Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-17 06:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,069 Commits 62 Branches 376 Tags
Commit Graph

1119 Commits

Author SHA1 Message Date
Joe Grandja
e139f1c2ba Polish gh-12438 2022-12-22 11:16:19 -05:00
Spas Poptchev
919280b3e4 Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration 
Closes gh-12430
 2022-12-22 10:12:18 -05:00
Marcus Da Coregio
ca333203aa Merge branch '6.0.x' 
Closes gh-12372
 2022-12-14 10:30:55 -03:00
Marcus Da Coregio
7080ea652f Add hints for ProxyFactoryBean AuthenticationManager 
Closes gh-12367
 2022-12-14 10:16:04 -03:00
Marcus Da Coregio
e6173f9e5b Prepare for Spring Security 6.1 2022-11-28 15:47:10 -03:00
Steve Riesenberg
dd9f954ace
Fix tests in CsrfConfigurerTests 
Closes gh-12241
 2022-11-18 14:58:41 -06:00
Steve Riesenberg
5da78f44f2
Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository 
Issue gh-12236
 2022-11-18 13:12:59 -06:00
Steve Riesenberg
2ed7cff643
Check for existing token before clearing 
Closes gh-12236
 2022-11-18 13:12:59 -06:00
Josh Cummings
e08ed89403 Polish Span and Meter Names 
Closes gh-12156
 2022-11-17 15:09:52 -07:00
Marcus Da Coregio
3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1 
Closes gh-12146
Closes gh-12148
 2022-11-08 08:34:21 -03:00
Josh Cummings
fc8e20b89f
Merge branch '5.8.x' 
Closes gh-12133
 2022-11-02 15:49:18 -06:00
Josh Cummings
3192618220
Add authenticationFailureHandler 
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer

Closes gh-12132
 2022-11-02 15:35:01 -06:00
Rob Winch
d860775b45 Document Defer load CsrfToken 
Closes gh-12105
 2022-10-28 15:41:25 -05:00
Josh Cummings
abe68abfe4
Merge remote-tracking branch 'origin/5.8.x' 2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa
bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler 
Closes gh-11363
 2022-10-26 16:44:23 -06:00
Rob Winch
9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository 
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
 2022-10-20 10:57:47 -05:00
Rob Winch
a4858d9eaa Add SpringTestContext.addFilter 
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.

Closes gh-12071
 2022-10-20 10:54:24 -05:00
Steve Riesenberg
33b492df54
Default to DelegatingSecurityContextRepository 
Closes gh-12023
Closes gh-12049
 2022-10-17 20:04:43 -05:00
Steve Riesenberg
bd43c1f28a
Merge branch '5.8.x' 
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
 2022-10-17 19:35:27 -05:00
Steve Riesenberg
c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Joe Grandja
753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny 
Closes gh-11958
 2022-10-13 11:12:00 -04:00
Steve Riesenberg
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter 
Issue gh-11960
 2022-10-13 09:39:55 -05:00
Josh Cummings
99a87179dd
Instrument Filter Chain 
Closes gh-11911
 2022-10-12 20:32:22 -06:00
Steve Riesenberg
7c872cf7fd
Merge branch '5.8.x' 2022-10-12 15:02:40 -05:00
Steve Riesenberg
440748ec65
Add test support for Xor CSRF tokens 
Issue gh-4001
 2022-10-12 15:02:15 -05:00
Daniel Garnier-Moiroux
27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg
6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg
f4ca90e719
Add reactive interfaces for CSRF request handling 
Issue gh-11959
 2022-10-07 16:34:16 -05:00
Marcus Da Coregio
398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration 
Closes gh-11939
 2022-10-07 15:26:46 -03:00
Marcus Da Coregio
9fd195d419 Default to shouldFilterAllDispatcherTypes=true in XML 
Closes gh-11970
 2022-10-07 11:46:20 -03:00
Marcus Da Coregio
146d3269bc Merge branch '5.8.x' 
Closes gh-11971
 2022-10-07 10:28:14 -03:00
Marcus Da Coregio
f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Josh Cummings
12b9f2e196
use-authorization-manager defaults to true 
Closes gh-11929
 2022-10-06 08:12:46 -06:00
Marcus Da Coregio
c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present 
Closes gh-11899
 2022-10-06 09:12:04 -03:00
Josh Cummings
2079309c5a
Add SecurityContextHolderStrategy XML Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:59 -06:00
Josh Cummings
7543effe89
Add SecurityContextHolderStrategy Java Configuration for OAuth2 
Issue gh-11061
 2022-10-05 23:50:58 -06:00
Josh Cummings
7e3841105b
Add SecurityContextHolderStrategy XML Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:57 -06:00
Josh Cummings
19181a5afd
Add SecurityContextHolderStrategy Java Configuration for Saml2 
Issue gh-11061
 2022-10-05 23:50:56 -06:00
Josh Cummings
72a46ddd31
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 22:48:33 -06:00
Josh Cummings
7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests 
Issue gh-11665
 2022-10-05 22:18:41 -06:00
Steve Riesenberg
8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg
dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Marcus Da Coregio
c2ed65c67a Fix failing tests 
Issue gh-9159
 2022-10-05 14:59:33 -03:00
Marcus Da Coregio
76d7a85bc0 Use modified classpath test support for tests that depend on the classpath 
Issue gh-11347
 2022-10-04 15:32:19 -03:00
Marcus Da Coregio
77dcc691b3 Add modified classpath test support 
Closes gh-11951
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio
5002199be3 Revert "Disable tests that need Spring MVC mocked in classpath" 
This reverts commit c6978fba7c53c5bec765dba672b0ccb084e3048f.
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio
35f7e46d05 Remove WebSecurityConfigurerAdapter 
Closes gh-10902
 2022-10-04 15:13:04 -03:00
Steve Riesenberg
5de6da890b
Merge branch '5.8.x' 
Closes gh-dry-run
 2022-10-04 11:18:00 -05:00