Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-01 21:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,125 Commits 54 Branches 369 Tags
Commit Graph

668 Commits

Author SHA1 Message Date
Steve Riesenberg
8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Steve Riesenberg
946e24e1c2
Polish gh-10911 2022-03-17 12:34:16 -05:00
David Kirstein
2b6bc5dd0b
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:34:16 -05:00
Rob Winch
972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Rob Winch
cbba7ea4de AbstractAuthenticationProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-12 13:23:47 -06:00
Norbert Nowak
abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Rob Winch
4462b73fd9 AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch
ba7fb0cb14 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch
09e730734b BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch
d909d3bc40 RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch
7c5b939bbd AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Marcus Da Coregio
8c94c2e15a AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:14 -03:00
Rob Winch
2abeff2089 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:21:51 -06:00
Rob Winch
bab5d252a2 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-08 15:00:22 -06:00
Josh Cummings
a99a04f050 Update JavaDoc 
Issue gh-10564
 2022-02-15 12:51:09 -07:00
Yuriy Savchenko
d6cbacb27a Make WebAuthenticationDetails constructor public 
Closes gh-10564
 2022-02-15 12:50:48 -07:00
Rob Winch
6f0029fc44 Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-02 17:04:44 -06:00
Marcus Da Coregio
0048805c2a RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 10:17:40 -03:00
Josh Cummings
08821369a3 Add Request-based AuthenticationManagerResolvers 
Closes gh-6762
 2022-01-26 09:21:07 -07:00
Rob Winch
f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Josh Cummings
feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík
27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Josh Cummings
b2fe9149cf Use noNullElements 
Collection#contains(null) does not work for all collection types

Issue gh-10703
 2022-01-14 14:33:17 -07:00
Marcus Da Coregio
d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio
51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio
eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Marcus Da Coregio
0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Steve Riesenberg
aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg
d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Steve Riesenberg
5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg
41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg
9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg
c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Rob Winch
bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Eleftheria Stein
7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Josh Cummings
ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki
0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev
baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio
2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00