Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,570 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

99 Commits

Author SHA1 Message Date
Josh Cummings 4635dabf87
Merge branch '6.3.x' 2024-08-22 19:44:55 -06:00
Josh Cummings a3b88a8d4b
Enable Runtime Method Parameter Reflection 
Several method security tests rely on method parameters
being preserved, in order to demonstrate the difference
between relying on runtime reflection and using the @P
annotation.

Closes gh-15680
 2024-08-22 19:44:11 -06:00
Daniel Garnier-Moiroux bc8ba7f3b7 Inline CSS for default login and logout page 
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
  in air-gapped or offline scenarios, and no dependency on an external CDN that may
  go away some day.
 2024-08-05 09:27:18 -05:00
Josh Cummings 8d43f1bd7d
Merge branch '5.8.x' into 6.2.x 2024-07-31 15:48:44 -06:00
Josh Cummings 5cdcdc9bcb
Suppress Node Files From Nohttp Analysis 
Given that we have no control over the contents of
third-party code, it isn't helpful to have nohttp
generate errors for the usage of http:// in that code.
 2024-07-31 15:48:28 -06:00
Josh Cummings f231ea277d
Merge branch '5.8.x' into 6.2.x 
Closes gh-15210
 2024-06-06 13:35:56 -06:00
Josh Cummings 6aabd768a8
Pick MvcRequestMatcher for MockMvc requests 
Closes gh-13849
 2024-06-06 13:17:43 -06:00
Steve Riesenberg f8fde0d79d
Update nohttp allow list 
Issue gh-14609
 2024-03-25 14:51:53 -05:00
Josh Cummings 65cce7e305
Merge branch '6.1.x' into 6.2.x 
Closes gh-14640
 2024-02-20 15:59:32 -07:00
Josh Cummings 008296cce2
Exclude Deprecated Classes 
Closes gh-14630
 2024-02-20 15:58:55 -07:00
Josh Cummings 238bc9733a
Remove stray projects 2024-02-20 15:57:46 -07:00
Steve Riesenberg 9db33f33c7
Revert unnecessary merges on 6.0.x 
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:

- 5dce82c48b
 2023-10-31 15:11:45 -05:00
Josh Cummings cb33fd7850
Add OIDC Back-Channel Logout Support 
Closes gh-12570
 2023-09-16 15:12:21 -06:00
Steve Riesenberg ac7fbea248
Add nohttp exclusions 2023-05-12 14:30:12 -05:00
Steve Riesenberg 1eff924598
Merge branch '5.8.x' into 6.0.x 2023-02-28 16:53:33 -06:00
Steve Riesenberg b2240f376e
Merge branch '5.7.x' into 5.8.x 2023-02-28 16:53:14 -06:00
Steve Riesenberg 7b88ab289d
Add nohttp exclusion 
Issue gh-12804
 2023-02-28 16:52:19 -06:00
Marcus Da Coregio 7094ee3710 Add runtime hints for annotations using @WithSecurityContext 
Closes gh-12215
 2022-11-16 10:02:34 -03:00
Marcus Da Coregio fd25568330 Merge branch '5.8.x' 
Closes gh-12159
 2022-11-08 13:29:36 -03:00
Marcus Da Coregio 9195521eea Merge branch '5.7.x' into 5.8.x 
Closes gh-12158
 2022-11-08 13:28:28 -03:00
Marcus Da Coregio 40548eb963 Merge branch '5.6.x' into 5.7.x 
Closes gh-12157
 2022-11-08 13:27:51 -03:00
Marcus Da Coregio 8cde8fb363 Update Gradle to 7.5.1 
Closes gh-11779
 2022-11-08 13:27:25 -03:00
Josh Cummings 5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Daniel Garnier-Moiroux 200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
 2022-10-13 19:25:04 -06:00
Marcus Da Coregio c5e35bf32e Merge branch '5.8.x' 
Closes gh-11978
 2022-10-10 09:24:50 -03:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Rob Winch 0efe26c1fd Merge branch '5.8.x' 
Closes gh-11894
 2022-09-22 13:47:04 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Steve Riesenberg 1be9be97a1
Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 13:03:45 -05:00
Marcus Da Coregio ee11c3ade7 Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 14:10:53 -03:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor 
Closes gh-11499
 2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00
Josh Cummings a31a99b591
Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:58:36 -06:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
Marcus Da Coregio 1cbe7a75d3 Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 10:40:26 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Rob Winch f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Josh Cummings 4374905801 Establish new Package Tangle Baseline 
Ran ./gradlew check && ./gradlew s101 -Ps101.label=baseline

Issue gh-10333
 2021-11-19 11:46:08 -07:00
Marcus Da Coregio 17e0a47ef4 Revert "Fix CAS Client Java lib not working with Jakarta EE 9" 
This reverts commit aa5564e240.
 2021-11-01 09:02:43 -03:00
Marcus Da Coregio 5c4dd51994 Fix CAS Client Java lib not working with Jakarta EE 9 
Copy the code from the library and change it to support the Jakarta classes

Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package 
Moving to solve package tangles

Issue gh-9185
 2021-09-29 14:10:39 -03:00
Josh Cummings 64f0102425 Establish Structure101 Baseline 
Issue gh-6236
 2021-09-27 16:06:43 -06:00
Josh Cummings 4272889dc8 Install Structure101 Plugin 
Issue gh-6236
 2021-09-27 14:56:03 -06:00
Joe Grandja 5830fda2fa Introduce JwtEncoder 
Closes gh-9208
 2021-09-24 05:13:40 -04:00
Marcus Hert da Coregio ab098f171d Propagate TestSecurityContextHolder to SecurityContextHolder 
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder

Closes gh-9565
 2021-09-17 16:39:53 -03:00
Josh Cummings 194993ad1a Add Saml2ParameterNames 
Closes gh-10270
 2021-09-14 17:40:12 -06:00
Dávid Kováč 3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names 
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
 2021-08-12 16:51:33 -06:00
Joe Grandja 9c97970e26 Add Jwt Client Authentication support 
Closes gh-8175
 2021-04-08 15:44:33 -04:00
Rob Winch 2abf59b695 Merge Formatting Changes 
Issue gh-8945
 2020-08-24 17:33:23 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00