Added an implementation of HeaderWriter for Clear-Site-Data HTTP
response header as welll as an implementation of LogoutHanlder
that accepts an implementation of HeaderWriter to write headers.
- Added ClearSiteDataHeaderWriter and HeaderWriterLogoutHandler
that implements HeaderWriter and LogoutHandler respectively
- Added unit tests for both implementations's behaviours
- Integration tests for HeaderWriterLogoutHandler that uses
ClearSiteDataHeaderWriter
- Updated the documentation to include link to
HeaderWriterLogoutHandler
Fixes gh-4187
In the Java config tests, there is a simplified way to configure
Spring, and that is with SpringTestRule.
Also, test names typically follow the when-then convention.
Issue: gh-6501
1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests
Fixes: gh-6423
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security
Fixes: gh-6312
When using AssertJ, it's easy to commit the following error
assertThat(some boolean condition)
The above actually does nothing. It at least needs to be
assertThat(some boolean condition).isTrue()
This commit refines some assertions that were missing a verify
condition.
Also, one Javadoc was just a little bit confusing, so this
clarifies it.
Issue: gh-6259
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.
Fixes: gh-6259
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned
Fixes: gh-6270
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder
Fixes: gh-5934
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order
Fixes: gh-6138
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.
Fixes gh-6037
Rafiullah Hamedy
Josh Cummings
Ankur Pathak
Joe Grandja
Nick Bromfield
Mohammad Sadeq Dousti
Johnny Lim
Farooq Khan
Rafael Dominguez
Robbie Martinus
ir73
Dongmin Shin
Daniel Bustamante Ospina
Eric Deandrea
Karl Goffin
Erik van Paassen
Bob Maertz
Brian Demers