c4f061c63d
Do Not Re-register Method Security Advisors
...
Closes gh-13572
2023-07-24 11:24:03 -06:00
9dc7bdd329
Merge branch '6.1.x'
2023-07-17 11:21:06 -06:00
cf2c8da3d5
Merge branch '6.0.x' into 6.1.x
2023-07-17 11:10:04 -06:00
fe7bee9236
Merge branch '5.8.x' into 6.0.x
2023-07-17 11:09:38 -06:00
bb46a54270
Add DispatcherServlet to Tests
...
Issue gh-13551
2023-07-17 10:58:30 -06:00
df239b6448
Improve RequestMatcher Validation
...
Closes gh-13551
2023-07-17 08:41:30 -06:00
8f5793afb1
Merge branch '6.1.x'
2023-07-17 09:17:10 -03:00
aaa31312bd
Merge branch '6.0.x' into 6.1.x
2023-07-17 09:16:45 -03:00
cbef118026
Merge branch '5.8.x' into 6.0.x
2023-07-17 09:16:20 -03:00
a939f17890
Merge branch '5.7.x' into 5.8.x
2023-07-17 09:15:56 -03:00
fe9bc26bdc
Merge branch '5.6.x' into 5.7.x
2023-07-17 09:13:28 -03:00
7813a9ba26
Use default PathPatternParser instance
2023-07-17 09:12:28 -03:00
b3ad2b0dc5
Don't Mock OAuth2AuthorizedClientRepository
...
Issue gh-13542
Issue gh-13546
2023-07-14 18:44:35 -06:00
b0022a0ae8
Update Mockito Usage
...
Issue gh-13542
2023-07-14 18:44:34 -06:00
cf79af2386
Update Kotlin Test Usage
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
6c3636d780
Update Removed Usages
...
Issue gh-13544
2023-07-14 18:38:58 -06:00
30d09c5192
Merge branch '6.1.x'
...
Closes gh-13495
2023-07-12 14:31:56 -03:00
f62c9d3be6
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13494
2023-07-12 14:31:45 -03:00
933b302979
Fix once-per-request="true" not taking any effect
...
Closes gh-13491
2023-07-12 14:30:18 -03:00
8d0e426654
Generate Shared Test SAML Response
...
Issue gh-13433
2023-07-11 10:36:06 -06:00
f2f19270da
Update to OpenSAML 4.3.0
...
Closes gh-13433
2023-07-10 17:56:42 -06:00
a0540f5c65
Deprecate AbstractConfiguredSecurityBuilder#apply
...
Closes gh-13436
2023-06-30 11:53:47 -03:00
1ff5eb6b57
Add with() method to apply SecurityConfigurerAdapter
...
This method is intended to replace .apply() because it will not be possible to chain configurations when .and() gets removed
Closes gh-13204
2023-06-29 14:52:30 -03:00
4855290a76
Merge branch '6.1.x'
2023-06-29 10:31:25 -06:00
87e07d59da
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13199
2023-06-29 10:08:10 -06:00
1abfd2c801
Only Register as Advisor in Proxy Mode
...
Now that https://github.com/spring-projects/spring-framework/issues/30689
is addressed.
Closes gh-13198
2023-06-29 10:07:11 -06:00
618847418f
Automatically enable .cors() if CorsConfigurationSource bean is present
...
Closes gh-5011
2023-06-23 09:51:46 -03:00
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
8efdc5c926
Polish Contribution
...
Issue gh-13215
2023-06-22 16:00:47 -03:00
401058d5ff
Implemented AuthorizeHttpRequestsConfigurer to consider GrantedAuthorityDefaults for custom rolePrefix
...
Closes gh-13215
2023-06-22 16:00:46 -03:00
c5461b17de
EnableMethodSecurity annotation does not get imported when defined as a meta-annotation
...
Closes gh-12870
2023-06-22 15:15:25 -03:00
208fb62db9
Update Deprecated Usage
...
Issue gh-12629
2023-06-22 11:24:25 -06:00
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
7e01ebdd92
Remove LazyCsrfTokenRepository usage
...
Closes gh-13194
2023-06-22 11:23:35 -06:00
fb910e2997
Prepare for Spring Security 6.2
...
Closes gh-14316
2023-06-22 11:03:28 -06:00
acf1d34d94
Merge branch '6.0.x'
2023-06-19 11:13:57 -03:00
2686af0c4d
Revert "Only Register as Advisor in Proxy Mode"
...
This reverts commit 35ad1f85
2023-06-19 11:13:39 -03:00
fc1e465fd0
Merge branch '6.0.x'
2023-06-05 13:34:58 -06:00
c053f6f0c6
Make eclipse/vscode project import work
...
- Gradle projects contain cycles which comes from dependencies to
test sources which is not a problem in gradle but eclipse metadata
generation is getting confused. Thus we need settings to relax errors
org.eclipse.jdt.core.circularClasspath=warning
org.eclipse.jdt.core.incompleteClasspath=warning
- Additionally .classpath entries needs to be changes having
without_test_code=false
test=false
- Aspects end up getting source dirs `build/classes/java/main`
and `build/resources/main` which never have sources. Vscode complains
about that, eclipse is fine. Remove those from entries.
- In tests `htmlunit` depends on `xml-apis`. `xml-apis` are now part
of jdk and eclipse complains about that. Excluse these in a gradle build.
- Both eclipse and vscode don't currently work with buildship, due to
project cycles and buildship cannot be configured. It's possible to
create metadata from `eclipse` task manually which then can be imported.
For this we need to disable automatic import in vscode using buildship.
This goes to `.vscode/settings.json` workspace config.
- Then with these changes user can do something like
git clean -fxd && ./gradlew clean build cleanEclipse eclipse -x checkstyleNohttp -x test -x integrationTest
and import projects manually.
2023-06-05 13:34:30 -06:00
a939fa63a1
Merge branch '6.0.x'
...
Closes gh-13282
2023-06-05 16:04:27 -03:00
4e3517e03a
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13281
2023-06-05 16:03:58 -03:00
b47420f8a2
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13280
2023-06-05 16:02:30 -03:00
7250abc185
Does not apply a Configurer when disabled from another DSL
...
Closes gh-13203
2023-06-05 16:01:20 -03:00
537e10cf9c
Improve javadoc adding how to stick with defaults and link to documentation
...
Closes gh-13273
2023-06-02 15:05:17 -03:00
f566ed0afd
Update Symlink for 6.1
...
Issue gh-13131
2023-05-24 14:44:42 -06:00
ff0c82b019
Merge branch '6.0.x'
2023-05-24 14:41:55 -06:00
71703dc371
Update Symlink for 6.0
...
Issue gh-13131
2023-05-24 14:40:50 -06:00
90b37d6d07
Merge branch '5.8.x' into 6.0.x
2023-05-24 14:38:23 -06:00
73cb9862ad
Update Symlink for 5.8
...
Issue gh-13131
2023-05-24 14:37:18 -06:00
be409ada10
Merge branch '6.0.x'
...
Closes gh-13209
2023-05-22 15:43:43 -06:00
7c54c0e4fa
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13208
2023-05-22 15:43:27 -06:00
62ede47d86
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13207
2023-05-22 15:42:36 -06:00
1eefd433b6
Add spring-security.xsd symlink
...
Closes gh-13131
2023-05-22 15:42:02 -06:00
31f1604f66
Merge branch '6.0.x'
...
Closes gh-13199
2023-05-19 16:44:18 -06:00
7efa275abc
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13198
2023-05-19 16:43:57 -06:00
35ad1f857e
Only Register as Advisor in Proxy Mode
...
Closes gh-13160
2023-05-19 16:33:46 -06:00
49366907e2
Merge branch '6.0.x'
...
Closes gh-13183
2023-05-15 17:31:48 -06:00
b438bc5384
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13182
2023-05-15 17:30:14 -06:00
f4915890cc
Use Spec Order for Verifying Signatures
...
Closes gh-12346
2023-05-15 17:24:22 -06:00
5814f614c7
Merge branch '6.0.x'
...
Closes gh-13128
2023-05-02 16:56:37 -06:00
46ad9c122e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13127
2023-05-02 16:56:06 -06:00
e9a02bc6e9
RememberMeConfigurer Picks Up SecurityContextRepository
...
Closes gh-13104
2023-05-02 16:46:35 -06:00
45efd48b93
Merge branch '6.0.x'
...
Closes gh-13122
2023-05-02 10:13:24 -03:00
69338ecdfa
Only Observe AuthenticationManager if it is not null
...
Closes gh-13084
2023-05-02 10:12:46 -03:00
a44e91d044
fix javadoc typo
2023-04-24 16:41:17 -06:00
f261242db1
Merge branch '5.7.x' into 5.8.x
2023-04-24 16:33:29 -06:00
caa4093619
Fix javadoc for migration from WebSecurityConfigurerAdapter
2023-04-24 16:32:16 -06:00
dd14bbb365
Merge branch '6.0.x'
2023-04-18 12:42:55 -06:00
1e25756ee6
Fix Import Order
2023-04-18 12:42:25 -06:00
68b198f091
Merge branch '6.0.x'
2023-04-18 12:20:44 -06:00
64542b4059
Polish X509 SecurityContextRepository
...
Like Basic and Bearer authentication, X509 is
stateless by default. As such, it is better to not
pick up the global SecurityContextRepository bean.
The better fix is to change the default from
HttpSessionSecurityContextRepository to
RequestAttributeSecurityContextRepository.
Issue gh-13008
2023-04-18 12:18:20 -06:00
c79f04cd11
Merge branch '6.0.x'
...
Closes gh-13063
2023-04-17 17:07:32 -06:00
c3479ddb45
Pick Up SecurityContextRepository
...
Closes gh-13008
2023-04-17 17:06:06 -06:00
04b3d07319
Merge branch '6.0.x'
2023-04-17 07:30:54 -03:00
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
82a149207d
Deprecate .and() and non lambda DSL methods
...
Closes gh-12629
2023-04-14 15:50:58 -03:00
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
01d1e20dc3
Deprecate shouldFilterAllDispatcherTypes
...
Closes gh-12138
2023-04-13 15:05:10 -03:00
57e134cc5f
Merge branch '6.0.x'
2023-03-22 10:12:28 -03:00
67645b32f4
Merge branch '5.8.x' into 6.0.x
2023-03-22 10:12:11 -03:00
fd65dc6756
Merge branch '5.7.x' into 5.8.x
2023-03-22 10:08:17 -03:00
5eefe9dcff
Fix typo in SessionManagementConfigurer javadoc
2023-03-22 10:07:44 -03:00
ca9139b68f
Merge branch '6.0.x'
2023-03-20 17:02:15 -06:00
cbb4e40166
fix typo in RequestCacheResultMatcher
2023-03-20 17:02:00 -06:00
a4bc0a6f3c
Polish
...
- Add POST /login assertion
- Rearrange test and config class
Issue gh-12552
2023-03-20 14:31:13 -06:00
e2332d9620
Add disable to FormLoginDsl
...
Closes gh-12552
2023-03-20 14:31:13 -06:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
3ad6c6ce06
Use EntityId-lookup Components
...
Closes gh-12880
2023-03-17 18:00:02 -06:00
46452c0cae
Add saml2Metadata
...
Closes gh-11828
2023-03-17 18:00:02 -06:00
e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
f5a4b520d1
Merge branch '6.0.x'
...
Closes gh-12781
2023-02-24 11:04:03 -07:00
bbd31f0e33
Defer ObservationRegistry Lookup
...
Closes gh-12780
2023-02-24 11:03:32 -07:00
963a18a27f
Merge branch '6.0.x'
...
Closes gh-12778
2023-02-23 15:17:47 -03:00
7d22e02593
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12777
2023-02-23 15:17:25 -03:00
97ba596ca3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12776
2023-02-23 15:17:04 -03:00
1c3ce1e401
Fix entity-id ignored in RelyingPartyRegistration XML config
...
Closes gh-11898
2023-02-23 15:16:40 -03:00
afb5a4ae2c
Merge branch '6.0.x'
...
Closes gh-12688
2023-02-16 14:56:55 -07:00
cedb9fd199
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12687
2023-02-16 14:56:32 -07:00
0baf650f38
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12686
2023-02-16 14:55:22 -07:00
000b4bc495
Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
...
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
2023-02-16 14:54:44 -07:00
cef13a6a16
Fix Javadoc Type Parameter
2023-02-15 15:31:09 -07:00
c79dac49ca
Fix Typo
2023-02-15 15:31:09 -07:00
d91837eadc
Merge branch '6.0.x'
...
Closes gh-12641
2023-02-07 12:46:42 -07:00
7dd5cc6082
Pick Up Custom SecurityContextRespository
...
Closes gh-12579
2023-02-07 12:46:12 -07:00
c66370c092
Update javadoc in EnableWebSecurity
2023-02-07 12:45:23 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
da28a426f2
Merge branch '6.0.x'
...
Closes gh-12625
2023-02-03 14:35:08 -03:00
3572111cf5
Add JwtDecoder hint for oauth2Login
...
Closes gh-12615
2023-02-03 14:34:32 -03:00
59829321a8
Allow configuring SecurityContextRepository for BasicAuthenticationFilter
...
Closes gh-12031
2023-02-03 10:09:16 -06:00
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
13487be268
Default to XorCsrfChannelInterceptor in 6.0.x
...
Closes gh-12378
2023-01-26 15:45:04 -06:00
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
1243d1327e
Merge branch '6.0.x'
...
Closes gh-12593
2023-01-26 14:09:19 -07:00
c3563df25a
Include HttpStatusRequestRequestedHandler
...
Closes gh-12548
2023-01-26 14:07:22 -07:00
66711f2365
Add RequestRejectedHandler Test
...
Issue gh-12548
2023-01-26 13:07:16 -07:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
d84b8d2d12
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context
...
Closes gh-12473
2023-01-10 10:54:37 -07:00
e61b17fe13
Merge branch '6.0.x'
...
Closes gh-12514
2023-01-10 10:21:38 -07:00
5b6b3d585f
Change EnableReactiveMethodSecurity Defaults
...
Closes gh-12506
2023-01-10 08:30:52 -07:00
e139f1c2ba
Polish gh-12438
2022-12-22 11:16:19 -05:00
919280b3e4
Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration
...
Closes gh-12430
2022-12-22 10:12:18 -05:00
ca333203aa
Merge branch '6.0.x'
...
Closes gh-12372
2022-12-14 10:30:55 -03:00
7080ea652f
Add hints for ProxyFactoryBean AuthenticationManager
...
Closes gh-12367
2022-12-14 10:16:04 -03:00
03438ffc03
Merge branch '6.0.x'
2022-12-05 14:57:43 -08:00
f1698ec188
Fix removed code by merge
2022-12-05 14:57:28 -08:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
f39f215140
Replace javadoc with SecurityFilterChain bean definition
2022-12-05 14:40:05 -08:00
a5464ed819
Fix typo in DefaultLoginPageConfigurer Javadoc
...
'isLogoutRequest' seems to have nothing to do here.
2022-12-05 14:31:15 -08:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
e774bd480b
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12261
2022-11-21 10:25:43 -03:00
f561d3784e
Improve deprecation notice in WebSecurityConfigurerAdapter
...
Closes gh-12260
2022-11-21 10:05:08 -03:00
dd9f954ace
Fix tests in CsrfConfigurerTests
...
Closes gh-12241
2022-11-18 14:58:41 -06:00
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository
...
Issue gh-12236
2022-11-18 13:12:59 -06:00
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
222f8ae1a5
Merge branch '5.8.x'
2022-11-16 16:54:32 -06:00
2301e8ca77
Fix Javadoc in EnableWebSocketSecurity
...
Add missing method name in EnableWebSocketSecurity JavaDoc code example.
2022-11-16 16:51:42 -06:00
c45cd6ec9f
Defer ObservationRegistry Resolution
...
- If Method Security asks for too early, it is no longer
eligible for post-processing. As such, this commit defers loading it until
the first authorization request.
Issue gh-11990
2022-11-09 22:07:57 -07:00
3b5d19c8a4
Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1
...
Closes gh-12146
Closes gh-12148
2022-11-08 08:34:21 -03:00
72c25332a5
Fix authenticationFailureHandler customization tests
...
Issue gh-12132
2022-11-03 10:32:38 -03:00
fc8e20b89f
Merge branch '5.8.x'
...
Closes gh-12133
2022-11-02 15:49:18 -06:00
3192618220
Add authenticationFailureHandler
...
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer
Closes gh-12132
2022-11-02 15:35:01 -06:00
983f1d4efb
Merge branch '5.8.x'
...
Closes gh-12127
2022-11-01 18:08:08 -06:00
6622e0135a
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12126
2022-11-01 18:06:41 -06:00
6efac34ca7
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12125
2022-11-01 18:06:01 -06:00
5c4362bbc4
Refresh parsers when not found
...
Closes gh-3065
2022-11-01 18:05:15 -06:00
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
abe68abfe4
Merge remote-tracking branch 'origin/5.8.x'
2022-10-26 17:13:02 -06:00
bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler
...
Closes gh-11363
2022-10-26 16:44:23 -06:00
9cb668aec2
SessionManagementConfigurer properly defaults SecurityContextRepository
...
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.
This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.
Closes gh-12070
2022-10-20 10:57:47 -05:00
a4858d9eaa
Add SpringTestContext.addFilter
...
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.
Closes gh-12071
2022-10-20 10:54:24 -05:00
33b492df54
Default to DelegatingSecurityContextRepository
...
Closes gh-12023
Closes gh-12049
2022-10-17 20:04:43 -05:00
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
819529f5ea
Remove CsrfSpec.tokenFromMultipartDataEnabled
...
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled
Closes gh-12020
2022-10-13 11:29:15 -05:00
753e113a13
RequestMatcherDelegatingAuthorizationManager defaults to deny
...
Closes gh-11958
2022-10-13 11:12:00 -04:00
2407d07890
Default to Xor CSRF tokens in CsrfWebFilter
...
Closes gh-11960
2022-10-13 09:39:57 -05:00
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter
...
Issue gh-11960
2022-10-13 09:39:55 -05:00
2713075d08
Mark Observations with Firewall Failures
...
Closes gh-11994
2022-10-12 20:32:24 -06:00
46ab84684b
Mark Observations with CSRF Failures
...
Closes gh-11993
2022-10-12 20:32:23 -06:00
99a87179dd
Instrument Filter Chain
...
Closes gh-11911
2022-10-12 20:32:22 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
7c872cf7fd
Merge branch '5.8.x'
2022-10-12 15:02:40 -05:00
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
dcda899c8c
Merge branch '5.8.x'
2022-10-07 17:40:37 -05:00
37fa49b32d
Polish gh-11952
2022-10-07 17:40:12 -05:00
6753f9745e
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
# docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
2022-10-07 17:29:07 -05:00
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
f4ca90e719
Add reactive interfaces for CSRF request handling
...
Issue gh-11959
2022-10-07 16:34:16 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
f650ebe545
Merge branch '5.8.x'
2022-10-06 13:50:50 -03:00
8a5aed2983
Add deprecation warning to CsrfDsl#ignoringAntMatchers
...
Issue gh-11347
2022-10-06 13:50:38 -03:00
d6302aabbc
Merge branch '5.8.x'
2022-10-06 13:21:52 -03:00
bc4ad52feb
Add deprecation warning to mvcMatchers methods
...
Issue gh-11347
2022-10-06 13:21:27 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
52ab2303da
Fix failing test
...
Issue gh-11061
2022-10-06 09:28:06 -03:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
12ac7acb2c
Merge remote-tracking branch 'origin/5.8.x'
2022-10-05 23:53:40 -06:00
2079309c5a
Add SecurityContextHolderStrategy XML Configuration for OAuth2
...
Issue gh-11061
2022-10-05 23:50:59 -06:00
7543effe89
Add SecurityContextHolderStrategy Java Configuration for OAuth2
...
Issue gh-11061
2022-10-05 23:50:58 -06:00
7e3841105b
Add SecurityContextHolderStrategy XML Configuration for Saml2
...
Issue gh-11061
2022-10-05 23:50:57 -06:00
19181a5afd
Add SecurityContextHolderStrategy Java Configuration for Saml2
...
Issue gh-11061
2022-10-05 23:50:56 -06:00
0c0e298aa7
Polish Saml2 XML Use of SecurityContextHolderStrategy
...
Issue gh-11061
2022-10-05 23:38:14 -06:00
72a46ddd31
Merge remote-tracking branch 'origin/5.8.x'
2022-10-05 22:48:33 -06:00
b4d13e7726
Polish use-authorization-manager
...
- Use SecurityContextHolderStrategy
- Allow empty role prefix
- Disallow access-decision-manager-ref and authorization-manager-ref
together
Issue gh-11305
2022-10-05 22:21:09 -06:00
7043ef6ccb
Polish OpaqueTokenAuthenticationConverterTests
...
Issue gh-11665
2022-10-05 22:18:41 -06:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
Josh Cummings
Marcus Da Coregio
Claudio Nave
kandaguru17
Evgeniy Cheban
Krzysztof Krason
Janne Valkealahti
lukasz.migdalek
SeasonPan
Ruslan Stelmachenko
Martin Tarjányi
twosom
Clayton Walker
hdeadman
Leonid Rozenblyum
Tobias Meurer
Steve Riesenberg
Joe Grandja
Spas Poptchev
Mitja Kotnik
Guillaume Husta
Jan Marten
Koos Gadellaa
Rob Winch
mmoussa_mapfreusa
Daniel Garnier-Moiroux