Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 23:10:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,070 Commits 49 Branches 376 Tags
Commit Graph

2280 Commits

Author SHA1 Message Date
Josh Cummings
cedb9fd199
Merge branch '5.8.x' into 6.0.x 
Closes gh-12687
 2023-02-16 14:56:32 -07:00
Josh Cummings
0baf650f38
Merge branch '5.7.x' into 5.8.x 
Closes gh-12686
 2023-02-16 14:55:22 -07:00
Leonid Rozenblyum
000b4bc495 Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter 
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.

In particular, this exception can occur when mixing standard and custom DSL to register filters.

The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.

It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.

The error handling is implemented similarly to HttpSecurity#addFilter.

Closes gh-12637
 2023-02-16 14:54:44 -07:00
Tobias Meurer
7dd5cc6082 Pick Up Custom SecurityContextRespository 
Closes gh-12579
 2023-02-07 12:46:12 -07:00
Marcus Da Coregio
52ed165476 Move classpath checks to class member variable 
Closes gh-11437
 2023-02-07 09:25:06 -03:00
Marcus Da Coregio
3572111cf5 Add JwtDecoder hint for oauth2Login 
Closes gh-12615
 2023-02-03 14:34:32 -03:00
Steve Riesenberg
13487be268
Default to XorCsrfChannelInterceptor in 6.0.x 
Closes gh-12378
 2023-01-26 15:45:04 -06:00
Steve Riesenberg
1363a4eece
Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Josh Cummings
c3563df25a
Include HttpStatusRequestRequestedHandler 
Closes gh-12548
 2023-01-26 14:07:22 -07:00
Josh Cummings
66711f2365
Add RequestRejectedHandler Test 
Issue gh-12548
 2023-01-26 13:07:16 -07:00
Steve Riesenberg
c306df9b46
Add XorCsrfChannelInterceptor 
Issue gh-12378
 2023-01-23 16:00:35 -06:00
Josh Cummings
5b6b3d585f
Change EnableReactiveMethodSecurity Defaults 
Closes gh-12506
 2023-01-10 08:30:52 -07:00
Marcus Da Coregio
7080ea652f Add hints for ProxyFactoryBean AuthenticationManager 
Closes gh-12367
 2022-12-14 10:16:04 -03:00
Marcus Da Coregio
f1698ec188 Fix removed code by merge 2022-12-05 14:57:28 -08:00
Marcus Da Coregio
2fdf762726 Merge branch '5.8.x' into 6.0.x 2022-12-05 14:41:59 -08:00
Marcus Da Coregio
7aaa25b88e Merge branch '5.7.x' into 5.8.x 2022-12-05 14:40:54 -08:00
Marcus Da Coregio
fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Mitja Kotnik
f39f215140 Replace javadoc with SecurityFilterChain bean definition 2022-12-05 14:40:05 -08:00
Guillaume Husta
a5464ed819 Fix typo in DefaultLoginPageConfigurer Javadoc 
'isLogoutRequest' seems to have nothing to do here.
 2022-12-05 14:31:15 -08:00
Marcus Da Coregio
e774bd480b Merge branch '5.7.x' into 5.8.x 
Closes gh-12261
 2022-11-21 10:25:43 -03:00
Marcus Da Coregio
f561d3784e Improve deprecation notice in WebSecurityConfigurerAdapter 
Closes gh-12260
 2022-11-21 10:05:08 -03:00
Steve Riesenberg
dd9f954ace
Fix tests in CsrfConfigurerTests 
Closes gh-12241
 2022-11-18 14:58:41 -06:00
Steve Riesenberg
5da78f44f2
Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository 
Issue gh-12236
 2022-11-18 13:12:59 -06:00
Steve Riesenberg
2ed7cff643
Check for existing token before clearing 
Closes gh-12236
 2022-11-18 13:12:59 -06:00
Josh Cummings
e08ed89403 Polish Span and Meter Names 
Closes gh-12156
 2022-11-17 15:09:52 -07:00
Steve Riesenberg
222f8ae1a5
Merge branch '5.8.x' 2022-11-16 16:54:32 -06:00
Jan Marten
2301e8ca77
Fix Javadoc in EnableWebSocketSecurity 
Add missing method name in EnableWebSocketSecurity JavaDoc code example.
 2022-11-16 16:51:42 -06:00
Josh Cummings
c45cd6ec9f
Defer ObservationRegistry Resolution 
- If Method Security asks for  too early, it is no longer
eligible for post-processing. As such, this commit defers loading it until
the first authorization request.

Issue gh-11990
 2022-11-09 22:07:57 -07:00
Marcus Da Coregio
3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1 
Closes gh-12146
Closes gh-12148
 2022-11-08 08:34:21 -03:00
Marcus Da Coregio
72c25332a5 Fix authenticationFailureHandler customization tests 
Issue gh-12132
 2022-11-03 10:32:38 -03:00
Josh Cummings
fc8e20b89f
Merge branch '5.8.x' 
Closes gh-12133
 2022-11-02 15:49:18 -06:00
Josh Cummings
3192618220
Add authenticationFailureHandler 
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer

Closes gh-12132
 2022-11-02 15:35:01 -06:00
Josh Cummings
983f1d4efb
Merge branch '5.8.x' 
Closes gh-12127
 2022-11-01 18:08:08 -06:00
Josh Cummings
6622e0135a
Merge branch '5.7.x' into 5.8.x 
Closes gh-12126
 2022-11-01 18:06:41 -06:00
Josh Cummings
6efac34ca7
Merge branch '5.6.x' into 5.7.x 
Closes gh-12125
 2022-11-01 18:06:01 -06:00
Koos Gadellaa
5c4362bbc4
Refresh parsers when not found 
Closes gh-3065
 2022-11-01 18:05:15 -06:00
Rob Winch
d860775b45 Document Defer load CsrfToken 
Closes gh-12105
 2022-10-28 15:41:25 -05:00
Josh Cummings
abe68abfe4
Merge remote-tracking branch 'origin/5.8.x' 2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa
bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler 
Closes gh-11363
 2022-10-26 16:44:23 -06:00
Rob Winch
9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository 
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
 2022-10-20 10:57:47 -05:00
Rob Winch
a4858d9eaa Add SpringTestContext.addFilter 
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.

Closes gh-12071
 2022-10-20 10:54:24 -05:00
Steve Riesenberg
33b492df54
Default to DelegatingSecurityContextRepository 
Closes gh-12023
Closes gh-12049
 2022-10-17 20:04:43 -05:00
Steve Riesenberg
bd43c1f28a
Merge branch '5.8.x' 
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
 2022-10-17 19:35:27 -05:00
Steve Riesenberg
c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Steve Riesenberg
819529f5ea
Remove CsrfSpec.tokenFromMultipartDataEnabled 
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled

Closes gh-12020
 2022-10-13 11:29:15 -05:00
Joe Grandja
753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny 
Closes gh-11958
 2022-10-13 11:12:00 -04:00
Steve Riesenberg
2407d07890
Default to Xor CSRF tokens in CsrfWebFilter 
Closes gh-11960
 2022-10-13 09:39:57 -05:00
Steve Riesenberg
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter 
Issue gh-11960
 2022-10-13 09:39:55 -05:00
Josh Cummings
2713075d08
Mark Observations with Firewall Failures 
Closes gh-11994
 2022-10-12 20:32:24 -06:00