Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,372 Commits 38 Branches 345 Tags
Commit Graph

1245 Commits

Author SHA1 Message Date
Rob Winch
0bf985ed7c AnonymousAuthenticationFilter Avoids Eager SecurityContext Access 
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
 2022-07-05 15:51:12 -05:00
Rob Winch
6510274854 Request Cache supports matchingRequestParameterName 
Closes gh-7157 gh-11453
 2022-07-01 16:51:49 -05:00
Josh Cummings
d18ff25b95
Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:33:06 -06:00
Josh Cummings
05b788d1ac
Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:33:05 -06:00
Josh Cummings
a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings
5086409dcf
Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:56 -06:00
Josh Cummings
44d99f41a3
Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:35:39 -06:00
Josh Cummings
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings
944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings
b316a3217b
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:35:54 -06:00
Josh Cummings
f3d99f557b
Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:28:37 -06:00
Josh Cummings
a7b58c2299
Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:17:44 -06:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Alonso Araya Calvo
7841827169
Adds the ability to set the CSRF Token cookie max age value 
Closes gh-11432
 2022-06-24 16:42:32 -06:00
Rob Winch
b6d43e58c0 SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 16:59:09 -05:00
Rob Winch
d4a03dc2b1 Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 15:28:57 -05:00
Josh Cummings
a31a99b591
Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:58:36 -06:00
j3graham
f3c96fa9cd Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:49:39 -06:00
Zhivko Delchev
1483a57018 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
 2022-06-06 15:45:55 -05:00
Josh Cummings
57fe5b8b5c
Fix Import Order Checkstyle Error 
Issue gh-9667
 2022-05-23 15:55:21 -06:00
Evgeniy Cheban
5540bbcf0b
createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:36:17 -06:00
Rob Winch
5b0dab5d3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:54:16 -05:00
Rob Winch
472c25b5e8 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch
0df5ece758 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Josh Cummings
0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Rob Winch
f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio
000b87f9aa Revert "Use Spring Framework version 6.0.0-M3" 
This reverts commit b803e845e75da8e8927182dd5cb392bb592d51b6.
 2022-05-11 08:36:14 -03:00
Marcus Da Coregio
806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio
b803e845e7 Use Spring Framework version 6.0.0-M3 
Closes gh-11193
 2022-05-10 14:49:02 -03:00
Marcus Da Coregio
195d767d98 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:43:34 -03:00
David Herberth
0e2fc51bad Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:43:34 -03:00
Rob Winch
3c259b4be5 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:08:51 -05:00
Rob Winch
1ef738ba34 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:15:22 -05:00
Rob Winch
9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Marcus Da Coregio
5367524030 Change the default of shouldFilterAllDispatchTypes to true 
Closes gh-11107
 2022-04-14 16:30:42 -03:00
Marcus Da Coregio
84b5c76a7b Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 16:10:36 -03:00
Rob Winch
0c2b9758fc Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:35:38 -05:00
Marcus Da Coregio
50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Marcus Da Coregio
bc50146f60 Fix tests in AntPathRequestMatcherTests 
Closes gh-11090
 2022-04-11 09:19:56 -03:00
Rob Winch
7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Eleftheria Stein
c4e88415a5 Remove MessageSourceAware from ExceptionTranslationWebFilter 
Closes gh-11057
 2022-04-05 16:13:41 +02:00
Eleftheria Stein
ae8e77f9ff Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 14:05:56 +02:00
Josh Cummings
1edfa07d27
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:40:06 -06:00
Josh Cummings
bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Parikshit Dutta
990831db85
Add authorization events 
Closes gh-9288
 2022-03-29 16:22:43 -06:00
Marcus Da Coregio
8c34af711e Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:01:51 -03:00
Rob Winch
e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Rob Winch
1e3106f3a2 HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:03:33 -05:00
Steve Riesenberg
8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00