Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,121 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

10121 Commits

Author SHA1 Message Date
Hiroshi Shirosaki 809ff883b0 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 14:29:18 -07:00
Steve Riesenberg 898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg 9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Jonas Erbe 82426e20e1 Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:02:02 -07:00
Eleftheria Stein 4f8c1b34af Polish LDAP serialization 
Closes gh-9263
 2021-11-29 17:59:24 +01:00
Markus Heiden 7cfd415cb5 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 17:49:57 +01:00
Steve Riesenberg 74e3abc992 Polish gh-10081 2021-11-23 15:52:45 -06:00
Jonas Dittrich 86193b9540 Add ObjectIdentityGenerator customization to JdbcAclService 
Providing the possibility to change, how ObjectIdentitys are created inside the BasicLookupStrategy,JdbcAclService

There was a problem with hard coded object identity creation inside the BasicLookupStrategy and the JdbcAclService. It was overkill to overwrite
these classes only for changing this, so introducing an ObjectIdentityGenerator seems the be the better solution here. At default, the standard
ObjectIdentityRetrievalStrategyImpl is used, but can be customized due to setters.

Closes gh-10079
 2021-11-23 15:52:45 -06:00
Henning Poettker 04161b9288 Fix return type for NoOpPasswordEncoder bean in documentation 2021-11-23 10:38:04 -03:00
Lars Grefer 0541341201 Remove usages of Gradle's jcenter() repository 
Closes gh-10253
 2021-11-22 08:42:40 -03:00
Lars Grefer 5c012dc7eb Fix Gradle Deprecation Warnings 2021-11-22 08:42:40 -03:00
Josh Cummings ba5a68ec63 Polish LdapAuthenticationPopulator Support 
PR gh-9276
 2021-11-19 12:19:43 -07:00
Filip Hanik ae08608011 LdapAuthoritiesPopulator should be postProcessed 
To enable customizations through withObjectPostProcessor
 2021-11-19 12:03:44 -07:00
Josh Cummings 4374905801 Establish new Package Tangle Baseline 
Ran ./gradlew check && ./gradlew s101 -Ps101.label=baseline

Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak 4bc55769a3 Import cleanup 
Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak 4f186f2c1f Move Dsl files to annotation Package 
Closes gh-10333
 2021-11-19 11:46:08 -07:00
Jerome Prinet 0d8450a725 Bump up Gradle enterprise plugin to 3.7.2 2021-11-19 14:05:34 -03:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Dávid Kováč 862122a267 Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 08:13:12 +01:00
Josh Cummings 2dac210cac Polish AuthRequestConverter Sample Doc 
Issue gh-10364
 2021-11-18 13:32:36 -07:00
Norbert Nowak 9316241c01 Fix AuthnRequestConverter Sample Typos 
Closes gh-10364
 2021-11-18 13:24:59 -07:00
Jeff Maxwell 879b2d089f Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:29:23 -07:00
Jeff Maxwell 5913501e1a #10505 Fix jwtDecoder 
Fixed jwtDecoder(JWTProcessor jwtProcessor, OAuth2TokenValidator<Jwt> jwtValidator)
 2021-11-16 14:05:43 -07:00
Khaled Hamlaoui 498636e26b Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler 
Closes gh-10425
 2021-11-16 14:52:08 -06:00
Rob Winch bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
« Christophe e85958f65c Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:25:03 -06:00
Rob Winch 0aa75e04b7 Fix imports for ChannelSecurityConfigurerTests 
gh-7997
 2021-11-16 14:07:53 -06:00
Stephane Nicoll 2e4c6c3bf1 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:29 -06:00
Onur Kagan Ozcan ef25304a30 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:34 -06:00
Rob Winch 625c7d6473 Rename prefix/suffix in DelegatingPasswordEncoder 
Issue gh-10273
 2021-11-16 13:29:49 -06:00
heowc 912c762e12 Support for changing prefix and suffix in `DelegatingPasswordEncoder` 
Closes gh-10273
 2021-11-16 13:28:23 -06:00
Lars Grefer 10ac6dc761 Update aspectj-plugin to 6.3.0 
Version 6.3.0 aligns with the used Gradle 7.3
 2021-11-16 12:52:07 -06:00
Rob Winch e398fbf2a7 Include 5.6.0 Release in docs 2021-11-15 16:37:47 -06:00
Josh Cummings 7236f2c5f2 Added authorizeHttpRequests Docs 
Closes gh-10442
 2021-11-15 15:35:23 -07:00
Joe Grandja eceb9ed479 Polish gh-10479 2021-11-12 15:08:11 -05:00
Rob Winch 939a5581f2 Antora remove unnecessary logging 2021-11-11 16:07:43 -06:00
Rob Winch 3c39761ca1 Add --stacktrace Antora argument 2021-11-11 16:01:17 -06:00
Rob Winch 0f0be0b326 Remove old local-antora-playbook.yml 2021-11-11 16:01:17 -06:00
Rob Winch c93595969e Add Spring Security 5.6.0-RC1 2021-11-11 16:01:17 -06:00
Steve Riesenberg a3e658872c Update What's New for 5.6 2021-11-11 15:20:19 -06:00
Steve Riesenberg 9887b282ce Polish gh-10479 2021-11-11 14:05:55 -06:00
Rob Winch cba5d3239e Fix versions 2021-11-11 13:38:48 -06:00
Rob Winch 4f88bb8e5f Antora Playbook 2021-11-11 13:37:08 -06:00
Steve Riesenberg ab794bf67a Consistency update for servlet docs 2021-11-11 10:41:12 -06:00
Steve Riesenberg 83f76fa1f6 Separate OAuth 2.0 Client Reactive Docs 
Related gh-10367
 2021-11-11 10:41:12 -06:00
Steve Riesenberg 0c12aeb7a1 Revamp OAuth 2.0 Login Reactive documentation 
Related gh-8174
 2021-11-11 10:41:12 -06:00
Josh Cummings 2a6e00ceb0 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:33:03 -07:00
Josh Cummings 09a14bf8a0 Port Missing Integration Docs 
Closes gh-10465
 2021-11-10 16:08:57 -07:00