Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 08:58:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,673 Commits 34 Branches 337 Tags
Commit Graph

11673 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steve Riesenberg
7f9600ae08
Polish gh-11896 2022-10-03 09:57:08 -05:00
Marcus Da Coregio
5f2744db33 Merge branch '5.8.x' 
Closes gh-11937
 2022-10-03 11:43:22 -03:00
Marcus Da Coregio
64a19de4dc Deprecate HPKP security header 
Closes gh-10144
 2022-10-03 11:36:19 -03:00
Marcus Da Coregio
80f6bdf50b Merge branch '5.8.x' 2022-10-03 10:10:36 -03:00
Marcus Da Coregio
7be2eb05d5 Merge branch '5.7.x' into 5.8.x 2022-10-03 10:10:06 -03:00
Marcus Da Coregio
cd4ddde779 Merge branch '5.6.x' into 5.7.x 2022-10-03 10:09:42 -03:00
Daniel Garnier-Moiroux
26bb60c567 Add rncToXsd task description to CONTRIBUTING.adoc 2022-10-03 10:09:27 -03:00
Rob Winch
4479cefade Default Require Explicit Session Management = true 
Closes gh-11763
 2022-09-30 21:49:05 -05:00
Rob Winch
0d58c5180e Remove Explicit RequestCache Config from DeferHttpSession Tests 
Issue gh-11757
 2022-09-30 21:49:05 -05:00
Rob Winch
12a0ccf6de Remove Explicit CSRF Config from DeferHttpSessionTests 
Issue gh-11764
 2022-09-30 21:49:04 -05:00
Rob Winch
617353eaa8 Merge branch '5.8.x' 
Closes gh-11928
 2022-09-30 21:46:26 -05:00
Rob Winch
6d56af7b65 SessionManagementDsl.requireExplicitAuthenticationStrategy 2022-09-30 21:37:44 -05:00
Josh Cummings
8f10deb602
Merge remote-tracking branch 'origin/5.8.x' 2022-09-30 17:01:22 -06:00
Josh Cummings
f054505d6d
Support Deferred Contexts 
Closes gh-11817
Issue gh-10913
 2022-09-30 16:49:47 -06:00
Emil Sierżęga
fc7f87feac Removed unused test classes SomeDomainObject/Manager 2022-09-30 10:55:36 -05:00
Steve Riesenberg
76fbca9f46
Merge branch '5.8.x' 2022-09-30 09:50:02 -05:00
Daniel Garnier-Moiroux
93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity 
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".

This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.

This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.

Issue gh-9631
 2022-09-30 09:38:08 -05:00
Steve Riesenberg
43a1f8249c
Update What's New for 6.0 2022-09-29 15:57:48 -05:00
Steve Riesenberg
e0e6467d9b
Remove UsernamePasswordAuthenticationToken check 
This commit reverts 21dd050d7b69bf3a8efdb46100893d151fe8b15e.

Closes gh-10347
 2022-09-29 15:25:53 -05:00
shazin
1e0e9a2c98
Allow authenticationIsRequired to be overridden 
Issue gh-10347
 2022-09-29 15:25:53 -05:00
Steve Riesenberg
4d62621094
Merge branch '5.8.x' 2022-09-29 14:09:21 -05:00
Steve Riesenberg
7b1158ddb7
Merge branch '5.7.x' into 5.8.x 2022-09-29 14:09:10 -05:00
Steve Riesenberg
70c61dc1dd
Merge branch '5.6.x' into 5.7.x 2022-09-29 14:08:17 -05:00
Dan Allen
c44230ba24
switch to offical Antora plugin for Gradle 
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
 2022-09-29 14:05:09 -05:00
Marcus Da Coregio
3bfdf6dd0f Merge branch '5.8.x' 
Closes gh-11922
 2022-09-29 11:21:24 -03:00
Marcus Da Coregio
cf3349f31a Configure ContentNegotiationStrategy in HttpSecurityConfiguration 
Closes gh-11916
 2022-09-29 11:21:08 -03:00
Marcus Da Coregio
7f0140278e Add native hint for OAuth2 Client's schemas 
Closes gh-11920
 2022-09-29 10:01:51 -03:00
Marcus Da Coregio
ef879aadd6 Add native hint for the users JDBC schema 
Closes gh-11907
 2022-09-29 09:42:37 -03:00
Josh Cummings
88e4b8b556
Merge remote-tracking branch 'origin/5.8.x' 2022-09-26 11:42:34 -06:00
Josh Cummings
506e50bfd0
Move Saml2 Authentication Filters 
Issue gh-8819
 2022-09-26 10:44:27 -06:00
Steve Riesenberg
6c6aedf772
Update What's New for 6.0 2022-09-26 10:07:50 -05:00
Steve Riesenberg
181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg
7527fd811c
Merge branch '5.8.x' 2022-09-26 09:56:55 -05:00
Steve Riesenberg
bbac85e20b Reduce severity of invalid registrationId to warn 
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
 2022-09-26 09:56:20 -05:00
Steve Riesenberg
c0e784b16d
Update What's New for 6.0 2022-09-26 09:48:52 -05:00
Josh Cummings
80a6ce940e
Merge remote-tracking branch 'origin/5.8.x' 2022-09-23 16:32:12 -06:00
Josh Cummings
ae6fb8c681
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 16:31:22 -06:00
Josh Cummings
37a160245f
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-23 16:31:21 -06:00
Steve Riesenberg
21c0c73878
Remove request-resolver-ref in 6.0 
Issue gh-11896
 2022-09-23 16:04:35 -05:00
Steve Riesenberg
bcb21c9384
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
 2022-09-23 15:39:43 -05:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Josh Cummings
53dbcfd457
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 12:06:59 -06:00
Steve Riesenberg
3c66ef6305
Change default SecurityContextRepository 
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.

Closes gh-11026
 2022-09-22 17:31:14 -05:00
Steve Riesenberg
ccac34b07c
Merge branch '5.8.x' 2022-09-22 16:45:48 -05:00
Steve Riesenberg
d140d95305
Fix assertion in NullSecurityContextRepository 
Issue gh-11060
 2022-09-22 15:33:22 -05:00
Steve Riesenberg
5d757919a2
Add SecurityContextHolderStrategy to new repository 
In 6.0, RequestAttributeSecurityContextRepository will be the default
implementation of SecurityContextRepository. This commit adds the
ability to configure a custom SecurityContextHolderStrategy, similar
to other components.

Issue gh-11060
Closes gh-11895
 2022-09-22 15:33:21 -05:00
Rob Winch
0efe26c1fd Merge branch '5.8.x' 
Closes gh-11894
 2022-09-22 13:47:04 -05:00
Rob Winch
d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Josh Cummings
44b7847258
Fix Import Order 
Issue gh-8819
 2022-09-21 09:08:41 -06:00
Josh Cummings
70460ca009
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-20 17:44:05 -06:00