Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 23:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,203 Commits 33 Branches 337 Tags
Commit Graph

10203 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eleftheria Stein
725a57fccc Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 13:12:17 +02:00
Simone Giannino
ea373645e5 Update saganCreateRelease property referenceDocUrl 
- Updated saganCreateRelease task with the new referenceDocUrl for reference documentation

Closes gh-11016
 2022-04-01 13:07:32 -03:00
Johannes Graf
d4931ecf2b
use okta as registration id 
looks like `ping` is some registration id used in the past.
 2022-03-30 14:40:25 -06:00
Josh Cummings
c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings
04c483387e
Document Authorization Events 
Issue gh-9288
 2022-03-29 16:03:20 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta
bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Josh Cummings
a43677d36a
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 15:44:16 -06:00
Marcus Da Coregio
c73bd4756d Change samplesBranch property to point to correct branch 
Closes gh-11040
 2022-03-28 13:35:11 -03:00
Marcus Da Coregio
6c52c52a68 Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 09:45:23 -03:00
Rob Winch
67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Rob Winch
8940719dbb HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:01:40 -05:00
Eleftheria Stein
d4d6ddbaae Fix formatting in reference docs 2022-03-24 15:13:50 +01:00
Yuriy Savchenko
446ab5047c
Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 09:39:06 -06:00
Yuriy Savchenko
3016ed0067
Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:27:29 -06:00
Marcus Da Coregio
7deaab8822 Next development version 2022-03-21 14:51:40 -03:00
Marcus Da Coregio
ed0a323a71 Release 5.7.0-M3 5.7.0-M3 2022-03-21 14:00:04 -03:00
Marcus Da Coregio
94adc640ca Update spring-data-bom to 2021.2.0-M4 
Closes gh-11014
 2022-03-21 13:57:14 -03:00
Marcus Da Coregio
0c9e73876d Update org.springframework to 5.3.17 
Closes gh-11011
 2022-03-21 10:10:13 -03:00
Marcus Da Coregio
e128e8d87e Update htmlunit-driver to 2.60.0 
Closes gh-11010
 2022-03-21 10:10:11 -03:00
Marcus Da Coregio
fe5cfa9cae Update org.jetbrains.kotlin to 1.6.20-RC 
Closes gh-11009
 2022-03-21 10:10:08 -03:00
Marcus Da Coregio
01c2694073 Update hibernate-entitymanager to 5.6.7.Final 
Closes gh-11008
 2022-03-21 10:10:06 -03:00
Marcus Da Coregio
393f182b40 Update htmlunit to 2.60.0 
Closes gh-11007
 2022-03-21 10:10:03 -03:00
Marcus Da Coregio
dae500fb9b Update io.projectreactor to 2020.0.17 
Closes gh-11005
 2022-03-21 10:09:58 -03:00
Marcus Da Coregio
44aee2034b Update mockk to 1.12.3 
Closes gh-11004
 2022-03-21 10:09:55 -03:00
Marcus Da Coregio
106d77a1b9 Update com.nimbusds to 9.31 
Closes gh-11003
 2022-03-21 10:09:53 -03:00
Marcus Da Coregio
661848ef7e Update jackson-bom to 2.13.2 
Closes gh-11000
 2022-03-21 10:09:46 -03:00
Marcus Da Coregio
84717e0546 Update logback-classic to 1.2.11 
Closes gh-10999
 2022-03-21 10:09:43 -03:00
Steve Riesenberg
28dd7dabfb
Update What's New for 5.7 2022-03-17 12:56:17 -05:00
Steve Riesenberg
987ee2e67a
Polish gh-10911 2022-03-17 12:53:56 -05:00
David Kirstein
1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:53:55 -05:00
Steve Riesenberg
c38c722473
Update What's New for 5.7 2022-03-17 09:56:45 -05:00
Steve Riesenberg
f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Joe Grandja
4a8219d16c Update whats-new.adoc with gh-9812 2022-03-17 04:41:33 -04:00
Joe Grandja
50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja
a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
ShinDongHun1
7955e5ac52 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:29:40 +01:00
Josh Cummings
cf29bf996c
Polish InResponseTo support 
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
 2022-03-15 14:06:58 -06:00
Elias Lousseief
3c878549b5
Add support for validation of InResponseTo 
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
 2022-03-15 14:06:57 -06:00
Elias Lousseief
836f203d44
Refactored OpenSaml4AuthenticationProviderTests 
Factored out repeatedly used code for signing a request.
 2022-03-15 14:06:57 -06:00
Simone Giannino
73003d59d6 OAuth 2.0 logout handler resolves uri placeholders 
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
 2022-03-15 12:54:39 -06:00
Rob Winch
fabeabd2db Fix docs SecurityContextHolder Diagram 
Issue gh-9635
 2022-03-12 13:44:45 -06:00
Rob Winch
87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch
dbcb5004b4 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-11 17:21:49 -06:00
Rob Winch
e4f1826622 Remove "Hi ... there" From Docs 
Close gh-10963
 2022-03-11 13:41:19 -06:00
Rob Winch
b71b2f81e1 Add Persistence to documentation 
Closes gh-10962
 2022-03-11 13:41:19 -06:00
Rob Winch
9967078059 Antora 3.0.0 
Issue gh-10962
 2022-03-11 13:41:19 -06:00
Norbert Nowak
ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Rob Winch
d2f24ae5f5 Add SecurityContextRepository to all Authentication Filters 
Closes gh-10949
 2022-03-09 15:40:17 -06:00
Rob Winch
9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00