Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-04 04:29:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,232 Commits 49 Branches 370 Tags
Commit Graph

1354 Commits

Author SHA1 Message Date
Rob Winch
077c9e0b3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 08:56:57 -05:00
Rob Winch
e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch
5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch
e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00
Rob Winch
538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch
04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch
c6461d61ba AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:18:12 -05:00
Rob Winch
4405cf18f3 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:18:11 -05:00
Rob Winch
70863952ae AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch
af95be34c6 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch
ee28896f42 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch
6b823fb27e Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Josh Cummings
ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban
07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Marcus Da Coregio
ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth
57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Rob Winch
67830f4111 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:10:07 -05:00
Rob Winch
768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch
dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch
c6eaa05fc5 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:38 -05:00
Rob Winch
aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio
7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Rob Winch
3a9b080bbe Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:36:08 -05:00
Rob Winch
39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Eleftheria Stein
725a57fccc Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 13:12:17 +02:00
Josh Cummings
c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta
bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Marcus Da Coregio
9792e2a0fa Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:21:15 -03:00
Marcus Da Coregio
c67632225d Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:13:40 -03:00
Marcus Da Coregio
6c52c52a68 Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 09:45:23 -03:00
Rob Winch
67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Rob Winch
8940719dbb HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:01:40 -05:00
Steve Riesenberg
987ee2e67a
Polish gh-10911 2022-03-17 12:53:56 -05:00
David Kirstein
1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:53:55 -05:00
ShinDongHun1
7955e5ac52 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:29:40 +01:00
Rob Winch
87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Norbert Nowak
ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Rob Winch
636f3e1d5d AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch
e6b6104b52 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch
9b0cd5a0a8 BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch
120f2a356f RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch
014c471ff1 AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch
f11cb988a9 AbstractAuthenticationProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Marcus Da Coregio
44508df940 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:38:11 -03:00
Marcus Da Coregio
70b67cd2f1 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:22:21 -03:00
Marcus Da Coregio
980e0466a7 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:37 -03:00
Rob Winch
65ec2659c4 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:17:15 -06:00
Rob Winch
b9f79543c5 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-07 14:52:24 -06:00
Josh Cummings
f0c548cee7 Invert Log Messages 
Closes gh-10909
 2022-02-28 13:17:01 -07:00