Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,090 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

1190 Commits

Author SHA1 Message Date
Norbert Nowak abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Rob Winch 4462b73fd9 AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch ba7fb0cb14 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 09e730734b BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch d909d3bc40 RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 7c5b939bbd AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Marcus Da Coregio 8c94c2e15a AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:14 -03:00
Rob Winch 2abeff2089 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:21:51 -06:00
Rob Winch bab5d252a2 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-08 15:00:22 -06:00
Josh Cummings 20d21f8eeb Invert Log Messages 
Closes gh-10909
 2022-02-28 13:16:06 -07:00
Josh Cummings a99a04f050 Update JavaDoc 
Issue gh-10564
 2022-02-15 12:51:09 -07:00
Yuriy Savchenko d6cbacb27a Make WebAuthenticationDetails constructor public 
Closes gh-10564
 2022-02-15 12:50:48 -07:00
Josh Cummings 84616543a3 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:58:20 -07:00
Manuel Jordan 6ae651bd67 Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:58:20 -07:00
Rob Winch 6f0029fc44 Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-02 17:04:44 -06:00
Marcus Da Coregio 0048805c2a RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 10:17:40 -03:00
Josh Cummings 08821369a3 Add Request-based AuthenticationManagerResolvers 
Closes gh-6762
 2022-01-26 09:21:07 -07:00
Rob Winch f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Juan Carlos 2624150052 Add serialVersionUID to DefaultSavedRequest and SavedCookie 
Closes gh-10594
 2022-01-18 09:36:54 -03:00
Josh Cummings feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík 27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Josh Cummings b2fe9149cf Use noNullElements 
Collection#contains(null) does not work for all collection types

Issue gh-10703
 2022-01-14 14:33:17 -07:00
heowc 6c5fd38a3f Fix typo 2022-01-10 16:24:53 +01:00
Marcus Da Coregio 750dcafbd2 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:21:26 -03:00
Marcus Da Coregio d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio 51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Eleftheria Stein c68a75bcde Correct imports to jakarta 
Issue gh-9385, gh-10118
 2021-12-08 11:43:13 +01:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Steve Riesenberg aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg 5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg 41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Josh Cummings 7e55c84cfc Add Missing Since 
Issue gh-10482
 2021-11-30 15:15:35 -07:00
Igor Pelesic 72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Steve Riesenberg 898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg 9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Rob Winch bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio caad3d57e2 Improve log message when no CSRF token found 
Closes gh-10436
 2021-10-29 14:06:17 -03:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Marcus Da Coregio faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Josh Cummings 7b98c2ea95 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-12 13:32:29 -06:00