b47420f8a2
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13280
2023-06-05 16:02:30 -03:00
7250abc185
Does not apply a Configurer when disabled from another DSL
...
Closes gh-13203
2023-06-05 16:01:20 -03:00
73cb9862ad
Update Symlink for 5.8
...
Issue gh-13131
2023-05-24 14:37:18 -06:00
62ede47d86
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13207
2023-05-22 15:42:36 -06:00
1eefd433b6
Add spring-security.xsd symlink
...
Closes gh-13131
2023-05-22 15:42:02 -06:00
35ad1f857e
Only Register as Advisor in Proxy Mode
...
Closes gh-13160
2023-05-19 16:33:46 -06:00
f4915890cc
Use Spec Order for Verifying Signatures
...
Closes gh-12346
2023-05-15 17:24:22 -06:00
e9a02bc6e9
RememberMeConfigurer Picks Up SecurityContextRepository
...
Closes gh-13104
2023-05-02 16:46:35 -06:00
f261242db1
Merge branch '5.7.x' into 5.8.x
2023-04-24 16:33:29 -06:00
caa4093619
Fix javadoc for migration from WebSecurityConfigurerAdapter
2023-04-24 16:32:16 -06:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
fd65dc6756
Merge branch '5.7.x' into 5.8.x
2023-03-22 10:08:17 -03:00
5eefe9dcff
Fix typo in SessionManagementConfigurer javadoc
2023-03-22 10:07:44 -03:00
97ba596ca3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12776
2023-02-23 15:17:04 -03:00
1c3ce1e401
Fix entity-id ignored in RelyingPartyRegistration XML config
...
Closes gh-11898
2023-02-23 15:16:40 -03:00
0baf650f38
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12686
2023-02-16 14:55:22 -07:00
000b4bc495
Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
...
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
2023-02-16 14:54:44 -07:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
f39f215140
Replace javadoc with SecurityFilterChain bean definition
2022-12-05 14:40:05 -08:00
a5464ed819
Fix typo in DefaultLoginPageConfigurer Javadoc
...
'isLogoutRequest' seems to have nothing to do here.
2022-12-05 14:31:15 -08:00
e774bd480b
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12261
2022-11-21 10:25:43 -03:00
f561d3784e
Improve deprecation notice in WebSecurityConfigurerAdapter
...
Closes gh-12260
2022-11-21 10:05:08 -03:00
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository
...
Issue gh-12236
2022-11-18 13:12:59 -06:00
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
2301e8ca77
Fix Javadoc in EnableWebSocketSecurity
...
Add missing method name in EnableWebSocketSecurity JavaDoc code example.
2022-11-16 16:51:42 -06:00
3192618220
Add authenticationFailureHandler
...
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer
Closes gh-12132
2022-11-02 15:35:01 -06:00
6622e0135a
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12126
2022-11-01 18:06:41 -06:00
6efac34ca7
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12125
2022-11-01 18:06:01 -06:00
5c4362bbc4
Refresh parsers when not found
...
Closes gh-3065
2022-11-01 18:05:15 -06:00
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler
...
Closes gh-11363
2022-10-26 16:44:23 -06:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
37fa49b32d
Polish gh-11952
2022-10-07 17:40:12 -05:00
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
f4ca90e719
Add reactive interfaces for CSRF request handling
...
Issue gh-11959
2022-10-07 16:34:16 -05:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
8a5aed2983
Add deprecation warning to CsrfDsl#ignoringAntMatchers
...
Issue gh-11347
2022-10-06 13:50:38 -03:00
bc4ad52feb
Add deprecation warning to mvcMatchers methods
...
Issue gh-11347
2022-10-06 13:21:27 -03:00
0c0e298aa7
Polish Saml2 XML Use of SecurityContextHolderStrategy
...
Issue gh-11061
2022-10-05 23:38:14 -06:00
b4d13e7726
Polish use-authorization-manager
...
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together
Issue gh-11305
2022-10-05 22:21:09 -06:00
7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests
...
Issue gh-11665
2022-10-05 22:18:41 -06:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl
...
Closes gh-11952
2022-10-05 13:35:23 -05:00
bf6e85ec15
Accept String varargs in securityMatcher
...
Issue gh-9159
2022-10-05 13:44:08 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Marcus Da Coregio
Josh Cummings
lukasz.migdalek
Ruslan Stelmachenko
Martin Tarjányi
Leonid Rozenblyum
Steve Riesenberg
Mitja Kotnik
Guillaume Husta
Jan Marten
Koos Gadellaa
Rob Winch
mmoussa_mapfreusa