Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 21:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,458 Commits 54 Branches 369 Tags
Commit Graph

804 Commits

Author SHA1 Message Date
Marcus Da Coregio
eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Marcus Da Coregio
18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
7e17a00197 Add RequestMatcherEntry 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
53b8cff26f Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio
65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Steve Riesenberg
62e8799a8d Use BDD in tests 2021-12-02 17:44:47 -06:00
Steve Riesenberg
df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Steve Riesenberg
aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg
d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Steve Riesenberg
bb2d80fea3 Update copyright year 
Issue gh-10557
 2021-12-01 17:35:43 -06:00
Steve Riesenberg
5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg
f49c286050 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:05:13 -06:00
Steve Riesenberg
41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg
9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg
c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Rob Winch
bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:44:49 -06:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Eleftheria Stein
7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Josh Cummings
ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki
0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev
baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio
2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert
cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews
a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Josh Cummings
df6ebc7051
Rename DelegatingAuthorizationManager 
Closes gh-9692
 2021-04-28 09:53:25 -06:00
Thomas Vitale
e2993d93e1 Make Csrf cookie secure flag configurable (WebFlux) 
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
 2021-04-27 09:34:12 +02:00
Josh Cummings
cb6e4f4a11
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:22:19 -06:00
Josh Cummings
4f7d529c5d
Polish Csrf Tests 
Issue gh-9561
 2021-04-09 22:47:31 -06:00
佚名
87ed527023
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
 2021-04-09 21:43:19 -06:00
Rob Winch
f3f1106624 Update io.spring.javaformat to 0.0.27 
Closes gh-9553
 2021-04-05 22:23:59 -05:00
Rob Winch
95da12110b
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 15:58:29 -07:00
Josh Cummings
107f38fff9
Polish Tests 
Issue gh-9331
 2021-02-03 09:05:31 -07:00
happier233
873b9bdbca
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:05:31 -07:00
Evgeniy Cheban
77484018bb Reconsider AntPathRequestMatcher matching logic 
Closes gh-9285
 2021-01-19 12:02:06 -07:00
Rob Winch
0201c31deb Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:37:12 -06:00
Rob Winch
a1083d9a5c Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:18:29 -06:00