37dd896d4b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-11955
2022-10-05 13:57:25 -05:00
e0843aabb1
automatically manage docs version (with collector)
2022-10-05 13:56:22 -05:00
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl
...
Closes gh-11952
2022-10-05 13:35:23 -05:00
bf6e85ec15
Accept String varargs in securityMatcher
...
Issue gh-9159
2022-10-05 13:44:08 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
7f9600ae08
Polish gh-11896
2022-10-03 09:57:08 -05:00
64a19de4dc
Deprecate HPKP security header
...
Closes gh-10144
2022-10-03 11:36:19 -03:00
7be2eb05d5
Merge branch '5.7.x' into 5.8.x
2022-10-03 10:10:06 -03:00
cd4ddde779
Merge branch '5.6.x' into 5.7.x
2022-10-03 10:09:42 -03:00
26bb60c567
Add rncToXsd task description to CONTRIBUTING.adoc
2022-10-03 10:09:27 -03:00
6d56af7b65
SessionManagementDsl.requireExplicitAuthenticationStrategy
2022-09-30 21:37:44 -05:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity
...
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".
This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.
This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.
Issue gh-9631
2022-09-30 09:38:08 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
cf3349f31a
Configure ContentNegotiationStrategy in HttpSecurityConfiguration
...
Closes gh-11916
2022-09-29 11:21:08 -03:00
506e50bfd0
Move Saml2 Authentication Filters
...
Issue gh-8819
2022-09-26 10:44:27 -06:00
bbac85e20b
Reduce severity of invalid registrationId to warn
...
This prevents filling the log file with error messages when routine
scans are being performed.
Closes gh-11344
2022-09-26 09:56:20 -05:00
ae6fb8c681
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 16:31:22 -06:00
37a160245f
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-23 16:31:21 -06:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
d140d95305
Fix assertion in NullSecurityContextRepository
...
Issue gh-11060
2022-09-22 15:33:22 -05:00
5d757919a2
Add SecurityContextHolderStrategy to new repository
...
In 6.0, RequestAttributeSecurityContextRepository will be the default
implementation of SecurityContextRepository. This commit adds the
ability to configure a custom SecurityContextHolderStrategy, similar
to other components.
Issue gh-11060
Closes gh-11895
2022-09-22 15:33:21 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
983ca6ea27
Update What's New for 5.8
2022-09-20 08:33:38 -03:00
0c96989cbe
Move script tag into body element
...
Closes gh-11879
2022-09-19 15:46:23 -03:00
9564f1b5e4
Next development version
2022-09-19 16:55:17 +00:00
dcbe900ff8
Release 5.8.0-M3
2022-09-19 15:24:11 +00:00
e4e24c6639
Update org.springframework to 5.3.23
...
Closes gh-11851
2022-09-16 13:39:03 -05:00
eeb152cd6d
Update htmlunit-driver to 2.64.0
...
Closes gh-11850
2022-09-16 13:39:03 -05:00
0159e8c976
Update org.mockito to 4.8.0
...
Closes gh-11849
2022-09-16 13:39:02 -05:00
e2a4227c11
Update junit-bom to 5.9.0
...
Closes gh-11848
2022-09-16 13:39:02 -05:00
573a5b626d
Update hsqldb to 2.7.0
...
Closes gh-11847
2022-09-16 13:39:02 -05:00
5d8427a52b
Update hibernate-entitymanager to 5.6.11.Final
...
Closes gh-11846
2022-09-16 13:39:01 -05:00
ece5ff1500
Update org.eclipse.jetty to 9.4.49.v20220914
...
Closes gh-11845
2022-09-16 13:39:01 -05:00
870de424f0
Update htmlunit to 2.64.0
...
Closes gh-11844
2022-09-16 13:39:00 -05:00
a884e0dda9
Update io.rsocket to 1.1.3
...
Closes gh-11843
2022-09-16 13:39:00 -05:00
6d3e04184b
Update io.projectreactor to 2020.0.23
...
Closes gh-11841
2022-09-16 13:38:59 -05:00
3d4f947cd5
Update mockk to 1.12.8
...
Closes gh-11840
2022-09-16 13:38:59 -05:00
d915f0f9ca
Update aspectj-plugin to 6.5.1
...
Closes gh-11839
2022-09-16 13:38:58 -05:00
a799528679
Update com.nimbusds to 9.43.1
...
Closes gh-11838
2022-09-16 13:38:58 -05:00
40a343c6e1
Update jackson-bom to 2.13.4
...
Closes gh-11835
2022-09-16 13:38:57 -05:00
Rob Winch
Dan Allen
Steve Riesenberg
Marcus Da Coregio
Daniel Garnier-Moiroux
Josh Cummings
Daniel Garnier-Moiroux
Evgeniy Cheban
github-actions[bot]