Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 19:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,640 Commits 38 Branches 348 Tags
Commit Graph

1125 Commits

Author SHA1 Message Date
Nathan Wong
02a78b17b9 Add check to see if return value is DENY 
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
 2017-10-29 23:32:53 -05:00
Antoine
bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine
0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch
5a5ec58ca4 Add LogoutPageGeneratingWebFilter 
Fixes gh-4735
 2017-10-29 00:12:23 -05:00
Rob Winch
0734d70d02 Logout requires POST 
Issue: gh-4734
 2017-10-29 00:11:59 -05:00
Rob Winch
8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch
192776858d HttpStatusServerAccessDeniedHandler write error message 2017-10-28 22:59:24 -05:00
Rob Winch
e63c53e267 Add AuthorizationWebFilterTests 2017-10-28 22:58:55 -05:00
Rob Winch
2060125ebd ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:52 -05:00
Rob Winch
4777a869bc Logout at the end of logout method 
Issue: gh-4719
 2017-10-27 18:17:40 -05:00
Rob Winch
5bcf3c559b Remove wrappedExchange from AuthenticationWebFilter 
Issue: gh-4719
 2017-10-27 18:17:29 -05:00
Rob Winch
437ba56415 ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter 
Issue: gh-4719
 2017-10-27 18:17:10 -05:00
Rob Winch
c63b258b16 AuthorizeWebFilter uses ReactiveSecurityContextHolder 
Issue gh-4719
 2017-10-27 18:16:59 -05:00
Rob Winch
747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch
44b41e78cd Flux member variables in favor of Collections 
Fix gh-4694
 2017-10-25 07:41:37 -05:00
Rob Winch
fcc1152f78 WebFilterChainProxy not matched continues WebFilterChain 
Fixes gh-4668
 2017-10-24 16:22:07 -05:00
Rob Winch
b81c1ce2c0 Move spring-security-webflux into spring-security-web 
Fixes gh-4662
 2017-10-18 16:20:09 -05:00
Rob Winch
a74f7c6faa Fix CSRF / DefaultLoginPageGeneratingFilter package tangle 
Issue: gh-4636
 2017-10-16 16:36:49 -05:00
Andreas Gebhardt
0c830f9ba8 fix JavaDoc typo on BasicAuthenticationEntryPoint 2017-10-12 07:42:58 -05:00
Rob Winch
23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch
445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch
f3828924ff Fix equals and hashCode alignment 
Fixes gh-4588
 2017-09-28 17:25:00 -05:00
Rob Winch
646b3e48b3 Avoid Exception Message in HTTP Response 
Fixes gh-4587
 2017-09-28 17:24:49 -05:00
Vedran Pavic
95de158909 Add ForwardLogoutSuccessHandler 2017-09-06 15:15:02 -05:00
Joe Grandja
4951550d7d Add context path to authorization request URI 
Fixes gh-4510
 2017-08-26 18:55:23 -04:00
Rob Winch
e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Kyle Anderson
d8a678df6f Removed Unicode Character from Parameter Name 2017-06-29 16:03:29 -05:00
Takuma Setoguchi
f2c04dd9b1 fix typo 2017-06-20 08:17:15 -05:00
Vedran Pavic
85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Joe Grandja
829c386756 Add support for OAuth 2.0 Login 
Fixes gh-3907
 2017-04-28 10:58:59 -04:00
Rob Winch
5a65da400d Use ReflectionTestUtils rather than Whitebox 
This is better because it no longer uses Mockito's internal API

Fixes gh-4305
 2017-04-21 10:54:58 -05:00
Rob Winch
9d9aadb80f Fix DefaultSavedRequestMixinTests with Spring 5 
Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.

This commit ensures that the Cookie header is not added by overriding the
class we are writing.

Fixes gh-4272
 2017-04-12 15:51:26 -05:00
Joe Grandja
2b81983f7c Update to Java 8 compatibility 
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
 2017-04-07 16:49:38 -04:00
borlafu
8a458eb9e1 Avoid multiple X-Frame-Options headers 
XFrameOptionsHeaderWriter should not *add*, but *set* the
X-Frame-Options header. According to
https://tools.ietf.org/html/rfc7034#section-2.1, having
multiple values for the header is disallowed:

"There are three different values for the header field.
These values are mutually exclusive; that is, the header
field MUST be set to exactly one of the three values."

With this change, only the latest XFrameOptionsHeaderWriter
will remain.
 2017-03-08 15:49:18 -06:00
Rob Winch
247f54dc41 Fix SwitchUserFilter.setSwitchFailureUrl assertion 
Fixes gh-4198
 2017-03-02 00:47:09 -06:00
Rob Winch
017e9834bd Fix NPE in UrlUtils with null url 
Fixes gh-4233
 2017-03-02 00:46:01 -06:00
Rob Winch
168f4b8f70 Prevent Duplicate Cache Headers 
Fixes gh-4199
 2017-03-01 16:14:12 -06:00
Rob Winch
9c03571bbb Use message in all Assert 
This ensures compatibility with Spring 5.

Fixes gh-4193
 2017-01-30 19:58:24 -06:00
Kazuki Shimizu
38492a5794 Add since version in javadoc 
Issue: gh-4130
 2016-12-21 16:12:39 -06:00
Eddú Meléndez
028854b936 Add HttpSessionRequestCache sessionAttrName property 
This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.

Fixes gh-4130
 2016-12-21 10:22:09 -06:00
Rob Winch
d39f3385b6 Polish DefaultHttpFirewallTests 
Issue gh-4169
 2016-12-21 09:29:23 -06:00
Rob Winch
666e356ebc Block URL Encoded "/" in DefaultHttpFirewall 
Fixes gh-4169
 2016-12-21 09:04:00 -06:00
Rob Winch
697daeab7c Add Jackson2 Support for PreAuthenticatedAuthenticationToken 
Fixes gh-4120
 2016-11-09 16:55:10 -06:00
Rob Winch
f0a9421aa4 SecurityJacksonModules->SecurityJackson2Modules 
Fixes gh-4121
 2016-11-09 16:42:41 -06:00
Kazuki Shimizu
d2c28c58e2 Polishing the ReferrerPolicyHeaderWriter gh-4110 2016-11-09 13:16:41 -06:00
Eddú Meléndez
23294c4c57 Add Referrer-Policy header support 
Fixes gh-4110
 2016-11-08 13:21:35 -06:00
Rob Winch
57d7ad05f9 Revert "Cache Control only written if not set" 
This reverts commit 242b831f20c11171975c1e2bdd50c9ae1cdbf445.
Spring MVC fixed the issue we were working around and the changes
in Spring Security were unreliable.

Fixes gh-3975
 2016-10-24 15:57:26 -05:00
Johnny Lim
50b72dddbc Fix typo in Javadoc 
This commit simply fixes typo in Javadoc.
 2016-10-20 21:07:15 -05:00
Rob Winch
aaa9708b95 Add BeanResolver to AuthenticationPrincipalArgumentResolver 
Previously @AuthenticationPrincipal's expression attribute didn't support
bean references because the BeanResolver was not set on the SpEL context.

This commit adds a BeanResolver and ensures that the configuration
sets a BeanResolver.

Fixes gh-3949
 2016-10-18 19:45:54 -05:00