Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-24 11:13:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,811 Commits 58 Branches 351 Tags
Commit Graph

9811 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f3436f25fb Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 14:01:04 -04:00
Craig Andrews
e447a35cf2 HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 14:00:53 -04:00
Rob Winch
362855b8b8 docs.af.pivotal.io->docs-ip.spring.io 
The build conventions plugin does not support a property, so we must
override the configuration for docs.host to docs-ip.spring.io

Closes gh-9686
 2021-04-27 10:26:51 -05:00
Rob Winch
0a56dc4ef5 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:54:05 -05:00
Rob Winch
b1c021ec56 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:52:20 -05:00
Rob Winch
4a2f493be0 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:30:41 -05:00
kevin
8ab7a27a20
Release ByteBuf 
Closes gh-9661
 2021-04-26 13:38:00 -06:00
kevin
ec46ce08c9
Release ByteBuf 
Closes gh-9661
 2021-04-26 13:22:06 -06:00
Josh Cummings
2c625f30e0
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:28:25 -06:00
Joe Grandja
99db0ca2c5 WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 10:05:06 -04:00
Joe Grandja
c8b6dc390d WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 09:42:08 -04:00
Joe Grandja
6725b1324a WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 09:09:42 -04:00
Craig Andrews
ab34c0308c
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:57:53 -06:00
Craig Andrews
a85ce9c91f
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:54:10 -06:00
Craig Andrews
b97e93a486
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:37:48 -06:00
Rob Winch
adf3e94c9f Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 21:18:51 -05:00
Rob Winch
6c5e92fb0b Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 21:01:09 -05:00
Rob Winch
26788a7309 Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 17:49:33 -05:00
Denis Washington
521706d496 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 06:41:52 -04:00
Denis Washington
d3af4f7354 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 06:16:43 -04:00
Denis Washington
67d5520194 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 05:36:57 -04:00
Joe Grandja
a5117506a5 Next Development Version 2021-04-12 14:43:21 -04:00
Joe Grandja
26c6570b10 Revert "Lock Dependencies" 
This reverts commit b3250c06a922f74c8d77589b3c9a5768fe345f8c.
 2021-04-12 14:42:38 -04:00
Joe Grandja
dd4e8eb36f Release 5.3.9.RELEASE 5.3.9.RELEASE 2021-04-12 14:24:06 -04:00
Joe Grandja
b3250c06a9 Lock Dependencies 2021-04-12 14:19:19 -04:00
Joe Grandja
aa0edfa1c7 Update to Spring Boot 2.2.13 
Closes gh-9614
 2021-04-12 14:19:01 -04:00
Joe Grandja
c381503f7b Next Development Version 2021-04-12 13:47:56 -04:00
Joe Grandja
8850ccb1c6 Revert "Lock Dependencies" 
This reverts commit 924ceac681eae11cabdf1af1d37ff4550b9d350d.
 2021-04-12 13:47:04 -04:00
Joe Grandja
321e6a8742 Release 5.4.6 5.4.6 2021-04-12 13:36:39 -04:00
Joe Grandja
924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
Joe Grandja
951cb844dd Update to Spring Boot 2.4.4 2021-04-12 13:36:28 -04:00
Eleftheria Stein
ea19b31133 Next development version 2021-04-12 19:00:02 +02:00
Eleftheria Stein
46fdb250dc Release 5.2.10.RELEASE 5.2.10.RELEASE 2021-04-12 18:17:48 +02:00
Eleftheria Stein
b500b3ea69 Update to OpenSAML 3.4.6 
Closes gh-9607
 2021-04-12 10:55:05 +02:00
Eleftheria Stein
59171434d5 Update to hibernate-entitymanager 5.4.30.Final 
Closes gh-9606
 2021-04-12 10:54:38 +02:00
Eleftheria Stein
5d18dd6d7d Update to Groovy 2.4.21 
Closes gh-9605
 2021-04-12 10:54:17 +02:00
Eleftheria Stein
41b0e51dbb Update to embedded Apache Tomcat 9.0.45 
Closes gh-9604
 2021-04-12 10:53:38 +02:00
Eleftheria Stein
310c1148ce Update blockhound to 1.0.6.RELEASE 
Closes gh-9603
 2021-04-12 10:53:11 +02:00
Eleftheria Stein
93defb2ff2 Update to RSocket 1.0.4 
Closes gh-9602
 2021-04-12 10:52:33 +02:00
Eleftheria Stein
fb7efffad3 Update to Spring Data Moore-SR13 
Closes gh-9601
 2021-04-12 10:52:09 +02:00
Eleftheria Stein
6db79b70e6 Update to Spring Framework 5.2.13.RELEASE 
Close gh-9600
 2021-04-12 10:51:41 +02:00
Eleftheria Stein
78a618c260 Update to Reactor Dysprosium-SR18 
Closes gh-9599
 2021-04-12 10:51:11 +02:00
Eleftheria Stein
cfc5256fad Update to GAE 1.9.88 
Closes gh-9608
 2021-04-12 10:50:46 +02:00
Eleftheria Stein
289b11b873 Update to nohttp 0.0.6.RELEASE 
Closes gh-9609
 2021-04-12 10:50:22 +02:00
佚名
8dc702c80f
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:57:14 -06:00
佚名
22d7043d01
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:55:30 -06:00
佚名
9570d0cada
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:47:11 -06:00
Eleftheria Stein
e7ee70384d Consider Order on SecurityFilterChain bean definitions 
Closes gh-9154
 2021-03-24 11:08:49 +02:00
Josh Cummings
d192b3eb91
Next Development Version 2021-02-17 16:00:33 -07:00
Josh Cummings
71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264e95f670503c63d6501eb5cc0aa4966.
 2021-02-17 15:59:48 -07:00