Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,665 Commits 48 Branches 362 Tags
Commit Graph

1757 Commits

Author SHA1 Message Date
John Coyne
d05ad19276 CookieClearingLogoutHandler enhancement 
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
Josh Cummings
8a475e39be Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 09:27:25 -05:00
sunflower-seed
2e6ff72c31 Update SubjectDnX509PrincipalExtractor.java 
Added missing asterisk
 2018-10-17 14:56:45 -05:00
Eric Deandrea
b060ec050a Automatically add CsrfServerLogoutHandler if csrf enabled 
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled

Fixes gh-5337
 2018-09-21 00:59:36 -05:00
Rob Winch
e4597b5213 WebSessionServerRequestCache ignores favicon and html 
Fixes: gh-5874
 2018-09-19 14:28:05 -05:00
Rob Winch
8e4d540bfb Default Log Out Pages Use HTTPS for CSS 
Fixes: gh-5873
 2018-09-19 13:52:35 -05:00
Rob Winch
9c749bf556 Fix SwitchUserFilter matchers 
Fixes: gh-4249
 2018-09-14 09:45:41 -05:00
Rob Winch
8b19f7a71a AntPathRequestMatcher supports UrlPathHelper 
Fixes: gh-5846
 2018-09-14 09:45:41 -05:00
Rob Winch
96d85ad2b5 Polish HttpsRedirectWebFilter 
Issue: gh-5749
 2018-09-07 14:29:46 -05:00
Josh Cummings
2c982a4168 Reactive Redirect to Https 
This introduces the capability to configure Reactive Spring Security
to upgrade requests to HTTPS

Fixes: gh-5749
 2018-09-07 14:25:58 -05:00
Josh Cummings
21e62683ab
Polish Commit on Reactive Http Basic Test 2018-09-07 10:01:11 -06:00
Tim Koopman
6df4dfe47b
Reactive HttpBasic Support For Coloned Passwords 
This makes so that reactive httpBasic supports passwords containing
one or more colons.
 2018-09-07 10:01:11 -06:00
Josh Cummings
1c74706232 Delegating ServerAccessDeniedHandler by exchange 
Fixes: gh-5747
 2018-08-31 10:33:11 -05:00
Vedran Pavic
cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Rob Winch
1640a1f462 Polish ServerAuthenticationConverter 
Fix package tangles

Issue: gh-5338
 2018-08-24 09:44:27 -05:00
Josh Cummings
416a276436
Expose Default Reactive CsrfProtectionMatcher 
Make so that users can augment the default protection logic with
their own.

Fixes: gh-5725
 2018-08-22 13:02:02 -06:00
Rob Winch
f5701b5fe0 Fix OptimizeAntPathRequestMatcher 
Previously the logic for determining if the pathInfo should be appended
was inverted.

This correctly concatenates url + pathInfo if url is a non empty String.

Fixes: gh-5473
 2018-08-21 11:52:55 -05:00
Christoph Dreis
4ccd2f7ebd Optimize AntPathRequestMatcher.getRequestPath() 2018-08-21 11:46:37 -05:00
Vedran Pavic
f382b69507 Add reactive support for Referrer-Policy security header 2018-08-20 10:10:59 -05:00
Vedran Pavic
10621a0f2c Add reactive support for Content-Security-Policy security header 2018-08-20 10:03:42 -05:00
Vedran Pavic
29cfc3dd1d Add reactive support for Feature-Policy security header 
Closes gh-5672
 2018-08-20 09:02:12 -05:00
Rob Winch
f843da1942 Add OAuth2LoginAuthenticationWebFilter 
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.

Issue: gh-5621
 2018-08-19 21:11:43 -05:00
Rob Winch
e3eaa99ad0 Polish ServerAuthenticationConverter 
Update changes for ServerAuthenticationConverter to be passive.

Issue: gh-5338
 2018-08-18 19:55:39 -05:00
Eric Deandrea
b6afe66d32 Add ServerAuthenticationConverter interface 
- Adding an ServerAuthenticationConverter interface
- Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter,
 ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter,
 and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter
- Deprecate existing AuthenticationWebFilter.setAuthenticationConverter
and add overloaded one which takes ServerAuthenticationConverter

Fixes gh-5338
 2018-08-18 19:55:39 -05:00
Vedran Pavic
c6ea447cc0 Add support for Feature-Policy security header 2018-08-16 09:31:02 -05:00
Johnny Lim
68878a1675 Replace isEqualTo(null) with isNull() 2018-08-09 18:04:48 -06:00
Johnny Lim
973af94b42 Fix typo 2018-08-07 22:52:59 -05:00
Rob Winch
0c26d1b98a ServerHttpBasicAuthenticationConverter Validates Scheme Name 
Fixes: gh-5414
 2018-07-31 09:10:23 -05:00
Rob Winch
e3d4d66917 BasicAuthenticationFilter case insenstive 
Fixes: gh-5586
 2018-07-31 09:10:10 -05:00
Rob Winch
afa2d9cbc7 Remove ExchangeFilterFunctions 
Issue: gh-5612
 2018-07-30 15:34:44 -05:00
Rob Winch
262c1a77c6 Remove SecurityHeaders 
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612
 2018-07-30 15:34:40 -05:00
Rob Winch
483e25f821 HttpSessionRequestCache Allow Any SavedRequest 
Fixes: gh-5585
 2018-07-26 15:14:11 -05:00
Rob Winch
fa0565109b Add SimpleSavedRequest 
Fixes: gh-5581
 2018-07-26 15:14:11 -05:00
Rob Winch
f48404a6a0 Default Log In Pages Use HTTPS for CSS 
Fixes: gh-5539
 2018-07-18 20:06:17 -05:00
Rob Winch
d468d7e6da Cache Control disabled for 304 
Fixes: gh-5534
 2018-07-17 22:13:33 -05:00
Rob Winch
d595098823 Rename @TransientAuthentication to @Transient 
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
 2018-07-16 11:31:10 -05:00
Josh Cummings
28afb4e3d7 Access Denied Handling Defaults 
This introduces the capability for users to wire denial handling
by request matcher, similar to how users can already do with
authentication entry points.

This is handy for when denial behavior differs based on the contents
of the request, for example, when the Authorization header indicates
an OAuth2 Bearer Token request vs Basic authentication.

Fixes: gh-5478
 2018-07-16 10:40:46 -05:00
Josh Cummings
3c46727be1 Transient Authentication Tokens 
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
 2018-07-16 10:40:45 -05:00
Rob Winch
a3210c96d9 Default Log Out Page 
Fixes: gh-5516
 2018-07-15 19:45:20 -05:00
Rob Winch
05ed028f9d Modernize Default Log In Page 
Fixes: gh-5515
 2018-07-15 19:43:42 -05:00
Rob Winch
c3177a84a3 Override toString() in all RequestMatcher 
It makes it easier to debug having custom
toString().

Fixes: gh-5446
 2018-06-15 11:27:28 -05:00
Joe Grandja
48ef7c966d DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations 
Fixes gh-5394
 2018-05-29 10:14:50 -04:00
Rob Winch
b3ca598679 Add WebClient Bearer token support 
Fixes: gh-5389
 2018-05-25 15:17:08 -05:00
Rob Winch
6a12415d23 Add DelegatingServerLogoutHandler(List<ServerLogoutHandler> delegates) 
Issue: gh-4839
 2018-05-24 09:44:29 -05:00
Eric Deandrea
8c3fdb3bcf DelegatingServerLogoutHandler 
Create a ServerLogoutHandler which delegates to a group of
ServerLogoutHandler implementations.

Fixes gh-4839
 2018-05-24 09:39:12 -05:00
Rob Winch
73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Rob Winch
f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch
7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
ca9cd20832 Add DelegatingServerAuthenticationSuccessHandler 
Fixes: gh-5332
 2018-05-11 04:19:50 -05:00
Rob Winch
d874c4954e AuthenticationWebFilter handle empty Authentication 
Fixes: gh-5333
 2018-05-11 04:19:50 -05:00