Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-08 07:27:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,492 Commits 55 Branches 369 Tags
Commit Graph

1112 Commits

Author SHA1 Message Date
Steve Riesenberg
b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02
1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Max Batischev
fd267dfb71 Add Support JdbcPublicKeyCredentialUserEntityRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
7b07ef5ff3 Add Support JdbcUserCredentialRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Josh Cummings
1104b45832
Polish SessionLimit 
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation

Issue gh-16206
 2024-12-18 18:32:28 -07:00
Claudenir Machado
1864577e98 Address SessionLimitStrategy 
Closes gh-16206
 2024-12-18 18:32:12 -07:00
Josh Cummings
3eeb4317f6 Add setFavorRelativeUris 
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.

Issue gh-7273
 2024-12-17 22:35:41 -07:00
Michal Okosy
7848b959da Use relative URLs in /login redirects 
Closes gh-7273
 2024-12-17 22:35:41 -07:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00
Josh Cummings
0f85da77be
Merge branch '6.2.x' into 6.3.x 
Closes gh-16219
 2024-12-05 09:52:32 -07:00
Josh Cummings
96a9cf0d2d
Restore Previous Behavior for Servlet 5 
Closes gh-16173
 2024-12-05 09:52:06 -07:00
Rob Winch
9c3b11914d webauthn registerCredential returns transports 
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
 2024-12-04 15:22:26 -06:00
Daniel Garnier-Moiroux
46fe0124ba Add RuntimeHints for webauthn Javascript resource 2024-11-25 13:06:50 -06:00
Steve Riesenberg
ddf4542a9e
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527

(cherry picked from commit 3a298196512de5f3002707e2af8298d650033df7)
 2024-11-15 10:17:39 -06:00
Steve Riesenberg
554df6fab6
Fix NPE in IpAddressMatcher 
Closes gh-15527

(cherry picked from commit 52de894c3c0a812562d6822db30f5c6c88526181)
 2024-11-15 10:17:38 -06:00
Steve Riesenberg
3a29819651
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527
 2024-11-15 09:33:31 -06:00
Steve Riesenberg
52de894c3c
Fix NPE in IpAddressMatcher 
Closes gh-15527
 2024-11-15 09:33:30 -06:00
Daniel Garnier-Moiroux
a1526361b6 webauthn: introduce DefaultResourcesFilter#webauthn 2024-11-14 12:11:43 -06:00
nomoreFt
8f1c892fb7 Remove unnecessary parentheses and add static final field 2024-11-13 15:06:58 -06:00
Josh Cummings
981fbd5c2c Polish Tests 
Closes gh-14768
 2024-10-24 20:51:34 -07:00
Josh Cummings
cf03f2fed9
Merge branch '6.3.x' 2024-10-24 11:57:13 -06:00
Josh Cummings
5048a68ab7
Merge branch '6.2.x' into 6.3.x 
Closes gh-15986
 2024-10-24 11:56:41 -06:00
Josh Cummings
addc7c53b2
Merge branch '5.8.x' into 6.2.x 
Closes gh-15985
 2024-10-24 11:56:16 -06:00
DingHao
1399a82ea9 Return Null Request When Cookie Is Malformed 
Closes gh-15905
 2024-10-24 10:55:36 -07:00
Rob Winch
fc5719d8d6 Merge branch '6.3.x' 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 12:11:42 -05:00
Joe Grandja
ec38848b20 Fix invalid windows character 2024-10-21 11:34:56 -04:00
Rob Winch
1528c421bd Merge branch '6.2.x' into 6.3.x 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 09:43:48 -05:00
Rob Winch
0e257b56ce Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 09:42:24 -05:00
Rob Winch
542071b1f8 Merge Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:56:42 -05:00
Rob Winch
4ce7cde155 Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:46:13 -05:00
Rob Winch
7f26e54d07 Remove § 
See if this fixes format in windows
 2024-10-20 23:30:40 -05:00
Rob Winch
b0e8730d70 Add Passkeys Support 
Closes gh-13305
 2024-10-20 22:54:53 -05:00
xhaggi
7f537241e7 Use SessionAuthenticationStrategy for Remember-Me authentication 
Closes gh-2253
 2024-10-15 14:07:07 -07:00
Max Batischev
d37d41c130 Polish One-Time Token API Names and Doc 
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.

Issue gh-15114
 2024-10-15 14:04:56 -07:00
Josh Cummings
c40334317d
Polish One-Time Token Component Names 
Aligning parts of speech so that names are using nouns/verbs
where comparable components are using nouns/verbs.

Issue gh-15114
 2024-10-14 14:07:47 -06:00
Max Batischev
e7644925f8 Add AuthorizationResult support for AuthorizationManager 
Closes gh-14843
 2024-10-14 11:48:57 -07:00
Josh Cummings
702538ebce AuthorizationEventPublisher Accepts AuthorizationResult 
Closes gh-15915

Co-authored-by: Max Batischev <mblancer@mail.ru>
 2024-10-14 11:48:57 -07:00
Max Batischev
2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
Daniel Garnier-Moiroux
7e41785dfc Remove trailing spaces in default UIs 
- Default UIs had blank lines with only spaces. These get deleted by the
  spring-javaformat plugin. In order to avoid this behavior, an extra \s
  had been inserted in the tests. The reason for those \s is not obvious.
- This commit cleans up the \s but changing the HTML templates.
 2024-09-11 10:44:45 -07:00
Daniel Garnier-Moiroux
98975a9b83 Add runtime hints for CSS resource 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
c1b9035544 Use static CSS in OneTimeToken default UI 2024-09-10 12:46:13 -07:00