03:00
Eleftheria Stein c6b185465d Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant 
Closes gh-10837
 2022-02-15 11:24:23 +01:00
Yuriy Savchenko 77ba94e1db Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 11:07:42 +01:00
Talerngpong Virojwutikul 015036741b Add Kotlin example for logout configuration of reactive authentication 
Closes gh-10819
 2022-02-11 13:16:47 +01:00
Eleftheria Stein 4492e5b667 Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs 
Closes gh-10003
 2022-02-08 16:12:10 +01:00
giger85 27ecae2545 Fix typo in role hierarchy docs 
Closes gh-10804
 2022-02-04 16:31:19 +01:00
Eleftheria Stein 7c9de7d0ff Use lambda DSL in logout header docs 2022-02-04 16:26:18 +01:00
Rob Winch ac990afa5d Document Authorize HTTP Requests for Reactive Security 
Closes gh-10801
 2022-02-03 13:47:35 -06:00
Rob Winch c1dfe407bc Document Authorize HTTP Requests for Reactive Security 
Closes gh-10801
 2022-02-03 13:46:27 -06:00
Ken Dombeck 55cccbf727 Fix broken link to SAML2 login example 2022-02-03 10:20:45 -06:00
Ken Dombeck e5def290a1 Fix broken link to SAML2 login example 2022-02-03 10:10:04 -06:00
Eleftheria Stein a095ea75a2 Fix typo in getting started docs 
Closes gh-10736
 2022-02-02 10:52:54 +01:00
Eleftheria Stein f465403a99 Fix typo in getting started docs 
Closes gh-10736
 2022-02-02 10:30:43 +01:00
Eleftheria Stein e280061538 Polish LDAP reference docs 
Issue gh-10789
 2022-01-28 17:04:39 +01:00
Eleftheria Stein d5824521e8 Use LDAP AuthenticationManager factory in reference docs 
Closes gh-10789
 2022-01-28 17:03:56 +01:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Josh Cummings 20c252982e Remove SAML 2.0 Logout Default 
Closes gh-10607
 2022-01-14 15:29:50 -07:00
Joe Grandja 214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Josh Cummings 6b54afe9a3 Remove SAML 2.0 Logout Default 
Closes gh-10607
 2022-01-03 12:54:22 -07:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Steve Riesenberg 32ec8c3ae4 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-07 13:58:24 +01:00
Steve Riesenberg 7ec3b55ab3 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-07 13:48:11 +01:00
Henning Poettker f1ca42e501 Fix return type for NoOpPasswordEncoder bean in documentation 2021-11-23 14:14:05 -03:00
Henning Poettker bb99d7d95a Fix return type for NoOpPasswordEncoder bean in documentation 2021-11-23 14:13:12 -03:00
Josh Cummings 16a21264d0 Polish AuthRequestConverter Sample Doc 
Issue gh-10364
 2021-11-18 13:36:31 -07:00
Josh Cummings 739cdc1a4c Polish AuthRequestConverter Sample Doc 
Issue gh-10364
 2021-11-18 13:36:10 -07:00
Norbert Nowak 1c0f092176 Fix AuthnRequestConverter Sample Typos 
Closes gh-10364
 2021-11-18 13:26:53 -07:00
Norbert Nowak 02cd1dd3c4 Fix AuthnRequestConverter Sample Typos 
Closes gh-10364
 2021-11-18 13:26:25 -07:00
Jeff Maxwell 32d79f3f4e Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:42 -07:00
Jeff Maxwell b7cc667d21 Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:27 -07:00
Jeff Maxwell 088a24cf59 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:18:42 -07:00
Jeff Maxwell 3fb1565cc0 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:17:37 -07:00