Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-08-01 15:13:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,795 Commits 39 Branches 351 Tags
Commit Graph

1858 Commits

Author SHA1 Message Date
Joe Grandja
a377175455 Merge branch '6.3.x' into 6.4.x 
Closes gh-17215
 2025-06-06 06:50:45 -04:00
Andrey Litvitski
b0f8aa5ea0 Fix to allow multiple AuthenticationFilter instances to process each request 
Closes gh-17173

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-06-06 06:37:03 -04:00
Josh Cummings
2989d12743
Merge branch '6.3.x' into 6.4.x 2025-05-23 11:35:25 -06:00
Joaquin Santana
c0568ea9b0 Log Request Mismatch Only When Mismatches 
Signed-off-by: Joaquin Santana <joaquinjsb@outlook.com>
 2025-05-23 11:34:48 -06:00
Josh Cummings
edc8735eb8
Merge branch '6.3.x' into 6.4.x 
Closes gh-17146
 2025-05-19 09:46:10 -06:00
Mark Putsiata
cae3467a8d Improve AbstractPreAuthenticatedProcessingFilter docs 
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.

Closes gh-14137

Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
 2025-05-19 09:45:53 -06:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Rob Winch
1f3dd53bdf
Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity 
Closes gh-16606
 2025-03-25 16:14:58 -05:00
Rob Winch
a6b5c05da9
Additional WebAuthn4jRelyingPartyOperationTests 
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
9c054474a8
Use Test Name Conventions 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
593f7c4490
Use !isAuthenticated 
It's more verbose to see if the user is not null and not anonymous

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch
4e20d56d2d
Fix format for WebAuthn4jRelyingPartyOperations 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Tomas Borghi
0a084135ec
Delete import unused 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 16:50:39 -03:00
Tomas Borghi
5571ad1b27
Fix issues identified in PR review 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:18:23 -03:00
Borghi
e3a715b8f5 Fix issues identified in PR review 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:00:27 -03:00
Steve Riesenberg
96cfbd1e6c
Merge branch '6.3.x' into 6.4.x 
Closes gh-16782
Closes gh-16783
Closes gh-16784
Closes gh-16785
Closes gh-16786
 2025-03-20 14:46:18 -05:00
Tran Ngoc Nhan
ab6e9d2d1f
Clarify WebInvocationPrivilegeEvaluator JavaDoc 
Closes gh-16529

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:10 -05:00
AB
d9a937f0c1
Correct Closing Tag 
Closes gh-16600

Signed-off-by: AB <a.bierler@xdev-software.de>
 2025-03-18 16:35:15 -06:00
Rob Winch
05116eabbd
Merge branch '6.3.x' into 6.4.x 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16756
 2025-03-17 14:18:49 -05:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Borghi
0bc9313fdd Fix bug PublicKeyCredentialUserEntityRepository saves anonymousUser 
Issue gh-16385

Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-02-16 22:50:34 -03:00
Josh Cummings
946812691e
Make AuthenticatorAttestation Serializable 
Issue gh-16481
 2025-02-14 13:07:56 -07:00
Max Batischev
b5a4218a0b Make WebAuthnAuthenticationRequestToken Serializable 
Closes gh-16481

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-14 11:51:46 -07:00
Max Batischev
879b44f9a1 Make PublicKeyCredentialRequestOptions Serializable 
Closes gh-16432

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-13 17:17:16 -07:00
NeoTraveler
e31f04bebc
withValue used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00
Josh Cummings
d043884e32
Support Serialization 
Issue gh-16276
 2025-01-23 16:44:45 -07:00
Tran Ngoc Nhan
e557c7227b
Implement Serializable for WebAuthnAuthentication 
Closes gh-16273
Closes gh-16285

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-23 13:53:26 -06:00
Daniel Garnier-Moiroux
bb8e757c4b
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) 
closes gh-16458

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-22 16:00:59 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Josh Cummings
bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Josh Cummings
8e59fa1719
Don't Support Serialization for Jackson (De)serializers 
Issue gh-16276
 2025-01-14 17:35:33 -07:00
Josh Cummings
8735368d9e
Don't Support Serialization of Jackson Modules 
Issu gh-16276
 2025-01-14 17:04:36 -07:00
Josh Cummings
6f379aa907
Add Serializable to Csrf Components 
Issue gh-16276
 2025-01-14 16:07:20 -07:00
Josh Cummings
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions 
Issue gh-16276
 2024-12-17 13:05:23 -07:00
Yoshikazu Nojima
d7d5253607 Change attestation in PublicKeyCredentialCreationOptions to none 
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
 2024-12-11 17:18:18 -06:00
Rob Winch
cb4c7e5886 Merge branch '6.3.x' 
Closes gh-16261
 2024-12-11 15:48:18 -06:00
Rob Winch
6a0b683e60 StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest 
Closes gh-16069
 2024-12-11 15:46:31 -06:00
Josh Cummings
4cbaabb239 Added Testing 
Issue gh-16177
 2024-12-10 14:09:46 -07:00
DingHao
f565b23b51 Restore Method Parameter Inheritance Support 
Closes gh-16177
 2024-12-10 14:09:46 -07:00
12OneTwo12
d39e329234 Add @inheritDoc to sessionIdChanged method 
Closes gh-16211
 2024-12-05 12:31:47 -07:00
Josh Cummings
d3a95c5c1e
Merge branch '6.3.x' 2024-12-05 09:52:55 -07:00
Josh Cummings
0f85da77be
Merge branch '6.2.x' into 6.3.x 
Closes gh-16219
 2024-12-05 09:52:32 -07:00
Josh Cummings
96a9cf0d2d
Restore Previous Behavior for Servlet 5 
Closes gh-16173
 2024-12-05 09:52:06 -07:00
Rob Winch
9c3b11914d webauthn registerCredential returns transports 
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.

This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.

Closes gh-16084
 2024-12-04 15:22:26 -06:00
DingHao
dc82a6e97e Remove the cache since UniqueSecurityAnnotationScanner has cached annotations internally 2024-12-04 09:18:12 -07:00
Daniel Garnier-Moiroux
46fe0124ba Add RuntimeHints for webauthn Javascript resource 2024-11-25 13:06:50 -06:00