Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,658 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

12658 Commits

Author SHA1 Message Date
Josh Cummings b4d13e7726
Polish use-authorization-manager 
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together

Issue gh-11305
 2022-10-05 22:21:09 -06:00
Josh Cummings 7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests 
Issue gh-11665
 2022-10-05 22:18:41 -06:00
Josh Cummings f16d47c7b5
Polish DefaultHttpSecurityExpressionHandler 
Issue gh-11105
 2022-10-05 21:47:14 -06:00
Josh Cummings eeb28e4f91
Merge remote-tracking branch 'origin/5.8.x' 2022-10-05 21:45:26 -06:00
Josh Cummings 4ddec07d0e
Add default AuthorizationManager 
Closes gh-11963
 2022-10-05 21:37:41 -06:00
Steve Riesenberg ee9449dbfe
Fix tests for deferred CSRF tokens 
Issue gh-4001
 2022-10-05 16:10:36 -05:00
Steve Riesenberg 521cdfd738
Use correct servlet imports 
Issue gh-4001
 2022-10-05 16:10:35 -05:00
Steve Riesenberg 8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg 6bbf20be93
Fix failing tests 
Issue gh-11952
 2022-10-05 14:19:40 -05:00
Rob Winch 22cbd2c42e Merge branch '5.8.x' 
Closes gh-11957
 2022-10-05 14:00:13 -05:00
Rob Winch a5cc1f0b60 Merge branch '5.7.x' into 5.8.x 
Closes gh-11956
 2022-10-05 13:58:44 -05:00
Rob Winch 37dd896d4b Merge branch '5.6.x' into 5.7.x 
Closes gh-11955
 2022-10-05 13:57:25 -05:00
Dan Allen e0843aabb1 automatically manage docs version (with collector) 2022-10-05 13:56:22 -05:00
Steve Riesenberg 19fb7e5499
Merge branch '5.8.x' 
Merged using the ours strategy.
 2022-10-05 13:48:35 -05:00
Steve Riesenberg c1fcf275d9
Update What's New for 5.8 
Issue gh-11952
 2022-10-05 13:48:18 -05:00
Steve Riesenberg a7000a053b
Merge branch '5.8.x' 2022-10-05 13:46:26 -05:00
Steve Riesenberg 1d706ae13d
Add csrfTokenRequestResolver to CsrfDsl 
Closes gh-11952
 2022-10-05 13:35:23 -05:00
Marcus Da Coregio c2ed65c67a Fix failing tests 
Issue gh-9159
 2022-10-05 14:59:33 -03:00
Marcus Da Coregio 22ba358e57 Merge branch '5.8.x' 2022-10-05 13:44:54 -03:00
Marcus Da Coregio bf6e85ec15 Accept String varargs in securityMatcher 
Issue gh-9159
 2022-10-05 13:44:08 -03:00
Marcus Da Coregio 38a7bbd2eb Merge branch '5.8.x' 2022-10-05 13:20:12 -03:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Marcus Da Coregio 76d7a85bc0 Use modified classpath test support for tests that depend on the classpath 
Issue gh-11347
 2022-10-04 15:32:19 -03:00
Marcus Da Coregio 77dcc691b3 Add modified classpath test support 
Closes gh-11951
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio 5002199be3 Revert "Disable tests that need Spring MVC mocked in classpath" 
This reverts commit c6978fba7c.
 2022-10-04 15:32:18 -03:00
Marcus Da Coregio 35f7e46d05 Remove WebSecurityConfigurerAdapter 
Closes gh-10902
 2022-10-04 15:13:04 -03:00
Steve Riesenberg a10b0f526f
Merge branch 'main' 2022-10-04 12:01:57 -05:00
Marcus Da Coregio 60181e22d3 Upgrade com.unboundid:unboundid-ldapsdk to 6.0.6 
Closes gh-10210
 2022-10-04 13:39:42 -03:00
Steve Riesenberg 3bc76815c2
Update csrf.request-handler-ref in 6.0 
Issue gh-11918
 2022-10-04 11:24:54 -05:00
Steve Riesenberg 5de6da890b
Merge branch '5.8.x' 
Closes gh-dry-run
 2022-10-04 11:18:00 -05:00
Marcus Da Coregio c6978fba7c Disable tests that need Spring MVC mocked in classpath 
Issue gh-11347
 2022-10-04 08:56:06 -03:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Steve Riesenberg c847efd3fd
Fix servlet import 
Issue gh-11347
Issue gh-9159
 2022-10-03 15:10:56 -05:00
Steve Riesenberg c98de7af2f
Add xss-protection.header-value in 6.0 
Issue gh-9631
 2022-10-03 14:31:04 -05:00
Steve Riesenberg 7c3cc1e386
Merge branch '5.8.x' 2022-10-03 14:29:51 -05:00
Daniel Garnier-Moiroux 0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio ad2abd39dc Merge branch '5.8.x' 
Closes gh-11347 in 6.0.x
Closes gh-11945
 2022-10-03 16:02:18 -03:00
Marcus Da Coregio 039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Steve Riesenberg ea777a3d7b
Merge branch '5.8.x' 
Merged using the ours strategy.
 2022-10-03 10:05:57 -05:00
Daniel Garnier-Moiroux bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg d9a682a414
Polish gh-11896 2022-10-03 10:00:43 -05:00
Steve Riesenberg bf9339d88e
Merge branch '5.8.x' 2022-10-03 09:57:40 -05:00
Steve Riesenberg 7f9600ae08
Polish gh-11896 2022-10-03 09:57:08 -05:00
Marcus Da Coregio 5f2744db33 Merge branch '5.8.x' 
Closes gh-11937
 2022-10-03 11:43:22 -03:00
Marcus Da Coregio 64a19de4dc Deprecate HPKP security header 
Closes gh-10144
 2022-10-03 11:36:19 -03:00
Marcus Da Coregio 80f6bdf50b Merge branch '5.8.x' 2022-10-03 10:10:36 -03:00
Marcus Da Coregio 7be2eb05d5 Merge branch '5.7.x' into 5.8.x 2022-10-03 10:10:06 -03:00
Marcus Da Coregio cd4ddde779 Merge branch '5.6.x' into 5.7.x 2022-10-03 10:09:42 -03:00
Daniel Garnier-Moiroux 26bb60c567 Add rncToXsd task description to CONTRIBUTING.adoc 2022-10-03 10:09:27 -03:00