c2ed65c67a
Fix failing tests
...
Issue gh-9159
2022-10-05 14:59:33 -03:00
22ba358e57
Merge branch '5.8.x'
2022-10-05 13:44:54 -03:00
bf6e85ec15
Accept String varargs in securityMatcher
...
Issue gh-9159
2022-10-05 13:44:08 -03:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
76d7a85bc0
Use modified classpath test support for tests that depend on the classpath
...
Issue gh-11347
2022-10-04 15:32:19 -03:00
77dcc691b3
Add modified classpath test support
...
Closes gh-11951
2022-10-04 15:32:18 -03:00
5002199be3
Revert "Disable tests that need Spring MVC mocked in classpath"
...
This reverts commit c6978fba7c
2022-10-04 15:32:18 -03:00
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
a10b0f526f
Merge branch 'main'
2022-10-04 12:01:57 -05:00
60181e22d3
Upgrade com.unboundid:unboundid-ldapsdk to 6.0.6
...
Closes gh-10210
2022-10-04 13:39:42 -03:00
3bc76815c2
Update csrf.request-handler-ref in 6.0
...
Issue gh-11918
2022-10-04 11:24:54 -05:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
c6978fba7c
Disable tests that need Spring MVC mocked in classpath
...
Issue gh-11347
2022-10-04 08:56:06 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
c847efd3fd
Fix servlet import
...
Issue gh-11347
Issue gh-9159
2022-10-03 15:10:56 -05:00
c98de7af2f
Add xss-protection.header-value in 6.0
...
Issue gh-9631
2022-10-03 14:31:04 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
ea777a3d7b
Merge branch '5.8.x'
...
Merged using the ours strategy.
2022-10-03 10:05:57 -05:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
d9a682a414
Polish gh-11896
2022-10-03 10:00:43 -05:00
bf9339d88e
Merge branch '5.8.x'
2022-10-03 09:57:40 -05:00
7f9600ae08
Polish gh-11896
2022-10-03 09:57:08 -05:00
5f2744db33
Merge branch '5.8.x'
...
Closes gh-11937
2022-10-03 11:43:22 -03:00
64a19de4dc
Deprecate HPKP security header
...
Closes gh-10144
2022-10-03 11:36:19 -03:00
80f6bdf50b
Merge branch '5.8.x'
2022-10-03 10:10:36 -03:00
7be2eb05d5
Merge branch '5.7.x' into 5.8.x
2022-10-03 10:10:06 -03:00
cd4ddde779
Merge branch '5.6.x' into 5.7.x
2022-10-03 10:09:42 -03:00
26bb60c567
Add rncToXsd task description to CONTRIBUTING.adoc
2022-10-03 10:09:27 -03:00
4479cefade
Default Require Explicit Session Management = true
...
Closes gh-11763
2022-09-30 21:49:05 -05:00
0d58c5180e
Remove Explicit RequestCache Config from DeferHttpSession Tests
...
Issue gh-11757
2022-09-30 21:49:05 -05:00
12a0ccf6de
Remove Explicit CSRF Config from DeferHttpSessionTests
...
Issue gh-11764
2022-09-30 21:49:04 -05:00
617353eaa8
Merge branch '5.8.x'
...
Closes gh-11928
2022-09-30 21:46:26 -05:00
6d56af7b65
SessionManagementDsl.requireExplicitAuthenticationStrategy
2022-09-30 21:37:44 -05:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
76fbca9f46
Merge branch '5.8.x'
2022-09-30 09:50:02 -05:00
93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity
...
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".
This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.
This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.
Issue gh-9631
2022-09-30 09:38:08 -05:00
43a1f8249c
Update What's New for 6.0
2022-09-29 15:57:48 -05:00
e0e6467d9b
Remove UsernamePasswordAuthenticationToken check
...
This commit reverts 21dd050d7b
2022-09-29 15:25:53 -05:00
1e0e9a2c98
Allow authenticationIsRequired to be overridden
...
Issue gh-10347
2022-09-29 15:25:53 -05:00
4d62621094
Merge branch '5.8.x'
2022-09-29 14:09:21 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
3bfdf6dd0f
Merge branch '5.8.x'
...
Closes gh-11922
2022-09-29 11:21:24 -03:00
Marcus Da Coregio
Steve Riesenberg
Daniel Garnier-Moiroux
Rob Winch
Josh Cummings
Emil Sierżęga
Daniel Garnier-Moiroux
shazin
Dan Allen