spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-31 06:33:29 +00:00

Author	SHA1	Message	Date
Josh Cummings	f3d99f557b	Use SecurityContextHolderStrategy for AuthenticationFilter Issue gh-11060	2022-06-27 16:28:37 -06:00
Josh Cummings	0fee05d023	Use SecurityContextHolderStrategy for AuthenticationFilter Issue gh-11060	2022-06-27 16:26:42 -06:00
Josh Cummings	a7b58c2299	Polish SecurityContextHolderStrategy for Defaults gh-11060	2022-06-27 13:17:44 -06:00
Josh Cummings	772f29e063	Polish SecurityContextHolderStrategy for Defaults gh-11060	2022-06-27 13:00:24 -06:00
Marcus Da Coregio	a8c30f79e6	Add Core, MVC and MethodSecurity runtime hints Closes gh-11431	2022-06-27 09:25:49 -03:00
Alonso Araya Calvo	7841827169	Adds the ability to set the CSRF Token cookie max age value Closes gh-11432	2022-06-24 16:42:32 -06:00
Alonso Araya Calvo	1ac1271972	Adds the ability to set the CSRF Token cookie max age value Closes gh-11432	2022-06-24 16:42:05 -06:00
Rob Winch	d32f74d19d	SecurityContextHolder Deferred SecurityContext Closes gh-10913	2022-06-17 17:03:19 -05:00
Rob Winch	b6d43e58c0	SecurityContextHolder Deferred SecurityContext Closes gh-10913	2022-06-17 16:59:09 -05:00
Rob Winch	d4a03dc2b1	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 15:28:57 -05:00
Rob Winch	29db051f7a	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 14:52:35 -05:00
Rob Winch	591d1edc7d	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 14:52:01 -05:00
Josh Cummings	a31a99b591	Add SecurityContextHolderStrategy to Default Components Issue gh-11060	2022-06-17 11:58:36 -06:00
Josh Cummings	31e25b115e	Add SecurityContextHolderStrategy to Default Components Issue gh-11060	2022-06-17 11:28:10 -06:00
j3graham	29ba67b6d7	Remove dependency on commons-codec by using java.util.Base64 Closes gh-11318	2022-06-09 06:50:01 -06:00
j3graham	f3c96fa9cd	Remove dependency on commons-codec by using java.util.Base64 Closes gh-11318	2022-06-09 06:49:39 -06:00
Zhivko Delchev	e97c5a533b	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:47:35 -05:00
Zhivko Delchev	d882bfcf2b	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:47:14 -05:00
Zhivko Delchev	cf69cdf008	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:46:28 -05:00
Zhivko Delchev	1483a57018	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204	2022-06-06 15:45:55 -05:00
Josh Cummings	57fe5b8b5c	Fix Import Order Checkstyle Error Issue gh-9667	2022-05-23 15:55:21 -06:00
Evgeniy Cheban	5540bbcf0b	createEvaluationContext should defer lookup of Authentication - Added createEvaluationContext method that accepts Supplier<Authentication> - Refactored classes that use EvaluationContext to use lazy initialization of Authentication Closes gh-9667	2022-05-18 17:36:17 -06:00
Evgeniy Cheban	362f15534e	createEvaluationContext should defer lookup of Authentication - Added createEvaluationContext method that accepts Supplier<Authentication> - Refactored classes that use EvaluationContext to use lazy initialization of Authentication Closes gh-9667	2022-05-18 17:34:14 -06:00
Rob Winch	5b0dab5d3e	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:54:16 -05:00
Rob Winch	7d97839235	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:53:29 -05:00
Rob Winch	66d1cd592a	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:04:46 -05:00
Rob Winch	077c9e0b3e	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 08:56:57 -05:00
Rob Winch	e2eed33eca	Add StrictHttpFirewall.allow* new lines and separators Issue gh-11264	2022-05-17 22:24:31 -05:00
Rob Winch	5bf478e72e	Fix Formatting Issue gh-11264	2022-05-17 16:16:02 -05:00
Rob Winch	e0a6a9efa9	StrictHttpFirewall allows CJKV characters Issue gh-11264	2022-05-17 15:53:18 -05:00
Rob Winch	472c25b5e8	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 11:32:01 -05:00
Rob Winch	0df5ece758	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 11:32:01 -05:00
Rob Winch	538252cf07	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:22:30 -05:00
Rob Winch	04ca7ef91b	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:22:30 -05:00
Rob Winch	c6461d61ba	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:18:12 -05:00
Rob Winch	4405cf18f3	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:18:11 -05:00
Rob Winch	70863952ae	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:17:44 -05:00
Rob Winch	af95be34c6	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:17:44 -05:00
Rob Winch	ee28896f42	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:17:26 -05:00
Rob Winch	6b823fb27e	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:17:26 -05:00
Josh Cummings	0814136ee8	Polish WebExpressionAuthorizationManager - Add support for request variables - Added additional tests Issue gh-11105	2022-05-13 14:14:42 -06:00
Evgeniy Cheban	c4766e64fe	Add AuthorizationManager that uses ExpressionHandler Closes gh-11105	2022-05-13 14:05:34 -06:00
Josh Cummings	ffaf5b4e61	Polish WebExpressionAuthorizationManager - Add support for request variables - Added additional tests Issue gh-11105	2022-05-13 13:53:38 -06:00
Evgeniy Cheban	07b0be3f42	Add AuthorizationManager that uses ExpressionHandler Closes gh-11105	2022-05-13 13:52:49 -06:00
Rob Winch	f34ea188e2	RequestRejectedException is 400 by Default Closes gh-7568	2022-05-12 10:32:27 -05:00
Marcus Da Coregio	000b87f9aa	Revert "Use Spring Framework version 6.0.0-M3" This reverts commit b803e845e75da8e8927182dd5cb392bb592d51b6.	2022-05-11 08:36:14 -03:00
Marcus Da Coregio	806e05855c	Replace removed context-related operators Closes gh-11194	2022-05-10 14:58:02 -03:00
Marcus Da Coregio	b803e845e7	Use Spring Framework version 6.0.0-M3 Closes gh-11193	2022-05-10 14:49:02 -03:00
Marcus Da Coregio	ce86f4e4b5	Polish ServerWebExchangeDelegatingServerHttpHeadersWriter Issue gh-11073	2022-05-06 09:51:28 -03:00
David Herberth	57cededd49	Add DelegatingServerHttpHeadersWriter Servlet Spring Security has DelegatingRequestMatcherHeaderWriter the reactive world of Spring Security was missing a class to conditionally write headers. Closes gh-11073	2022-05-06 09:51:28 -03:00

... 3 4 5 6 7 ...

1556 Commits