Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-13 13:53:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,606 Commits 38 Branches 348 Tags
Commit Graph

11606 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Evgeniy Cheban
0fa339f75b Allow port=0 for ApacheDSContainer 
Fixes gh-8144
 2020-05-21 16:14:01 -05:00
justmehyp
774ea6980b Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.

Closes gh-8553
 2020-05-21 11:21:24 -05:00
justmehyp
5bcfaaf94d Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.

Closes gh-8553
 2020-05-21 11:19:28 -05:00
justmehyp
06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
 2020-05-21 11:19:03 -05:00
Mazharul Islam
e1f01c6d77 mentioning the default strength of BCryptPasswordEncoder 
Fixes gh-8542
 2020-05-21 11:16:12 -05:00
Mazharul Islam
bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft
c1f737c842 Polish JDBC Authentication Doc 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager

Fixes gh-8550
 2020-05-21 11:10:06 -05:00
Thomas Turrell-Croft
014df98ebb Polish 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
 2020-05-21 11:09:31 -05:00
Maksim Vinogradov
279ddbe223 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 10:07:54 -05:00
Maksim Vinogradov
892f2f8843 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 10:07:20 -05:00
Maksim Vinogradov
4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 09:53:35 -05:00
Astushi Yoshikawa
f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch
dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00
Andreas Volkmann
5eeeac8e51 Update index.adoc 2020-05-20 08:02:50 -05:00
Andreas Volkmann
16b0a268d9 Update index.adoc 2020-05-20 08:01:56 -05:00
Josh Cummings
9a72654b8d
Update to jQuery 3.5.1 
Fixes gh-8557
 2020-05-19 13:02:04 -06:00
Josh Cummings
c519d726ed
Polish hellojs Sample 
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password

Fixes gh-8555
Fixes gh-8556
 2020-05-19 13:02:04 -06:00
Josh Cummings
b04b34ba85
Fix Logout in OpenID Sample 
Fixes gh-8554
 2020-05-19 13:02:04 -06:00
Dávid Kovács
eaaee899fc Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:45:23 -05:00
Dávid Kovács
8399375a86 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:44:57 -05:00
Dávid Kovács
4ab9da1c53 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:43:00 -05:00
Josh Cummings
51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings
8e7c4c143c
Add TestSaml2AuthenticationRequestContexts 
Issue gh-8552
 2020-05-18 21:08:03 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Josh Cummings
7c7934c052
Remove Extra TestSaml2X509Credentials 
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
 2020-05-18 10:08:27 -06:00
cbornet
21c1d98f64 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:06:45 -05:00
cbornet
b6efd5ba76 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:05:50 -05:00
cbornet
bfb401eeed Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:04:54 -05:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Rob Winch
e945b3414a Try Reactor BUILD-SNAPSHOTs 
Issue gh-8531
 2020-05-15 13:51:49 -05:00
Rob Winch
bf88065002 Try Reactor SNAPSHOTs 
Trying to determine if this is related to reactor/reactor-core#2152

Issue gh-8531
 2020-05-15 13:45:41 -05:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Artyom Tarynin
9f33ce312a Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-14 10:05:52 -04:00
Artyom Tarynin
9e665388d2 Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-13 17:07:45 -04:00
Dávid Kovács
e382c269ef Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:56:04 -05:00
Dávid Kovács
d6f827c50d Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:56 -05:00
Dávid Kovács
db4ca1f756 Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:13 -05:00
Rob Winch
ce7c501f9c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:24:47 -05:00
Rob Winch
0f13c5e44d AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:23:07 -05:00
Rob Winch
bd93616567 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-12 13:18:01 -05:00
Rob Winch
bb05603b3c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:07:24 -05:00
Rob Winch
e5d2aaf6fe
Deprecate OpenID 2.0 support 
Deprecate OpenID 2.0 support
 2020-05-12 09:37:56 -05:00
Mathieu Ouellet
cd08102b93 Add debug logging 
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
 2020-05-12 09:03:24 -05:00
Rob Winch
06a02ed4bb Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:28:40 -05:00
Rob Winch
8d447633f4 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:20:27 -05:00
Rob Winch
4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed 
Issue gh-8149
 2020-05-11 17:20:16 -05:00
Parikshit Dutta
0f92415395 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8149
 2020-05-11 17:19:57 -05:00
Artyom Tarynin
6db514a4e2 Update AntPathRequestMatcher.java 
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
 2020-05-11 17:11:22 -04:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00