d94639a1bb
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:49:01 -05:00
7f121e82f4
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 11:28:24 -05:00
9059fb3fc7
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 11:28:19 -05:00
3389cf3ffc
Revert "Lock dependencies"
...
This reverts commit 83bb4603f8
2021-12-20 21:55:35 +02:00
83bb4603f8
Lock dependencies
2021-12-20 21:17:17 +02:00
fa5b8c6090
Update copyright year
...
Issue gh-10557
2021-12-01 17:37:56 -06:00
3aa2a60f97
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 16:04:22 -06:00
5a47e17a0d
Improve log message when no CSRF token found
...
Closes gh-10436
2021-11-19 09:00:29 -03:00
5c8cd23a2d
Revert "Lock dependencies"
...
This reverts commit fc53f81d2e
2021-10-18 10:48:23 -04:00
9481122e02
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-18 09:59:42 -04:00
fc53f81d2e
Lock dependencies
2021-10-14 15:44:09 +02:00
c706a103f9
Revert "Lock Dependencies"
...
This reverts commit 1533f098d2
2021-08-16 10:35:39 -03:00
1533f098d2
Lock Dependencies
2021-08-16 09:42:34 -03:00
b0d22d1a03
Revert "Lock Dependencies"
...
This reverts commit eb300c78bd
2021-06-22 10:20:07 -03:00
eb300c78bd
Lock Dependencies
2021-06-21 09:23:19 -03:00
02285708eb
Adjust createNewSessionIfAllowed to prevent NPE
...
Ensure that isTransientAuthentication reuses the same authentication object from saveContext
Closes gh-8947
2021-05-26 15:13:55 -03:00
a85ce9c91f
Add guard around logger.debug statement
...
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled
Issue gh-9648
2021-04-16 10:54:10 -06:00
26c6570b10
Revert "Lock Dependencies"
...
This reverts commit b3250c06a9
2021-04-12 14:42:38 -04:00
b3250c06a9
Lock Dependencies
2021-04-12 14:19:19 -04:00
22d7043d01
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
2021-04-09 21:55:30 -06:00
71f9876c48
Revert "Lock dependencies"
...
This reverts commit dca4858d81
2021-02-11 13:38:50 -06:00
dca4858d81
Lock dependencies
2021-02-11 13:00:32 -06:00
419839d05c
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 13:00:31 -06:00
38e9e8ca52
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 13:00:31 -06:00
ec8f6014d4
Revert "Lock dependencies"
...
This reverts commit fa5f789beb
2021-02-11 09:51:54 -06:00
fa5f789beb
Lock dependencies
2021-02-11 08:53:40 -06:00
10946e8153
Polish Tests
...
Issue gh-9331
2021-02-03 09:30:27 -07:00
3cb98ebed0
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
2021-02-03 09:24:22 -07:00
e6d6b39767
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:17:25 -06:00
b08075a721
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:30:12 -06:00
7c2010f507
Revert "Lock Dependencies for 5.3.6"
...
This reverts commit a153012056
2020-12-02 19:32:03 -07:00
a153012056
Lock Dependencies for 5.3.6
2020-12-02 16:31:52 -07:00
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE"
...
This reverts commit 846a5a962c
2020-10-07 16:39:28 -06:00
846a5a962c
Lock Dependencies for 5.3.5.RELEASE
2020-10-07 13:18:01 -06:00
e44471331b
Create the CSRF token on the bounded elactic scheduler
...
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.
Closes gh-9018
2020-09-16 09:01:45 -06:00
d8bef76a0f
Unlock dependencies
...
This reverts commit b619d298aa
2020-08-05 18:18:02 +02:00
b619d298aa
Lock Dependencies for 5.3.4.RELEASE
2020-08-05 12:33:31 +02:00
070706d948
LoginPageGeneratingWebFilter honors context path
...
Closes gh-8807
2020-07-07 13:36:35 -05:00
38c1e3ffa8
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 15:27:32 -04:00
bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE"
...
This reverts commit 116bfe01e6
2020-06-03 16:11:59 -06:00
116bfe01e6
Lock Dependencies for 5.3.3.RELEASE
2020-06-03 13:14:07 -06:00
2ebbb6f80a
Mock request with non-standard HTTP method in test
...
Fixes gh-8594
2020-05-26 15:38:53 -04:00
b6efd5ba76
Create the CSRF token on the bounded elactic scheduler
...
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
2020-05-18 11:05:50 -05:00
9e665388d2
Update AntPathRequestMatcher.java
...
Fixes gh-8512
2020-05-13 17:07:45 -04:00
06a02ed4bb
Fix non-standard HTTP method for CsrfWebFilter
...
Closes gh-8452
2020-05-11 17:28:40 -05:00
413dfc8679
Unlock dependencies
...
This reverts commit a61145f74c
2020-05-06 15:29:45 -04:00
a61145f74c
Lock dependencies for 5.3.2.RELEASE
2020-05-06 15:06:08 -04:00
566c25aa10
Fix example in javadoc of FilterChainProxy
...
Closes gh-8344
2020-04-08 09:12:56 -05:00
a78872f268
Unlock dependencies for 5.3.1.RELEASE
...
This reverts commit 88c02684bb
2020-03-31 17:53:13 -04:00
88c02684bb
Lock dependencies for 5.3.1.RELEASE
2020-03-31 17:28:36 -04:00
Rob Winch
Eleftheria Stein
Steve Riesenberg
Marcus Da Coregio
Joe Grandja
Josh Cummings
Craig Andrews
佚名
happier233
Rob Winch
Tomoki Tsubaki
Eleftheria Stein
cbornet
Artyom Tarynin
Joe Grandja