Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-29 19:40:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,963 Commits 54 Branches 369 Tags
Commit Graph

1128 Commits

Author SHA1 Message Date
Nikita Konev
894105aab5 Fix traceId discrepancy in case error in servlet web 
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
 2025-08-22 11:06:37 -06:00
Rob Winch
392129b616
Use 2004-present Copyright Header 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Joe Grandja
a377175455 Merge branch '6.3.x' into 6.4.x 
Closes gh-17215
 2025-06-06 06:50:45 -04:00
Andrey Litvitski
b0f8aa5ea0 Fix to allow multiple AuthenticationFilter instances to process each request 
Closes gh-17173

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-06-06 06:37:03 -04:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Rob Winch
a6b5c05da9
Additional WebAuthn4jRelyingPartyOperationTests 
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
9c054474a8
Use Test Name Conventions 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Borghi
e3a715b8f5 Fix issues identified in PR review 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:00:27 -03:00
Borghi
0bc9313fdd Fix bug PublicKeyCredentialUserEntityRepository saves anonymousUser 
Issue gh-16385

Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-02-16 22:50:34 -03:00
Max Batischev
b5a4218a0b Make WebAuthnAuthenticationRequestToken Serializable 
Closes gh-16481

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-14 11:51:46 -07:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00
Josh Cummings
0f85da77be
Merge branch '6.2.x' into 6.3.x 
Closes gh-16219
 2024-12-05 09:52:32 -07:00
Josh Cummings
96a9cf0d2d
Restore Previous Behavior for Servlet 5 
Closes gh-16173
 2024-12-05 09:52:06 -07:00
Rob Winch
9c3b11914d webauthn registerCredential returns transports 
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
 2024-12-04 15:22:26 -06:00
Daniel Garnier-Moiroux
46fe0124ba Add RuntimeHints for webauthn Javascript resource 2024-11-25 13:06:50 -06:00
Steve Riesenberg
ddf4542a9e
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527

(cherry picked from commit 3a298196512de5f3002707e2af8298d650033df7)
 2024-11-15 10:17:39 -06:00
Steve Riesenberg
554df6fab6
Fix NPE in IpAddressMatcher 
Closes gh-15527

(cherry picked from commit 52de894c3c0a812562d6822db30f5c6c88526181)
 2024-11-15 10:17:38 -06:00
Steve Riesenberg
3a29819651
Add hasText assertion to IpAddressMatcher constructor 
Issue gh-15527
 2024-11-15 09:33:31 -06:00
Steve Riesenberg
52de894c3c
Fix NPE in IpAddressMatcher 
Closes gh-15527
 2024-11-15 09:33:30 -06:00
Daniel Garnier-Moiroux
a1526361b6 webauthn: introduce DefaultResourcesFilter#webauthn 2024-11-14 12:11:43 -06:00
nomoreFt
8f1c892fb7 Remove unnecessary parentheses and add static final field 2024-11-13 15:06:58 -06:00
Josh Cummings
981fbd5c2c Polish Tests 
Closes gh-14768
 2024-10-24 20:51:34 -07:00
Josh Cummings
cf03f2fed9
Merge branch '6.3.x' 2024-10-24 11:57:13 -06:00
Josh Cummings
5048a68ab7
Merge branch '6.2.x' into 6.3.x 
Closes gh-15986
 2024-10-24 11:56:41 -06:00
Josh Cummings
addc7c53b2
Merge branch '5.8.x' into 6.2.x 
Closes gh-15985
 2024-10-24 11:56:16 -06:00
DingHao
1399a82ea9 Return Null Request When Cookie Is Malformed 
Closes gh-15905
 2024-10-24 10:55:36 -07:00
Rob Winch
fc5719d8d6 Merge branch '6.3.x' 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 12:11:42 -05:00
Joe Grandja
ec38848b20 Fix invalid windows character 2024-10-21 11:34:56 -04:00
Rob Winch
1528c421bd Merge branch '6.2.x' into 6.3.x 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 09:43:48 -05:00
Rob Winch
0e257b56ce Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 09:42:24 -05:00
Rob Winch
542071b1f8 Merge Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:56:42 -05:00
Rob Winch
4ce7cde155 Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:46:13 -05:00
Rob Winch
7f26e54d07 Remove § 
See if this fixes format in windows
 2024-10-20 23:30:40 -05:00
Rob Winch
b0e8730d70 Add Passkeys Support 
Closes gh-13305
 2024-10-20 22:54:53 -05:00
xhaggi
7f537241e7 Use SessionAuthenticationStrategy for Remember-Me authentication 
Closes gh-2253
 2024-10-15 14:07:07 -07:00
Max Batischev
d37d41c130 Polish One-Time Token API Names and Doc 
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.

Issue gh-15114
 2024-10-15 14:04:56 -07:00
Josh Cummings
c40334317d
Polish One-Time Token Component Names 
Aligning parts of speech so that names are using nouns/verbs
where comparable components are using nouns/verbs.

Issue gh-15114
 2024-10-14 14:07:47 -06:00
Max Batischev
e7644925f8 Add AuthorizationResult support for AuthorizationManager 
Closes gh-14843
 2024-10-14 11:48:57 -07:00
Josh Cummings
702538ebce AuthorizationEventPublisher Accepts AuthorizationResult 
Closes gh-15915

Co-authored-by: Max Batischev <mblancer@mail.ru>
 2024-10-14 11:48:57 -07:00
Max Batischev
2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
Daniel Garnier-Moiroux
7e41785dfc Remove trailing spaces in default UIs 
- Default UIs had blank lines with only spaces. These get deleted by the
  spring-javaformat plugin. In order to avoid this behavior, an extra \s
  had been inserted in the tests. The reason for those \s is not obvious.
- This commit cleans up the \s but changing the HTML templates.
 2024-09-11 10:44:45 -07:00
Daniel Garnier-Moiroux
98975a9b83 Add runtime hints for CSS resource 2024-09-10 12:46:13 -07:00