spring-security

Commit Graph

Author	SHA1	Message	Date
Zeeshan Adnan	935c547dde	Fix exception for empty basic auth header token fixes spring-projectsgh-7976	2020-03-16 12:57:13 -04:00
Eleftheria Stein	47011eb9e2	Polish transfer session's max inactive interval Issue: gh-2693	2020-03-12 12:11:14 -04:00
Venkata Jaswanth U	02b7d04027	Transfer session's max inactive interval Fixes: gh-2693	2020-03-12 10:11:59 -04:00
Eleftheria Stein	b2ea0ba775	Polish SessionIdChangedEvent Add AbstractSessionEvent; clean up license headers and Javadocs Fixes: gh-5438	2020-03-06 12:04:49 -05:00
Venkata Jaswanth	5fc6414377	SessionRegistryImpl is now aware of SessionIdChangedEvent	2020-03-06 12:04:01 -05:00
Eleftheria Stein	ae532c080c	Add server request cache that uses cookie Fixes: gh-8033	2020-03-05 15:36:47 -05:00
Eleftheria Stein	38979b1b09	Add test for ServerRequestCacheWebFilter	2020-03-05 14:57:07 -05:00
Josh Cummings	6eadf7b140	Unlock dependencies for 5.3.0.RELEASE This reverts commit `147d7dadd7`.	2020-03-04 12:02:48 -07:00
Josh Cummings	147d7dadd7	Lock dependencies for 5.3.0.RELEASE	2020-03-04 10:28:39 -07:00
AmitB	2ce9eef95e	Fix typo in AntPathRequestMatcher contructor comment	2020-03-02 07:14:27 -06:00
Joe Grandja	82cd203791	Remove unnecessary mocking Fixes gh-8012	2020-02-23 19:35:16 -05:00
Josh Cummings	5bdf57d1e5	Remove Groovy and Spock Dependencies Fixes gh-4939	2020-02-10 10:38:40 -07:00
Josh Cummings	bae50ecc05	AbstractSecurityWebApplicationInitializerTests groovy->java Issue gh-4939	2020-02-10 10:38:39 -07:00
Eleftheria Stein	84b8a5abd7	Unlock dependencies for next development version This reverts commit `064616f1ef`.	2020-02-05 15:53:04 +01:00
Eleftheria Stein	064616f1ef	Lock dependencies for 5.3.0.RC1	2020-02-05 10:20:05 +01:00
Josh Cummings	cb9fd09150	Change AuthenticationWebFilter's constructor Fixes gh-7872	2020-01-31 09:31:28 -07:00
Peter Keller	e62fb755e8	Set charset of BasicAuthenticationFilter converter Allow BasicAuthenticationFilter to pick up the given credentials charset. Fixes: gh-7835	2020-01-23 15:34:35 +01:00
Onur Kağan Özcan	1f6381d970	Set secure on cookie when logging out Mark cookie secure flag to ensure cookie identity is the same	2020-01-13 11:01:33 +01:00
Rob Winch	ffccec953f	Fix HttpHeaderWriterWebFilterTests Ensure setComplete() is subscribed to	2020-01-09 14:24:35 -06:00
Eleftheria Stein	fcc6457bef	Unlock dependencies for next development version This reverts commit `93acf8f0f1`.	2020-01-08 22:15:17 +01:00
Eleftheria Stein	93acf8f0f1	Lock dependencies for 5.3.0.M1	2020-01-08 19:41:10 +01:00
Onur Kağan Özcan	2015f392ef	Set secure when cancelling remember-me cookie AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag. But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.	2019-12-20 16:04:31 +01:00
Rob Winch	a8331ba7ed	CompositeServerHttpHeadersWriter Executes Sequentially Fixes gh-7731	2019-12-12 11:23:56 -06:00
David Herberth	64e063d948	switches web authentication principal resolver to use reactive context gh #6598 Signed-off-by: David Herberth <github@dav1d.de>	2019-12-12 15:33:23 +01:00
Rob Winch	8e53c3f269	DelegatingServerAuthenticationSuccessHandler Executes Sequentially Fixes gh-7728	2019-12-12 08:32:44 -06:00
Rob Winch	73babc3314	DelegatingServerLogoutHandler Executes Sequentially Fixes gh-7723	2019-12-11 15:39:27 -06:00
Joe Grandja	4d9cee116c	Display general error message when WebFlux oauth2Login() fails Issue gh-5562 gh-6484	2019-12-05 16:54:31 -05:00
Filip Hrisafov	796859333f	Log full failed authentication exception in BasicAuthenticationFilter	2019-11-27 14:56:24 +01:00
Josh Cummings	5f17032ffd	Restore Removed Throws Clauses In a recent clean-up, certain exceptions were removed from various throws clauses. This PR re-introduces throws clauses that are important for one of the following reasons: 1. It's a method on a public interface 2. It's a method clearly designed for inheritance, for example, a method stub, an abstract method, or indicated as such in the docs. Fixes gh-7541	2019-10-30 12:13:54 -06:00
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	2019-10-28 14:06:10 -05:00
Filip Hrisafov	b9f122230b	Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour	2019-10-23 14:50:57 -04:00
Michel Palourdio	d26f40f062	DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.	2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo	62c7de03c3	Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter Moved the existing auth check logic to the matcher. Issue: gh-5928	2019-10-22 16:55:54 -04:00
Eleftheria Stein	264daec697	Test context relative URL with multiple schemes	2019-10-16 15:32:02 -04:00
Josh Cummings	b764af6b9b	CookieServerCsrfTokenRepositoryTests Leading Dot ResponseCookie removed support for having a leading dot in the cookie domain. Fixes gh-7500	2019-09-30 08:39:45 -06:00
Josh Cummings	7949dd492a	Move DelegatingServerAuthenticationSuccessHandlerTests Moved from src/test/groovy to src/test/java Issue gh-5332	2019-09-27 16:57:43 -06:00
Josh Cummings	5f905232cb	Polish CurrentSecurityContextArgumentResolvers Fixes gh-7487	2019-09-27 13:19:08 -06:00
Rob Winch	00f8991fac	Merge Remove Redudant Throws Fixes gh-7301	2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan	034b5e9e93	Introduce LogoutSuccessEvent LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout. By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event. This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency. Fixes gh-2900	2019-09-18 10:57:16 -05:00
Josh Cummings	7576dc44d7	AuthenticationFilter Session Fixation Protection Fixes gh-7446	2019-09-17 08:17:09 -06:00
Josh Cummings	496a2cdc60	Make AuthenticationFilter methods private Fixes gh-7447	2019-09-17 08:06:21 -06:00
Josh Cummings	aa12748c9b	Add Request-level CSRF Skip Fixes gh-7367	2019-09-13 19:04:05 +01:00
Eleftheria Stein	9f0986a093	Fix javadoc typo for invalid session strategy	2019-09-09 16:51:14 -04:00
Filip Hanik	08d50868c9	Merge pull request #7260 from fhanik/feature/saml2-sp-mvp Add SAML Service Provider Support	2019-09-05 17:04:14 -07:00
Filip Hanik	e9a44bc0ce	HttpSecurity.saml2login() - MVP Core Code Implements minimal SAML 2.0 login/authentication functionality with the following feature set: - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId} - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId} - Supports basic java-configuration via DSL - Provides an integration sample using Spring Boot Not implemented with this MVP - Single Logout - Dynamic Service Provider Metadata Fixes gh-6019	2019-09-05 14:40:08 -07:00
Rob Winch	2a1f3f6aa7	Remove Package Tangle in HeaderWriterFilter Fixes gh-7380	2019-09-05 16:08:45 -05:00
Josh Cummings	39e84013f7	ClearSiteDataHeaderWriter Directives Fixes gh-7347	2019-09-03 15:57:10 -06:00
Eleftheria Stein	ad0d3e9702	Polish remember me username check	2019-09-03 11:48:46 -04:00
Scott Murphy	26ae590c68	Check that userdetails for username exists. #7251	2019-09-03 11:48:46 -04:00
kostya05983	f6c650db47	Replace Streams with Loops First version of replacing streams fix wwwAuthenticate and codestyle fix errors in implementation to pass tests Fix review notes Remove uneccessary final to align with cb Short circuit way to authorize Simplify error message, make code readably Return error while duplicate key found Delete check for duplicate, checkstyle issues Return duplicate error Fixes gh-7154	2019-09-02 15:30:48 -06:00

1 2 3 4 5 ...

990 Commits