dcb8c563e8
Fix ArrayIndexOutOfBoundsException
...
Issue gh-13310
Closes gh-15184
2024-05-31 18:12:21 -05:00
c7b739eb3f
Fix broken link to jaspan article
...
Closes gh-14358
2024-05-23 14:04:10 -03:00
470e2c5c97
Address Build Issues
...
Issue gh-14837
2024-04-17 16:59:40 -06:00
657760af5b
Improve Logging
...
Closes gh-14837
2024-04-17 16:43:29 -06:00
5f80468de3
Updated copyright date
2024-02-22 13:19:05 -07:00
2f762fefe1
Allow tab in HTTP header values.
...
Closes gh-14573
2024-02-22 13:19:05 -07:00
eaaa813ede
Fix header value typo
...
Closes gh-11948
2023-12-18 10:42:50 -07:00
52675c80b3
Check For Null Exception Message
...
Closes gh-13768
2023-11-07 17:19:35 -07:00
64e2a2ff8b
Apply updated Code Style
...
Closes gh-13881
2023-09-29 11:44:32 -03:00
ce012a4661
CookieRequestCache Should Preserve Request Locale
...
Closes gh-13792
2023-09-12 16:21:27 +01:00
96d1763fc4
WWW-Authenticate header should not be added twice
...
Closes gh-13737
2023-08-31 10:07:10 -03:00
a939f17890
Merge branch '5.7.x' into 5.8.x
2023-07-17 09:15:56 -03:00
fe9bc26bdc
Merge branch '5.6.x' into 5.7.x
2023-07-17 09:13:28 -03:00
7813a9ba26
Use default PathPatternParser instance
2023-07-17 09:12:28 -03:00
40d61743b9
Replace Existing Continue Parameter
...
Closes gh-13438
2023-07-10 16:12:05 -06:00
9ac286e8ea
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13231
2023-06-05 12:47:23 -06:00
06e58e4c34
Update JavaDoc of BasicAuthenticationFilter
...
Remove deprecated hint to use Digest Auth in favor of Basic Auth.
2023-06-05 12:46:30 -06:00
f8e39336cb
Merge branch '5.7.x' into 5.8.x
2023-05-24 14:59:27 -03:00
a53cbb838b
Polish
...
Issue gh-13155
2023-05-24 14:59:16 -03:00
8287289bcb
Fix XContentTypeOptionsServerHttpHeadersWriter
...
set constant value to X-Content-Type-Options
Closes gh-13155
2023-05-24 14:59:14 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
dad1fba1bf
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12999
2023-04-11 17:02:16 -06:00
442faccb5f
Avoid NPE in FilterInvocation
...
Handle unknown headers in dummy request wrapper.
Closes gh-12998
2023-04-11 17:01:59 -06:00
8d664bc4c2
DelegatingSecurityContextRepository should call loadContext
...
Closes gh-12314
2023-03-22 08:53:19 -03:00
a74008cc79
Merge branch '5.7.x' into 5.8.x
2023-03-20 16:20:46 -06:00
3d7e22a4e9
Add test to SimpleUrlAuthenticationSuccessHandlerTests
2023-03-20 16:20:30 -06:00
abd51f7b63
Polished DefaultLoginPageGeneratingFilterTests Validation
...
Closes gh-12694
2023-03-20 15:31:59 -06:00
2e92dad761
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12835
2023-03-07 13:27:57 -03:00
84cca81edf
Use HttpSessionSecurityContextRepository by default in SwitchUserFilter
...
Closes gh-12834
2023-03-07 13:27:18 -03:00
0d4c619648
Include continue in query string
...
Closes gh-12665
2023-02-14 08:00:19 -07:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
ae46032ced
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12510
2023-01-10 09:39:40 -03:00
ffdb397830
Save the SecurityContext when switching user
...
Closes gh-12504
2023-01-10 09:27:56 -03:00
99d6d21554
Apply SecurityContextHolderFilter to all dispatcher types
...
Closes gh-11962
2022-12-12 11:45:24 -08:00
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
57b163bb78
Polish gh-12141
2022-11-09 12:19:43 -06:00
6b0ed0205b
Re-generate tokens in CookieCsrfTokenRepository
...
Fixes support for re-generating tokens within a request such as when
CsrfAuthenticationStrategy removes a null token and saves an empty
cookie value on the response.
Closes gh-12141
2022-11-04 18:10:15 -05:00
66f2f1cde7
Merge branch '5.7.x' into 5.8.x
2022-10-31 08:55:03 -05:00
2915a70bf7
Merge branch '5.6.x' into 5.7.x
2022-10-28 13:05:48 -05:00
6530777742
Merge branch '5.5.x' into 5.6.x
...
Closes gh-dry-run
2022-10-28 11:31:50 -05:00
1f481aafff
Fix AuthorizationFilter incorrectly extending OncePerRequestFilter
...
Closes gh-12102
2022-10-28 11:29:35 -05:00
dd30694979
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
...
Closes gh-12076
2022-10-24 16:46:08 -06:00
2b426872a3
Use InetSocketAddress#getHostString
...
Sometimes InetSocketAddress#getAddress#getHostAddress retuns null.
In that case, call InetSocketAddress#getHostString instead.
There is no performance loss since IpAddressMatcher#matches attemptsi
to re-parse and resolve the address anyway.
Closes gh-11888
2022-10-24 16:32:19 -06:00
acc35aeb18
Add DelegatingSecurityContextRepository
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
099aaa33ff
Remove Deprecation Markers
...
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
2022-10-13 19:47:22 -06:00
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
...
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
56b9badcfe
AnonymousAuthenticationFilter should cache its Supplier<SecurityContext>
...
Closes gh-11900
2022-10-13 16:44:48 -05:00
185991a606
Revert "Add default AuthorizationManager"
...
This reverts commit 4ddec07d0e
2022-10-13 06:18:00 -04:00
Steve Riesenberg
Marcus Hert Da Coregio
Josh Cummings
Christian Becker
Christoph Zuleger
joerg-richter-5234
Christian Marck
twosom
Steve Riesenberg
David Becker
Daniel Garnier-Moiroux
Evgeniy Cheban
Joe Grandja