Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 21:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,573 Commits 54 Branches 369 Tags
Commit Graph

387 Commits

Author SHA1 Message Date
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Rob Winch
64ad08e96d ServerRedirectCache.getRequest->getRedirectUri 
Issue: gh-4789
 2017-11-15 15:10:47 -06:00
Rob Winch
1d9b0760d5 ServerRequestCache uses URI 
Issue: gh-4789
 2017-11-15 12:54:05 -06:00
Rob Winch
1c977ca15f serverRedirectStrategy->redirectStrategy 
Issue: gh-4822
 2017-11-14 16:42:30 -06:00
Rob Winch
2cbdb4ba02 serverCsrfTokenRepository->csrfTokenRepository 
Issue: gh-4822
 2017-11-14 16:42:27 -06:00
Rob Winch
3bfda6cff7 serverAccessDeniedHandler->accessDeniedHandler 
Issue: gh-4822
 2017-11-14 16:42:24 -06:00
Rob Winch
9e82fc0b83 serverAuthenticationEntryPoint->authenticationEntryPoint 
Issue: gh-4822
 2017-11-14 16:42:20 -06:00
Rob Winch
520e0a5a68 serverAuthenticationSuccessHandler->authenticationSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:14 -06:00
Rob Winch
5c83f92ddc serverAuthenticationFailureHandler->authenticationFailureHandler 
Issue: gh-4822
 2017-11-14 16:42:10 -06:00
Rob Winch
692233e431 ServerSecurityContextRepository members to securityContextRepository 
Issue: gh-4822
 2017-11-14 16:42:06 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch
1b70efce2b Add ServerRequestCache 
Fixes: gh-4789
 2017-11-13 15:49:34 -06:00
Rob Winch
8f6491b281 Add RedirectServerAuthenticationFailureHandler 
Fixes gh-4816
 2017-11-13 15:49:20 -06:00
Rob Winch
060d8689fe Make RedirectServer*Tests less specific 
Issue: gh-4816
 2017-11-13 15:49:06 -06:00
Rob Winch
676020321e Add reactive CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:36 -06:00
Rob Winch
7622826b69 WebSessionServerCsrfTokenRepository saves on getToken 
Fixes gh-4801
 2017-11-07 22:25:23 -06:00
Rob Winch
776364d403 ServerCsrfTokenRepository.saveToken return Mono<CsrfToken> 
Fixes gh-4800
 2017-11-07 22:24:53 -06:00
Jeremy Waters
832f5c39c1 SEC-3190: Add support for colons in remember-me token values 
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
 2017-10-30 00:33:14 -05:00
Rob Winch
93ac706d86 Polish XFrameOptionsHeaderWriter 
Issue: gh-4559
 2017-10-29 23:32:53 -05:00
Antoine
bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine
0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch
8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch
e63c53e267 Add AuthorizationWebFilterTests 2017-10-28 22:58:55 -05:00
Rob Winch
2060125ebd ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:52 -05:00
Rob Winch
437ba56415 ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter 
Issue: gh-4719
 2017-10-27 18:17:10 -05:00
Rob Winch
747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch
44b41e78cd Flux member variables in favor of Collections 
Fix gh-4694
 2017-10-25 07:41:37 -05:00
Rob Winch
fcc1152f78 WebFilterChainProxy not matched continues WebFilterChain 
Fixes gh-4668
 2017-10-24 16:22:07 -05:00
Rob Winch
b81c1ce2c0 Move spring-security-webflux into spring-security-web 
Fixes gh-4662
 2017-10-18 16:20:09 -05:00
Rob Winch
23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch
445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch
646b3e48b3 Avoid Exception Message in HTTP Response 
Fixes gh-4587
 2017-09-28 17:24:49 -05:00
Vedran Pavic
95de158909 Add ForwardLogoutSuccessHandler 2017-09-06 15:15:02 -05:00
Rob Winch
5a65da400d Use ReflectionTestUtils rather than Whitebox 
This is better because it no longer uses Mockito's internal API

Fixes gh-4305
 2017-04-21 10:54:58 -05:00
Rob Winch
9d9aadb80f Fix DefaultSavedRequestMixinTests with Spring 5 
Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.

This commit ensures that the Cookie header is not added by overriding the
class we are writing.

Fixes gh-4272
 2017-04-12 15:51:26 -05:00
Joe Grandja
2b81983f7c Update to Java 8 compatibility 
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
 2017-04-07 16:49:38 -04:00
borlafu
8a458eb9e1 Avoid multiple X-Frame-Options headers 
XFrameOptionsHeaderWriter should not *add*, but *set* the
X-Frame-Options header. According to
https://tools.ietf.org/html/rfc7034#section-2.1, having
multiple values for the header is disallowed:

"There are three different values for the header field.
These values are mutually exclusive; that is, the header
field MUST be set to exactly one of the three values."

With this change, only the latest XFrameOptionsHeaderWriter
will remain.
 2017-03-08 15:49:18 -06:00
Rob Winch
247f54dc41 Fix SwitchUserFilter.setSwitchFailureUrl assertion 
Fixes gh-4198
 2017-03-02 00:47:09 -06:00
Rob Winch
017e9834bd Fix NPE in UrlUtils with null url 
Fixes gh-4233
 2017-03-02 00:46:01 -06:00
Rob Winch
168f4b8f70 Prevent Duplicate Cache Headers 
Fixes gh-4199
 2017-03-01 16:14:12 -06:00
Eddú Meléndez
028854b936 Add HttpSessionRequestCache sessionAttrName property 
This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.

Fixes gh-4130
 2016-12-21 10:22:09 -06:00