Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-03 20:09:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,318 Commits 36 Branches 337 Tags
Commit Graph

1543 Commits

Author SHA1 Message Date
Marcus Da Coregio
547056d5cc Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
ba810e468f Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:01:57 -03:00
Marcus Da Coregio
40dfe8f259 Add RequestMatcherEntry 2022-01-05 14:00:47 -03:00
Marcus Da Coregio
b448954f43 Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 13:57:36 -03:00
Marcus Da Coregio
d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio
51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio
eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Marcus Da Coregio
18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
7e17a00197 Add RequestMatcherEntry 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
53b8cff26f Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 08:57:30 -03:00
Eleftheria Stein
c68a75bcde Correct imports to jakarta 
Issue gh-9385, gh-10118
 2021-12-08 11:43:13 +01:00
Marcus Da Coregio
0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio
65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Steve Riesenberg
62e8799a8d Use BDD in tests 2021-12-02 17:44:47 -06:00
Steve Riesenberg
df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi
925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg
aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg
d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi
c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg
47b8860681 Update copyright year 
Issue gh-10557
 2021-12-01 17:36:52 -06:00
Steve Riesenberg
c7ffd2513a Update copyright year 
Issue gh-10557
 2021-12-01 17:36:19 -06:00
Steve Riesenberg
bb2d80fea3 Update copyright year 
Issue gh-10557
 2021-12-01 17:35:43 -06:00
Steve Riesenberg
5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg
828cac8889 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:19:33 -06:00
Steve Riesenberg
f49c286050 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:05:13 -06:00
Steve Riesenberg
b3e0f167ff Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:01:06 -06:00
Steve Riesenberg
41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Josh Cummings
1251cde04c Add Missing Since 
Issue gh-10482
 2021-11-30 15:17:48 -07:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Josh Cummings
7e55c84cfc Add Missing Since 
Issue gh-10482
 2021-11-30 15:15:35 -07:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Steve Riesenberg
204f0b4599 Polish gh-10007 2021-11-30 15:27:58 -06:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Steve Riesenberg
898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg
9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg
c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Marcus Da Coregio
2bf7a5ae80 Improve log message when no CSRF token found 
Closes gh-10436
 2021-11-19 08:37:25 -03:00
Rob Winch
bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:44:49 -06:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
caad3d57e2 Improve log message when no CSRF token found 
Closes gh-10436
 2021-10-29 14:06:17 -03:00
Marcus Da Coregio
00f4033b9b Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-22 13:22:12 -03:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00
Emil Sierżęga
04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch
e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Josh Cummings
6e86fab19d Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-18 13:02:42 -05:00