Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,386 Commits 34 Branches 337 Tags
Commit Graph

10386 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim te Beek
9f4b0ca8b5
Use Collection<ConfigAttribute> in examples 
To match `org.springframework.security.access.ConfigAttribute`.
 2022-07-11 17:36:30 -06:00
Josh Cummings
60652afb32
Polish InterceptMethodsBeanDefinitionDecorator 
Issue gh-11328
 2022-07-11 16:54:59 -06:00
Josh Cummings
bc6f494af8
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:04:39 -06:00
Steve Riesenberg
614065bb3b
Disable failing tests until r2dbc-h2 is upgraded 
Issue gh-11479
 2022-07-11 10:32:38 -05:00
Steve Riesenberg
206c6ffb54
Remove deprecation warnings with Context.putAll 
Closes gh-11476
 2022-07-08 16:03:45 -05:00
Rob Winch
7da34cfa2c Fix logging for AnonymousAuthenticationFilter 
Currently if trace logging is enabled a StackOverflowException is thrown
when trying to resolve toString of the authentication.

java.lang.StackOverflowError: null
        at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na]
        at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125)

Issue gh-11457
 2022-07-08 15:44:21 -05:00
Rob Winch
4a5c0ac904 Fix Formatting 
Issue gh-11474
 2022-07-08 12:35:40 -05:00
Rob Winch
03cd9920aa DelegatingSecurityContextTaskScheduler implements new Methods 
Closes gh-11474
 2022-07-08 12:32:09 -05:00
Rob Winch
d2d5313bba Fix Formatting 
Issue gh-11327
 2022-07-08 09:21:53 -05:00
Josh Cummings
e8a7b654b4
Add Configuration Test 
Issue gh-11327
 2022-07-07 14:42:07 -06:00
Josh Cummings
01ffc93062
Add AuthorizationFilter to filter chain validator 
Closes gh-11327
 2022-07-07 14:40:53 -06:00
Josh Cummings
ec8c13392c
Clarify variable names 
Issue gh-11327
 2022-07-07 14:26:40 -06:00
Steve Riesenberg
696da87478 Use relative schema location for tests 
Issue gh-11328
Issue gh-11353
Issue gh-11365
 2022-07-07 13:00:04 -05:00
Josh Cummings
148c926de0
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 13:01:57 -06:00
Marcus Da Coregio
a87f7aa2e1 Polish CoreSecurityHintsTests 
Use ParameterizedTest to simplify repetitive test setup

Issue gh-11431
 2022-07-06 15:21:45 -03:00
Steve Riesenberg
095f23d81f
Fix slack notifications in #spring-security-ci 
Issue gh-11346
 2022-07-05 17:50:27 -05:00
Rob Winch
0bf985ed7c AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:51:12 -05:00
Igor Bolic
d96b4a0463 Set the useTrailingSlashMatch to true for tests 
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552.
This causes failures in Spring Security's tests.

Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.

Closes gh-11451
 2022-07-05 11:29:36 -06:00
Rob Winch
6510274854 Request Cache supports matchingRequestParameterName 
Closes gh-7157 gh-11453
 2022-07-01 16:51:49 -05:00
Josh Cummings
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:19:33 -06:00
Josh Cummings
d18ff25b95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:33:06 -06:00
Josh Cummings
05b788d1ac
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:33:05 -06:00
Josh Cummings
d24a89ad53
Pick up SecurityContextHolderStrategy for WebClient integration 
Issue gh-11061
 2022-06-28 15:07:16 -06:00
Josh Cummings
a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings
5086409dcf
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:56 -06:00
Josh Cummings
44d99f41a3
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:35:39 -06:00
Josh Cummings
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings
97cb2a7d91
Polish SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-28 12:09:56 -06:00
Josh Cummings
944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings
b316a3217b
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:35:54 -06:00
Josh Cummings
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:15:56 -06:00
Josh Cummings
52dc120269
Use SecurityContextHolderStrategy for ACL 
Issue gh-11060
 2022-06-28 08:07:15 -06:00
Josh Cummings
94f51d0718
Use SecurityContextHolderStrategy for Taglibs 
Issue gh-11060
 2022-06-27 17:48:30 -06:00
Josh Cummings
518bc75806
Use SecurityContextHolderStrategy for Data 
Issue gh-11060
 2022-06-27 16:36:13 -06:00
Josh Cummings
f3d99f557b
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:28:37 -06:00
Josh Cummings
bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:24:27 -06:00
Josh Cummings
484f35ca39
Add SecurityContextHolderStrategy Java Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:17:29 -06:00
Josh Cummings
1e498df39b
Use SecurityContextHolderStrategy for Messaging 
Issue gh-11060
 2022-06-27 16:17:28 -06:00
Josh Cummings
275586be5f
Use SecurityContextHolderStrategy for Ldap 
Issue gh-11060
 2022-06-27 16:17:28 -06:00
Rivaldi
757fb38147 Fix typo 
(cherry picked from commit 80c5ec459befd9292e08a43e30f4aae22f39eeed)
 2022-06-27 16:05:50 -06:00
Josh Cummings
5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:40:55 -06:00
Josh Cummings
74d646f569
Add SecurityContextHolderStrategy Java Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:17:46 -06:00
Josh Cummings
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:17:45 -06:00
Josh Cummings
6ac9366657
Add SecurityContextHolderStrategy Test Support 
Issue gh-11061
Issue gh-11444
 2022-06-27 13:17:45 -06:00
Josh Cummings
ef29d3944e
Polish SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:17:44 -06:00
Josh Cummings
a7b58c2299
Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:17:44 -06:00
Josh Cummings
c29b91cec7
Polish SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:17:43 -06:00
Marcus Da Coregio
084dd56b92 Add LDAP runtime hints 
Closes gh-11438
 2022-06-27 09:25:49 -03:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Vinícius Hashimoto
11a74a2926 Fix method call example on documentation 2022-06-24 17:05:31 -06:00