Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,124 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2283 Commits

Author SHA1 Message Date
Marcus Da Coregio 7d22e02593 Merge branch '5.8.x' into 6.0.x 
Closes gh-12777
 2023-02-23 15:17:25 -03:00
Marcus Da Coregio 97ba596ca3 Merge branch '5.7.x' into 5.8.x 
Closes gh-12776
 2023-02-23 15:17:04 -03:00
Marcus Da Coregio 1c3ce1e401 Fix entity-id ignored in RelyingPartyRegistration XML config 
Closes gh-11898
 2023-02-23 15:16:40 -03:00
Josh Cummings cedb9fd199
Merge branch '5.8.x' into 6.0.x 
Closes gh-12687
 2023-02-16 14:56:32 -07:00
Josh Cummings 0baf650f38
Merge branch '5.7.x' into 5.8.x 
Closes gh-12686
 2023-02-16 14:55:22 -07:00
Leonid Rozenblyum 000b4bc495 Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter 
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.

In particular, this exception can occur when mixing standard and custom DSL to register filters.

The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.

It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.

The error handling is implemented similarly to HttpSecurity#addFilter.

Closes gh-12637
 2023-02-16 14:54:44 -07:00
Tobias Meurer 7dd5cc6082 Pick Up Custom SecurityContextRespository 
Closes gh-12579
 2023-02-07 12:46:12 -07:00
Marcus Da Coregio 52ed165476 Move classpath checks to class member variable 
Closes gh-11437
 2023-02-07 09:25:06 -03:00
Marcus Da Coregio 3572111cf5 Add JwtDecoder hint for oauth2Login 
Closes gh-12615
 2023-02-03 14:34:32 -03:00
Steve Riesenberg 13487be268
Default to XorCsrfChannelInterceptor in 6.0.x 
Closes gh-12378
 2023-01-26 15:45:04 -06:00
Steve Riesenberg 1363a4eece
Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Josh Cummings c3563df25a
Include HttpStatusRequestRequestedHandler 
Closes gh-12548
 2023-01-26 14:07:22 -07:00
Josh Cummings 66711f2365
Add RequestRejectedHandler Test 
Issue gh-12548
 2023-01-26 13:07:16 -07:00
Steve Riesenberg c306df9b46
Add XorCsrfChannelInterceptor 
Issue gh-12378
 2023-01-23 16:00:35 -06:00
Josh Cummings 5b6b3d585f
Change EnableReactiveMethodSecurity Defaults 
Closes gh-12506
 2023-01-10 08:30:52 -07:00
Marcus Da Coregio 7080ea652f Add hints for ProxyFactoryBean AuthenticationManager 
Closes gh-12367
 2022-12-14 10:16:04 -03:00
Marcus Da Coregio f1698ec188 Fix removed code by merge 2022-12-05 14:57:28 -08:00
Marcus Da Coregio 2fdf762726 Merge branch '5.8.x' into 6.0.x 2022-12-05 14:41:59 -08:00
Marcus Da Coregio 7aaa25b88e Merge branch '5.7.x' into 5.8.x 2022-12-05 14:40:54 -08:00
Marcus Da Coregio fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Mitja Kotnik f39f215140 Replace javadoc with SecurityFilterChain bean definition 2022-12-05 14:40:05 -08:00
Guillaume Husta a5464ed819 Fix typo in DefaultLoginPageConfigurer Javadoc 
'isLogoutRequest' seems to have nothing to do here.
 2022-12-05 14:31:15 -08:00
Marcus Da Coregio e774bd480b Merge branch '5.7.x' into 5.8.x 
Closes gh-12261
 2022-11-21 10:25:43 -03:00
Marcus Da Coregio f561d3784e Improve deprecation notice in WebSecurityConfigurerAdapter 
Closes gh-12260
 2022-11-21 10:05:08 -03:00
Steve Riesenberg dd9f954ace
Fix tests in CsrfConfigurerTests 
Closes gh-12241
 2022-11-18 14:58:41 -06:00
Steve Riesenberg 5da78f44f2
Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg ea6ce05662
Add configurer tests for CookieCsrfTokenRepository 
Issue gh-12236
 2022-11-18 13:12:59 -06:00
Steve Riesenberg 2ed7cff643
Check for existing token before clearing 
Closes gh-12236
 2022-11-18 13:12:59 -06:00
Josh Cummings e08ed89403 Polish Span and Meter Names 
Closes gh-12156
 2022-11-17 15:09:52 -07:00
Steve Riesenberg 222f8ae1a5
Merge branch '5.8.x' 2022-11-16 16:54:32 -06:00
Jan Marten 2301e8ca77
Fix Javadoc in EnableWebSocketSecurity 
Add missing method name in EnableWebSocketSecurity JavaDoc code example.
 2022-11-16 16:51:42 -06:00
Josh Cummings c45cd6ec9f
Defer ObservationRegistry Resolution 
- If Method Security asks for  too early, it is no longer
eligible for post-processing. As such, this commit defers loading it until
the first authorization request.

Issue gh-11990
 2022-11-09 22:07:57 -07:00
Marcus Da Coregio 3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1 
Closes gh-12146
Closes gh-12148
 2022-11-08 08:34:21 -03:00
Marcus Da Coregio 72c25332a5 Fix authenticationFailureHandler customization tests 
Issue gh-12132
 2022-11-03 10:32:38 -03:00
Josh Cummings fc8e20b89f
Merge branch '5.8.x' 
Closes gh-12133
 2022-11-02 15:49:18 -06:00
Josh Cummings 3192618220
Add authenticationFailureHandler 
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer

Closes gh-12132
 2022-11-02 15:35:01 -06:00
Josh Cummings 983f1d4efb
Merge branch '5.8.x' 
Closes gh-12127
 2022-11-01 18:08:08 -06:00
Josh Cummings 6622e0135a
Merge branch '5.7.x' into 5.8.x 
Closes gh-12126
 2022-11-01 18:06:41 -06:00
Josh Cummings 6efac34ca7
Merge branch '5.6.x' into 5.7.x 
Closes gh-12125
 2022-11-01 18:06:01 -06:00
Koos Gadellaa 5c4362bbc4
Refresh parsers when not found 
Closes gh-3065
 2022-11-01 18:05:15 -06:00
Rob Winch d860775b45 Document Defer load CsrfToken 
Closes gh-12105
 2022-10-28 15:41:25 -05:00
Josh Cummings abe68abfe4
Merge remote-tracking branch 'origin/5.8.x' 2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler 
Closes gh-11363
 2022-10-26 16:44:23 -06:00
Rob Winch 9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository 
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
 2022-10-20 10:57:47 -05:00
Rob Winch a4858d9eaa Add SpringTestContext.addFilter 
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.

Closes gh-12071
 2022-10-20 10:54:24 -05:00
Steve Riesenberg 33b492df54
Default to DelegatingSecurityContextRepository 
Closes gh-12023
Closes gh-12049
 2022-10-17 20:04:43 -05:00
Steve Riesenberg bd43c1f28a
Merge branch '5.8.x' 
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
 2022-10-17 19:35:27 -05:00
Steve Riesenberg c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Steve Riesenberg 819529f5ea
Remove CsrfSpec.tokenFromMultipartDataEnabled 
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled

Closes gh-12020
 2022-10-13 11:29:15 -05:00
Joe Grandja 753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny 
Closes gh-11958
 2022-10-13 11:12:00 -04:00