Commit Graph

1533 Commits

Author SHA1 Message Date
Marcus Da Coregio a484044591 Merge branch '5.8.x' into 6.0.x 2023-04-17 07:29:42 -03:00
Marcus Da Coregio 6cf8c53aaa Merge branch '5.7.x' into 5.8.x 2023-04-17 07:16:47 -03:00
Marcus Da Coregio 2d52fb8e4b Clear Repository on Logout 2023-04-17 06:47:57 -03:00
Josh Cummings 4813ec1e09
Merge branch '5.8.x' into 6.0.x
Closes gh-13000
2023-04-11 17:08:54 -06:00
Josh Cummings dad1fba1bf
Merge branch '5.7.x' into 5.8.x
Closes gh-12999
2023-04-11 17:02:16 -06:00
Christian Marck 442faccb5f
Avoid NPE in FilterInvocation
Handle unknown headers in dummy request wrapper.

Closes gh-12998
2023-04-11 17:01:59 -06:00
Josh Cummings 6db2b0dcd0
Align Filter Chain Observability Lineage
Closes gh-12849
2023-03-27 16:30:32 -06:00
Marcus Da Coregio 177514b6c5 Merge branch '5.8.x' into 6.0.x
Closes gh-12919
2023-03-22 08:54:57 -03:00
Marcus Da Coregio 8d664bc4c2 DelegatingSecurityContextRepository should call loadContext
Closes gh-12314
2023-03-22 08:53:19 -03:00
Josh Cummings 3fbb64db96
Fix javax package 2023-03-20 16:28:52 -06:00
Josh Cummings 229325a0bb
Merge branch '5.8.x' into 6.0.x 2023-03-20 16:22:23 -06:00
Josh Cummings a74008cc79
Merge branch '5.7.x' into 5.8.x 2023-03-20 16:20:46 -06:00
twosom 3d7e22a4e9 Add test to SimpleUrlAuthenticationSuccessHandlerTests 2023-03-20 16:20:30 -06:00
Josh Cummings 6935045172
Merge branch '5.8.x' into 6.0.x
Closes gh-12909
2023-03-20 16:10:35 -06:00
twosom abd51f7b63
Polished DefaultLoginPageGeneratingFilterTests Validation
Closes gh-12694
2023-03-20 15:31:59 -06:00
Marcus Da Coregio cdc0fa0e5b Merge branch '5.8.x' into 6.0.x
Closes gh-12836
2023-03-07 13:28:31 -03:00
Marcus Da Coregio 2e92dad761 Merge branch '5.7.x' into 5.8.x
Closes gh-12835
2023-03-07 13:27:57 -03:00
Marcus Da Coregio 84cca81edf Use HttpSessionSecurityContextRepository by default in SwitchUserFilter
Closes gh-12834
2023-03-07 13:27:18 -03:00
Josh Cummings c06e604278
Address Observability Thread Safety
Closes gh-12829
2023-03-06 12:46:23 -07:00
Josh Cummings 8ca726f4fa
Specify query string
Issue gh-12665
2023-02-14 08:24:07 -07:00
Josh Cummings e7d65966fd
Merge branch '5.8.x' into 6.0.x
Closes gh-12671
2023-02-14 08:01:31 -07:00
Josh Cummings 0d4c619648
Include continue in query string
Closes gh-12665
2023-02-14 08:00:19 -07:00
Steve Riesenberg 1363a4eece
Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Steve Riesenberg c306df9b46
Add XorCsrfChannelInterceptor
Issue gh-12378
2023-01-23 16:00:35 -06:00
Josh Cummings 4d2dab9b6b
Lookup Parent Observation
Closes gh-12524
2023-01-11 10:13:33 -07:00
Steve Riesenberg 4e80338a9b
Polish gh-12466 2023-01-10 11:31:51 -06:00
Wellington Domiciano 2c8854bb7f
Adjusts setRequestHandler javadoc in CsrfFilter
Adjusts setRequestHandler method javadoc in CsrfFilter class to reflect
changes in 6.0.

In 6.0, the default CsrfTokenRequestHandler changed to
XorCsrfTokenRequestAttributeHandler, however, the javadoc for the
setRequestHandler method still said it was
CsrfTokenRequestAttributeHandler.

This change adjusts the information to make it more accurate, because,
although XorCsrfTokenRequestAttributeHandler is a subclass of
CsrfTokenRequestAttributeHandler, the behavior is quite different.

Closes gh-12464
2023-01-10 11:31:51 -06:00
Marcus Da Coregio d1fc789ae2 Merge branch '5.8.x' into 6.0.x
Closes gh-12511
2023-01-10 09:42:48 -03:00
Marcus Da Coregio ae46032ced Merge branch '5.7.x' into 5.8.x
Closes gh-12510
2023-01-10 09:39:40 -03:00
Marcus Da Coregio ffdb397830 Save the SecurityContext when switching user
Closes gh-12504
2023-01-10 09:27:56 -03:00
Josh Cummings c308e4665a
Polish Event Name
Provide a name with no spaces separate from the human-friendly
one with spaces.

Closes gh-12490
2023-01-06 11:13:11 -07:00
Wellington Domiciano 27b3f4d403 Adjusts setRequestHandler javadoc in CsrfWebFilter
Adjusts setRequestHandler method javadoc in CsrfWebFilter class to reflect changes in 6.0.

In 6.0, the default ServerCsrfTokenRequestHandler changed to XorServerCsrfTokenRequestAttributeHandler, however, the javadoc for the setRequestHandler method still said it was ServerCsrfTokenRequestAttributeHandler.

This change adjusts the information to make it more accurate, because, although XorServerCsrfTokenRequestAttributeHandler is a subclass of ServerCsrfTokenRequestAttributeHandler, the behavior is quite different.

Closes gh-12465
2023-01-04 10:53:47 -07:00
Marcus Da Coregio 898c36287c Merge branch '5.8.x' into 6.0.x
Closes gh-12368
2022-12-12 16:55:14 -03:00
Marcus Da Coregio 99d6d21554 Apply SecurityContextHolderFilter to all dispatcher types
Closes gh-11962
2022-12-12 11:45:24 -08:00
Josh Cummings 701f754e37
Cast FilterChainObservationContext Safely
Closes gh-12268
2022-11-29 16:24:56 -07:00
Steve Riesenberg fd547321e8
Default to XorCsrfTokenRequestAttributeHandler
As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.

Issue gh-11960
Closes gh-12235
2022-11-18 22:50:26 -06:00
Steve Riesenberg 5da78f44f2
Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg 2ed7cff643
Check for existing token before clearing
Closes gh-12236
2022-11-18 13:12:59 -06:00
Josh Cummings 24860d9fb0
Observe Filter Start and Stop
Issue gh-11911
2022-11-17 15:11:29 -07:00
Josh Cummings e08ed89403 Polish Span and Meter Names
Closes gh-12156
2022-11-17 15:09:52 -07:00
Marcus Da Coregio 063f06e7bf Register FilterChainProxy for all dispatcher types
Closes gh-12180
2022-11-16 09:55:21 -03:00
Steve Riesenberg 1a3be83084
Merge branch '5.8.x'
Closes gh-12185
2022-11-09 12:28:37 -06:00
Steve Riesenberg 57b163bb78
Polish gh-12141 2022-11-09 12:19:43 -06:00
Marcus Da Coregio 2a261e0583 Add Jakarta WebSocket 2.1 test dependency to spring-security-web
Issue gh-12148
2022-11-08 09:54:34 -03:00
Marcus Da Coregio 3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1
Closes gh-12146
Closes gh-12148
2022-11-08 08:34:21 -03:00
Steve Riesenberg 36f668dd9c
Merge branch '5.8.x'
Closes gh-12142
2022-11-04 18:12:34 -05:00
Steve Riesenberg 6b0ed0205b
Re-generate tokens in CookieCsrfTokenRepository
Fixes support for re-generating tokens within a request such as when
CsrfAuthenticationStrategy removes a null token and saves an empty
cookie value on the response.

Closes gh-12141
2022-11-04 18:10:15 -05:00
Steve Riesenberg 801ceb0832
Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg 66f2f1cde7
Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg 2915a70bf7
Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00