Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,512 Commits 34 Branches 337 Tags
Commit Graph

8512 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steve Riesenberg
d3a3c36ad3 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 16:14:35 -05:00
Rob Winch
c9a8419e22 Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 20:12:15 -04:00
Craig Andrews
ecb4a5749a HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 20:12:00 -04:00
Rob Winch
362855b8b8 docs.af.pivotal.io->docs-ip.spring.io 
The build conventions plugin does not support a property, so we must
override the configuration for docs.host to docs-ip.spring.io

Closes gh-9686
 2021-04-27 10:26:51 -05:00
Rob Winch
0a56dc4ef5 docs.af.pivotal.io->docs-ip.spring.io 
Closes gh-9686
 2021-04-27 09:54:05 -05:00
Joe Grandja
99db0ca2c5 WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 10:05:06 -04:00
Craig Andrews
ab34c0308c
Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled

Issue gh-9648
 2021-04-16 10:57:53 -06:00
Rob Winch
adf3e94c9f Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 21:18:51 -05:00
Denis Washington
521706d496 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 06:41:52 -04:00
Eleftheria Stein
ea19b31133 Next development version 2021-04-12 19:00:02 +02:00
Eleftheria Stein
46fdb250dc Release 5.2.10.RELEASE 5.2.10.RELEASE 2021-04-12 18:17:48 +02:00
Eleftheria Stein
b500b3ea69 Update to OpenSAML 3.4.6 
Closes gh-9607
 2021-04-12 10:55:05 +02:00
Eleftheria Stein
59171434d5 Update to hibernate-entitymanager 5.4.30.Final 
Closes gh-9606
 2021-04-12 10:54:38 +02:00
Eleftheria Stein
5d18dd6d7d Update to Groovy 2.4.21 
Closes gh-9605
 2021-04-12 10:54:17 +02:00
Eleftheria Stein
41b0e51dbb Update to embedded Apache Tomcat 9.0.45 
Closes gh-9604
 2021-04-12 10:53:38 +02:00
Eleftheria Stein
310c1148ce Update blockhound to 1.0.6.RELEASE 
Closes gh-9603
 2021-04-12 10:53:11 +02:00
Eleftheria Stein
93defb2ff2 Update to RSocket 1.0.4 
Closes gh-9602
 2021-04-12 10:52:33 +02:00
Eleftheria Stein
fb7efffad3 Update to Spring Data Moore-SR13 
Closes gh-9601
 2021-04-12 10:52:09 +02:00
Eleftheria Stein
6db79b70e6 Update to Spring Framework 5.2.13.RELEASE 
Close gh-9600
 2021-04-12 10:51:41 +02:00
Eleftheria Stein
78a618c260 Update to Reactor Dysprosium-SR18 
Closes gh-9599
 2021-04-12 10:51:11 +02:00
Eleftheria Stein
cfc5256fad Update to GAE 1.9.88 
Closes gh-9608
 2021-04-12 10:50:46 +02:00
Eleftheria Stein
289b11b873 Update to nohttp 0.0.6.RELEASE 
Closes gh-9609
 2021-04-12 10:50:22 +02:00
佚名
8dc702c80f
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>

Closes gh-9561
 2021-04-09 21:57:14 -06:00
Josh Cummings
bd0247adef
Next Development Version 2021-02-11 12:22:42 -07:00
Josh Cummings
974156d5fb
Release 5.2.9.RELEASE 5.2.9.RELEASE 2021-02-11 10:37:22 -07:00
Rob Winch
e2121532a2
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 09:38:04 -07:00
Rob Winch
7cab7b06c5
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 09:38:04 -07:00
Josh Cummings
f60daa5152
Update to GAE 1.9.86 
Closes gh-9442
 2021-02-11 09:31:37 -07:00
Josh Cummings
f63b770ec5
Update to Tomcat 9.0.43 
Closes gh-9441
 2021-02-11 09:31:30 -07:00
Josh Cummings
44bb975f82
Update to Jetty 9.4.36.v20210114 
Closes gh-9440
 2021-02-11 09:31:25 -07:00
Josh Cummings
3cb6b3e5d6
Update to hibernate-validator 6.1.7.Final 
Closes gh-9439
 2021-02-11 09:31:20 -07:00
Josh Cummings
db07cea579
Update to hibernate-entitymanager 5.4.28.Final 
Closes gh-9438
 2021-02-11 09:31:15 -07:00
Josh Cummings
0fb60c3aa7
Update to thymeleaf-spring5 3.0.12 
Closes gh-9437
 2021-02-11 09:31:11 -07:00
Josh Cummings
31cb29cb2d
Update to Spring Data Moore-SR12 
Closes gh-9436
 2021-02-11 09:31:03 -07:00
Josh Cummings
46bfc00db2
Update to Reactor Dysprosium-SR16 
Closes gh-9435
 2021-02-11 09:30:57 -07:00
Josh Cummings
987b14d1d4
Update to Spring Framework 5.2.12.RELEASE 
Closes gh-9434
 2021-02-11 09:30:52 -07:00
Josh Cummings
1f19ee04e1
Update to Spring Boot 2.2.13.RELEASE 
Closes gh-9433
 2021-02-11 09:30:39 -07:00
Josh Cummings
005eca7bd9
Fix Test Configuration 
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable

Closes gh-9421
 2021-02-10 11:37:32 -07:00
Josh Cummings
68ac3ef36b
Polish Tests 
Issue gh-9331
 2021-02-03 09:34:20 -07:00
happier233
7a5c34ca57
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:34:13 -07:00
Joe Grandja
542c625d7d Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-02 04:43:29 -05:00
Rob Winch
4de2dbb4cd Update to spring-build-conventions:0.0.23.1.RELEASE 
Fixes use of repo.spring.io
 2021-01-26 11:11:05 -06:00
Benjamin Faal
98399c920a Make user info response status check error only 
Closes gh-9336
 2021-01-25 11:10:03 -05:00
Josh Cummings
52ad49074d
Migrate SAML 2.0 Tests and Docs to PCFOne 
Issue gh-9362
 2021-01-25 08:32:17 -07:00
Josh Cummings
6df5dc4ecf
Migrate SAML 2.0 Samples to PCFOne 
Closes gh-9362
 2021-01-22 13:51:46 -07:00
Josh Cummings
32acb04efe
Fix SAML 2.0 Javaconfig Sample 
Issue gh-9362
 2021-01-22 13:51:37 -07:00
Eleftheria Stein
57dfbeecbb Provide artifactoryUsername/Password in docs and schema jobs 2021-01-22 16:07:17 +01:00
Rob Winch
1181740f79 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:18:25 -06:00
Rob Winch
628ea00ad4 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:31:26 -06:00
Josh Cummings
6dc22835fd
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:12:17 -07:00