Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 23:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,257 Commits 33 Branches 337 Tags
Commit Graph

10257 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
7560a32460
Polish InterceptMethodsBeanDefinitionDecorator 
Issue gh-11328
 2022-07-11 16:39:41 -06:00
Josh Cummings
ba0f8ec3ef
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:06:15 -06:00
Josh Cummings
3f13fa0285
Improve Upgrading 
Closes gh-11259
 2022-07-11 14:06:04 -06:00
Rob Winch
1c61748bb9 Fix logging for AnonymousAuthenticationFilter 
Currently if trace logging is enabled a StackOverflowException is thrown
when trying to resolve toString of the authentication.

java.lang.StackOverflowError: null
        at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na]
        at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125)

Issue gh-11457
 2022-07-08 15:39:53 -05:00
Josh Cummings
c9a3d21b9b
Add Configuration Test 
Issue gh-11327
 2022-07-07 14:46:37 -06:00
Josh Cummings
d27d431bbc
Add AuthorizationFilter to filter chain validator 
Closes gh-11327
 2022-07-07 13:52:36 -06:00
Josh Cummings
cdafa4ee21
Clarify variable names 
Issue gh-11327
 2022-07-07 13:38:42 -06:00
Steve Riesenberg
0c48b6bc7f
Use relative schema location for tests 
Issue gh-11328
Issue gh-11353
Issue gh-11365
 2022-07-07 13:03:20 -05:00
Josh Cummings
74a007dc91
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 12:54:05 -06:00
Rob Winch
415a674edc AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:34:21 -05:00
Rob Winch
28c0d1459c Request Cache supports matchingRequestParameterName 2022-07-01 16:35:06 -05:00
Josh Cummings
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:18:07 -06:00
Josh Cummings
5357cb8c95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:32:20 -06:00
Josh Cummings
03a5c3b08a
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:32:05 -06:00
Josh Cummings
e8723f1f43
Pick up SecurityContextHolderStrategy for WebClient integration 
Issue gh-11061
 2022-06-28 14:58:53 -06:00
Josh Cummings
27de315e5e
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:46:52 -06:00
Josh Cummings
135e602472
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:29 -06:00
Josh Cummings
e1c211c11f
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:34:04 -06:00
Josh Cummings
98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:04:37 -06:00
Josh Cummings
b3be35da31
Polish SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-28 12:04:37 -06:00
Josh Cummings
4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:08:57 -06:00
Josh Cummings
ee66850aed
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings
52d8e10ace
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:08:42 -06:00
Josh Cummings
74bc271ec2
Use SecurityContextHolderStrategy for ACL 
Issue gh-11060
 2022-06-28 08:05:15 -06:00
Josh Cummings
237a31c69b
Use SecurityContextHolderStrategy for Taglibs 
Issue gh-11060
 2022-06-27 17:45:01 -06:00
Josh Cummings
5de975f4a2
Use SecurityContextHolderStrategy for Data 
Issue gh-11060
 2022-06-27 16:35:02 -06:00
Josh Cummings
0fee05d023
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:26:42 -06:00
Josh Cummings
74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 15:55:28 -06:00
Josh Cummings
9292a13146
Add SecurityContextHolderStrategy Java Configuration for Messaging 
Issue gh-11061
 2022-06-27 15:55:28 -06:00
Josh Cummings
b05fed8b9d
Use SecurityContextHolderStrategy for Messaging 
Issue gh-11060
 2022-06-27 15:55:28 -06:00
Josh Cummings
6e821382f1
Use SecurityContextHolderStrategy for Ldap 
Issue gh-11060
 2022-06-27 15:55:27 -06:00
Josh Cummings
652c35db2f
Add SecurityContextHolderStrategy XML Configuration for OAuth2 
Issue gh-11061
 2022-06-27 13:05:13 -06:00
Josh Cummings
1d22316574
Add SecurityContextHolderStrategy Java Configuration for OAuth2 
Issue gh-11061
 2022-06-27 13:05:13 -06:00
Josh Cummings
1d72a05c32
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-06-27 13:05:12 -06:00
Josh Cummings
6c16ac101a
Add SecurityContextHolderStrategy XML Configuration for Saml2 
Issue gh-11061
 2022-06-27 13:05:12 -06:00
Josh Cummings
97253c9293
Add SecurityContextHolderStrategy Java Configuration for Saml2 
Issue gh-11061
 2022-06-27 13:05:11 -06:00
Josh Cummings
3c8a80c364
Add SecurityContextHolderStrategy to Saml2 
Issue gh-11060
 2022-06-27 13:05:11 -06:00
Josh Cummings
9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:05:07 -06:00
Josh Cummings
da57bac061
Add SecurityContextHolderStrategy Java Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:03:11 -06:00
Josh Cummings
25c74896d1
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:02:59 -06:00
Josh Cummings
f86992a0af
Add SecurityContextHolderStrategy Test Support 
Issue gh-11061
Issue gh-11444
 2022-06-27 13:02:11 -06:00
Josh Cummings
fa0086d3b0
Polish SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:01:22 -06:00
Josh Cummings
772f29e063
Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:00:24 -06:00
Josh Cummings
8d681b3b80
Polish SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:00:20 -06:00
Alonso Araya Calvo
1ac1271972 Adds the ability to set the CSRF Token cookie max age value 
Closes gh-11432
 2022-06-24 16:42:05 -06:00
Rob Winch
c85b7c6c17 Document sagan Release tasks require read:org scope 
Closes gh-11423
 2022-06-21 14:47:46 -05:00
Rob Winch
d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00
Rob Winch
591d1edc7d Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:01 -05:00
Josh Cummings
2a70707c35 Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00
Josh Cummings
2c09a300b6 Add SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00