Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,439 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

706 Commits

Author SHA1 Message Date
Rob Winch 8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch 192776858d HttpStatusServerAccessDeniedHandler write error message 2017-10-28 22:59:24 -05:00
Rob Winch e63c53e267 Add AuthorizationWebFilterTests 2017-10-28 22:58:55 -05:00
Rob Winch 2060125ebd ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:52 -05:00
Rob Winch 4777a869bc Logout at the end of logout method 
Issue: gh-4719
 2017-10-27 18:17:40 -05:00
Rob Winch 5bcf3c559b Remove wrappedExchange from AuthenticationWebFilter 
Issue: gh-4719
 2017-10-27 18:17:29 -05:00
Rob Winch 437ba56415 ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter 
Issue: gh-4719
 2017-10-27 18:17:10 -05:00
Rob Winch c63b258b16 AuthorizeWebFilter uses ReactiveSecurityContextHolder 
Issue gh-4719
 2017-10-27 18:16:59 -05:00
Rob Winch 747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch 44b41e78cd Flux member variables in favor of Collections 
Fix gh-4694
 2017-10-25 07:41:37 -05:00
Rob Winch fcc1152f78 WebFilterChainProxy not matched continues WebFilterChain 
Fixes gh-4668
 2017-10-24 16:22:07 -05:00
Rob Winch b81c1ce2c0 Move spring-security-webflux into spring-security-web 
Fixes gh-4662
 2017-10-18 16:20:09 -05:00
Rob Winch a74f7c6faa Fix CSRF / DefaultLoginPageGeneratingFilter package tangle 
Issue: gh-4636
 2017-10-16 16:36:49 -05:00
Andreas Gebhardt 0c830f9ba8 fix JavaDoc typo on `BasicAuthenticationEntryPoint` 2017-10-12 07:42:58 -05:00
Rob Winch 23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch 445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch f3828924ff Fix equals and hashCode alignment 
Fixes gh-4588
 2017-09-28 17:25:00 -05:00
Rob Winch 646b3e48b3 Avoid Exception Message in HTTP Response 
Fixes gh-4587
 2017-09-28 17:24:49 -05:00
Stephan Schroevers 9e719bc313 Drop the `aopalliance:aopalliance` dependency 
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
 2017-09-22 11:11:04 -05:00
Vedran Pavic 95de158909 Add `ForwardLogoutSuccessHandler` 2017-09-06 15:15:02 -05:00
Joe Grandja 4951550d7d Add context path to authorization request URI 
Fixes gh-4510
 2017-08-26 18:55:23 -04:00
Rob Winch e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Kyle Anderson d8a678df6f Removed Unicode Character from Parameter Name 2017-06-29 16:03:29 -05:00
Takuma Setoguchi f2c04dd9b1 fix typo 2017-06-20 08:17:15 -05:00
Rob Winch d81b436e5d Remove pom.xml from build 
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.

This commit removes the pom.xml files from the build.

Fixes gh-4283
 2017-05-11 14:32:36 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Joe Grandja 829c386756 Add support for OAuth 2.0 Login 
Fixes gh-3907
 2017-04-28 10:58:59 -04:00
Rob Winch dd6fc48dd8 Standardize Build 
The build now uses spring build conventions to simplify the build

Fixes gh-4284
 2017-04-21 10:55:05 -05:00
Rob Winch 5a65da400d Use ReflectionTestUtils rather than Whitebox 
This is better because it no longer uses Mockito's internal API

Fixes gh-4305
 2017-04-21 10:54:58 -05:00
Rob Winch 9d9aadb80f Fix DefaultSavedRequestMixinTests with Spring 5 
Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.

This commit ensures that the Cookie header is not added by overriding the
class we are writing.

Fixes gh-4272
 2017-04-12 15:51:26 -05:00
Joe Grandja 2ce174dbf0 Update poms to 5.0.0.BUILD-SNAPSHOT 2017-04-07 16:49:50 -04:00
Joe Grandja 2b81983f7c Update to Java 8 compatibility 
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
 2017-04-07 16:49:38 -04:00
borlafu 8a458eb9e1 Avoid multiple X-Frame-Options headers 
XFrameOptionsHeaderWriter should not *add*, but *set* the
X-Frame-Options header. According to
https://tools.ietf.org/html/rfc7034#section-2.1, having
multiple values for the header is disallowed:

"There are three different values for the header field.
These values are mutually exclusive; that is, the header
field MUST be set to exactly one of the three values."

With this change, only the latest XFrameOptionsHeaderWriter
will remain.
 2017-03-08 15:49:18 -06:00
Rob Winch d2524eadfc Update poms to new to SNAPSHOT version 2017-03-02 09:20:34 -06:00
Spring Buildmaster 081f0c4d94 Release version 4.2.2.RELEASE 2017-03-02 07:29:42 +00:00
Rob Winch 247f54dc41 Fix SwitchUserFilter.setSwitchFailureUrl assertion 
Fixes gh-4198
 2017-03-02 00:47:09 -06:00
Rob Winch 017e9834bd Fix NPE in UrlUtils with null url 
Fixes gh-4233
 2017-03-02 00:46:01 -06:00
Rob Winch 168f4b8f70 Prevent Duplicate Cache Headers 
Fixes gh-4199
 2017-03-01 16:14:12 -06:00
Rob Winch 9c03571bbb Use message in all Assert 
This ensures compatibility with Spring 5.

Fixes gh-4193
 2017-01-30 19:58:24 -06:00
Kazuki Shimizu 38492a5794 Add since version in javadoc 
Issue: gh-4130
 2016-12-21 16:12:39 -06:00
Spring Buildmaster 7a7ce11ebb Release version 4.2.1.RELEASE 2016-12-21 17:23:28 +00:00
Eddú Meléndez 028854b936 Add HttpSessionRequestCache sessionAttrName property 
This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.

Fixes gh-4130
 2016-12-21 10:22:09 -06:00
Rob Winch d39f3385b6 Polish DefaultHttpFirewallTests 
Issue gh-4169
 2016-12-21 09:29:23 -06:00
Rob Winch 666e356ebc Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4169
 2016-12-21 09:04:00 -06:00
Spring Buildmaster 24fcb6c45a Release version 4.2.0.RELEASE 2016-11-09 23:42:11 +00:00
Rob Winch 697daeab7c Add Jackson2 Support for PreAuthenticatedAuthenticationToken 
Fixes gh-4120
 2016-11-09 16:55:10 -06:00
Rob Winch f97f38fd57 jacksonDatavindVersion->jacksonDatabindVersion 
Issue gh-4122
 2016-11-09 16:46:38 -06:00
Rob Winch f0a9421aa4 SecurityJacksonModules->SecurityJackson2Modules 
Fixes gh-4121
 2016-11-09 16:42:41 -06:00
Kazuki Shimizu d2c28c58e2 Polishing the ReferrerPolicyHeaderWriter gh-4110 2016-11-09 13:16:41 -06:00
Eddú Meléndez 23294c4c57 Add Referrer-Policy header support 
Fixes gh-4110
 2016-11-08 13:21:35 -06:00