Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,719 Commits 33 Branches 337 Tags
Commit Graph

1486 Commits

Author SHA1 Message Date
Steve Riesenberg
801ceb0832
Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg
66f2f1cde7
Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg
2915a70bf7
Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg
6530777742
Merge branch '5.5.x' into 5.6.x 
Closes gh-dry-run
 2022-10-28 11:31:50 -05:00
Marcus Da Coregio
1f481aafff
Fix AuthorizationFilter incorrectly extending OncePerRequestFilter 
Closes gh-12102
 2022-10-28 11:29:35 -05:00
Josh Cummings
d651da5ac3
Merge remote-tracking branch 'origin/5.8.x' 
Closes gh-12077
 2022-10-24 16:54:03 -06:00
Josh Cummings
dd30694979
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x 
Closes gh-12076
 2022-10-24 16:46:08 -06:00
David Becker
2b426872a3
Use InetSocketAddress#getHostString 
Sometimes InetSocketAddress#getAddress#getHostAddress retuns null.
In that case, call InetSocketAddress#getHostString instead.

There is no performance loss since IpAddressMatcher#matches attemptsi
to re-parse and resolve the address anyway.

Closes gh-11888
 2022-10-24 16:32:19 -06:00
Steve Riesenberg
8554e70c09
Remove deprecated loadContext(request) 
Closes gh-12048
 2022-10-17 20:13:51 -05:00
Steve Riesenberg
e238b721bb
Fix imports in DelegatingSecurityContextRepository 
Issue gh-12023
 2022-10-17 19:36:25 -05:00
Steve Riesenberg
bd43c1f28a
Merge branch '5.8.x' 
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
 2022-10-17 19:35:27 -05:00
Steve Riesenberg
acc35aeb18
Add DelegatingSecurityContextRepository 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Steve Riesenberg
c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Josh Cummings
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler 
Closes gh-9429
 2022-10-13 20:03:03 -06:00
Josh Cummings
5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Josh Cummings
099aaa33ff
Remove Deprecation Markers 
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.

Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.

At that time, BearerTokenAuthenticationFilter can change to use
the handler.

Closes gh-11932
 2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
 2022-10-13 19:25:04 -06:00
Steve Riesenberg
9090f62d9b
Merge branch '5.8.x' 2022-10-13 16:46:53 -05:00
Evgeniy Cheban
56b9badcfe
AnonymousAuthenticationFilter should cache its Supplier<SecurityContext> 
Closes gh-11900
 2022-10-13 16:44:48 -05:00
Steve Riesenberg
45a963a011
Remove CsrfWebFilter.setTokenFromMultipartDataEnabled 
Closes gh-12019
 2022-10-13 11:29:16 -05:00
Joe Grandja
753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny 
Closes gh-11958
 2022-10-13 11:12:00 -04:00
Steve Riesenberg
2407d07890
Default to Xor CSRF tokens in CsrfWebFilter 
Closes gh-11960
 2022-10-13 09:39:57 -05:00
Steve Riesenberg
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter 
Issue gh-11960
 2022-10-13 09:39:55 -05:00
Joe Grandja
6026f9f70f Merge branch '5.8.x' 2022-10-13 06:31:37 -04:00
Joe Grandja
185991a606 Revert "Add default AuthorizationManager" 
This reverts commit 4ddec07d0e13c2fe994a8720e22215402d49edd5.
 2022-10-13 06:18:00 -04:00
Josh Cummings
2713075d08
Mark Observations with Firewall Failures 
Closes gh-11994
 2022-10-12 20:32:24 -06:00
Josh Cummings
46ab84684b
Mark Observations with CSRF Failures 
Closes gh-11993
 2022-10-12 20:32:23 -06:00
Josh Cummings
99a87179dd
Instrument Filter Chain 
Closes gh-11911
 2022-10-12 20:32:22 -06:00
Steve Riesenberg
9b43950e13
Merge branch '5.8.x' 2022-10-12 13:14:20 -05:00
Steve Riesenberg
8bd25f90e4
Polish XorServerCsrfTokenRequestAttributeHandlerTests 2022-10-12 12:31:56 -05:00
Steve Riesenberg
804f20045e
Polish XorCsrfTokenRequestAttributeHandlerTests 2022-10-12 12:30:40 -05:00
Steve Riesenberg
05e4a1dd20
Cache Xor CsrfToken 
Closes gh-11988
 2022-10-12 12:30:40 -05:00
Marcus Da Coregio
c5e35bf32e Merge branch '5.8.x' 
Closes gh-11978
 2022-10-10 09:24:50 -03:00
Marcus Da Coregio
4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Daniel Garnier-Moiroux
27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg
6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg
f4ca90e719
Add reactive interfaces for CSRF request handling 
Issue gh-11959
 2022-10-07 16:34:16 -05:00
Marcus Da Coregio
c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present 
Closes gh-11899
 2022-10-06 09:12:04 -03:00
Josh Cummings
353ca76973
Merge remote-tracking branch 'origin/5.8.x' 2022-10-06 00:01:40 -06:00
Josh Cummings
380a6a2564
Polish SecurityContextHolderStrategy Usage 
- Add to HttpSessionSecurityContextRepository#saveContext

Issue gh-11060
 2022-10-05 23:59:14 -06:00
Josh Cummings
72a46ddd31
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 22:48:33 -06:00
Josh Cummings
f16d47c7b5
Polish DefaultHttpSecurityExpressionHandler 
Issue gh-11105
 2022-10-05 21:47:14 -06:00
Josh Cummings
eeb28e4f91
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 21:45:26 -06:00
Josh Cummings
4ddec07d0e
Add default AuthorizationManager 
Closes gh-11963
 2022-10-05 21:37:41 -06:00
Steve Riesenberg
ee9449dbfe
Fix tests for deferred CSRF tokens 
Issue gh-4001
 2022-10-05 16:10:36 -05:00
Steve Riesenberg
521cdfd738
Use correct servlet imports 
Issue gh-4001
 2022-10-05 16:10:35 -05:00
Steve Riesenberg
8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg
dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg
5de6da890b
Merge branch '5.8.x' 
Closes gh-dry-run
 2022-10-04 11:18:00 -05:00