Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,321 Commits 34 Branches 334 Tags 114 MiB
Commit Graph

10321 Commits

Author SHA1 Message Date
Evgeniy Cheban 495028eb85 Some Security Expressions cause NPE when used within Query annotation 
Added trustResolver, roleHierarchy, permissionEvaluator, defaultRolePrefix
fields to SecurityEvaluationContextExtension along with setter methods to override defaults.

Closes gh-11196
 2022-05-26 14:35:40 -05:00
Juny Tse 16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:43:50 -06:00
Josh Cummings 53e509f0c6
Remove duplicate check 
Closes gh-11192
 2022-05-23 16:00:15 -06:00
Josh Cummings b51c71c3b3
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 13:56:28 -06:00
Josh Cummings 5adb6e25a3
Correctly encode query parameters 
Issue gh-11235
 2022-05-20 17:46:40 -06:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch 7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Ulrich Grave 9b874bcde2 Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest 
Closes gh-11195
 2022-05-17 16:21:54 -06:00
Rob Winch 538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch 04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Josh Cummings ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban 07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Evgeniy Cheban 3f861f7f20
Polish gh-11188 2022-05-12 16:20:43 -05:00
Marcus Da Coregio 032fdcefdf Point to samples branch 5.8.x 
Closes gh-11203
 2022-05-12 11:16:23 -03:00
Marcus Da Coregio b544159226 Use properties in the checkSamples job 
Issue gh-10344
 2022-05-11 16:12:36 -03:00
Marcus Da Coregio 723648af00 Add initScripts and projectProperties to IncludeCheckRemotePlugin 
Issue gh-10344
 2022-05-11 16:12:36 -03:00
Evgeniy Cheban 9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:05:04 -06:00
Marcus Da Coregio 18c220c870 Update copyright headers 
Issue gh-10956
 2022-05-06 14:26:29 -03:00
Marcus Da Coregio 18345feeed Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:26:29 -03:00
Marcus Da Coregio ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth 57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Josh Cummings 13795cdec1
Polish Relay State Resolver 
Issue gh-11065
 2022-05-05 17:28:30 -06:00
sebastiano 4dfc349914
Allow custom relay state 
Closes gh-11065
 2022-05-05 17:26:39 -06:00
Rob Winch 768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch 6420cf28a9 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:52:22 -05:00
Evgeniy Cheban 66bbfc7a50 @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:17:23 -05:00
Ulrich Grave 3cbb60750d Add Jackson Support for Saml2AuthenticationException 
Closes gh-11169
 2022-05-02 17:41:52 -05:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:13:52 +02:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:43:13 +02:00
nor-ek a3e7e54b70 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:34:44 +02:00
Marcus Da Coregio 23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator 
Issue gh-10908
 2022-04-25 09:42:00 -03:00
Marcus Da Coregio 97acbcc2d0 Exclude duplicate issues from changelog 
Closes gh-11154
 2022-04-20 09:02:55 -03:00
Rob Winch 6c8f64d2bd Next Development Version 2022-04-18 14:55:35 -05:00
Rob Winch e80b3cc5a2 Release 5.7.0-RC1 2022-04-18 14:50:15 -05:00
Rob Winch 8a54cea6f0 Revert to aspectj-plugin-6.4.1 
There appears to be an issue with publication of aspectj plugin, so
this commit reverts to a previous working version.

See https://github.com/freefair/gradle-plugins/issues/511
 2022-04-18 14:03:14 -05:00
Rob Winch 2b858f9371 Use gradlePluginPortal() 2022-04-18 14:02:21 -05:00
Rob Winch f52bf98350 Update org.springframework to 5.3.19 
Closes gh-11152
 2022-04-18 13:38:21 -05:00
Rob Winch e223d23e84 Update org.jetbrains.kotlinx to 1.6.1 
Closes gh-11151
 2022-04-18 13:38:19 -05:00
Rob Winch 6e5b2f23a9 Update org.jetbrains.kotlin to 1.6.20 
Closes gh-11150
 2022-04-18 13:38:17 -05:00
Rob Winch 0803a9e09d Update hibernate-entitymanager to 5.6.8.Final 
Closes gh-11149
 2022-04-18 13:38:14 -05:00
Rob Winch 359137dfae Update org.eclipse.jetty to 9.4.46.v20220331 
Closes gh-11148
 2022-04-18 13:38:12 -05:00
Rob Winch a62bdd15b4 Update org.aspectj to 1.9.9.1 
Closes gh-11147
 2022-04-18 13:38:10 -05:00
Rob Winch 694ceb3fb1 Update io.rsocket to 1.1.2 
Closes gh-11146
 2022-04-18 13:38:08 -05:00
Rob Winch 0989652a33 Update io.projectreactor to 2020.0.18 
Closes gh-11144
 2022-04-18 13:38:03 -05:00
Rob Winch 70aa33b914 Update aspectj-plugin to 6.4.2 
Closes gh-11143
 2022-04-18 13:38:01 -05:00
Rob Winch 8d866f0088 Update com.nimbusds to 9.34 
Closes gh-11142
 2022-04-18 13:37:59 -05:00