Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,769 Commits 34 Branches 337 Tags
Commit Graph

1031 Commits

Author SHA1 Message Date
Steve Riesenberg
fa5b8c6090 Update copyright year 
Issue gh-10557
 2021-12-01 17:37:56 -06:00
Steve Riesenberg
3aa2a60f97 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 16:04:22 -06:00
Marcus Da Coregio
5a47e17a0d Improve log message when no CSRF token found 
Closes gh-10436
 2021-11-19 09:00:29 -03:00
Joe Grandja
5c8cd23a2d Revert "Lock dependencies" 
This reverts commit fc53f81d2ef873b319f02cfc30a3c0f15f5cc24e.
 2021-10-18 10:48:23 -04:00
Josh Cummings
9481122e02 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-18 09:59:42 -04:00
Eleftheria Stein
fc53f81d2e Lock dependencies 2021-10-14 15:44:09 +02:00
Marcus Da Coregio
c706a103f9 Revert "Lock Dependencies" 
This reverts commit 1533f098d28967a562bf1b2caf71c4292cbd1349.
 2021-08-16 10:35:39 -03:00
Marcus Da Coregio
1533f098d2 Lock Dependencies 2021-08-16 09:42:34 -03:00
Marcus Da Coregio
b0d22d1a03 Revert "Lock Dependencies" 
This reverts commit eb300c78bdbbce27f21bdf8d67913670edf043e7.
 2021-06-22 10:20:07 -03:00
Marcus Da Coregio
eb300c78bd Lock Dependencies 2021-06-21 09:23:19 -03:00
Marcus Hert da Coregio
02285708eb Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 15:13:55 -03:00
Craig Andrews
a85ce9c91f
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:54:10 -06:00
Joe Grandja
26c6570b10 Revert "Lock Dependencies" 
This reverts commit b3250c06a922f74c8d77589b3c9a5768fe345f8c.
 2021-04-12 14:42:38 -04:00
Joe Grandja
b3250c06a9 Lock Dependencies 2021-04-12 14:19:19 -04:00
佚名
22d7043d01
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:55:30 -06:00
Rob Winch
71f9876c48 Revert "Lock dependencies" 
This reverts commit dca4858d812e2beb1263cac4d85be01416178f3d.
 2021-02-11 13:38:50 -06:00
Rob Winch
dca4858d81 Lock dependencies 2021-02-11 13:00:32 -06:00
Rob Winch
419839d05c Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 13:00:31 -06:00
Rob Winch
38e9e8ca52 Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 13:00:31 -06:00
Rob Winch
ec8f6014d4 Revert "Lock dependencies" 
This reverts commit fa5f789bebe26da0e9b49dde0b0563755b43a25d.
 2021-02-11 09:51:54 -06:00
Rob Winch
fa5f789beb Lock dependencies 2021-02-11 08:53:40 -06:00
Josh Cummings
10946e8153
Polish Tests 
Issue gh-9331
 2021-02-03 09:30:27 -07:00
happier233
3cb98ebed0
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:24:22 -07:00
Rob Winch
e6d6b39767 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:17:25 -06:00
Rob Winch
b08075a721 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:30:12 -06:00
Josh Cummings
7c2010f507
Revert "Lock Dependencies for 5.3.6" 
This reverts commit a153012056d4678109a0085ae43b1b146d203fa6.
 2020-12-02 19:32:03 -07:00
Josh Cummings
a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
Josh Cummings
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE" 
This reverts commit 846a5a962c1bb9de82e8ddbbc995ce4c83830f6e.
 2020-10-07 16:39:28 -06:00
Josh Cummings
846a5a962c
Lock Dependencies for 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Tomoki Tsubaki
e44471331b
Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 09:01:45 -06:00
Eleftheria Stein
d8bef76a0f Unlock dependencies 
This reverts commit b619d298aa9f0477311397e261aae217c239d5d9.
 2020-08-05 18:18:02 +02:00
Eleftheria Stein
b619d298aa Lock Dependencies for 5.3.4.RELEASE 2020-08-05 12:33:31 +02:00
Rob Winch
070706d948 LoginPageGeneratingWebFilter honors context path 
Closes gh-8807
 2020-07-07 13:36:35 -05:00
Joe Grandja
38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Josh Cummings
bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE" 
This reverts commit 116bfe01e6de3bf7cfa06a94f20373f6345b89f0.
 2020-06-03 16:11:59 -06:00
Josh Cummings
116bfe01e6
Lock Dependencies for 5.3.3.RELEASE 2020-06-03 13:14:07 -06:00
Eleftheria Stein
2ebbb6f80a Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 15:38:53 -04:00
cbornet
b6efd5ba76 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:05:50 -05:00
Artyom Tarynin
9e665388d2 Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-13 17:07:45 -04:00
Rob Winch
06a02ed4bb Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:28:40 -05:00
Joe Grandja
413dfc8679 Unlock dependencies 
This reverts commit a61145f74c1b39dc3bc0620da3988daa9a02bb85.
 2020-05-06 15:29:45 -04:00
Joe Grandja
a61145f74c Lock dependencies for 5.3.2.RELEASE 2020-05-06 15:06:08 -04:00
Rob Winch
566c25aa10 Fix example in javadoc of FilterChainProxy 
Closes gh-8344
 2020-04-08 09:12:56 -05:00
Joe Grandja
a78872f268 Unlock dependencies for 5.3.1.RELEASE 
This reverts commit 88c02684bb54effb483d460031f5007610851f80.
 2020-03-31 17:53:13 -04:00
Joe Grandja
88c02684bb Lock dependencies for 5.3.1.RELEASE 2020-03-31 17:28:36 -04:00
Rob Winch
0e6e2b2a21 Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 20:50:12 -05:00
Josh Cummings
034c23d46c
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 14:25:28 -06:00
Zeeshan Adnan
dfa78804a8 Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 16:05:14 -04:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7e449e1e8347f9a0b3959c7abf095dc.
 2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00