Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,640 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1289 Commits

Author SHA1 Message Date
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing 
Issue gh-4001
Issue gh-11456
 2022-09-06 11:43:33 -05:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements 
Issue gh-9401
 2022-08-25 14:36:03 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support 
Closes gh-10920
 2022-08-25 14:36:02 -06:00
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option 
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
 2022-08-18 17:00:47 -05:00
jujunChen 13feb87171
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:51:36 -06:00
jujunChen d93bde7465
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:51:06 -06:00
jujunChen e3d85881e9
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:48:14 -06:00
Rob Winch 5b64526ba9 Add CsrfFilter.csrfRequestAttributeName 
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.

This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.

Issue gh-11699
 2022-08-15 17:07:02 -05:00
github-actions[bot] 1510460a1a Next development version 2022-08-15 16:14:19 +00:00
github-actions[bot] db74e9d128 Next development version 2022-08-15 16:07:33 +00:00
github-actions[bot] c188b70c88 Next development version 2022-08-15 16:06:45 +00:00
github-actions[bot] 4559d269e0 Release 5.6.7 2022-08-15 15:25:05 +00:00
github-actions[bot] 173d74d693 Release 5.7.3 2022-08-15 15:24:54 +00:00
github-actions[bot] 063e56ce8b Release 5.8.0-M2 2022-08-15 15:24:27 +00:00
Igor Bolic efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Desmond Silveira 0d3c3c676d
"Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
Desmond Silveira 06aa3362dd
"Well-Know" should be "Well-Known" 2022-07-26 15:44:41 -05:00
Desmond Silveira 2a336d4f49 "Well-Know" should be "Well-Known" 2022-07-26 15:41:05 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 14:04:16 -03:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:56:41 -03:00
Yuriy Savchenko 5322352427 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:49:21 -03:00
github-actions[bot] 8d147100ee Next development version 2022-07-18 16:00:47 +00:00
github-actions[bot] 8d3586f949 Release 5.8.0-M1 2022-07-18 15:25:10 +00:00
Marcus Da Coregio f45c4d4b8e Add SHA256 as an algorithm option for Remember Me token hashing 
Closes gh-8549
 2022-07-15 10:41:03 -03:00
Marcus Da Coregio 57d6ab7134 Improve docs on dispatcherTypeMatcher 
Closes gh-11467
 2022-07-14 09:13:46 -03:00
Josh Cummings 624fdfa731
Add AuthorizationManager for protect-pointcut 
Closes gh-11323
 2022-07-13 17:58:16 -06:00
Tim te Beek ce67fb08fd
Clearly end sentence in note before next sentence 2022-07-11 17:38:44 -06:00
Tim te Beek 6e63278ab9
Use Collection<ConfigAttribute> in examples 
To match `org.springframework.security.access.ConfigAttribute`.
 2022-07-11 17:38:44 -06:00
Josh Cummings 74a007dc91
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 12:54:05 -06:00
Josh Cummings 74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 15:55:28 -06:00
Josh Cummings 9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:05:07 -06:00
Joe Grandja d3a024786b Next Development Version 2022-06-20 15:05:30 -04:00
Joe Grandja fa4c5449e7 Release 5.6.6 2022-06-20 14:50:24 -04:00
Joe Grandja 6f275deb55 Next Development Version 2022-06-20 12:37:13 -04:00
Joe Grandja c40f65f5a2 Release 5.7.2 2022-06-20 12:17:25 -04:00
Josh Cummings 2a70707c35 Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00
sKai.fun a3e996a66b Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 17:33:41 -05:00
sKai.fun 953b54f63d Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 15:15:03 -05:00
André Luis Gomes aca3fc2412 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:51:44 -03:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
André Luis Gomes 24701b547f Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:49:47 -03:00
Josh Cummings 9dbd1f3e25
Use AuthorizationManager in <http> 
Closes gh-11305
 2022-05-31 15:10:00 -06:00
Josh Cummings d7077b441a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 15:00:15 -06:00
Josh Cummings 292585080a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:59:06 -06:00
Josh Cummings 0abc54c7de
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:52:20 -06:00