Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,226 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

10226 Commits

Author SHA1 Message Date
Josh Cummings dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622 
Closes gh-11693
 2022-08-11 14:20:35 -06:00
Josh Cummings 2eeee99d2e
Update io.projectreactor to 2020.0.22 
Closes gh-11691
 2022-08-11 14:20:28 -06:00
Josh Cummings e8c56420bf
Update mockk to 1.12.5 
Closes gh-11690
 2022-08-11 14:20:24 -06:00
Marcus Da Coregio 6a2ca52aae Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:32:10 -03:00
Rob Winch 269c711a64 RequestAttributeSecurityContextRepository never null SecurityContext 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
 2022-08-08 13:52:56 -05:00
Steve Riesenberg 99f768bab9 Polish HttpSecurity 2022-07-29 17:43:00 -05:00
Steve Riesenberg 984355e637 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:43:00 -05:00
Steve Riesenberg 09173c95d6 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:43:00 -05:00
Steve Riesenberg 24033be046
Skip workflows on forks of spring-security 2022-07-28 15:11:09 -05:00
Steve Riesenberg 47a5665767
Use cache and user.name system property on Windows 2022-07-28 15:11:08 -05:00
Steve Riesenberg aad60cc6af
Only run prerequisites job if on upstream repo 2022-07-28 15:11:07 -05:00
Steve Riesenberg 13e94935ae
Simplify dependency graph 2022-07-28 15:11:06 -05:00
Steve Riesenberg 6c29007fac
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:11:05 -05:00
Steve Riesenberg 6ad567f0fa
Polish gh-11367 2022-07-28 15:11:05 -05:00
naveen 8c634f8a9d
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:11:04 -05:00
Marcus Da Coregio a996dfc55b Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:38:50 -03:00
Rob Winch ad9e737bf2 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 16:25:52 -05:00
Desmond Silveira 06aa3362dd
"Well-Know" should be "Well-Known" 2022-07-26 15:44:41 -05:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:56:41 -03:00
Josh Cummings bced37f6a7
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:41:55 -06:00
Steve Riesenberg fbc5839890
Build only on branches 
Issue gh-11480
 2022-07-18 11:46:47 -05:00
Steve Riesenberg d76c321f8c
Backport release automation and github actions 
Closes gh-11500
 2022-07-13 15:17:03 -05:00
Josh Cummings 37d856dca4
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:38:04 -06:00
Rob Winch c57853e5fa Document sagan Release tasks require read:org scope 
Closes gh-11423
 2022-06-21 14:49:06 -05:00
Joe Grandja 6f275deb55 Next Development Version 2022-06-20 12:37:13 -04:00
Joe Grandja c40f65f5a2 Release 5.7.2 2022-06-20 12:17:25 -04:00
Joe Grandja bca43af9bb Update org.opensaml:opensaml-core4 to 4.1.1 
Closes gh-11410
 2022-06-20 12:08:07 -04:00
Joe Grandja d9b8882fa8 Update spring-ldap-core to 2.4.1 
Closes gh-11409
 2022-06-20 11:52:48 -04:00
Joe Grandja 7358c65a8c Update org.springframework.data to 2021.2.1 
Closes gh-11408
 2022-06-20 11:52:44 -04:00
Joe Grandja e02d5f2dd7 Update org.springframework to 5.3.21 
Closes gh-11407
 2022-06-20 11:52:41 -04:00
Joe Grandja 91a965c6db Update org.jetbrains.kotlinx to 1.6.3 
Closes gh-11406
 2022-06-20 11:52:37 -04:00
Joe Grandja 0e88064942 Update hibernate-entitymanager to 5.6.9.Final 
Closes gh-11405
 2022-06-20 11:52:35 -04:00
Joe Grandja 641b9ef83b Update io.projectreactor to 2020.0.20 
Closes gh-11403
 2022-06-20 11:52:30 -04:00
Joe Grandja 6f43d234dc Update aspectj-plugin to 6.4.3.1 
Closes gh-11402
 2022-06-20 11:52:27 -04:00
Joe Grandja d7819ea4da Update jackson-bom to 2.13.3 
Closes gh-11399
 2022-06-20 11:52:17 -04:00
Joe Grandja 37ee70ae86 Add dependency update exclusion for spring-javaformat-checkstyle 2022-06-20 11:16:37 -04:00
Joe Grandja 8ea37360ac Add dependency exclusion rules 2022-06-20 10:03:29 -04:00
Rob Winch 29db051f7a Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:35 -05:00
Josh Cummings f035c30edb
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:12:13 -06:00
Josh Cummings d22277ce36
Add missing KeyInfo 
Closes gh-11354
 2022-06-09 13:16:50 -06:00
Josh Cummings bd60a0f8c9
Add OpenSamlSigningUtilsTests 
Issue gh-11354
 2022-06-09 13:16:49 -06:00
Zhivko Delchev d882bfcf2b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:14 -05:00
Rob Winch 6c3f53ac0a Fix typo in BasicLookupStrategy Javadoc 
Issue gh-11336
 2022-06-06 14:09:24 -05:00
shirohoo b274431c07 Fix typo in BasicLookupStrategy Javadoc 
Closes gh-11336
 2022-06-06 13:55:43 -05:00
Rob Winch 3d5e5ff556 Enable BackportBot on 5.7.x 2022-06-06 13:54:36 -05:00
sKai.fun a3e996a66b Fix title render issue of Digest Authentication document 
Closes gh-11272
 2022-06-01 17:33:41 -05:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
Claudio Consolmagno c39d39b35f
Use 'md:' prefix in EntityDescriptor XML 
Create the EntityDescriptor object with
EntityDescriptor.DEFAULT_ELEMENT_NAME instead of
EntityDescriptor.ELEMENT_QNAME. That ensures the EntityDescriptor tag
is marshalled to xml with the 'md:' prefix, consistent with all other
metadata tags.

Closes #11283
 2022-05-31 17:08:51 -06:00
Josh Cummings 292585080a
Correct access(String) reference 
Closes gh-11280
 2022-05-27 14:59:06 -06:00
Josh Cummings 8690accd57
Improve ContextConfiguration Docs 
Point to updated Spring Reference

Issue gh-10934
 2022-05-27 12:57:57 -06:00