Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,187 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

10187 Commits

Author SHA1 Message Date
Josh Cummings d22277ce36
Add missing KeyInfo 
Closes gh-11354
 2022-06-09 13:16:50 -06:00
Josh Cummings bd60a0f8c9
Add OpenSamlSigningUtilsTests 
Issue gh-11354
 2022-06-09 13:16:49 -06:00
Zhivko Delchev d882bfcf2b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:14 -05:00
Rob Winch 6c3f53ac0a Fix typo in BasicLookupStrategy Javadoc 
Issue gh-11336
 2022-06-06 14:09:24 -05:00
shirohoo b274431c07 Fix typo in BasicLookupStrategy Javadoc 
Closes gh-11336
 2022-06-06 13:55:43 -05:00
Rob Winch 3d5e5ff556 Enable BackportBot on 5.7.x 2022-06-06 13:54:36 -05:00
sKai.fun a3e996a66b Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 17:33:41 -05:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
Claudio Consolmagno c39d39b35f
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:08:51 -06:00
Josh Cummings 292585080a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:59:06 -06:00
Josh Cummings 8690accd57
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 12:57:57 -06:00
Josh Cummings e3c15260e7
Polish ExtendWith Docs 
Use spring-framework-reference-url placeholder

Issue gh-10934
 2022-05-27 12:57:57 -06:00
nor-ek 9625382b22
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:57:56 -06:00
Evgeniy Cheban 48ef3f4719
Some Security Expressions cause NPE when used within Query annotation 
Added trustResolver, roleHierarchy, permissionEvaluator, defaultRolePrefix
fields to SecurityEvaluationContextExtension.

Closes gh-11196
Closes gh-11289
 2022-05-26 17:43:50 -05:00
Juny Tse d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 12:02:13 -06:00
Rob Winch 4caf53e96d Next Development Version 2022-05-18 10:06:25 -05:00
Rob Winch 22a1c99b9e Release 5.7.1 2022-05-18 10:00:11 -05:00
Rob Winch e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch 5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00
Rob Winch 5155719877 Next Development Version 2022-05-16 11:44:53 -05:00
Rob Winch 3497b0ed68 Release 5.7.0 2022-05-16 11:35:18 -05:00
Josh Cummings 1229b27b87 Improve Upgrading 2022-05-16 11:35:18 -05:00
Rob Winch ee28896f42 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch 6b823fb27e Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch fb3f38fe7b Update org.springframework.data to 2021.2.0 
Closes gh-11228
 2022-05-13 10:29:11 -05:00
Rob Winch 2e37b7a299 Update spring-ldap-core to 2.4.0 
Closes gh-11227
 2022-05-13 10:03:21 -05:00
Rob Winch 7b6ff7794a Update org.springframework to 5.3.20 
Closes gh-11225
 2022-05-13 10:03:17 -05:00
Rob Winch 7659c70e5d Update htmlunit-driver to 2.61.0 
Closes gh-11224
 2022-05-13 10:03:14 -05:00
Rob Winch 771ca55102 Update org.jetbrains.kotlin to 1.6.21 
Closes gh-11223
 2022-05-13 10:03:12 -05:00
Rob Winch 949f95381a Update htmlunit to 2.61.0 
Closes gh-11222
 2022-05-13 10:03:09 -05:00
Rob Winch 410961cd78 Update io.projectreactor to 2020.0.19 
Closes gh-11220
 2022-05-13 10:03:04 -05:00
Rob Winch cc90685770 Update mockk to 1.12.4 
Closes gh-11219
 2022-05-13 10:03:02 -05:00
Rob Winch 59158ed8c0 Update aspectj-plugin to 6.4.3 
Closes gh-11218
 2022-05-13 10:02:59 -05:00
Rob Winch 1a902ab58c Update com.nimbusds to 9.35 
Closes gh-11217
 2022-05-13 10:02:57 -05:00
Evgeniy Cheban e01b1e7f38 Polish gh-11188 2022-05-12 16:19:48 -05:00
Marcus Da Coregio 991d5c8817 Use properties in the checkSamples job 
Issue gh-10344
 2022-05-11 16:13:08 -03:00
Marcus Da Coregio 34f280a5a3 Add initScripts and projectProperties to IncludeCheckRemotePlugin 
Issue gh-10344
 2022-05-11 16:13:07 -03:00
Evgeniy Cheban 89019fb340 Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:03:25 -06:00
Marcus Da Coregio d86ed6f523 Update copyright headers 
Issue gh-10956
 2022-05-06 14:14:16 -03:00
Marcus Da Coregio 1959c25a03 Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:11:37 -03:00
Rob Winch 67830f4111 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:10:07 -05:00
Rob Winch c6eaa05fc5 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:38 -05:00
Rob Winch 7b6fd598d0 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:57:22 -05:00
Evgeniy Cheban 286e95893a @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:19:35 -05:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:13:52 +02:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:43:13 +02:00
nor-ek a3e7e54b70 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:34:44 +02:00