Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,514 Commits 32 Branches 333 Tags 112 MiB
Commit Graph

8514 Commits

Author SHA1 Message Date
Eleftheria Stein 898bdeb0fd Fix Resource Server clock skew default value in docs 
Closes gh-6611
 2021-06-02 13:19:30 +03:00
Steve Riesenberg c79cb8eff6 Handle encoded spaces in the root dn 
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.

Closes gh-9742

# Conflicts:
#	ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
#	ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
 2021-05-26 12:57:48 -05:00
Steve Riesenberg d3a3c36ad3 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 16:14:35 -05:00
Rob Winch c9a8419e22 Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 20:12:15 -04:00
Craig Andrews ecb4a5749a HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 20:12:00 -04:00
Rob Winch 362855b8b8 docs.af.pivotal.io->docs-ip.spring.io 
The build conventions plugin does not support a property, so we must
override the configuration for docs.host to docs-ip.spring.io

Closes gh-9686
 2021-04-27 10:26:51 -05:00
Rob Winch 0a56dc4ef5 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:54:05 -05:00
Joe Grandja 99db0ca2c5 WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 10:05:06 -04:00
Craig Andrews ab34c0308c
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:57:53 -06:00
Rob Winch adf3e94c9f Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 21:18:51 -05:00
Denis Washington 521706d496 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 06:41:52 -04:00
Eleftheria Stein ea19b31133 Next development version 2021-04-12 19:00:02 +02:00
Eleftheria Stein 46fdb250dc Release 5.2.10.RELEASE 2021-04-12 18:17:48 +02:00
Eleftheria Stein b500b3ea69 Update to OpenSAML 3.4.6 
Closes gh-9607
 2021-04-12 10:55:05 +02:00
Eleftheria Stein 59171434d5 Update to hibernate-entitymanager 5.4.30.Final 
Closes gh-9606
 2021-04-12 10:54:38 +02:00
Eleftheria Stein 5d18dd6d7d Update to Groovy 2.4.21 
Closes gh-9605
 2021-04-12 10:54:17 +02:00
Eleftheria Stein 41b0e51dbb Update to embedded Apache Tomcat 9.0.45 
Closes gh-9604
 2021-04-12 10:53:38 +02:00
Eleftheria Stein 310c1148ce Update blockhound to 1.0.6.RELEASE 
Closes gh-9603
 2021-04-12 10:53:11 +02:00
Eleftheria Stein 93defb2ff2 Update to RSocket 1.0.4 
Closes gh-9602
 2021-04-12 10:52:33 +02:00
Eleftheria Stein fb7efffad3 Update to Spring Data Moore-SR13 
Closes gh-9601
 2021-04-12 10:52:09 +02:00
Eleftheria Stein 6db79b70e6 Update to Spring Framework 5.2.13.RELEASE 
Close gh-9600
 2021-04-12 10:51:41 +02:00
Eleftheria Stein 78a618c260 Update to Reactor Dysprosium-SR18 
Closes gh-9599
 2021-04-12 10:51:11 +02:00
Eleftheria Stein cfc5256fad Update to GAE 1.9.88 
Closes gh-9608
 2021-04-12 10:50:46 +02:00
Eleftheria Stein 289b11b873 Update to nohttp 0.0.6.RELEASE 
Closes gh-9609
 2021-04-12 10:50:22 +02:00
佚名 8dc702c80f
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:57:14 -06:00
Josh Cummings bd0247adef
Next Development Version 2021-02-11 12:22:42 -07:00
Josh Cummings 974156d5fb
Release 5.2.9.RELEASE 2021-02-11 10:37:22 -07:00
Rob Winch e2121532a2
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 09:38:04 -07:00
Rob Winch 7cab7b06c5
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 09:38:04 -07:00
Josh Cummings f60daa5152
Update to GAE 1.9.86 
Closes gh-9442
 2021-02-11 09:31:37 -07:00
Josh Cummings f63b770ec5
Update to Tomcat 9.0.43 
Closes gh-9441
 2021-02-11 09:31:30 -07:00
Josh Cummings 44bb975f82
Update to Jetty 9.4.36.v20210114 
Closes gh-9440
 2021-02-11 09:31:25 -07:00
Josh Cummings 3cb6b3e5d6
Update to hibernate-validator 6.1.7.Final 
Closes gh-9439
 2021-02-11 09:31:20 -07:00
Josh Cummings db07cea579
Update to hibernate-entitymanager 5.4.28.Final 
Closes gh-9438
 2021-02-11 09:31:15 -07:00
Josh Cummings 0fb60c3aa7
Update to thymeleaf-spring5 3.0.12 
Closes gh-9437
 2021-02-11 09:31:11 -07:00
Josh Cummings 31cb29cb2d
Update to Spring Data Moore-SR12 
Closes gh-9436
 2021-02-11 09:31:03 -07:00
Josh Cummings 46bfc00db2
Update to Reactor Dysprosium-SR16 
Closes gh-9435
 2021-02-11 09:30:57 -07:00
Josh Cummings 987b14d1d4
Update to Spring Framework 5.2.12.RELEASE 
Closes gh-9434
 2021-02-11 09:30:52 -07:00
Josh Cummings 1f19ee04e1
Update to Spring Boot 2.2.13.RELEASE 
Closes gh-9433
 2021-02-11 09:30:39 -07:00
Josh Cummings 005eca7bd9
Fix Test Configuration 
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable

Closes gh-9421
 2021-02-10 11:37:32 -07:00
Josh Cummings 68ac3ef36b
Polish Tests 
Issue gh-9331
 2021-02-03 09:34:20 -07:00
happier233 7a5c34ca57
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:34:13 -07:00
Joe Grandja 542c625d7d Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-02 04:43:29 -05:00
Rob Winch 4de2dbb4cd Update to spring-build-conventions:0.0.23.1.RELEASE 
Fixes use of repo.spring.io
 2021-01-26 11:11:05 -06:00
Benjamin Faal 98399c920a Make user info response status check error only 
Closes gh-9336
 2021-01-25 11:10:03 -05:00
Josh Cummings 52ad49074d
Migrate SAML 2.0 Tests and Docs to PCFOne 
Issue gh-9362
 2021-01-25 08:32:17 -07:00
Josh Cummings 6df5dc4ecf
Migrate SAML 2.0 Samples to PCFOne 
Closes gh-9362
 2021-01-22 13:51:46 -07:00
Josh Cummings 32acb04efe
Fix SAML 2.0 Javaconfig Sample 
Issue gh-9362
 2021-01-22 13:51:37 -07:00
Eleftheria Stein 57dfbeecbb Provide artifactoryUsername/Password in docs and schema jobs 2021-01-22 16:07:17 +01:00
Rob Winch 1181740f79 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:18:25 -06:00