2dee6218b5
Create NoOpAccessDeniedHandler
...
Closes gh-13109
2023-06-27 14:44:40 -03:00
e35faa84f7
Create NoOpAuthenticationEntryPoint
...
Closes gh-13107
2023-06-27 14:44:40 -03:00
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
0cefb27928
Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration
...
Closes gh-11624
2023-06-22 16:07:30 -03:00
dd469ac2a0
Assert is missing object. It was useless before Spring Framework 6.1, and will not compile on 6.1
2023-06-22 12:11:40 -06:00
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
7e01ebdd92
Remove LazyCsrfTokenRepository usage
...
Closes gh-13194
2023-06-22 11:23:35 -06:00
aeeed6c368
Merge branch '6.0.x'
...
Closes gh-13279
2023-06-05 12:49:09 -06:00
45683349a4
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13278
2023-06-05 12:48:43 -06:00
9ac286e8ea
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13231
2023-06-05 12:47:23 -06:00
06e58e4c34
Update JavaDoc of BasicAuthenticationFilter
...
Remove deprecated hint to use Digest Auth in favor of Basic Auth.
2023-06-05 12:46:30 -06:00
bb7c7d3554
Merge branch '6.0.x'
2023-05-24 15:00:44 -03:00
ce5aa9e694
Merge branch '5.8.x' into 6.0.x
2023-05-24 15:00:17 -03:00
f8e39336cb
Merge branch '5.7.x' into 5.8.x
2023-05-24 14:59:27 -03:00
a53cbb838b
Polish
...
Issue gh-13155
2023-05-24 14:59:16 -03:00
8287289bcb
Fix XContentTypeOptionsServerHttpHeadersWriter
...
set constant value to X-Content-Type-Options
Closes gh-13155
2023-05-24 14:59:14 -03:00
17a58194c1
Merge branch '6.0.x'
2023-05-18 09:33:12 -06:00
4c5bf3bdf5
Polish
...
Use StringUtils#hasText
PR gh-13179
2023-05-18 09:17:02 -06:00
af233a2a00
Use consistent list of micrometer tags in web observation handler
...
The tag `spring.security.reached.filter.name` is only set if a
filter-name is available, otherwise the tag is omitted entirely. This
leads to issues with metric-exporters that don't support dynamic tags,
but rather expect tag-names of a metric to be always the same. The most
prominent example is the Prometheus-exporter.
Instead of omitting the tag if no filer-name is set, a none-value is
applied instead, making the tag-list consistent in all cases
Closes gh-13179
2023-05-18 09:17:02 -06:00
a4e13c520b
Merge branch '6.0.x'
...
Closes gh-13150
2023-05-10 16:15:13 -06:00
e033e347b4
Remove Redundant Close
...
Closes gh-12787
2023-05-10 16:12:34 -06:00
cdcc2d31d1
Merge branch '6.0.x'
...
Closes gh-13145
2023-05-08 14:19:15 -06:00
5d903b5b71
Enforce start happens-before stop
...
Closes gh-13133
2023-05-08 14:07:05 -06:00
07b884a2cb
Add Set-Cookie header value for XSRF-TOKEN
...
This commit fixes an issue where using HttpServletResponse#setHeader
causes previous header values to be overwritten.
Closes gh-13075
2023-04-25 15:15:02 -05:00
04b3d07319
Merge branch '6.0.x'
2023-04-17 07:30:54 -03:00
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
01d1e20dc3
Deprecate shouldFilterAllDispatcherTypes
...
Closes gh-12138
2023-04-13 15:05:10 -03:00
02345b97ff
Polish Observation Event Names
...
Issue gh-12811
2023-04-11 19:10:27 -06:00
59ba7f5388
Shorten Observation Event Names
...
Closes gh-12811
2023-04-11 19:10:27 -06:00
b3c83440bd
Merge branch '6.0.x'
...
Closes gh-13001
2023-04-11 17:09:21 -06:00
4813ec1e09
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13000
2023-04-11 17:08:54 -06:00
dad1fba1bf
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12999
2023-04-11 17:02:16 -06:00
442faccb5f
Avoid NPE in FilterInvocation
...
Handle unknown headers in dummy request wrapper.
Closes gh-12998
2023-04-11 17:01:59 -06:00
d3c22a0de3
Merge branch '6.0.x'
...
Closes gh-12934
2023-03-27 16:31:29 -06:00
6db2b0dcd0
Align Filter Chain Observability Lineage
...
Closes gh-12849
2023-03-27 16:30:32 -06:00
6791f3208e
Add factory class for RequestMatcher composition
...
Closes gh-12751
2023-03-27 16:26:23 -06:00
ff06108572
Merge branch '6.0.x'
...
Closes gh-12920
2023-03-22 08:55:38 -03:00
177514b6c5
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12919
2023-03-22 08:54:57 -03:00
8d664bc4c2
DelegatingSecurityContextRepository should call loadContext
...
Closes gh-12314
2023-03-22 08:53:19 -03:00
5e8c68187b
Merge branch '6.0.x'
2023-03-20 16:29:08 -06:00
3fbb64db96
Fix javax package
2023-03-20 16:28:52 -06:00
229325a0bb
Merge branch '5.8.x' into 6.0.x
2023-03-20 16:22:23 -06:00
a74008cc79
Merge branch '5.7.x' into 5.8.x
2023-03-20 16:20:46 -06:00
3d7e22a4e9
Add test to SimpleUrlAuthenticationSuccessHandlerTests
2023-03-20 16:20:30 -06:00
391f00af1d
Merge branch '6.0.x'
...
Closes gh-12910
2023-03-20 16:10:57 -06:00
6935045172
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12909
2023-03-20 16:10:35 -06:00
abd51f7b63
Polished DefaultLoginPageGeneratingFilterTests Validation
...
Closes gh-12694
2023-03-20 15:31:59 -06:00
9bba1a1c6b
Propagate Variables in And and OrRequestMatcher
...
Closes gh-12847
2023-03-17 18:00:02 -06:00
dd9ab953e3
Merge branch '6.0.x'
...
Closes gh-12837
2023-03-07 13:29:07 -03:00
cdc0fa0e5b
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12836
2023-03-07 13:28:31 -03:00
2e92dad761
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12835
2023-03-07 13:27:57 -03:00
84cca81edf
Use HttpSessionSecurityContextRepository by default in SwitchUserFilter
...
Closes gh-12834
2023-03-07 13:27:18 -03:00
69606fd5a2
Merge branch '6.0.x'
...
Closes gh-12831
2023-03-06 12:47:55 -07:00
c06e604278
Address Observability Thread Safety
...
Closes gh-12829
2023-03-06 12:46:23 -07:00
28d353d731
Extract errorMessage from generateLoginPageHtml
2023-02-15 17:18:26 -07:00
ae23e3f5f4
Use instanceof pattern matching in initAuthFilter
2023-02-15 17:18:26 -07:00
99eacf2f0b
Change private static method to private methods
2023-02-15 17:18:26 -07:00
1ca4781923
Merge branch '6.0.x'
2023-02-14 08:25:29 -07:00
8ca726f4fa
Specify query string
...
Issue gh-12665
2023-02-14 08:24:07 -07:00
e7d65966fd
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12671
2023-02-14 08:01:31 -07:00
0d4c619648
Include continue in query string
...
Closes gh-12665
2023-02-14 08:00:19 -07:00
073dab3bf6
Refactor SavedCookie for Cookie's deprecated method
...
Closes gh-12454
2023-02-01 12:33:45 -07:00
a855b33535
fix typo in RememberMeAuthenticationFilter
2023-02-01 12:33:45 -07:00
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
879770a0f6
Polish AbstractAuthenticationTargetUrlHandler
...
Issue gh-12344
2023-01-18 08:30:57 -07:00
6b8a778da8
Rework determineTargetUrl for Readability
...
Closes gh-12344
2023-01-18 08:30:57 -07:00
58e948a781
Test AbstractAuthenticationTargetUrlRequestHandler
...
Issue gh-12344
2023-01-18 08:30:57 -07:00
62b58d2c92
Polish gh-12530
2023-01-17 15:05:56 -06:00
c77c76e722
Relax final modifiers on AbstractRememberMeServices methods
...
Closes gh-12145
2023-01-17 15:05:09 -06:00
f9d674cb10
Merge branch '6.0.x'
...
Closes gh-12525
2023-01-11 10:14:01 -07:00
4d2dab9b6b
Lookup Parent Observation
...
Closes gh-12524
2023-01-11 10:13:33 -07:00
5f89f39627
Merge branch '6.0.x'
...
Closes gh-12515
2023-01-10 11:34:34 -06:00
4e80338a9b
Polish gh-12466
2023-01-10 11:31:51 -06:00
2c8854bb7f
Adjusts setRequestHandler javadoc in CsrfFilter
...
Adjusts setRequestHandler method javadoc in CsrfFilter class to reflect
changes in 6.0.
In 6.0, the default CsrfTokenRequestHandler changed to
XorCsrfTokenRequestAttributeHandler, however, the javadoc for the
setRequestHandler method still said it was
CsrfTokenRequestAttributeHandler.
This change adjusts the information to make it more accurate, because,
although XorCsrfTokenRequestAttributeHandler is a subclass of
CsrfTokenRequestAttributeHandler, the behavior is quite different.
Closes gh-12464
2023-01-10 11:31:51 -06:00
556891b4fa
Merge branch '6.0.x'
...
Closes gh-12512
2023-01-10 09:43:05 -03:00
d1fc789ae2
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12511
2023-01-10 09:42:48 -03:00
ae46032ced
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12510
2023-01-10 09:39:40 -03:00
ffdb397830
Save the SecurityContext when switching user
...
Closes gh-12504
2023-01-10 09:27:56 -03:00
f3ce04e59a
Merge branch '6.0.x'
...
Closes gh-12493
2023-01-06 11:15:03 -07:00
c308e4665a
Polish Event Name
...
Provide a name with no spaces separate from the human-friendly
one with spaces.
Closes gh-12490
2023-01-06 11:13:11 -07:00
c0fe74869f
Merge branch '6.0.x'
...
Closes gh-12484
2023-01-04 10:54:10 -07:00
27b3f4d403
Adjusts setRequestHandler javadoc in CsrfWebFilter
...
Adjusts setRequestHandler method javadoc in CsrfWebFilter class to reflect changes in 6.0.
In 6.0, the default ServerCsrfTokenRequestHandler changed to XorServerCsrfTokenRequestAttributeHandler, however, the javadoc for the setRequestHandler method still said it was ServerCsrfTokenRequestAttributeHandler.
This change adjusts the information to make it more accurate, because, although XorServerCsrfTokenRequestAttributeHandler is a subclass of ServerCsrfTokenRequestAttributeHandler, the behavior is quite different.
Closes gh-12465
2023-01-04 10:53:47 -07:00
c2d0ea3694
Merge branch '6.0.x'
...
Closes gh-12369
2022-12-12 16:55:32 -03:00
898c36287c
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12368
2022-12-12 16:55:14 -03:00
99d6d21554
Apply SecurityContextHolderFilter to all dispatcher types
...
Closes gh-11962
2022-12-12 11:45:24 -08:00
886d1ffec2
Remove Deprecated Usage
...
Issue gh-12086
2022-12-05 11:00:57 -07:00
8ef2fc3837
Format
...
Issue gh-12086
2022-12-05 10:51:42 -07:00
8717b7544a
Perform JUnit 5 clean up tasks
...
- For CookieCsrfTokenRepositoryTests and
CookieServerCsrfTokenRepositoryTests
Issue gh-12086
2022-12-05 10:51:41 -07:00
b79ba89eeb
Add setCookieCustomizer to csrf token repository
...
- Mark setCookieHttpOnly, setCookieDomain, setCookieMaxAge and
setSecure as deprecated.
- Add the method setCookieCustomizer which allows to set properties
to the ResponseCookieBuilder without having to add new setter methods.
Closes gh-12086
2022-12-05 10:51:40 -07:00
701f754e37
Cast FilterChainObservationContext Safely
...
Closes gh-12268
2022-11-29 16:24:56 -07:00
fd547321e8
Default to XorCsrfTokenRequestAttributeHandler
...
As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.
Issue gh-11960
Closes gh-12235
2022-11-18 22:50:26 -06:00
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
24860d9fb0
Observe Filter Start and Stop
...
Issue gh-11911
2022-11-17 15:11:29 -07:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
063f06e7bf
Register FilterChainProxy for all dispatcher types
...
Closes gh-12180
2022-11-16 09:55:21 -03:00
Marcus Da Coregio
Claudio Nave
Evgeniy Cheban
Cedomir Igaly
Krzysztof Krason
Kandaguru17
Josh Cummings
Christoph Zuleger
joerg-richter-5234
Dennis Frommknecht
Steve Riesenberg
bvn13
Christian Marck
Christian Schuster
twosom
Dayan Kodippily
Onur Kagan Ozcan
Wellington Domiciano
Alex Montoya