Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,196 Commits 34 Branches 337 Tags
Commit Graph

10196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hiroshi Shirosaki
2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Josh Cummings
1251cde04c Add Missing Since 
Issue gh-10482
 2021-11-30 15:17:48 -07:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Steve Riesenberg
f838b7cb1d Polish gh-10081 2021-11-30 15:44:41 -06:00
Jonas Dittrich
23e895f0b1 Add ObjectIdentityGenerator customization to JdbcAclService 
Providing the possibility to change, how ObjectIdentitys are created inside the BasicLookupStrategy,JdbcAclService

There was a problem with hard coded object identity creation inside the BasicLookupStrategy and the JdbcAclService. It was overkill to overwrite
these classes only for changing this, so introducing an ObjectIdentityGenerator seems the be the better solution here. At default, the standard
ObjectIdentityRetrievalStrategyImpl is used, but can be customized due to setters.

Closes gh-10079
 2021-11-30 15:43:11 -06:00
Steve Riesenberg
204f0b4599 Polish gh-10007 2021-11-30 15:27:58 -06:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Jonas Erbe
dec858a5b7 Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:04:30 -07:00
Eleftheria Stein
bbeca7cd65 Polish LDAP serialization 
Closes gh-9263
 2021-11-29 18:03:15 +01:00
Markus Heiden
3c18278123 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 18:03:03 +01:00
Henning Poettker
bb99d7d95a Fix return type for NoOpPasswordEncoder bean in documentation 2021-11-23 14:13:12 -03:00
Lars Grefer
d736a2b358 Remove usages of Gradle's jcenter() repository 
Closes gh-10253
 2021-11-22 09:28:47 -03:00
Lars Grefer
cf95d3f91e Fix Gradle Deprecation Warnings 2021-11-22 09:28:24 -03:00
Dávid Kováč
17e28fa7aa Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 13:48:32 +01:00
Josh Cummings
739cdc1a4c Polish AuthRequestConverter Sample Doc 
Issue gh-10364
 2021-11-18 13:36:10 -07:00
Norbert Nowak
02cd1dd3c4 Fix AuthnRequestConverter Sample Typos 
Closes gh-10364
 2021-11-18 13:26:25 -07:00
Jeff Maxwell
b7cc667d21 Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:27 -07:00
Jeff Maxwell
3fb1565cc0 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:17:37 -07:00
Khaled Hamlaoui
00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler 
Closes gh-10425
 2021-11-16 15:27:48 -06:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:44:49 -06:00
« Christophe
4318a51971 Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:22:35 -06:00
Stephane Nicoll
61ee4e5a76 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:00 -06:00
Onur Kagan Ozcan
aa0f788f59 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:18 -06:00
Rob Winch
0c201565fc Fix format DelegatingPasswordEncoder 2021-11-16 13:32:15 -06:00
Rob Winch
582629c087 Rename prefix/suffix in DelegatingPasswordEncoder 
Issue gh-10273
 2021-11-16 13:16:37 -06:00
heowc
399cf2e59d Support for changing prefix and suffix in DelegatingPasswordEncoder 
Closes gh-10273
 2021-11-16 13:16:37 -06:00
Lars Grefer
ec8912aa47 Update aspectj-plugin to 6.3.0 
Version 6.3.0 aligns with the used Gradle 7.3
 2021-11-16 12:52:42 -06:00
Josh Cummings
7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Josh Cummings
6b6f473a1b Added authorizeHttpRequests Docs 
Closes gh-10442
 2021-11-15 16:23:18 -07:00
Rob Winch
29a4b2bc9b Next Development Version 2021-11-15 16:13:45 -06:00
Rob Winch
fa628f7491 Release 5.6.0 5.6.0 2021-11-15 16:13:12 -06:00
Rob Winch
f100877c58 Update to spring-data-bom:2021.1.0 
Closes gh-10503
 2021-11-15 10:27:17 -06:00
Joe Grandja
4f185724a3 Polish gh-10479 2021-11-12 15:09:50 -05:00
Rob Winch
f0da370b1a Update org.springframework to 5.3.13 
Closes gh-10497
 2021-11-11 16:56:24 -06:00
Rob Winch
6959456cab Update hsqldb to 2.6.1 
Closes gh-10496
 2021-11-11 16:56:24 -06:00
Rob Winch
a5b1d68350 Update hibernate-entitymanager to 5.6.1.Final 
Closes gh-10495
 2021-11-11 16:56:24 -06:00
Rob Winch
4b23949ebd Update io.projectreactor to 2020.0.13 
Closes gh-10493
 2021-11-11 16:56:24 -06:00
Rob Winch
98a88ffdf8 Update com.nimbusds to 9.19 
Closes gh-10491
 2021-11-11 16:55:46 -06:00
Rob Winch
23e5177624 Update logback-classic to 1.2.7 
Closes gh-10490
 2021-11-11 16:55:44 -06:00
Steve Riesenberg
0bdaa21867 Update What's New for 5.6 2021-11-11 14:51:40 -06:00
Steve Riesenberg
0e6722800d Polish gh-10479 2021-11-11 14:24:30 -06:00
Steve Riesenberg
73e1506e5e Consistency update for servlet docs 2021-11-11 14:24:29 -06:00
Steve Riesenberg
7d806b668f Separate OAuth 2.0 Client Reactive Docs 
Related gh-10367
 2021-11-11 14:24:29 -06:00
Steve Riesenberg
1246d5839d Revamp OAuth 2.0 Login Reactive documentation 
Related gh-8174
 2021-11-11 14:24:29 -06:00
Rob Winch
08dc83c781 Fix Antora Versions 2021-11-11 13:35:34 -06:00
Rob Winch
127e10e607 Antora Playbook 2021-11-11 13:34:54 -06:00
Josh Cummings
538541bf40 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:35:53 -07:00
Josh Cummings
310a50587c Port Missing Integration Docs 
Closes gh-10465
 2021-11-10 16:09:50 -07:00
Josh Cummings
b60020a40c Use authorizeHttpRequests in Docs 
Issue gh-8900
 2021-11-10 16:09:50 -07:00
Josh Cummings
f4ddb4e3f4 Update What's New Links 2021-11-10 16:09:50 -07:00