31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
29ba67b6d7
Remove dependency on commons-codec by using java.util.Base64
...
Closes gh-11318
2022-06-09 06:50:01 -06:00
e97c5a533b
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
Closes gh-11205
2022-06-06 15:47:35 -05:00
d882bfcf2b
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
Closes gh-11205
2022-06-06 15:47:14 -05:00
cf69cdf008
Reverse content type check
...
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.
closes gh-11204
Closes gh-11205
2022-06-06 15:46:28 -05:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
7d97839235
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:53:29 -05:00
66d1cd592a
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:04:46 -05:00
077c9e0b3e
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 08:56:57 -05:00
e2eed33eca
Add StrictHttpFirewall.allow* new lines and separators
...
Issue gh-11264
2022-05-17 22:24:31 -05:00
5bf478e72e
Fix Formatting
...
Issue gh-11264
2022-05-17 16:16:02 -05:00
e0a6a9efa9
StrictHttpFirewall allows CJKV characters
...
Issue gh-11264
2022-05-17 15:53:18 -05:00
538252cf07
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
04ca7ef91b
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
c6461d61ba
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:18:12 -05:00
4405cf18f3
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:18:11 -05:00
70863952ae
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:17:44 -05:00
af95be34c6
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:17:44 -05:00
ee28896f42
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:17:26 -05:00
6b823fb27e
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:17:26 -05:00
ffaf5b4e61
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 13:53:38 -06:00
07b0be3f42
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 13:52:49 -06:00
ce86f4e4b5
Polish ServerWebExchangeDelegatingServerHttpHeadersWriter
...
Issue gh-11073
2022-05-06 09:51:28 -03:00
57cededd49
Add DelegatingServerHttpHeadersWriter
...
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.
Closes gh-11073
2022-05-06 09:51:28 -03:00
67830f4111
Fix WebSessionReactiveSecurityRepository Supports Cache
...
Fix the checkstyle for this feature
Closes gh-8422
2022-05-03 21:10:07 -05:00
768267c131
Fix WebSessionReactiveSecurityRepository Supports Cache
...
Fix the checkstyle for this feature
Closes gh-8422
2022-05-03 21:09:41 -05:00
dbe7e37f2b
WebSessionReactiveSecurityRepository Supports Cache
2022-05-03 16:40:51 -05:00
c6eaa05fc5
WebSessionReactiveSecurityRepository Supports Cache
2022-05-03 16:40:38 -05:00
aaf78330b1
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:16:35 -05:00
7fea639a43
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 15:58:00 -03:00
3a9b080bbe
Deprecate loadContext(RequestResponseHolder)
...
Fix gh-11032
2022-04-12 16:36:08 -05:00
39b0620a84
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:44 -05:00
725a57fccc
Remove blocking call from ExceptionTranslationWebFilter
...
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.
Closes gh-10864
2022-04-05 13:12:17 +02:00
c175118f62
Use RequestMatcherEntry
...
Closes gh-11046
2022-03-30 14:31:11 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
9792e2a0fa
Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10908
2022-03-28 10:21:15 -03:00
c67632225d
Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10908
2022-03-28 10:13:40 -03:00
6c52c52a68
Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10908
2022-03-28 09:45:23 -03:00
67fd46bfa6
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:21:52 -05:00
8940719dbb
HttpSessionSecurityContextRepository support null HttpServletResponse
...
Closes gh-11029
2022-03-25 13:01:40 -05:00
987ee2e67a
Polish gh-10911
2022-03-17 12:53:56 -05:00
1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter
...
Closes gh-10903
2022-03-17 12:53:55 -05:00
7955e5ac52
Polish UsernamePasswordAuthenticationFilter method
...
Closes gh-10970
2022-03-16 16:29:40 +01:00
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
636f3e1d5d
AbstractPreAuthenticatedProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
e6b6104b52
DigestAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
9b0cd5a0a8
BasicAuthenticationFilter.setSecurityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
120f2a356f
RememberMeAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
014c471ff1
AuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
f11cb988a9
AbstractAuthenticationProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
44508df940
AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
...
Closes gh-10950
2022-03-09 15:38:11 -03:00
70b67cd2f1
AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
...
Closes gh-10950
2022-03-09 15:22:21 -03:00
980e0466a7
AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
...
Closes gh-10950
2022-03-09 15:21:37 -03:00
65ec2659c4
HttpSessionSecurityContextRepository saves with original response
...
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.
This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.
Closes gh-10947
2022-03-09 10:17:15 -06:00
b9f79543c5
Add RequestAttributeSecurityContextRepository
...
Closes gh-10918
2022-03-07 14:52:24 -06:00
f0c548cee7
Invert Log Messages
...
Closes gh-10909
2022-02-28 13:17:01 -07:00
efd5fc745c
Invert Log Messages
...
Closes gh-10909
2022-02-28 13:10:06 -07:00
371389580b
Update JavaDoc
...
Issue gh-10564
2022-02-15 12:57:32 -07:00
0fb6840db3
Make WebAuthenticationDetails constructor public
...
Closes gh-10564
2022-02-15 12:57:32 -07:00
a09f6e15ad
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 15:22:49 -07:00
7e0302be5c
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 15:22:49 -07:00
f53c65b3a0
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 15:07:29 -07:00
0be772ff5b
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 15:07:29 -07:00
cbd87fac89
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 14:50:28 -07:00
01ed617d5f
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 14:50:19 -07:00
70fa8b1fdb
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-03 09:45:51 -06:00
893b651aea
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext
...
Closes gh-10779
2022-01-31 09:57:34 -03:00
a041e7c943
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext
...
Closes gh-10779
2022-01-31 09:50:17 -03:00
1c10c10f73
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext
...
Closes gh-10779
2022-01-31 09:43:18 -03:00
9baf1134c7
Add Request-based AuthenticationManagerResolvers
...
Closes gh-6762
2022-01-26 09:09:02 -07:00
04f3bbcefa
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
c67ee6f2a8
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
0e8c03401b
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 14:34:16 -06:00
8f64bb6c8c
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 14:33:53 -06:00
7435da6bbf
Add serialVersionUID to DefaultSavedRequest and SavedCookie
...
Closes gh-10594
2022-01-18 09:26:56 -03:00
75f25bff82
Polish multiple RequestRejectedHandlers support
...
Issue gh-10603
2022-01-14 16:49:38 -07:00
4ea57f3e3f
Support multiple RequestRejectedHandler beans
...
Closes gh-10603
2022-01-14 16:46:15 -07:00
ca353d6781
Use noNullElements
...
Collection#contains(null) does not work for all collection types
Closes gh-10703
2022-01-14 15:19:13 -07:00
6c5ac0d8ec
Use noNullElements
...
Collection#contains(null) does not work for all collection types
Closes gh-10703
2022-01-14 15:09:21 -07:00
aaaf7d3523
Use noNullElements
...
Collection#contains(null) does not work for all collection types
Closes gh-10703
2022-01-14 15:08:38 -07:00
1ab0705b47
Fix typo
2022-01-10 16:17:42 +01:00
60595f2801
Fix @since tag
...
Issue gh-10590, gh-10554
2022-01-06 13:22:58 -03:00
e7e3f06044
Fix @since tag
...
Issue gh-10590, gh-10554
2022-01-06 13:22:13 -03:00
f04cd641b0
Fix @since tag
...
Issue gh-10590, gh-10554
2022-01-06 13:18:25 -03:00
994e93741b
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2022-01-05 14:06:47 -03:00
04e1a11e35
Add RequestMatcherEntry
2022-01-05 14:06:47 -03:00
547056d5cc
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2022-01-05 14:06:47 -03:00
ba810e468f
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2022-01-05 14:01:57 -03:00
40dfe8f259
Add RequestMatcherEntry
2022-01-05 14:00:47 -03:00
b448954f43
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2022-01-05 13:57:36 -03:00
18427b6411
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2021-12-13 08:57:30 -03:00
7e17a00197
Add RequestMatcherEntry
2021-12-13 08:57:30 -03:00
53b8cff26f
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2021-12-13 08:57:30 -03:00
65426a40ec
Add Cross Origin Policies headers
...
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers
Closes gh-9385, gh-10118
2021-12-07 17:23:06 +01:00
62e8799a8d
Use BDD in tests
2021-12-02 17:44:47 -06:00
df0f6f83af
Polish gh-9597
2021-12-02 17:44:47 -06:00
925d531cbe
Set details on authentication token created by HttpServlet3RequestFactory
...
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.
Closes gh-9579
2021-12-02 17:44:46 -06:00
47b8860681
Update copyright year
...
Issue gh-10557
2021-12-01 17:36:52 -06:00
c7ffd2513a
Update copyright year
...
Issue gh-10557
2021-12-01 17:36:19 -06:00
bb2d80fea3
Update copyright year
...
Issue gh-10557
2021-12-01 17:35:43 -06:00
828cac8889
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:19:33 -06:00
f49c286050
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:05:13 -06:00
b3e0f167ff
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:01:06 -06:00
1251cde04c
Add Missing Since
...
Issue gh-10482
2021-11-30 15:17:48 -07:00
a3a9de1b9b
PermitAllSupport supports AuthorizeHttpRequestsConfigurer
...
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
2021-11-30 15:17:22 -07:00
204f0b4599
Polish gh-10007
2021-11-30 15:27:58 -06:00
43317c5a61
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
2021-11-30 15:27:58 -06:00
2bf7a5ae80
Improve log message when no CSRF token found
...
Closes gh-10436
2021-11-19 08:37:25 -03:00
96a6fef820
Prevent Save @Transient Authentication with existing HttpSession
...
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.
This commit always prevents @Transient Authentication from being saved.
Closes gh-9992
2021-11-16 14:44:49 -06:00
caad3d57e2
Improve log message when no CSRF token found
...
Closes gh-10436
2021-10-29 14:06:17 -03:00
00f4033b9b
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-22 13:22:12 -03:00
e4a76b0ec9
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-22 10:19:34 -05:00
04b47c5928
Fixed various broken links in Javadocs
2021-10-21 11:47:04 +02:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
e1f4ec1137
Fix Jackson
2021-10-18 21:03:12 -05:00
6e86fab19d
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-18 13:02:42 -05:00
faec20bc69
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-14 09:27:02 -03:00
7b98c2ea95
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-12 13:32:29 -06:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
7d81a52780
Allow AuthenticationPrincipal argument type to be primitive
...
Closes gh-10172
2021-10-04 16:22:21 +02:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
a4c088a3b3
Introducing WebSessionServerLogoutHandler
...
Closes gh-4838
2021-08-16 13:08:35 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
f800d2c993
Add hamcrest dependency
2021-07-09 15:57:21 -05:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
d121ab9565
Support A Well-Known URL for Changing Passwords
...
Closes gh-8657
2021-07-01 16:57:53 -06:00
3219fd554d
DigestAuthenticationFilter decodes nonce only once
...
Closes gh-8455
2021-06-18 15:25:00 -04:00
3bb8e1d200
Remove redundant translations in spring-security-web
2021-06-15 09:18:13 -05:00
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen
2021-06-15 09:11:53 -05:00
ca76c54471
Polish CsrfWebFilterTests
...
Issue gh-9113
2021-06-04 16:41:08 -06:00
0c8b6df82a
Cache Mono that generate the CSRF token
...
Closes gh-9113
2021-06-04 16:41:08 -06:00
baac9e0cf2
Properly clean cookies with context path after logout
...
Closes gh-8846
2021-06-04 15:42:33 +02:00
29f4193529
Adjust createNewSessionIfAllowed to prevent NPE
...
Ensure that isTransientAuthentication reuses the same authentication object from saveContext
Closes gh-8947
2021-05-26 13:46:08 -03:00
2a7998d0fc
Adjust createNewSessionIfAllowed to prevent NPE
...
Ensure that isTransientAuthentication reuses the same authentication object from saveContext
Closes gh-8947
2021-05-26 10:36:44 -06:00
cf74ad3a52
Anonymous in ExceptionTranslationWebFilter
...
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.
Closes gh-9130
2021-05-26 09:17:41 -05:00
a7fbae8355
Add test for RequestedUrlRedirectInvalidSessionStrategy
2021-05-26 09:11:38 -05:00
0e6d47b082
Add guard around debug logging involving string concatenation
2021-05-26 09:11:38 -05:00
0af74ce134
Use ServletUriComponentsBuilder instead of UrlPathHelper
2021-05-26 09:11:38 -05:00
2bcd4627fa
Eliminate use of Optional
2021-05-26 09:11:38 -05:00
10a264c144
Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy
...
Performs a redirect to the original request URL when an invalid requested session is detected.
In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
2021-05-26 09:11:38 -05:00
df6ebc7051
Rename DelegatingAuthorizationManager
...
Closes gh-9692
2021-04-28 09:53:25 -06:00
e2993d93e1
Make Csrf cookie secure flag configurable (WebFlux)
...
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.
Closes gh-9678
2021-04-27 09:34:12 +02:00
Josh Cummings
j3graham
Zhivko Delchev
Evgeniy Cheban
Rob Winch
Marcus Da Coregio
David Herberth
Eleftheria Stein
Parikshit Dutta
Steve Riesenberg
David Kirstein
ShinDongHun1
Norbert Nowak
Yuriy Savchenko
Manuel Jordan
Juan Carlos
Adam Ostrožlík
heowc
Karl Tinawi
Igor Pelesic
Guirong Hu
Emil Sierżęga
Bogdan Ilchyshyn
Hiroshi Shirosaki
Alexey Markevich
Ruben Suarez Alvarez
Tomoki Tsubaki
AlexeyAnufriev
César Revert
Craig Andrews
Thomas Vitale