Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,268 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

1107 Commits

Author SHA1 Message Date
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Rob Winch 95da12110b
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 15:58:29 -07:00
Rob Winch 3116369f02
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 15:58:28 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings 107f38fff9
Polish Tests 
Issue gh-9331
 2021-02-03 09:05:31 -07:00
happier233 873b9bdbca
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:05:31 -07:00
Evgeniy Cheban 77484018bb Reconsider AntPathRequestMatcher matching logic 
Closes gh-9285
 2021-01-19 12:02:06 -07:00
Rob Winch 0201c31deb Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:37:12 -06:00
Rob Winch a1083d9a5c Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:18:29 -06:00
Josh Cummings 160a4a3676
Reformat MvcRequestMatcher 
- Moved related private methods together

Issue gh-9284
 2021-01-11 08:28:59 -07:00
Evgeniy Cheban 8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods 
Closes gh-9284
 2021-01-09 21:42:16 +03:00
Zeeshan Adnan 848bd44837
Remove unused code 
Issue gh-9203
 2020-12-18 11:49:52 -07:00
Rob Winch 40e027c56d Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2020-12-17 15:01:43 -06:00
Josh Cummings c066e23a86
Add @since attributes 
Issue gh-8900
 2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager 
Closes gh-8900
 2020-12-16 15:58:36 -07:00
Nick McKinney 5306d4c4d5 Minor cleanup on Ant / Regex Request Matchers 
- Removed duplicative code for transforming String into HttpMethod
 - Removed an unnecessary array initialization
 2020-12-14 14:19:23 +01:00
Nick McKinney 6be25df1db Introduced DispatcherType request matcher 
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.

Closes gh-9205
 2020-12-14 14:19:23 +01:00
Christophe Gilles 54d3839f63 Add permissionsPolicy http header 2020-12-11 12:32:18 +01:00
Serdar Kuzucu 48ef27b80a Make assertion messages in CookieCsrfTokenRepository clearer 
Changes assertion message format from 'X is not null' to
'X cannot be null' since this is more meaningful when the error
occurs and the message is printed in the logs.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Serdar Kuzucu 76e117a67a Allow maximum age of csrf cookie to be configured 
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.

Prior to this commit, maximum age was set with a value of -1.

After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.

An IllegalArgumentException will be thrown when
this value is set to zero.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Josh Cummings f614a8230c
Polish getRemoteUser 
- Corrected instanceof check

Issue gh-3357
 2020-12-03 13:08:40 -07:00
Stephen Joyner 9c373ef4f8
getRemoteUser() returns principal name 
Closes gh-3357
 2020-12-03 13:08:40 -07:00
Eleftheria Stein 7f482eda7d Fix CookieRequestCache for URL encoded query parameters 
Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request.

Closes gh-9203
 2020-11-26 18:16:42 +01:00
Aditya Sekhar 4cc3c25a0e removed whitespace formatting 2020-11-13 15:01:17 -06:00
Aditya Sekhar a26975f780 cleanup compatibility method based on spring-projects#8868 2020-11-13 15:01:17 -06:00
zhuang ff58ac836e
Decode cookie once in AbstractRememberMeServices 
Issue gh-9192
 2020-11-09 08:14:20 -05:00
Eleftheria Stein 34a21cd80c Fix formatting 2020-11-09 13:46:09 +01:00
Eleftheria Stein 5661e06e9c Fix typo UserDetailService -> UserDetailsService 2020-11-09 13:13:32 +01:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing 
Closes gh-8951
 2020-11-05 10:57:33 -07:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Alexander Polozov a362ab53bc Change guard expressions order 
Check of allowed user sessions count moved to head for avoid unnecessary fetching all user sessions.
 2020-10-27 09:49:29 -04:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ 
Replace manual try/catch/fail blocks with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Tomoki Tsubaki 65f788532e Fix broken Mono chain 
This commit restore broken Mono chain in WebSessionServerCsrfTokenRepository.generateToken(ServerWebExchange).

Closes gh-9017
 2020-09-16 09:53:23 -06:00
Tomoki Tsubaki 2c297fbd63 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 08:48:00 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Eleftheria Stein-Kousathana 02d1516c56
Restructure BasicAuthenticationFilter Logs 
Issue gh-6311
 2020-09-02 07:42:03 -06:00
Josh Cummings fa7baf551d
Restructure Logs 
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
 2020-09-02 07:37:59 -06:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ef8f113619 Use assertThat instead of Java assert 
Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather
than Java's `assert` keyword.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 5bdd757108 Polish spring-security-web main code 
Manually polish `spring-security-web` following the formatting
and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ee661f7b71 Fix whitespace issues in format-off code 
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.

Issue gh-8945
 2020-08-24 17:33:08 -05:00