Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-15 10:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,462 Commits 33 Branches 334 Tags
Commit Graph

1941 Commits

Author SHA1 Message Date
Eleftheria Stein
6b56071c08 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:21:15 +01:00
Josh Cummings
feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík
27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Marcus Da Coregio
4a976faea3 Fix remaining failing tests 
Issue gh-10702
 2022-01-13 13:53:04 -03:00
Marcus Da Coregio
7fd0530009 Change Kotlin tests that are using mockkObject with a lambda interface implementation 
Closes gh-10702
 2022-01-13 11:38:44 -03:00
Marcus Da Coregio
9cfafdaa43 Upgrade to Kotlin 1.6.10 
Closes gh-10350
 2022-01-13 08:44:57 -03:00
heowc
6c5fd38a3f Fix typo 2022-01-10 16:24:53 +01:00
Marcus Da Coregio
d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Josh Cummings
81a9302045 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:16:01 -07:00
James Howe
c1b0e5930a Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:16:01 -07:00
Marcus Da Coregio
0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio
263665ad55 Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:54:28 -03:00
Steve Riesenberg
d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi
c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg
be802f57ba Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 18:13:01 +01:00
Steve Riesenberg
176f7b2b04 Add missing since 
Issue gh-7765
 2021-12-02 18:13:01 +01:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Josh Cummings
78857c62f4 Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 14:29:18 -07:00
Hiroshi Shirosaki
809ff883b0 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 14:29:18 -07:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Josh Cummings
ba5a68ec63 Polish LdapAuthenticationPopulator Support 
PR gh-9276
 2021-11-19 12:19:43 -07:00
Filip Hanik
ae08608011 LdapAuthoritiesPopulator should be postProcessed 
To enable customizations through withObjectPostProcessor
 2021-11-19 12:03:44 -07:00
Norbert Nowak
4bc55769a3 Import cleanup 
Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak
4f186f2c1f Move Dsl files to annotation Package 
Closes gh-10333
 2021-11-19 11:46:08 -07:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
« Christophe
e85958f65c Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:25:03 -06:00
Rob Winch
0aa75e04b7 Fix imports for ChannelSecurityConfigurerTests 
gh-7997
 2021-11-16 14:07:53 -06:00
Stephane Nicoll
2e4c6c3bf1 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:29 -06:00
Onur Kagan Ozcan
ef25304a30 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:34 -06:00
Josh Cummings
869e379099 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-01 17:49:15 -06:00
Marcus Da Coregio
caf4c47105 Remove CAS module 
Closes gh-10441
 2021-11-01 09:02:43 -03:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
b2e6c60d94 Remove remoting technologies support 
Closes gh-10366
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
010f719344 Upgrade to JDK 17 
Closes gh-10343
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio
12f3e908b0 Update to Spring Security 6.0 2021-11-01 09:02:41 -03:00
Marcus Da Coregio
2f1638ec57 Fix javadoc 
Closes gh-10382
 2021-10-22 11:20:37 -03:00
Emil Sierżęga
cb70b6a39b Fixed invalid usage of & tag in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Emil Sierżęga
6b26032ce7 Fixed invalid usege of > tag in Javadocs 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Philipp Neuschwander
6db58cbf8a Conditionally resolve bearer token from request parameters 
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
 2021-10-13 17:10:50 -05:00
Gaurav Tiwari
33708e61fb Add postProcess support to Saml2LogoutConfigurer 
Closes gh-10311
 2021-10-13 12:05:48 -06:00
Josh Cummings
fbb7691be4 Polish SecurityNamespaceHandler Tests 
Issue gh-8974
 2021-10-13 11:50:14 -06:00
Emil Sierżęga
8daa6ec1fd SecurityNamespaceHandler: update schema version to 5.6 
Closes gh-8974
 2021-10-13 11:49:57 -06:00
Eleftheria Stein
ba8844a67e Deprecate Kotlin methods that don't use reified types 
Closes gh-10365
 2021-10-13 10:16:37 +02:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Marcus Da Coregio
7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId 
Closes gh-10176
 2021-10-04 09:54:40 -03:00
Marcus Da Coregio
e36e2b2a97 Move Saml2AuthnRequestRepository to web package 
Moving to solve package tangles

Issue gh-9185
 2021-09-29 14:10:39 -03:00