Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 08:58:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,678 Commits 34 Branches 337 Tags
Commit Graph

8678 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
e6d6b39767 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:17:25 -06:00
Rob Winch
b08075a721 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:30:12 -06:00
Josh Cummings
0fc80a6a65
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:12:29 -07:00
Ovidiu Popa
7d31837af3 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject 
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
 2020-12-03 11:20:11 -05:00
Josh Cummings
17276ad787
Next Development Version 2020-12-02 19:32:48 -07:00
Josh Cummings
7c2010f507
Revert "Lock Dependencies for 5.3.6" 
This reverts commit a153012056d4678109a0085ae43b1b146d203fa6.
 2020-12-02 19:32:03 -07:00
Josh Cummings
2975923a1d
Release 5.3.6.RELEASE 5.3.6.RELEASE 2020-12-02 16:31:52 -07:00
Josh Cummings
a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
Josh Cummings
a8fe846e7f
Update to Google App Engine 1.9.83 
Closes gh-9247
 2020-12-02 16:31:46 -07:00
Josh Cummings
02a9ee54a2
Update to Spring Boot 2.2.11 
Closes gh-9246
 2020-12-02 16:31:40 -07:00
Rob Winch
0f76a16ae5 Provide artifactoryUsername/Password 2020-11-17 08:52:38 -06:00
Rob Winch
82ba28ac74 Fix Snapshot Versions 2020-11-16 17:28:40 -06:00
Rob Winch
78f0f7bd33 Use artifactoryUsername/Password for plugin repositories 2020-11-16 17:11:28 -06:00
Rob Winch
ad4ed45cd7 Provide artifactoryUsername/Password 2020-11-16 17:11:20 -06:00
Rob Winch
0f9de738df Update to spring-build-conventions:0.0.35.RELEASE 2020-11-16 17:09:01 -06:00
Hideaki Matsunami
3ba441ef50
add white space before strong notation. 2020-10-30 15:50:44 -06:00
Ayush Kohli
9ab21f88cd
Closes gh-8196 
Add leveloffset
 2020-10-28 15:05:29 -06:00
Josh Cummings
93c37e6b15
Update Test Controllers 
Closes gh-9121
 2020-10-12 18:08:52 -06:00
Josh Cummings
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE" 
This reverts commit 846a5a962c1bb9de82e8ddbbc995ce4c83830f6e.
 2020-10-07 16:39:28 -06:00
Josh Cummings
8525ae0410
Next Development Version 2020-10-07 14:05:07 -06:00
Josh Cummings
989a162051
Release 5.3.5.RELEASE 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Josh Cummings
846a5a962c
Lock Dependencies for 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Josh Cummings
5bc0957d54
Update to AspectJ 1.9.6 
Closes gh-9106
 2020-10-07 13:17:04 -06:00
Josh Cummings
2b423b3505
Update to Google App Engine 1.9.82 
Closes gh-9105
 2020-10-07 13:16:59 -06:00
Josh Cummings
2f19e09531
Update to Spring Boot 2.2.10.RELEASE 
Closes gh-9104
 2020-10-07 13:16:54 -06:00
Malyshau Stanislau
6aed9408e1
Add try-with-resources to close stream 
Closes gh-9041
 2020-09-29 08:29:49 -06:00
Artem Grankin
dec0368b39
Replace expired msdn link with latest web archive copy 
Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016
 2020-09-28 17:15:45 -06:00
ilee
b2dd95fc3b
Update ssl setup guide link in tomcat server 2020-09-24 13:53:04 -06:00
Tomoki Tsubaki
e44471331b
Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 09:01:45 -06:00
Eleftheria Stein
4f849de399 Next development version 2020-08-05 18:19:44 +02:00
Eleftheria Stein
d8bef76a0f Unlock dependencies 
This reverts commit b619d298aa9f0477311397e261aae217c239d5d9.
 2020-08-05 18:18:02 +02:00
Eleftheria Stein
9187a7925e Release 5.3.4.RELEASE 5.3.4.RELEASE 2020-08-05 17:40:07 +02:00
Eleftheria Stein
b619d298aa Lock Dependencies for 5.3.4.RELEASE 2020-08-05 12:33:31 +02:00
Eleftheria Stein
ddeb68ff44 Update to Spring Boot 2.2.9.RELEASE 
Closes gh-8922
 2020-08-05 12:10:25 +02:00
Eleftheria Stein
49fa14c4c5 Update to GAE 1.9.81 
Closes gh-8923
 2020-08-05 12:09:46 +02:00
Eleftheria Stein
57f0a96e92 Update to nohttp 0.0.5.RELEASE 
Closes gh-8924
 2020-08-05 12:06:01 +02:00
Eleftheria Stein
cd78d384ea Update to spring-build-conventions:0.0.34.RELEASE 
Closes gh-8925
 2020-08-05 12:05:28 +02:00
Dávid Kováč
d104490cb8 Resolve Bearer token after subscribing to publisher 
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.

Closes gh-8865
 2020-08-03 11:09:48 -05:00
Josh Cummings
c2612a2f41
Remove unused import 
Issue gh-8589
 2020-07-31 08:45:17 -06:00
Josh Cummings
f3695932de
Polish to Avoid NPE 
Issue gh-5648

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:28:07 -06:00
Josh Cummings
950769fa00
Additional Jwt Validation Debug Messages 
Closes gh-8589

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:21:58 -06:00
Dennis Neufeld
57db8e5d4a Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:15:44 -04:00
Josh Cummings
5d8bac1971
Polish WebSecurityConfigurerAdapter JavaDoc 
Issue gh-8784
 2020-07-20 15:23:43 -06:00
Romil Patel
a55267f867
WebSecurityConfigurerAdapter JavaDoc 
Closes gh-8784
 2020-07-20 15:23:36 -06:00
Josh Cummings
9045636a4b
Polish Bearer Token Padding 
Issue gh-8502
 2020-07-16 11:56:55 -06:00
kothasa
09e154d8f2
Bearer Token Padding 
Closes gh-8502
 2020-07-16 11:53:36 -06:00
wangsong
6584b84b60 Fix ProviderManager Javadoc typo 
Closes gh-8800
 2020-07-07 17:12:38 -05:00
Rob Winch
070706d948 LoginPageGeneratingWebFilter honors context path 
Closes gh-8807
 2020-07-07 13:36:35 -05:00
Julian Müller
4fec451196 Enables empty authorityPrefix 
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`

Fixes gh-8421
 2020-07-07 15:24:38 +02:00
Eleftheria Stein
7af5804d56 Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:30:27 +02:00