Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,477 Commits 36 Branches 337 Tags
Commit Graph

1854 Commits

Author SHA1 Message Date
Max Batischev
c7bc4c98db
Make PublicKeyCredentialRequestOptions Serializable 
Closes gh-16432

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-23 20:13:10 -06:00
Josh Cummings
e1a42db845
Merge branch '6.4.x' 2025-01-23 17:03:53 -07:00
Josh Cummings
d043884e32
Support Serialization 
Issue gh-16276
 2025-01-23 16:44:45 -07:00
Rob Winch
177ce59a4b
Merge branch '6.4.x' 
Implement Serializable for WebAuthnAuthentication

Closes gh-16474
 2025-01-23 14:12:30 -06:00
Tran Ngoc Nhan
e557c7227b
Implement Serializable for WebAuthnAuthentication 
Closes gh-16273
Closes gh-16285

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-23 13:53:26 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Rob Winch
dddab8e356
Merge branch '6.4.x' 
Closes gh-16465
 2025-01-22 16:04:19 -06:00
Daniel Garnier-Moiroux
bb8e757c4b
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) 
closes gh-16458

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-22 16:00:59 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
DingHao
f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:57:08 -06:00
DingHao
8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Josh Cummings
c2a5709e0f
Merge branch '6.4.x' 2025-01-17 16:09:01 -07:00
Josh Cummings
bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
DingHao
45f22a46e3 Use spring.security prefix instead of security.security 
Closes gh-16422

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-16 14:29:25 -07:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Josh Cummings
6019803064
Merge branch '6.4.x' 2025-01-14 18:38:14 -07:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Josh Cummings
acd1bb1777
Merge branch '6.4.x' 2025-01-14 17:35:45 -07:00
Josh Cummings
8e59fa1719
Don't Support Serialization for Jackson (De)serializers 
Issue gh-16276
 2025-01-14 17:35:33 -07:00
Josh Cummings
0af4cdbf5c
Merge branch '6.4.x' 2025-01-14 17:05:21 -07:00
Josh Cummings
8735368d9e
Don't Support Serialization of Jackson Modules 
Issu gh-16276
 2025-01-14 17:04:36 -07:00
Josh Cummings
28644aa966
Merge branch '6.4.x' 2025-01-14 16:17:34 -07:00
Josh Cummings
6f379aa907
Add Serializable to Csrf Components 
Issue gh-16276
 2025-01-14 16:07:20 -07:00
Max Batischev
fd267dfb71 Add Support JdbcPublicKeyCredentialUserEntityRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
7b07ef5ff3 Add Support JdbcUserCredentialRepository 
Closes gh-16224
 2024-12-20 16:54:51 -06:00
Max Batischev
38523faaa0 Remove Unused loggers 
Closes gh-16319
 2024-12-20 16:51:38 -06:00
Max Batischev
e9bdb5b96e Polish SecurityFilterChain Validation 
Issue gh-15982
 2024-12-19 15:04:01 -07:00
Josh Cummings
1104b45832
Polish SessionLimit 
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation

Issue gh-16206
 2024-12-18 18:32:28 -07:00
Claudenir Machado
1864577e98 Address SessionLimitStrategy 
Closes gh-16206
 2024-12-18 18:32:12 -07:00
Josh Cummings
3eeb4317f6 Add setFavorRelativeUris 
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.

Issue gh-7273
 2024-12-17 22:35:41 -07:00
Michal Okosy
7848b959da Use relative URLs in /login redirects 
Closes gh-7273
 2024-12-17 22:35:41 -07:00
Josh Cummings
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions 
Issue gh-16276
 2024-12-17 13:05:23 -07:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
DingHao
f565b23b51 Restore Method Parameter Inheritance Support 
Closes gh-16177
 2024-12-10 14:09:46 -07:00
12OneTwo12
d39e329234 Add @inheritDoc to sessionIdChanged method 
Closes gh-16211
 2024-12-05 12:31:47 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00
Josh Cummings
0f85da77be
Merge branch '6.2.x' into 6.3.x 
Closes gh-16219
 2024-12-05 09:52:32 -07:00
Josh Cummings
96a9cf0d2d
Restore Previous Behavior for Servlet 5 
Closes gh-16173
 2024-12-05 09:52:06 -07:00
Rob Winch
9c3b11914d webauthn registerCredential returns transports 
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
 2024-12-04 15:22:26 -06:00
DingHao
dc82a6e97e Remove the cache since UniqueSecurityAnnotationScanner has cached annotations internally 2024-12-04 09:18:12 -07:00
Daniel Garnier-Moiroux
46fe0124ba Add RuntimeHints for webauthn Javascript resource 2024-11-25 13:06:50 -06:00
Joe Grandja
c2cfe92a02 Merge branch '6.3.x' 2024-11-18 05:16:16 -05:00
Joe Grandja
fa5fc6dd62 Fix checkstyle errors for toLower/toUpperCase usage 2024-11-18 04:56:17 -05:00
Joe Grandja
709103e38c Merge branch '6.2.x' into 6.3.x 2024-11-18 04:45:38 -05:00
Joe Grandja
a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00