Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,021 Commits 34 Branches 334 Tags 109 MiB
Commit Graph

156 Commits

Author SHA1 Message Date
el-hopaness-romtic 4154ed543a
Fix .access(...) parameter 2023-03-20 15:23:40 -06:00
Josh Cummings 383e0c2cf0
Merge branch '5.7.x' into 5.8.x 2023-02-28 12:47:06 -07:00
Josh Cummings 0421e25cba
Document Common SAML URI Endpoints 
Issue gh-12764
 2023-02-28 12:45:48 -07:00
Josh Cummings 1c885cf3a3
Document Federation Usecase 
Closes gh-12764
 2023-02-28 12:35:04 -07:00
Josh Cummings a1b282ff03
Merge branch '5.7.x' into 5.8.x 
Closes gh-12693
 2023-02-17 10:09:32 -07:00
Josh Cummings 2db4430dcd Preserve OpenSamlAssertingPartyDetails Instance 
Closes gh-12667
 2023-02-17 10:02:17 -07:00
Marcus Da Coregio 82c86b822f Polish session-management.adoc 
Remove unresolved anchor

Issue gh-12519
 2023-02-16 10:57:02 -03:00
Marcus Da Coregio 4f3faa78f7 Revisit Session Management docs 
Closes gh-12519
 2023-02-16 10:39:59 -03:00
Rob Winch 5beabbe357 Merge branch '5.7.x' into 5.8.x 
Closes gh-12553
 2023-01-17 15:03:14 -06:00
Dan Allen f5bc6ce665 fix unclosed block in docs 2023-01-17 15:02:30 -06:00
Josh Cummings 6f43104eb3
Merge branch '5.7.x' into 5.8.x 
Closes gh-12516
 2023-01-10 10:42:45 -07:00
Josh Cummings 2028507bf8
Fix Typo in Sample 
Closes gh-11095
 2023-01-10 10:38:28 -07:00
Marcus Da Coregio 5406fed5dc Merge branch '5.7.x' into 5.8.x 2022-12-19 16:53:05 -03:00
Eleftheria Stein-Kousathana fbfa13bd47 Fix OAuth 2.0 testing docs 2022-12-19 16:52:25 -03:00
Marcus Da Coregio 7aaa25b88e Merge branch '5.7.x' into 5.8.x 2022-12-05 14:40:54 -08:00
Marcus Da Coregio fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Sellami 626e53d121 Fix: Replace tenantRepository with tenants 2022-12-05 14:31:24 -08:00
Marcus Da Coregio d2b33a2583 Fix docs 
Closes gh-11396
 2022-12-05 12:25:26 -08:00
Marcus Da Coregio 5db7ac4ce3 Merge branch '5.7.x' into 5.8.x 
Closes gh-12286
 2022-11-24 08:48:05 -03:00
Marcus Da Coregio 9b3f834bff Merge branch '5.6.x' into 5.7.x 
Closes gh-12285
 2022-11-24 08:47:46 -03:00
Marcus Da Coregio 70bfc39418 Fix AuthorizationFilter diagram in docs 
Closes gh-12274
 2022-11-24 08:46:16 -03:00
Steve Riesenberg 9071f10759
Document DelegatingSecurityContextRepository 
Closes gh-12069
 2022-11-09 12:19:43 -06:00
Marcus Da Coregio 4d646a2978 Merge branch '5.7.x' into 5.8.x 2022-11-03 08:23:26 -03:00
Marcus Da Coregio 067fc1678c Merge branch '5.6.x' into 5.7.x 2022-11-03 08:22:09 -03:00
Rivaldi 01a37dd678 Fix typo 
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
 2022-11-03 08:21:48 -03:00
Márk Kővári aad01447c3 docs: fix realm typo 2022-11-03 08:21:26 -03:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Josh Cummings c5badbc631
Add AccessDecisionManager Preparation Steps 
Issue gh-11337
 2022-10-31 15:25:05 -06:00
Rob Winch aac1261f0c Document Migration to SecurityContextHolderFilter 
Closes gh-12098
 2022-10-27 15:12:45 -05:00
Rob Winch c17e258a6f Document Saved Requests 
Closes gh-12088
 2022-10-26 14:22:30 -05:00
Josh Cummings 04fa5af794
Add Missing Doc Header 
The EnableMethodSecurity section
 2022-10-25 14:41:11 -06:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Marcus Da Coregio f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Steve Riesenberg dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux 0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio 039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Steve Riesenberg 46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing 
Issue gh-4001
Issue gh-11456
 2022-09-06 11:43:33 -05:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00