Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,453 Commits 34 Branches 337 Tags
Commit Graph

9453 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steve Riesenberg
ac9b137cad URL encode client credentials 
Closes gh-9610
 2021-06-01 12:57:06 -05:00
Rob Winch
68f91edbb8 Make XsdDocumentedTests Parsing More Lenient 
Closes gh-9830
 2021-05-27 18:37:14 -05:00
Rob Winch
8400b841e9 Improve XsdDocumentedTests Error Message 
This makes it easier to compare the expected and actual values.

Closes gh-9829
 2021-05-27 18:37:02 -05:00
Josh Cummings
65ecaa0c28
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 12:31:41 -06:00
Hans Hosea Schaefer
b671a96073
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 12:10:03 -06:00
Marcus Hert da Coregio
2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert
cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews
a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Craig Andrews
0e6d47b082 Add guard around debug logging involving string concatenation 2021-05-26 09:11:38 -05:00
Craig Andrews
0af74ce134 Use ServletUriComponentsBuilder instead of UrlPathHelper 2021-05-26 09:11:38 -05:00
Craig Andrews
2bcd4627fa Eliminate use of Optional 2021-05-26 09:11:38 -05:00
Craig Andrews
10a264c144 Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy 
Performs a redirect to the original request URL when an invalid requested session is detected.

In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
 2021-05-26 09:11:38 -05:00
Steve Riesenberg
36dcbe24d0 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 13:31:34 -05:00
Steve Riesenberg
18a2a4ace9 Handle encoded spaces in the root dn 
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.

Closes gh-9742
 2021-05-25 10:54:41 -06:00
Marcus Hert da Coregio
2d61fda1af Combine multiple OS builds into one 
Closes gh-9790
 2021-05-25 10:40:28 -06:00
Marcus Hert da Coregio
fa7ba5e3db Update Env Variables in Build Windows Job 
Closes gh-9761
 2021-05-25 10:40:28 -06:00
Eleftheria Stein
488683f5a5 Polish DNS SRV lookup method with port 
Issue gh-9030
 2021-05-20 14:29:45 +02:00
Kathryn Newbould
2af322c06d Add method to return both IP and port for SRV DNS lookup requests 
Closes gh-9030
 2021-05-20 14:28:50 +02:00
Eleftheria Stein
fa77f4c8ff Deprecate feature-policy where not already deprecated 
Issue gh-9262
 2021-05-19 10:04:09 +02:00
Eleftheria Stein
be903b8e25 Cleanup unused import 2021-05-19 10:04:09 +02:00
Eleftheria Stein
1728b06b30 Ensure Kotlin 1.3 compatibility 
Closes gh-9765
 2021-05-19 10:04:08 +02:00
Josh Cummings
67e5c05a47 Polish AuthorizationManager Method Security 
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
 2021-05-18 17:34:04 -06:00
Evgeniy Cheban
84e2e80915 Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-05-18 17:34:04 -06:00
Josh Cummings
f7f435d3f4
Include all configured branches in CI 
Closes gh-9775
 2021-05-18 15:57:40 -06:00
Rob Winch
081e3301ad Use GPG_PRIVATE_KEY directly 
Closes gh-9776
 2021-05-18 16:44:29 -05:00
Rob Winch
1898446f68 core depends on crypto 
Issue gh-9767
 2021-05-18 16:03:38 -05:00
Rob Winch
56b7c662e4 Remove spring-security-crypto from spring-core pom 
Instead of having api extend included configuration, we should use the
*Classpath configurations.

Closes gh-9767
 2021-05-18 15:30:44 -05:00
Rob Winch
8a4ee8af43 Artifactory defaults to publish mavenJava Publication 
Closes gh-9772
 2021-05-18 15:30:44 -05:00
Josh Cummings
d203235567
Update to Spring Security 5.6 
Closes gh-9695
 2021-05-18 10:45:17 -06:00
Josh Cummings
8c0248d0dc
Remove Temporary Module 2021-05-18 10:09:43 -06:00
Rob Winch
df4d0dc488 Ignore Invalid buildSrc Tests 2021-05-18 01:00:37 -05:00
Rob Winch
073f72277e Next Development Version 2021-05-18 00:47:37 -05:00
Rob Winch
abd100122e Fix SpringNexsPublishPlugin spacing in root 5.5.0 2021-05-17 23:57:18 -05:00
Rob Winch
39c5f3d955 Fix closeAndReleaseOssrhStagingRepository 2021-05-17 23:54:28 -05:00
Rob Winch
05dd69395d Delay until PublishAllJavaComponentsPlugin 2021-05-17 23:53:01 -05:00
Rob Winch
03924951a2 Update GitHub Actions to use publishArtifacts 2021-05-17 23:40:43 -05:00
Rob Winch
4d251157b2 opensaml4MainCompile 2021-05-17 23:21:17 -05:00
Rob Winch
1491f2e0b6 Fix saml javadoc 2021-05-17 22:39:34 -05:00
Rob Winch
777a27523e fix bom 2021-05-17 22:29:45 -05:00
Rob Winch
b750f3b86c copyproperties for bom plugin 2021-05-17 22:22:55 -05:00
Rob Winch
b0f661f432 Revert "Map optional dependencies to Maven" 
This reverts commit 7dc34ccef7a74f1880962f4c13a407fda080441a.
 2021-05-17 22:17:52 -05:00
Rob Winch
d8e4f6c866 Revert "Management no longer operates on optional/provided to spring-security-dependencies added as bom to poms" 
This reverts commit c9bf98c8872c5baa82f0142e1c25ce7fe1a7112d.
 2021-05-17 22:17:50 -05:00
Rob Winch
c9bf98c887 Management no longer operates on optional/provided to spring-security-dependencies added as bom to poms 2021-05-17 21:18:58 -05:00
Rob Winch
7dc34ccef7 Map optional dependencies to Maven 2021-05-17 20:44:12 -05:00
Rob Winch
5b74484d3d Fix ManagementConfigurationPlugin Configurations 
- remove COMPILE_CONFIGURATION_NAME
- remove TEST_COMPILE_CONFIGURATION_NAME

This is because otherwise spring-security-depencencies appears as
maven bom and it should be internal
 2021-05-17 19:16:33 -05:00
Rob Winch
0158d2023e Remove MavenBomTask 2021-05-17 18:25:29 -05:00
Rob Winch
3d4bc6ca9e remove spring-pom.properties 2021-05-17 17:58:56 -05:00
Rob Winch
b2d14be18e Revert "versionMapping" 
This reverts commit 834a1fca0d4f0e8dceff7d82ff430283c5c01f29.
 2021-05-17 17:50:08 -05:00
Rob Winch
834a1fca0d versionMapping 2021-05-17 17:50:02 -05:00
Rob Winch
daf37942c5 Fix maven.from 2021-05-17 17:49:37 -05:00