Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-31 12:30:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,886 Commits 54 Branches 369 Tags
Commit Graph

1074 Commits

Author SHA1 Message Date
Joe Grandja
ec38848b20 Fix invalid windows character 2024-10-21 11:34:56 -04:00
Rob Winch
7f26e54d07 Remove § 
See if this fixes format in windows
 2024-10-20 23:30:40 -05:00
Rob Winch
b0e8730d70 Add Passkeys Support 
Closes gh-13305
 2024-10-20 22:54:53 -05:00
xhaggi
7f537241e7 Use SessionAuthenticationStrategy for Remember-Me authentication 
Closes gh-2253
 2024-10-15 14:07:07 -07:00
Max Batischev
d37d41c130 Polish One-Time Token API Names and Doc 
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.

Issue gh-15114
 2024-10-15 14:04:56 -07:00
Josh Cummings
c40334317d
Polish One-Time Token Component Names 
Aligning parts of speech so that names are using nouns/verbs
where comparable components are using nouns/verbs.

Issue gh-15114
 2024-10-14 14:07:47 -06:00
Max Batischev
e7644925f8 Add AuthorizationResult support for AuthorizationManager 
Closes gh-14843
 2024-10-14 11:48:57 -07:00
Josh Cummings
702538ebce AuthorizationEventPublisher Accepts AuthorizationResult 
Closes gh-15915

Co-authored-by: Max Batischev <mblancer@mail.ru>
 2024-10-14 11:48:57 -07:00
Max Batischev
2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
Daniel Garnier-Moiroux
7e41785dfc Remove trailing spaces in default UIs 
- Default UIs had blank lines with only spaces. These get deleted by the
  spring-javaformat plugin. In order to avoid this behavior, an extra \s
  had been inserted in the tests. The reason for those \s is not obvious.
- This commit cleans up the \s but changing the HTML templates.
 2024-09-11 10:44:45 -07:00
Daniel Garnier-Moiroux
98975a9b83 Add runtime hints for CSS resource 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
c1b9035544 Use static CSS in OneTimeToken default UI 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
e958ff2d4a Use static CSS in reactive default UI 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
45d53973ab Serve static content (css, js) for reactive default UIs from DefaultResourcesWebFilter 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
11616a1d78 Use static CSS in servlet default UI 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
c5c5cd5ed0 Serve static content (css, js) for default UIs from DefaultResourcesFilter 2024-09-10 12:46:13 -07:00
Daniel Garnier-Moiroux
4660e042d9 Remove unused <script> and <noscript> tags in One-Time-Token submit page 2024-09-06 09:13:30 -03:00
Daniel Garnier-Moiroux
528d739a60 Use contextPath in One-Time-Token default submit UI 2024-09-06 09:13:30 -03:00
Daniel Garnier-Moiroux
ef31ae1a98 Render One Time Token UIs using lightweight templates 2024-09-05 15:02:42 -07:00
Daniel Garnier-Moiroux
a642a1bb66 Render reactive default UIs using lightweight templates 2024-09-05 15:02:42 -07:00
Daniel Garnier-Moiroux
8d47906191 Render default UIs using lightweight templates 2024-09-05 15:02:42 -07:00
Daniel Garnier-Moiroux
33495441b5 Hardcode ott-username input name in DefaultLoginPageGeneratingFilter 
- GenerateOneTimeTokenFilter uses `"username"`, the default UI should use the same parameter name
 2024-09-05 09:42:45 -03:00
Marcus Hert Da Coregio
00e4a8fb54 Add support for One-Time Token Login 
Closes gh-15114
 2024-09-03 10:07:56 -03:00
Florian Bernard
008cbc2cae Add cookie customizer to CookieRequestCache and CookieServerRequestCache 
Issue gh-15204
 2024-09-03 09:41:30 -03:00
Ilpyo-Yang
095929f6e8 Include FilterChain in SessionInformationExpiredEvent 
Closes gh-14077
 2024-08-29 13:12:27 -03:00
DingHao
ed16c86115 Improve @CurrentSecurityContext meta-annotations 
Closes gh-15551
 2024-08-13 13:18:15 -06:00
Josh Cummings
08b8b09066
Update Copyright 
Issue gh-15286
 2024-08-10 11:48:14 -06:00
DingHao
9aaf959400 Improve @AuthenticationPrincipal meta-annotations 
Closes gh-15286
 2024-08-10 11:46:51 -06:00
Daniel Garnier-Moiroux
bc8ba7f3b7 Inline CSS for default login and logout page 
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
  in air-gapped or offline scenarios, and no dependency on an external CDN that may
  go away some day.
 2024-08-05 09:27:18 -05:00
baezzys
4169c0cf36 Publish Constants for Firewall Header and Parameter Predicates 
Introduced public static final Predicates for allowed header names,
header values, parameter names, and parameter values for building
expressions.

Closes gh-13639
 2024-07-18 17:24:38 -07:00
Josh Cummings
773e86701e
Add ParameterRequestMatcher 
Closes gh-15342
 2024-07-02 15:17:54 -06:00
Max Batischev
44f9396bad Add support remember-me cookie customization 
Closes gh-14990
 2024-06-05 11:47:20 -03:00
Steve Riesenberg
1e4aff2bdb
Merge branch '6.2.x' into 6.3.x 
Closes gh-15186
 2024-05-31 19:02:31 -05:00
Steve Riesenberg
3fc7b6e921
Merge branch '5.8.x' into 6.2.x 
Closes gh-15185
 2024-05-31 18:34:14 -05:00
Steve Riesenberg
dcb8c563e8
Fix ArrayIndexOutOfBoundsException 
Issue gh-13310
Closes gh-15184
 2024-05-31 18:12:21 -05:00
Josh Cummings
7288fecc24
Verify ipAddress Not A Hostname 
Closes gh-15172
 2024-05-30 17:50:56 -06:00
Joaquin Santana
927840fe88 Do Not Invalidate Current Session When It Is Registered 
Closes gh-15066
 2024-05-14 10:01:54 -03:00
Marcus Hert Da Coregio
08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Marcus Hert Da Coregio
b3c7f3ff19 Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision 
Issue gh-7395
 2024-04-30 08:38:03 -03:00
Marcus Hert Da Coregio
61eba00654 Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web 
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.

Issue gh-7395
 2024-04-10 14:58:01 -03:00
ruabtmh
c0928bf198 Add DelegatingAuthenticationConverter 
Closes gh-14644
 2024-03-13 14:33:45 -06:00
DingHao
8885707674 Add DelegatingServerAuthenticationConverter 
Closes gh-14644
 2024-03-05 08:21:59 -07:00
Steve Riesenberg
bd345fb2a8
Polish gh-11758 2024-02-29 12:15:30 -06:00
Markus Heiden
5c5503924b
Add SwitchUserGrantedAuthorityMixIn 
Closes gh-11775
 2024-02-29 11:07:21 -06:00
Marcus Hert Da Coregio
f8ff056eb6 Update Max Sessions on WebFlux 
Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler

Issue gh-6192
 2024-02-28 10:06:45 -03:00
Marcus Hert Da Coregio
a5ce8ae87f Polish Max Sessions on WebFlux 
This commit changes the PreventLoginServerMaximumSessionsExceededHandler to invalidate the WebSession in addition to throwing the error, this is needed otherwise the session would still be saved with the security context. It also changes the SessionRegistryWebSession to first perform the operation on the delegate and then invoke the needed method on the ReactiveSessionRegistry

Issue gh-6192
 2024-02-27 11:12:50 -03:00
Josh Cummings
4d039e515f
Merge branch '6.2.x' 2024-02-22 13:21:22 -07:00
Josh Cummings
9c48546883
Merge branch '6.1.x' into 6.2.x 2024-02-22 13:21:14 -07:00
Josh Cummings
7f106f0419
Merge branch '5.8.x' into 6.1.x 2024-02-22 13:20:29 -07:00
Christian Becker
5f80468de3 Updated copyright date 2024-02-22 13:19:05 -07:00