Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,957 Commits 34 Branches 337 Tags
Commit Graph

428 Commits

Author SHA1 Message Date
Josh Cummings
2b50aa3ae0
Polish Method Security Migration Steps 
Removed checkboxes when there is only one step
 2022-10-26 13:47:16 -06:00
Rob Winch
24cc7ff178 Document Saved Requests Migration 
Closes gh-12089
 2022-10-26 14:24:00 -05:00
Rob Winch
c17e258a6f Document Saved Requests 
Closes gh-12088
 2022-10-26 14:22:30 -05:00
Josh Cummings
d076ddb26c
Polish Method Security Migration Steps 2022-10-26 13:18:07 -06:00
Josh Cummings
f6731e89db
Polish Method Security Preparation Steps 2022-10-26 12:37:54 -06:00
Josh Cummings
4528561326
Add Method Security Migration Steps 2022-10-25 15:04:59 -06:00
Josh Cummings
7adc000c6b
Merge remote-tracking branch 'origin/5.8.x' 2022-10-25 14:42:32 -06:00
Josh Cummings
04fa5af794
Add Missing Doc Header 
The EnableMethodSecurity section
 2022-10-25 14:41:11 -06:00
Josh Cummings
e505bc3af4
Add Method Security Preparation Steps 2022-10-25 14:41:10 -06:00
Josh Cummings
4ba8f8bfe0
Update What's New 
Closes gh-12024
 2022-10-13 20:08:31 -06:00
Josh Cummings
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler 
Closes gh-9429
 2022-10-13 20:03:03 -06:00
Steve Riesenberg
d6356415f9
Polish whats-new.adoc 2022-10-13 13:42:04 -05:00
Steve Riesenberg
74e0616451
Update What's New for 6.0 2022-10-13 13:42:04 -05:00
Steve Riesenberg
5a55987d6e
Add links to reference in What's New for 5.8 
Issue gh-4001
Issue gh-11959
 2022-10-13 12:52:01 -05:00
Josh Cummings
59c4538798
Update What's New 
Closes gh-12021
 2022-10-13 10:13:20 -06:00
Josh Cummings
fe96a62dfc
Document Observability Support 
Issue gh-10964
 2022-10-12 20:32:25 -06:00
Joe Grandja
bf1e622751 Update What's New in 6.0 for PasswordEncoders 
Issue gh-11985
 2022-10-12 08:27:46 -04:00
Joe Grandja
716aa6df5c Merge branch '5.8.x' 2022-10-12 07:43:26 -04:00
Joe Grandja
ffbcaca24a Update reference for PasswordEncoders 
Issue gh-10506
 2022-10-12 07:32:30 -04:00
Marcus Da Coregio
c5e35bf32e Merge branch '5.8.x' 
Closes gh-11978
 2022-10-10 09:24:50 -03:00
Marcus Da Coregio
4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Daniel Garnier-Moiroux
27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg
6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Marcus Da Coregio
398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration 
Closes gh-11939
 2022-10-07 15:26:46 -03:00
Marcus Da Coregio
9fd195d419 Default to shouldFilterAllDispatcherTypes=true in XML 
Closes gh-11970
 2022-10-07 11:46:20 -03:00
Marcus Da Coregio
146d3269bc Merge branch '5.8.x' 
Closes gh-11971
 2022-10-07 10:28:14 -03:00
Marcus Da Coregio
f3321c256c Add XML support for shouldFilterAllDispatcherTypes 
Closes gh-11492
 2022-10-07 10:20:32 -03:00
Josh Cummings
12b9f2e196
use-authorization-manager defaults to true 
Closes gh-11929
 2022-10-06 08:12:46 -06:00
Marcus Da Coregio
c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present 
Closes gh-11899
 2022-10-06 09:12:04 -03:00
Steve Riesenberg
8b490de08d
Merge branch '5.8.x' 
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
 2022-10-05 14:46:15 -05:00
Steve Riesenberg
dce1c30522
Add support for BREACH 
Closes gh-4001
 2022-10-05 14:21:13 -05:00
Steve Riesenberg
c1fcf275d9
Update What's New for 5.8 
Issue gh-11952
 2022-10-05 13:48:18 -05:00
Marcus Da Coregio
38a7bbd2eb Merge branch '5.8.x' 2022-10-05 13:20:12 -03:00
Marcus Da Coregio
ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Marcus Da Coregio
35f7e46d05 Remove WebSecurityConfigurerAdapter 
Closes gh-10902
 2022-10-04 15:13:04 -03:00
Steve Riesenberg
5de6da890b
Merge branch '5.8.x' 
Closes gh-dry-run
 2022-10-04 11:18:00 -05:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken 
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
 2022-10-03 17:10:54 -05:00
Steve Riesenberg
7c3cc1e386
Merge branch '5.8.x' 2022-10-03 14:29:51 -05:00
Daniel Garnier-Moiroux
0e215a21ad
Add X-Xss-Protection headerValue to XML config 
Issue gh-9631
 2022-10-03 14:29:34 -05:00
Marcus Da Coregio
ad2abd39dc Merge branch '5.8.x' 
Closes gh-11347 in 6.0.x
Closes gh-11945
 2022-10-03 16:02:18 -03:00
Marcus Da Coregio
039e0328e1 Simplify Java Configuration RequestMatcher Usage 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
 2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux
bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg
43a1f8249c
Update What's New for 6.0 2022-09-29 15:57:48 -05:00
Steve Riesenberg
6c6aedf772
Update What's New for 6.0 2022-09-26 10:07:50 -05:00
Steve Riesenberg
181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg
c0e784b16d
Update What's New for 6.0 2022-09-26 09:48:52 -05:00
Steve Riesenberg
bcb21c9384
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
 2022-09-23 15:39:43 -05:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver 
Closes gh-11896
 2022-09-23 15:09:00 -05:00
Rob Winch
0efe26c1fd Merge branch '5.8.x' 
Closes gh-11894
 2022-09-22 13:47:04 -05:00