Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,224 Commits 34 Branches 337 Tags
Commit Graph

962 Commits

Author SHA1 Message Date
Josh Cummings
5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch
635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Filip Hrisafov
b9f122230b Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour 2019-10-23 14:50:57 -04:00
Michel Palourdio
d26f40f062 DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path. 2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo
62c7de03c3 Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter 
Moved the existing auth check logic to the matcher.

Issue: gh-5928
 2019-10-22 16:55:54 -04:00
Eleftheria Stein
264daec697 Test context relative URL with multiple schemes 2019-10-16 15:32:02 -04:00
Josh Cummings
b764af6b9b
CookieServerCsrfTokenRepositoryTests Leading Dot 
ResponseCookie removed support for having a leading dot in the cookie
domain.

Fixes gh-7500
 2019-09-30 08:39:45 -06:00
Josh Cummings
7949dd492a
Move DelegatingServerAuthenticationSuccessHandlerTests 
Moved from src/test/groovy to src/test/java

Issue gh-5332
 2019-09-27 16:57:43 -06:00
Josh Cummings
5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Rob Winch
00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan
034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Josh Cummings
7576dc44d7
AuthenticationFilter Session Fixation Protection 
Fixes gh-7446
 2019-09-17 08:17:09 -06:00
Josh Cummings
496a2cdc60
Make AuthenticationFilter methods private 
Fixes gh-7447
 2019-09-17 08:06:21 -06:00
Josh Cummings
aa12748c9b Add Request-level CSRF Skip 
Fixes gh-7367
 2019-09-13 19:04:05 +01:00
Eleftheria Stein
9f0986a093 Fix javadoc typo for invalid session strategy 2019-09-09 16:51:14 -04:00
Filip Hanik
08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp 
Add SAML Service Provider Support
 2019-09-05 17:04:14 -07:00
Filip Hanik
e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00
Rob Winch
2a1f3f6aa7 Remove Package Tangle in HeaderWriterFilter 
Fixes gh-7380
 2019-09-05 16:08:45 -05:00
Josh Cummings
39e84013f7
ClearSiteDataHeaderWriter Directives 
Fixes gh-7347
 2019-09-03 15:57:10 -06:00
Eleftheria Stein
ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00
Scott Murphy
26ae590c68 Check that userdetails for username exists. #7251 2019-09-03 11:48:46 -04:00
kostya05983
f6c650db47
Replace Streams with Loops 
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
 2019-09-02 15:30:48 -06:00
Lars Grefer
95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
watsta
2c2e8e5f24 Remove internal Optional usage in favor of null checks 
Issue gh-7155
 2019-08-26 09:27:40 -04:00
Lars Grefer
34dd5fea30 Remove redundant throws clauses 
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
 2019-08-23 01:03:54 +02:00
Daniel Wegener
1a233a58c7 Add OnCommittedResponseWrapper.setContentLengthLong 
Add setContentLengthLong tracking to OnCommittedResponseWrapper in
order to detect commits on servlets that use setContentLengthLong to
announce the entity size they are about to write (as used in the
Apache Tomcat's DefaultServlet).

Fixes gh-7261
 2019-08-19 21:14:41 -04:00
Eleftheria Stein
4bc231872f Expire as many sessions as exceed maximum allowed 
Fixes: gh-7166
 2019-08-15 09:48:42 -05:00
Josh Cummings
9735a718cc
Remove MultiTenantAuthenticationManagerResolver 
Fixes gh-7259
 2019-08-14 11:14:47 -06:00
Rob Winch
c1db1aad91
Cleanup Code Style Issues 
Cleanup Code Style Issues
 2019-08-12 13:06:49 -05:00
Lars Grefer
ec6ca97226 Fix tests 2019-08-11 21:09:10 +02:00
Lars Grefer
ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer
38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00
Lars Grefer
7b2a7847e5 Java 8: Single Map method can be used 2019-08-09 16:59:07 -05:00
Lars Grefer
25c06be1eb Java 7: Identical 'catch' branches in 'try' statement 2019-08-09 16:59:07 -05:00
Lars Grefer
578d628774 'Collection.toArray()' call style 2019-08-09 16:57:31 -05:00
Lars Grefer
b388976ac8 fix checkstyle 2019-08-09 02:46:20 +02:00
Lars Grefer
35bdf1f009 Unnecessary semicolon 2019-08-09 00:43:13 +02:00
Lars Grefer
d9c1f03b84 Unnecessary interface modifier 2019-08-09 00:42:35 +02:00
Lars Grefer
40bee457f9 Unnecessary enum modifier 2019-08-09 00:42:07 +02:00
Lars Grefer
8d0ca14e55 Unnecessary conversion to String 2019-08-09 00:41:46 +02:00
Lars Grefer
fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer
05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Lars Grefer
2056834432 Cleanup unnecessary unboxing 
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
 2019-08-06 10:17:38 -04:00
Lars Grefer
2306d987e9 Cleanup unnecessary boxing 2019-08-06 10:17:38 -04:00
Filip Hanik
2055466ad7 Add Javadoc 2019-08-05 19:43:00 -04:00
Filip Hanik
ddf68821cb Add RequestMatcher.matcher(HttpServletRequest) 
Step 3 - Usage of RequestVariablesExtractor or types that are assigned
to AntPathRequestMatcher should be replaced with the new method.

[closes #7148]
 2019-08-05 19:43:00 -04:00
Eddú Meléndez
496579dde2 Add match result for servlet requests 
Fixes gh-7148
 2019-08-05 19:43:00 -04:00
Josh Cummings
774a2e669c
Polish setAllowedHostnames 
Added JavaDoc to method, including @since attribute

Issue gh-4310
 2019-08-03 19:19:44 -06:00
Eddú Meléndez
f712c5598c Add support for allowedHostnames in StrictHttpFirewall 
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
 2019-08-03 21:16:45 -04:00
Khy
a5cfd9fdb9 Downgrade AuthenticationFilter modifier 
Fixes gh-7177
 2019-08-03 21:14:33 -04:00