Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,395 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

10395 Commits

Author SHA1 Message Date
Joe Grandja 7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00
Steve Riesenberg 92d4f1237d
Use JDK 17 for Antora 
Issue gh-11430
Issue gh-11324
 2022-07-13 14:11:31 -05:00
Joe Grandja d85abc7bbb Update javadoc in CommonOAuth2Provider 
Closes gh-11490
 2022-07-13 11:20:04 -04:00
Marcus Da Coregio ecbfa84b39 Revert "Disable failing tests until r2dbc-h2 is upgraded" 
This reverts commit 614065bb3b.
 2022-07-13 10:55:12 -03:00
Marcus Da Coregio 8776f66fb9 Update io.r2dbc:r2dbc-h2 to 1.0.0.RC1 
Closes gh-11479
 2022-07-13 10:55:12 -03:00
Marcus Da Coregio 7abea4a964 Add RuntimeHints suffix for RuntimeHintsRegistrar 
Closes gh-11497
 2022-07-13 10:14:43 -03:00
Joe Grandja 177baba8c9 RuntimeHintsPredicates moved to predicate package 2022-07-12 16:00:50 -04:00
Marcus Da Coregio 6455e98745 FilterSecurityInterceptor applies to every request by default 
Closes gh-11466
 2022-07-12 10:53:03 -03:00
Tim te Beek 2c0a4337a8
Clearly end sentence in note before next sentence 2022-07-11 17:36:30 -06:00
Tim te Beek 9f4b0ca8b5
Use Collection<ConfigAttribute> in examples 
To match `org.springframework.security.access.ConfigAttribute`.
 2022-07-11 17:36:30 -06:00
Josh Cummings 60652afb32
Polish InterceptMethodsBeanDefinitionDecorator 
Issue gh-11328
 2022-07-11 16:54:59 -06:00
Josh Cummings bc6f494af8
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:04:39 -06:00
Steve Riesenberg 614065bb3b
Disable failing tests until r2dbc-h2 is upgraded 
Issue gh-11479
 2022-07-11 10:32:38 -05:00
Steve Riesenberg 206c6ffb54
Remove deprecation warnings with Context.putAll 
Closes gh-11476
 2022-07-08 16:03:45 -05:00
Rob Winch 7da34cfa2c Fix logging for AnonymousAuthenticationFilter 
Currently if trace logging is enabled a StackOverflowException is thrown
when trying to resolve toString of the authentication.

java.lang.StackOverflowError: null
        at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na]
        at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125)

Issue gh-11457
 2022-07-08 15:44:21 -05:00
Rob Winch 4a5c0ac904 Fix Formatting 
Issue gh-11474
 2022-07-08 12:35:40 -05:00
Rob Winch 03cd9920aa DelegatingSecurityContextTaskScheduler implements new Methods 
Closes gh-11474
 2022-07-08 12:32:09 -05:00
Rob Winch d2d5313bba Fix Formatting 
Issue gh-11327
 2022-07-08 09:21:53 -05:00
Josh Cummings e8a7b654b4
Add Configuration Test 
Issue gh-11327
 2022-07-07 14:42:07 -06:00
Josh Cummings 01ffc93062
Add AuthorizationFilter to filter chain validator 
Closes gh-11327
 2022-07-07 14:40:53 -06:00
Josh Cummings ec8c13392c
Clarify variable names 
Issue gh-11327
 2022-07-07 14:26:40 -06:00
Steve Riesenberg 696da87478 Use relative schema location for tests 
Issue gh-11328
Issue gh-11353
Issue gh-11365
 2022-07-07 13:00:04 -05:00
Josh Cummings 148c926de0
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 13:01:57 -06:00
Marcus Da Coregio a87f7aa2e1 Polish CoreSecurityHintsTests 
Use ParameterizedTest to simplify repetitive test setup

Issue gh-11431
 2022-07-06 15:21:45 -03:00
Steve Riesenberg 095f23d81f
Fix slack notifications in #spring-security-ci 
Issue gh-11346
 2022-07-05 17:50:27 -05:00
Rob Winch 0bf985ed7c AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:51:12 -05:00
Igor Bolic d96b4a0463 Set the useTrailingSlashMatch to true for tests 
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552.
This causes failures in Spring Security's tests.

Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.

Closes gh-11451
 2022-07-05 11:29:36 -06:00
Rob Winch 6510274854 Request Cache supports matchingRequestParameterName 
Closes gh-7157 gh-11453
 2022-07-01 16:51:49 -05:00
Josh Cummings 459003e1b3
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:19:33 -06:00
Josh Cummings d18ff25b95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:33:06 -06:00
Josh Cummings 05b788d1ac
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:33:05 -06:00
Josh Cummings d24a89ad53
Pick up SecurityContextHolderStrategy for WebClient integration 
Issue gh-11061
 2022-06-28 15:07:16 -06:00
Josh Cummings a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings 5086409dcf
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:56 -06:00
Josh Cummings 44d99f41a3
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:35:39 -06:00
Josh Cummings 83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings 97cb2a7d91
Polish SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-28 12:09:56 -06:00
Josh Cummings 944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings b316a3217b
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:35:54 -06:00
Josh Cummings ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:15:56 -06:00
Josh Cummings 52dc120269
Use SecurityContextHolderStrategy for ACL 
Issue gh-11060
 2022-06-28 08:07:15 -06:00
Josh Cummings 94f51d0718
Use SecurityContextHolderStrategy for Taglibs 
Issue gh-11060
 2022-06-27 17:48:30 -06:00
Josh Cummings 518bc75806
Use SecurityContextHolderStrategy for Data 
Issue gh-11060
 2022-06-27 16:36:13 -06:00
Josh Cummings f3d99f557b
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:28:37 -06:00
Josh Cummings bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:24:27 -06:00
Josh Cummings 484f35ca39
Add SecurityContextHolderStrategy Java Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:17:29 -06:00
Josh Cummings 1e498df39b
Use SecurityContextHolderStrategy for Messaging 
Issue gh-11060
 2022-06-27 16:17:28 -06:00
Josh Cummings 275586be5f
Use SecurityContextHolderStrategy for Ldap 
Issue gh-11060
 2022-06-27 16:17:28 -06:00
Rivaldi 757fb38147 Fix typo 
(cherry picked from commit 80c5ec459befd9292e08a43e30f4aae22f39eeed)
 2022-06-27 16:05:50 -06:00
Josh Cummings 5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:40:55 -06:00