Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-13 05:43:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,606 Commits 38 Branches 348 Tags
Commit Graph

11606 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
565fd28d08 Update to spring-build-conventions:0.0.33.RELEASE 
Closes gh-8759
 2020-06-25 11:26:15 -05:00
Rob Winch
dac7806cf5 Test beforeTestMethod delays creation of SecurityContext 
Issue gh-6591
 2020-06-24 16:40:09 -05:00
Markus Gabriel
97ee6d66f1 Fix SecurityContext creation for TEST_EXECUTION 
Currently, there is support for setting up a SecurityContext after @Before by
using TestExecutionEvent.TEST_EXECUTION. The current implementation, however,
already creates the SecurityContext in @Before and just does not set it yet.
This leads to issues like #6591. For the case of @WithUserDetails, the
creation of the SecurityContext already looks up a user from the repository.
If the user was inserted in @Before, the user is not found despite using
TestExecutionEvent.TEST_EXECUTION. This commit changes the creation of the
SecurityContext to happen after @Before if using
TestExecutionEvent.TEST_EXECUTION.

Closes gh-6591
 2020-06-24 16:40:08 -05:00
Craig Andrews
c71352c548 Validate headers and parameters in StrictHttpFirewall 
Adds methods to configure validation of header names and values and
parameter names and values:
 * setAllowedHeaderNames(Predicate)
 * setAllowedHeaderValues(Predicate)
 * setAllowedParameterNames(Predicate)
 * setAllowedParameterValues(Predicate)

By default, header names, header values, and parameter names that
contain ISO control characters or unassigned unicode characters are
rejected. No parameter value validation is performed by default.

Issue gh-8644
 2020-06-24 14:15:46 -06:00
Dávid Kovács
fa9898dd6d formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:58:39 -05:00
Dávid Kovács
c16db27670 formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:56:07 -05:00
Dávid Kovács
88028d82ed formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:54:32 -05:00
Joe Grandja
659b25a4e5 Fix typo in OAuth2AccessTokenResponse 
Closes gh-8746
 2020-06-22 08:21:59 -04:00
Eleftheria Stein
12d20f99a1 Fix incorrect Javadoc 
Closes gh-8744
 2020-06-22 13:14:34 +02:00
Eleftheria Stein
c854f6b190 Add missing Javadoc 
Closes gh-8743
 2020-06-22 13:13:32 +02:00
Rob Winch
6e0d2f3324 Use reactorVersion 20+ for snapshot tests 2020-06-19 10:41:00 -05:00
Josh Cummings
a344dbdb8c
Use AssertJ 
Issue gh-3384
 2020-06-18 11:54:33 -06:00
Josh Cummings
8cbdcfe756
Document SAML Attribute Support 
Issue gh-8661
 2020-06-18 11:42:49 -06:00
Josh Cummings
360db53dd2
Polish SAML Attribute Support 
Issue gh-8661
 2020-06-18 11:42:49 -06:00
Nikola Kostic
eed33228f4
Add SAML Attribute Support 
Closes gh-8661
 2020-06-18 11:42:48 -06:00
Craig Andrews
efb6953017 Reject the NULL character in paths in StrictHttpFirewall 
Adds `setAllowNull`
By default, denies null in paths
 2020-06-18 10:19:37 -06:00
Rob Winch
406cde8798 Use Spring Snapshots Again 
Closes gh-8712
 2020-06-18 09:32:11 -05:00
Ellie Bahadori
ca63af4a28 Remove Travis pipeline and README badge 2020-06-17 16:07:32 -05:00
Ellie Bahadori
7319e81701 Change pipeline to run for all base branches 
Issue gh-8680
 2020-06-17 16:05:41 -05:00
Josh Cummings
9895d01257
Simplify Multitenancy Example 
Closes gh-8713
 2020-06-17 14:04:58 -06:00
Rob Winch
145bb89394 Use Spring Releases for Now 
Works around https://github.com/spring-projects/spring-framework/issues/25271
 2020-06-17 14:39:48 -05:00
yukihane
c177b391d4
Polish ProviderManagerTests 
- Renamed test to follow naming convention
- Simplified mock with Mockito
- Added note regarding related ticket

Issue gh-8689
 2020-06-16 15:56:04 -06:00
yukihane
5302fb776c
ProviderManager Uses CollectionUtils#contains 
Closes gh-8689
 2020-06-16 15:56:04 -06:00
Ellie Bahadori
27e1c582b9
Merge pull request #8680 from elliedori/github-actions-pr-pipeline 
Set up Github Actions pipeline for PRs
 2020-06-16 11:19:37 -07:00
Eleftheria Stein
224361cb4a Fix typo in Javadoc 2020-06-16 09:38:09 -04:00
Rob Winch
eb351f455b
Use Closes gh-<number> 
We now use Closes because it makes sense for enhancements and bugs
 2020-06-11 15:34:35 -05:00
Ellie Bahadori
e213e6430a Create Github Actions pipeline for PR build workflow 2020-06-11 11:07:34 -07:00
Evgeniy Cheban
bff6d82dd0 DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 17:08:50 -04:00
Evgeniy Cheban
eb90857d6e DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:56:15 -04:00
Evgeniy Cheban
4e7be2078f DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:43:01 -04:00
Rob Winch
ccbad61ae8 Change blacklist to blocklist 
Closes gh-8676
 2020-06-10 11:49:49 -05:00
Rob Winch
ca1252be94 Replace whitelist with allowlist 
Issue gh-8676
 2020-06-10 11:49:21 -05:00
Rob Winch
a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Rob Winch
6fbe58e624 Update RSocket Sample to use RSocket 1.0.1 
Fixes the integration tests from hanging.

Issue gh-8664
 2020-06-10 11:44:10 -05:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja
4c902bb857 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja
674e2c0a8e OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 16:24:00 -04:00
Joe Grandja
11c1236261 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 16:24:00 -04:00
Robin Dupret
bb0fac66d6 Fix a few typos in the documentation 2020-06-09 14:40:39 -05:00
Joe Grandja
38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Joe Grandja
acf56f24a6 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 15:21:07 -04:00
Eleftheria Stein
98467755ad Update to RSocket 1.0.1 
Fixes gh-8664
 2020-06-08 17:18:33 -04:00
Eleftheria Stein
7a7707b899 Revert "Temporarily ignore RSocket integration tests" 
This reverts commit 8dd9cb2b3352285237d1019673400833e8df9700.

Fixes gh-8643
 2020-06-08 16:43:12 -04:00
Eleftheria Stein
0e37c722e2 Revert "Temporarily ignore RSocket integration tests" 
This reverts commit d5eeec0ae693c1fd31b9dd54058ecb72fef7e686.

Fixes gh-8643
 2020-06-08 16:14:34 -04:00
Josh Cummings
1d821a2664
Add Ticket Number to Test 
Issue gh-8650
 2020-06-05 14:24:49 -06:00
Erik Bakker
cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Rob Winch
c71a893e08 Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:55:07 -05:00
Rob Winch
5a5bed49f6 Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:54:26 -05:00
Rob Winch
24a04f9c5f Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:22:19 -05:00
Josh Cummings
8ff3d6606b
Next Development Version 2020-06-03 16:13:07 -06:00