Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							93ac706d86 
							
						 
					 
					
						
						
							
							Polish XFrameOptionsHeaderWriter  
						
						... 
						
						
						
						Issue: gh-4559 
						
						
					 
					
						2017-10-29 23:32:53 -05:00 
						 
				 
			
				
					
						
							
							
								Nathan Wong 
							
						 
					 
					
						
						
						
						
							
						
						
							02a78b17b9 
							
						 
					 
					
						
						
							
							Add check to see if return value is DENY  
						
						... 
						
						
						
						Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.
This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY". 
						
						
					 
					
						2017-10-29 23:32:53 -05:00 
						 
				 
			
				
					
						
							
							
								Antoine 
							
						 
					 
					
						
						
						
						
							
						
						
							bed4ec7d18 
							
						 
					 
					
						
						
							
							Fix leading space characters reported by checkstyle  
						
						
						
						
					 
					
						2017-10-29 22:22:34 -05:00 
						 
				 
			
				
					
						
							
							
								Antoine 
							
						 
					 
					
						
						
						
						
							
						
						
							0771778b81 
							
						 
					 
					
						
						
							
							Polish more AssertJ assertions  
						
						
						
						
					 
					
						2017-10-29 22:22:34 -05:00 
						 
				 
			
				
					
						
							
							
								Antoine 
							
						 
					 
					
						
						
						
						
							
						
						
							e0aca04a28 
							
						 
					 
					
						
						
							
							Polish AssertJ assertions  
						
						... 
						
						
						
						Polish AssertJ assertions 
						
						
					 
					
						2017-10-29 22:22:34 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							5a5ec58ca4 
							
						 
					 
					
						
						
							
							Add LogoutPageGeneratingWebFilter  
						
						... 
						
						
						
						Fixes gh-4735 
						
						
					 
					
						2017-10-29 00:12:23 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							0734d70d02 
							
						 
					 
					
						
						
							
							Logout requires POST  
						
						... 
						
						
						
						Issue: gh-4734 
						
						
					 
					
						2017-10-29 00:11:59 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							8da2c7f657 
							
						 
					 
					
						
						
							
							Add WebFlux CSRF Protection  
						
						... 
						
						
						
						Fixes gh-4734 
						
						
					 
					
						2017-10-28 22:59:24 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							192776858d 
							
						 
					 
					
						
						
							
							HttpStatusServerAccessDeniedHandler write error message  
						
						
						
						
					 
					
						2017-10-28 22:59:24 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							e63c53e267 
							
						 
					 
					
						
						
							
							Add AuthorizationWebFilterTests  
						
						
						
						
					 
					
						2017-10-28 22:58:55 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							2060125ebd 
							
						 
					 
					
						
						
							
							ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository  
						
						... 
						
						
						
						Issue: gh-4719 
						
						
					 
					
						2017-10-27 18:17:52 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							4777a869bc 
							
						 
					 
					
						
						
							
							Logout at the end of logout method  
						
						... 
						
						
						
						Issue: gh-4719 
						
						
					 
					
						2017-10-27 18:17:40 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							5bcf3c559b 
							
						 
					 
					
						
						
							
							Remove wrappedExchange from AuthenticationWebFilter  
						
						... 
						
						
						
						Issue: gh-4719 
						
						
					 
					
						2017-10-27 18:17:29 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							437ba56415 
							
						 
					 
					
						
						
							
							ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter  
						
						... 
						
						
						
						Issue: gh-4719 
						
						
					 
					
						2017-10-27 18:17:10 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							c63b258b16 
							
						 
					 
					
						
						
							
							AuthorizeWebFilter uses ReactiveSecurityContextHolder  
						
						... 
						
						
						
						Issue gh-4719 
						
						
					 
					
						2017-10-27 18:16:59 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							747473257f 
							
						 
					 
					
						
						
							
							Use ReactorSecurityContextHolder  
						
						... 
						
						
						
						Issue gh-4713 
						
						
					 
					
						2017-10-26 20:11:42 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							44b41e78cd 
							
						 
					 
					
						
						
							
							Flux member variables in favor of Collections  
						
						... 
						
						
						
						Fix gh-4694 
						
						
					 
					
						2017-10-25 07:41:37 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							fcc1152f78 
							
						 
					 
					
						
						
							
							WebFilterChainProxy not matched continues WebFilterChain  
						
						... 
						
						
						
						Fixes gh-4668 
						
						
					 
					
						2017-10-24 16:22:07 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							b81c1ce2c0 
							
						 
					 
					
						
						
							
							Move spring-security-webflux into spring-security-web  
						
						... 
						
						
						
						Fixes gh-4662 
						
						
					 
					
						2017-10-18 16:20:09 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							a74f7c6faa 
							
						 
					 
					
						
						
							
							Fix CSRF / DefaultLoginPageGeneratingFilter package tangle  
						
						... 
						
						
						
						Issue: gh-4636 
						
						
					 
					
						2017-10-16 16:36:49 -05:00 
						 
				 
			
				
					
						
							
							
								Andreas Gebhardt 
							
						 
					 
					
						
						
						
						
							
						
						
							0c830f9ba8 
							
						 
					 
					
						
						
							
							fix JavaDoc typo on BasicAuthenticationEntryPoint  
						
						
						
						
					 
					
						2017-10-12 07:42:58 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							23f56f568c 
							
						 
					 
					
						
						
							
							Update MockitJunitRunner import  
						
						... 
						
						
						
						Issue: gh-4608 
						
						
					 
					
						2017-10-09 16:13:33 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							445834784a 
							
						 
					 
					
						
						
							
							Update to Mockito 2.10.0  
						
						... 
						
						
						
						Issue: gh-4608 
						
						
					 
					
						2017-10-09 16:13:11 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							f3828924ff 
							
						 
					 
					
						
						
							
							Fix equals and hashCode alignment  
						
						... 
						
						
						
						Fixes gh-4588 
						
						
					 
					
						2017-09-28 17:25:00 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							646b3e48b3 
							
						 
					 
					
						
						
							
							Avoid Exception Message in HTTP Response  
						
						... 
						
						
						
						Fixes gh-4587 
						
						
					 
					
						2017-09-28 17:24:49 -05:00 
						 
				 
			
				
					
						
							
							
								Vedran Pavic 
							
						 
					 
					
						
						
						
						
							
						
						
							95de158909 
							
						 
					 
					
						
						
							
							Add ForwardLogoutSuccessHandler  
						
						
						
						
					 
					
						2017-09-06 15:15:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joe Grandja 
							
						 
					 
					
						
						
						
						
							
						
						
							4951550d7d 
							
						 
					 
					
						
						
							
							Add context path to authorization request URI  
						
						... 
						
						
						
						Fixes gh-4510 
						
						
					 
					
						2017-08-26 18:55:23 -04:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							e16b8e7976 
							
						 
					 
					
						
						
							
							Fix logback-test.xml  
						
						
						
						
					 
					
						2017-08-17 16:42:01 -05:00 
						 
				 
			
				
					
						
							
							
								Kyle Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							d8a678df6f 
							
						 
					 
					
						
						
							
							Removed Unicode Character from Parameter Name  
						
						
						
						
					 
					
						2017-06-29 16:03:29 -05:00 
						 
				 
			
				
					
						
							
							
								Takuma Setoguchi 
							
						 
					 
					
						
						
						
						
							
						
						
							f2c04dd9b1 
							
						 
					 
					
						
						
							
							fix typo  
						
						
						
						
					 
					
						2017-06-20 08:17:15 -05:00 
						 
				 
			
				
					
						
							
							
								Vedran Pavic 
							
						 
					 
					
						
						
						
						
							
						
						
							85719fcd64 
							
						 
					 
					
						
						
							
							Use Base64 implementation provided by Java 8  
						
						
						
						
					 
					
						2017-05-10 00:27:36 -05:00 
						 
				 
			
				
					
						
							
							
								Joe Grandja 
							
						 
					 
					
						
						
						
						
							
						
						
							829c386756 
							
						 
					 
					
						
						
							
							Add support for OAuth 2.0 Login  
						
						... 
						
						
						
						Fixes gh-3907 
						
						
					 
					
						2017-04-28 10:58:59 -04:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							5a65da400d 
							
						 
					 
					
						
						
							
							Use ReflectionTestUtils rather than Whitebox  
						
						... 
						
						
						
						This is better because it no longer uses Mockito's internal API
Fixes gh-4305 
						
						
					 
					
						2017-04-21 10:54:58 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							9d9aadb80f 
							
						 
					 
					
						
						
							
							Fix DefaultSavedRequestMixinTests with Spring 5  
						
						... 
						
						
						
						Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.
This commit ensures that the Cookie header is not added by overriding the
class we are writing.
Fixes gh-4272 
						
						
					 
					
						2017-04-12 15:51:26 -05:00 
						 
				 
			
				
					
						
							
							
								Joe Grandja 
							
						 
					 
					
						
						
						
						
							
						
						
							2b81983f7c 
							
						 
					 
					
						
						
							
							Update to Java 8 compatibility  
						
						... 
						
						
						
						* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20 
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717 
* Update maven-compiler-plugin source/target to 1.8 
						
						
					 
					
						2017-04-07 16:49:38 -04:00 
						 
				 
			
				
					
						
							
							
								borlafu 
							
						 
					 
					
						
						
						
						
							
						
						
							8a458eb9e1 
							
						 
					 
					
						
						
							
							Avoid multiple X-Frame-Options headers  
						
						... 
						
						
						
						XFrameOptionsHeaderWriter should not *add*, but *set* the
X-Frame-Options header. According to
https://tools.ietf.org/html/rfc7034#section-2.1 , having
multiple values for the header is disallowed:
"There are three different values for the header field.
These values are mutually exclusive; that is, the header
field MUST be set to exactly one of the three values."
With this change, only the latest XFrameOptionsHeaderWriter
will remain. 
						
						
					 
					
						2017-03-08 15:49:18 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							247f54dc41 
							
						 
					 
					
						
						
							
							Fix SwitchUserFilter.setSwitchFailureUrl assertion  
						
						... 
						
						
						
						Fixes gh-4198 
						
						
					 
					
						2017-03-02 00:47:09 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							017e9834bd 
							
						 
					 
					
						
						
							
							Fix NPE in UrlUtils with null url  
						
						... 
						
						
						
						Fixes gh-4233 
						
						
					 
					
						2017-03-02 00:46:01 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							168f4b8f70 
							
						 
					 
					
						
						
							
							Prevent Duplicate Cache Headers  
						
						... 
						
						
						
						Fixes gh-4199 
						
						
					 
					
						2017-03-01 16:14:12 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							9c03571bbb 
							
						 
					 
					
						
						
							
							Use message in all Assert  
						
						... 
						
						
						
						This ensures compatibility with Spring 5.
Fixes gh-4193 
						
						
					 
					
						2017-01-30 19:58:24 -06:00 
						 
				 
			
				
					
						
							
							
								Kazuki Shimizu 
							
						 
					 
					
						
						
						
						
							
						
						
							38492a5794 
							
						 
					 
					
						
						
							
							Add since version in javadoc  
						
						... 
						
						
						
						Issue: gh-4130 
						
						
					 
					
						2016-12-21 16:12:39 -06:00 
						 
				 
			
				
					
						
							
							
								Eddú Meléndez 
							
						 
					 
					
						
						
						
						
							
						
						
							028854b936 
							
						 
					 
					
						
						
							
							Add HttpSessionRequestCache sessionAttrName property  
						
						... 
						
						
						
						This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.
Fixes gh-4130 
						
						
					 
					
						2016-12-21 10:22:09 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							d39f3385b6 
							
						 
					 
					
						
						
							
							Polish DefaultHttpFirewallTests  
						
						... 
						
						
						
						Issue gh-4169 
						
						
					 
					
						2016-12-21 09:29:23 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							666e356ebc 
							
						 
					 
					
						
						
							
							Block URL Encoded "/" in DefaultHttpFirewall  
						
						... 
						
						
						
						Fixes gh-4169 
						
						
					 
					
						2016-12-21 09:04:00 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							697daeab7c 
							
						 
					 
					
						
						
							
							Add Jackson2 Support for PreAuthenticatedAuthenticationToken  
						
						... 
						
						
						
						Fixes gh-4120 
						
						
					 
					
						2016-11-09 16:55:10 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							f0a9421aa4 
							
						 
					 
					
						
						
							
							SecurityJacksonModules->SecurityJackson2Modules  
						
						... 
						
						
						
						Fixes gh-4121 
						
						
					 
					
						2016-11-09 16:42:41 -06:00 
						 
				 
			
				
					
						
							
							
								Kazuki Shimizu 
							
						 
					 
					
						
						
						
						
							
						
						
							d2c28c58e2 
							
						 
					 
					
						
						
							
							Polishing the ReferrerPolicyHeaderWriter gh-4110  
						
						
						
						
					 
					
						2016-11-09 13:16:41 -06:00 
						 
				 
			
				
					
						
							
							
								Eddú Meléndez 
							
						 
					 
					
						
						
						
						
							
						
						
							23294c4c57 
							
						 
					 
					
						
						
							
							Add Referrer-Policy header support  
						
						... 
						
						
						
						Fixes gh-4110 
						
						
					 
					
						2016-11-08 13:21:35 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							57d7ad05f9 
							
						 
					 
					
						
						
							
							Revert "Cache Control only written if not set"  
						
						... 
						
						
						
						This reverts commit 242b831f20c11171975c1e2bdd50c9ae1cdbf445.
Spring MVC fixed the issue we were working around and the changes
in Spring Security were unreliable.
Fixes gh-3975 
						
						
					 
					
						2016-10-24 15:57:26 -05:00 
						 
				 
			
				
					
						
							
							
								Johnny Lim 
							
						 
					 
					
						
						
						
						
							
						
						
							50b72dddbc 
							
						 
					 
					
						
						
							
							Fix typo in Javadoc  
						
						... 
						
						
						
						This commit simply fixes typo in Javadoc. 
						
						
					 
					
						2016-10-20 21:07:15 -05:00