Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 13:01:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,082 Commits 54 Branches 369 Tags
Commit Graph

661 Commits

Author SHA1 Message Date
Marcus Da Coregio
7813a9ba26 Use default PathPatternParser instance 2023-07-17 09:12:28 -03:00
Steve Riesenberg
6530777742
Merge branch '5.5.x' into 5.6.x 
Closes gh-dry-run
 2022-10-28 11:31:50 -05:00
Marcus Da Coregio
1f481aafff
Fix AuthorizationFilter incorrectly extending OncePerRequestFilter 
Closes gh-12102
 2022-10-28 11:29:35 -05:00
Marcus Da Coregio
ead587c597 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:32:42 -03:00
Zhivko Delchev
e97c5a533b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:35 -05:00
Rob Winch
66d1cd592a StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:04:46 -05:00
Rob Winch
077c9e0b3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 08:56:57 -05:00
Rob Winch
c6461d61ba AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:18:12 -05:00
Rob Winch
4405cf18f3 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:18:11 -05:00
Rob Winch
70863952ae AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch
af95be34c6 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Marcus Da Coregio
9792e2a0fa Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:21:15 -03:00
Marcus Da Coregio
c67632225d Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:13:40 -03:00
Marcus Da Coregio
44508df940 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:38:11 -03:00
Marcus Da Coregio
70b67cd2f1 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:22:21 -03:00
Marcus Da Coregio
893b651aea RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 09:57:34 -03:00
Marcus Da Coregio
a041e7c943 RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 09:50:17 -03:00
Josh Cummings
ca353d6781 Use noNullElements 
Collection#contains(null) does not work for all collection types

Closes gh-10703
 2022-01-14 15:19:13 -07:00
Josh Cummings
6c5ac0d8ec Use noNullElements 
Collection#contains(null) does not work for all collection types

Closes gh-10703
 2022-01-14 15:09:21 -07:00
Marcus Da Coregio
994e93741b Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
04e1a11e35 Add RequestMatcherEntry 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
547056d5cc Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
ba810e468f Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:01:57 -03:00
Marcus Da Coregio
40dfe8f259 Add RequestMatcherEntry 2022-01-05 14:00:47 -03:00
Marcus Da Coregio
b448954f43 Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 13:57:36 -03:00
Steve Riesenberg
47b8860681 Update copyright year 
Issue gh-10557
 2021-12-01 17:36:52 -06:00
Steve Riesenberg
c7ffd2513a Update copyright year 
Issue gh-10557
 2021-12-01 17:36:19 -06:00
Steve Riesenberg
828cac8889 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:19:33 -06:00
Steve Riesenberg
b3e0f167ff Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:01:06 -06:00
Marcus Da Coregio
00f4033b9b Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-22 13:22:12 -03:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Eleftheria Stein
7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Josh Cummings
ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki
0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev
baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio
29f4193529 Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 13:46:08 -03:00
Marcus Hert da Coregio
2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert
cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews
a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Josh Cummings
df6ebc7051
Rename DelegatingAuthorizationManager 
Closes gh-9692
 2021-04-28 09:53:25 -06:00
Thomas Vitale
e2993d93e1 Make Csrf cookie secure flag configurable (WebFlux) 
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
 2021-04-27 09:34:12 +02:00
Josh Cummings
cb6e4f4a11
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:22:19 -06:00
Josh Cummings
4f7d529c5d
Polish Csrf Tests 
Issue gh-9561
 2021-04-09 22:47:31 -06:00
佚名
87ed527023
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
 2021-04-09 21:43:19 -06:00