Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,722 Commits 32 Branches 334 Tags 113 MiB
Commit Graph

10722 Commits

Author SHA1 Message Date
Marcus Da Coregio 8a5aed2983 Add deprecation warning to CsrfDsl#ignoringAntMatchers 
Issue gh-11347
 2022-10-06 13:50:38 -03:00
Marcus Da Coregio bc4ad52feb Add deprecation warning to mvcMatchers methods 
Issue gh-11347
 2022-10-06 13:21:27 -03:00
Josh Cummings 380a6a2564
Polish SecurityContextHolderStrategy Usage 
- Add to HttpSessionSecurityContextRepository#saveContext

Issue gh-11060
 2022-10-05 23:59:14 -06:00
Josh Cummings 0c0e298aa7
Polish Saml2 XML Use of SecurityContextHolderStrategy 
Issue gh-11061
 2022-10-05 23:38:14 -06:00
Josh Cummings b4d13e7726
Polish use-authorization-manager 
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together

Issue gh-11305
 2022-10-05 22:21:09 -06:00
Josh Cummings 7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests 
Issue gh-11665
 2022-10-05 22:18:41 -06:00
Josh Cummings f16d47c7b5
Polish DefaultHttpSecurityExpressionHandler 
Issue gh-11105
 2022-10-05 21:47:14 -06:00
Josh Cummings 4ddec07d0e
Add default AuthorizationManager 
Closes gh-11963
 2022-10-05 21:37:41 -06:00
Steve Riesenberg dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Rob Winch a5cc1f0b60 Merge branch '5.7.x' into 5.8.x 
Closes gh-11956
 2022-10-05 13:58:44 -05:00
Rob Winch 37dd896d4b Merge branch '5.6.x' into 5.7.x 
Closes gh-11955
 2022-10-05 13:57:25 -05:00
Dan Allen e0843aabb1 automatically manage docs version (with collector) 2022-10-05 13:56:22 -05:00
Steve Riesenberg c1fcf275d9
Update What's New for 5.8 
Issue gh-11952
 2022-10-05 13:48:18 -05:00
Steve Riesenberg 1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl 
Closes gh-11952
 2022-10-05 13:35:23 -05:00
Marcus Da Coregio bf6e85ec15 Accept String varargs in securityMatcher 
Issue gh-9159
 2022-10-05 13:44:08 -03:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux 0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio 039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg 7f9600ae08
Polish gh-11896 2022-10-03 09:57:08 -05:00
Marcus Da Coregio 64a19de4dc Deprecate HPKP security header 
Closes gh-10144
 2022-10-03 11:36:19 -03:00
Marcus Da Coregio 7be2eb05d5 Merge branch '5.7.x' into 5.8.x 2022-10-03 10:10:06 -03:00
Marcus Da Coregio cd4ddde779 Merge branch '5.6.x' into 5.7.x 2022-10-03 10:09:42 -03:00
Daniel Garnier-Moiroux 26bb60c567 Add rncToXsd task description to CONTRIBUTING.adoc 2022-10-03 10:09:27 -03:00
Rob Winch 6d56af7b65 SessionManagementDsl.requireExplicitAuthenticationStrategy 2022-09-30 21:37:44 -05:00
Josh Cummings f054505d6d
Support Deferred Contexts 
Closes gh-11817
Issue gh-10913
 2022-09-30 16:49:47 -06:00
Daniel Garnier-Moiroux 93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity 
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".

This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.

This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.

Issue gh-9631
 2022-09-30 09:38:08 -05:00
Steve Riesenberg 7b1158ddb7
Merge branch '5.7.x' into 5.8.x 2022-09-29 14:09:10 -05:00
Steve Riesenberg 70c61dc1dd
Merge branch '5.6.x' into 5.7.x 2022-09-29 14:08:17 -05:00
Dan Allen c44230ba24
switch to offical Antora plugin for Gradle 
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
 2022-09-29 14:05:09 -05:00
Marcus Da Coregio cf3349f31a Configure ContentNegotiationStrategy in HttpSecurityConfiguration 
Closes gh-11916
 2022-09-29 11:21:08 -03:00
Josh Cummings 506e50bfd0
Move Saml2 Authentication Filters 
Issue gh-8819
 2022-09-26 10:44:27 -06:00
Steve Riesenberg bbac85e20b Reduce severity of invalid registrationId to warn 
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
 2022-09-26 09:56:20 -05:00
Josh Cummings ae6fb8c681
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 16:31:22 -06:00
Josh Cummings 37a160245f
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-23 16:31:21 -06:00
Steve Riesenberg 46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Steve Riesenberg d140d95305
Fix assertion in NullSecurityContextRepository 
Issue gh-11060
 2022-09-22 15:33:22 -05:00
Steve Riesenberg 5d757919a2
Add SecurityContextHolderStrategy to new repository 
In 6.0, RequestAttributeSecurityContextRepository will be the default
implementation of SecurityContextRepository. This commit adds the
ability to configure a custom SecurityContextHolderStrategy, similar
to other components.

Issue gh-11060
Closes gh-11895
 2022-09-22 15:33:21 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Evgeniy Cheban c1d27612af Simplify AuthorizationManager composition 
Closes gh-11625
 2022-09-20 16:24:45 -06:00
Josh Cummings 3f8503f1b4
Deprecate AccessDecisionManager et al 
Closes gh-11302
 2022-09-20 16:09:59 -06:00
Marcus Da Coregio 983ca6ea27 Update What's New for 5.8 2022-09-20 08:33:38 -03:00
Marcus Da Coregio 0c96989cbe Move script tag into body element 
Closes gh-11879
 2022-09-19 15:46:23 -03:00
github-actions[bot] 9564f1b5e4 Next development version 2022-09-19 16:55:17 +00:00
github-actions[bot] dcbe900ff8 Release 5.8.0-M3 2022-09-19 15:24:11 +00:00
Steve Riesenberg e4e24c6639
Update org.springframework to 5.3.23 
Closes gh-11851
 2022-09-16 13:39:03 -05:00
Steve Riesenberg eeb152cd6d
Update htmlunit-driver to 2.64.0 
Closes gh-11850
 2022-09-16 13:39:03 -05:00
Steve Riesenberg 0159e8c976
Update org.mockito to 4.8.0 
Closes gh-11849
 2022-09-16 13:39:02 -05:00
Steve Riesenberg e2a4227c11
Update junit-bom to 5.9.0 
Closes gh-11848
 2022-09-16 13:39:02 -05:00