Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-14 17:34:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,943 Commits 49 Branches 373 Tags
Commit Graph

792 Commits

Author SHA1 Message Date
Spring Operator
6cf279f52e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2118 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 1 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 20:23:37 -05:00
Rob Winch
f8ee28ea9f Save query parameters in WebSessionServerRequestCache 
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.

Fixes: gh-6421
 2019-01-15 13:53:29 -06:00
Slava Semushin
99019c80a7 LazyCsrfTokenRepository: fix a typo in javadoc. 2019-01-07 13:38:15 -06:00
lmagyar
d8f039b32b SecurityContextCallableProcessingInterceptor thread visibility fix 
Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile.

Fixes gh-6143
 2018-12-03 15:47:31 -06:00
Josh Cummings
82083d9112
Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 13:04:03 -06:00
Rob Winch
566fb939ca Fix SwitchUserFilter matchers 
Fixes: gh-4249
 2018-09-14 10:04:46 -05:00
Rob Winch
5b26158f4d AntPathRequestMatcher supports UrlPathHelper 
Fixes: gh-5846
 2018-09-14 10:04:46 -05:00
Rob Winch
8170e47ff2
Fix OptimizeAntPathRequestMatcher 
Previously the logic for determining if the pathInfo should be appended
was inverted.

This correctly concatenates url + pathInfo if url is a non empty String.

Fixes: gh-5473
 2018-09-07 11:51:50 -06:00
Christoph Dreis
c408fb7edf
Optimize AntPathRequestMatcher.getRequestPath() 2018-09-07 11:51:29 -06:00
Josh Cummings
4ff0fdfff9
Polish Commit on Reactive Http Basic Test 2018-09-07 11:39:54 -06:00
Tim Koopman
47b82ccd83
Reactive HttpBasic Support For Coloned Passwords 
This makes so that reactive httpBasic supports passwords containing
one or more colons.
 2018-09-07 11:39:41 -06:00
Rob Winch
4b407189c2 ServerHttpBasicAuthenticationConverter Validates Scheme Name 
Fixes: gh-5615
 2018-07-31 09:12:39 -05:00
Rob Winch
96c944c4fc BasicAuthenticationFilter case insenstive 
Fixes: gh-5616
 2018-07-31 09:11:54 -05:00
Rob Winch
ecaa2c5b1c Cache Control disabled for 304 
Fixes: gh-5534
 2018-07-17 22:13:52 -05:00
Joe Grandja
e04b29426b DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations 
Fixes gh-5394
 2018-05-29 09:53:31 -04:00
Alexander Münch
c30e218f1f Avoid unnecessary grow of ArrayList 
Adapted ArrayList size in CacheControlHeadersWriter::createHeaders()

Fixes: gh-5310
 2018-05-04 14:43:17 -05:00
XYUU
70d284865f DefaultLoginPageGeneratingFilter should calculate ContentLength using UTF-8 
Fixes: gh-5309
 2018-05-04 14:43:17 -05:00
Rob Winch
32f5fb5eb2 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:50:02 -05:00
Rob Winch
5b751baf61 Fixes: gh-5190 2018-04-16 17:52:55 -05:00
Rob Winch
151b545ed0 Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:31 -05:00
Rob Winch
6729c39905 Fix JDK 9 
Issue: gh-5160
 2018-03-28 15:00:41 -05:00
Rob Winch
bfada59a1e CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-5140
 2018-03-19 16:50:48 -05:00
Rob Winch
8f8deac0f4 Fix StrictHttpFirewall rules 
Fixes: gh-5092
 2018-03-08 21:29:31 -06:00
Rob Winch
4d410b0b61 Polish Javadoc HttpStatusServerAccessDeniedHandler 2018-03-07 12:34:15 -06:00
Rob Winch
24a4fbfe56 HttpStatusServerAccessDeniedHandler use injected HttpStatus 
Fixes: gh-5078
 2018-03-07 12:28:45 -06:00
Rob Winch
8d75554b6b Lazily Create Throwables 
Fixes: gh-5040
 2018-02-26 16:24:40 -06:00
Rob Winch
0fc67f765a Polish StrictHttpFirewall Javadoc 
Also cleanup DefaultHttpFirewall Javadoc

Issue: gh-5008
 2018-02-15 17:18:28 -06:00
Rob Winch
fcf967687b Add FilterSecurityInterceptor once per request test 
Issue: gh-4997
 2018-02-08 17:11:37 -06:00
json20080301
40a1281c66 FilterSecurityInterceptor once per request set attr 
Only set the attribute if once per request is true
 2018-02-08 17:10:45 -06:00
Rob Winch
ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch
66298dcf5d Clean ReactorContextWebFilterTests imports 
Issue: gh-4962
 2018-02-08 16:15:29 -06:00
Rob Winch
141e3f581f ReactorContextWebFilter preserves main Context 
Previously ReactorContextWebFilter overrode
the main Context.

Fixes: gh-4962
 2018-02-08 14:58:08 -06:00
Rob Winch
c399987450 Polish StrictHttpFirewall Javadoc 
Fixes: gh-5008
 2018-02-08 14:08:54 -06:00
Rob Winch
ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch
8b7f772761 Update to Jackson 2.9.4 
Fixes: gh-4985
 2018-02-01 13:45:06 -06:00
Rob Winch
0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Rob Winch
6a0833165a AuthorizationWebFilter handles null Authentication 
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
 2018-01-22 15:16:58 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Eddú Meléndez
c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Rob Winch
70be0f3619 Mono<CsrfToken> saveToken->Mono<Void> 
Issue: gh-4856
 2017-11-20 16:30:29 -06:00
Rob Winch
d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00