Josh Cummings
74675ef793
Update org.springframework to 5.3.22
...
Closes gh-11697
2022-08-11 14:20:48 -06:00
Josh Cummings
a92ac82c4b
Update jsonassert to 1.5.1
...
Closes gh-11696
2022-08-11 14:20:45 -06:00
Josh Cummings
db638c2a77
Update org.jetbrains.kotlinx to 1.6.4
...
Closes gh-11695
2022-08-11 14:20:41 -06:00
Josh Cummings
f884527c1b
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11694
2022-08-11 14:20:38 -06:00
Josh Cummings
dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11693
2022-08-11 14:20:35 -06:00
Josh Cummings
2eeee99d2e
Update io.projectreactor to 2020.0.22
...
Closes gh-11691
2022-08-11 14:20:28 -06:00
Josh Cummings
e8c56420bf
Update mockk to 1.12.5
...
Closes gh-11690
2022-08-11 14:20:24 -06:00
Marcus Da Coregio
6a2ca52aae
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:10 -03:00
Rob Winch
269c711a64
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 13:52:56 -05:00
Steve Riesenberg
99f768bab9
Polish HttpSecurity
2022-07-29 17:43:00 -05:00
Steve Riesenberg
984355e637
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:43:00 -05:00
Steve Riesenberg
09173c95d6
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:43:00 -05:00
Steve Riesenberg
24033be046
Skip workflows on forks of spring-security
2022-07-28 15:11:09 -05:00
Steve Riesenberg
47a5665767
Use cache and user.name system property on Windows
2022-07-28 15:11:08 -05:00
Steve Riesenberg
aad60cc6af
Only run prerequisites job if on upstream repo
2022-07-28 15:11:07 -05:00
Steve Riesenberg
13e94935ae
Simplify dependency graph
2022-07-28 15:11:06 -05:00
Steve Riesenberg
6c29007fac
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:11:05 -05:00
Steve Riesenberg
6ad567f0fa
Polish gh-11367
2022-07-28 15:11:05 -05:00
naveen
8c634f8a9d
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:11:04 -05:00
Marcus Da Coregio
a996dfc55b
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:38:50 -03:00
Rob Winch
ad9e737bf2
Fix Snapshot Sources/Javadoc
...
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.
Closes gh-10602
2022-07-26 16:25:52 -05:00
Desmond Silveira
06aa3362dd
"Well-Know" should be "Well-Known"
2022-07-26 15:44:41 -05:00
Yuriy Savchenko
7c7751635d
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 13:56:41 -03:00
Josh Cummings
bced37f6a7
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:41:55 -06:00
Steve Riesenberg
fbc5839890
Build only on branches
...
Issue gh-11480
2022-07-18 11:46:47 -05:00
Steve Riesenberg
d76c321f8c
Backport release automation and github actions
...
Closes gh-11500
2022-07-13 15:17:03 -05:00
Josh Cummings
37d856dca4
Correct input validation for 31 rounds
...
Closes gh-11470
2022-07-11 14:38:04 -06:00
Rob Winch
c57853e5fa
Document sagan Release tasks require read:org scope
...
Closes gh-11423
2022-06-21 14:49:06 -05:00
Joe Grandja
6f275deb55
Next Development Version
2022-06-20 12:37:13 -04:00
Joe Grandja
c40f65f5a2
Release 5.7.2
2022-06-20 12:17:25 -04:00
Joe Grandja
bca43af9bb
Update org.opensaml:opensaml-core4 to 4.1.1
...
Closes gh-11410
2022-06-20 12:08:07 -04:00
Joe Grandja
d9b8882fa8
Update spring-ldap-core to 2.4.1
...
Closes gh-11409
2022-06-20 11:52:48 -04:00
Joe Grandja
7358c65a8c
Update org.springframework.data to 2021.2.1
...
Closes gh-11408
2022-06-20 11:52:44 -04:00
Joe Grandja
e02d5f2dd7
Update org.springframework to 5.3.21
...
Closes gh-11407
2022-06-20 11:52:41 -04:00
Joe Grandja
91a965c6db
Update org.jetbrains.kotlinx to 1.6.3
...
Closes gh-11406
2022-06-20 11:52:37 -04:00
Joe Grandja
0e88064942
Update hibernate-entitymanager to 5.6.9.Final
...
Closes gh-11405
2022-06-20 11:52:35 -04:00
Joe Grandja
641b9ef83b
Update io.projectreactor to 2020.0.20
...
Closes gh-11403
2022-06-20 11:52:30 -04:00
Joe Grandja
6f43d234dc
Update aspectj-plugin to 6.4.3.1
...
Closes gh-11402
2022-06-20 11:52:27 -04:00
Joe Grandja
d7819ea4da
Update jackson-bom to 2.13.3
...
Closes gh-11399
2022-06-20 11:52:17 -04:00
Joe Grandja
37ee70ae86
Add dependency update exclusion for spring-javaformat-checkstyle
2022-06-20 11:16:37 -04:00
Joe Grandja
8ea37360ac
Add dependency exclusion rules
2022-06-20 10:03:29 -04:00
Rob Winch
29db051f7a
Cache SecurityContextRepository.loadContext(HttpServletRequest) Result
...
Closes gh-11390
2022-06-17 14:52:35 -05:00
Josh Cummings
f035c30edb
Encode postLogoutRedirectUri query params
...
Closes gh-11379
2022-06-16 16:12:13 -06:00
Josh Cummings
d22277ce36
Add missing KeyInfo
...
Closes gh-11354
2022-06-09 13:16:50 -06:00
Josh Cummings
bd60a0f8c9
Add OpenSamlSigningUtilsTests
...
Issue gh-11354
2022-06-09 13:16:49 -06:00
Zhivko Delchev
d882bfcf2b
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
Closes gh-11205
2022-06-06 15:47:14 -05:00
Rob Winch
6c3f53ac0a
Fix typo in BasicLookupStrategy Javadoc
...
Issue gh-11336
2022-06-06 14:09:24 -05:00
shirohoo
b274431c07
Fix typo in BasicLookupStrategy Javadoc
...
Closes gh-11336
2022-06-06 13:55:43 -05:00
Rob Winch
3d5e5ff556
Enable BackportBot on 5.7.x
2022-06-06 13:54:36 -05:00
sKai.fun
a3e996a66b
Fix title render issue of Digest Authentication document
...
Closes gh-11272
2022-06-01 17:33:41 -05:00