Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Spring Security
8,772 Commits 30 Branches 330 Tags 114 MiB
Java 94.5%
Kotlin 4.8%
JavaScript 0.3%
Groovy 0.2%
Go to file
michal e113bd3c01 issue 5414 - configurable secure flag in CookieCsrfTokenRepository 
While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall).

It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.
 		2020-06-25 14:42:38 -05:00
.github Change pipeline to run for all base branches 2020-06-17 16:05:41 -05:00
.idea Add Checkstyle configuration for IntelliJ IDEA 2019-08-09 16:21:30 -05:00
acl Prevent StackOverflowError for AccessControlEntryImpl.hashCode 2020-05-21 09:53:35 -05:00
aspects Unlock dependencies 2020-05-06 17:27:35 -04:00
bom Use spring-build-conventions Bom plugin 2018-01-09 11:27:34 -06:00
buildSrc Replace VersionsResourceTasks with WriteProperties 2020-03-13 13:26:54 -05:00
cas Unlock dependencies 2020-05-06 17:27:35 -04:00
config Fix typo in Javadoc 2020-06-16 09:38:09 -04:00
core Polish ProviderManagerTests 2020-06-16 15:56:04 -06:00
crypto Remove unused field 'digester' in Md4PasswordEncoder 2020-05-21 11:19:03 -05:00
data Unlock dependencies 2020-05-06 17:27:35 -04:00
docs Replace whitelist with allowlist 2020-06-10 11:49:21 -05:00
etc Replace whitelist with allowlist 2020-06-10 11:49:21 -05:00
gradle Update to Gradle 6.4.1 2020-05-27 16:12:23 -06:00
itest Unlock dependencies 2020-05-06 17:27:35 -04:00
ldap Allow port=0 for ApacheDSContainer 2020-05-21 16:14:01 -05:00
messaging Unlock dependencies 2020-05-06 17:27:35 -04:00
oauth2 Fix typo in OAuth2AccessTokenResponse 2020-06-22 08:21:59 -04:00
openid Unlock dependencies 2020-05-06 17:27:35 -04:00
remoting Unlock dependencies 2020-05-06 17:27:35 -04:00
rsocket Add subscriberContext to PayloadSocketAcceptor delegate.accept 2020-06-05 12:22:19 -05:00
saml2/saml2-service-provider Use AssertJ 2020-06-18 11:54:33 -06:00
samples Document SAML Attribute Support 2020-06-18 11:42:49 -06:00
scripts Add custom release notes configuration file 2019-12-31 14:19:40 -05:00
taglibs Unlock dependencies 2020-05-06 17:27:35 -04:00
test Test beforeTestMethod delays creation of SecurityContext 2020-06-24 16:40:09 -05:00
web issue 5414 - configurable secure flag in CookieCsrfTokenRepository 2020-06-25 14:42:38 -05:00
.editorconfig Use UTF-8 for Java sources and XML 2019-08-14 08:47:00 -05:00
.gitignore Ignore Lock Files 2020-02-07 13:59:05 -06:00
CONTRIBUTING.adoc Use `Closes gh-<number>` 2020-06-11 15:34:35 -05:00
Jenkinsfile Use reactorVersion 20+ for snapshot tests 2020-06-19 10:41:00 -05:00
LICENSE.txt Add LICENSE.txt 2020-04-15 16:44:13 -05:00
README.adoc Remove Travis pipeline and README badge 2020-06-17 16:07:32 -05:00
build.gradle Update to spring-build-conventions:0.0.33.RELEASE 2020-06-25 11:26:15 -05:00
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 2009-12-02 22:44:30 +00:00
gradle.properties Update to Spring Boot 2.3.0 2020-05-27 16:12:23 -06:00
gradlew Update to Gradle 6.1.1 2020-02-04 23:36:47 -06:00
gradlew.bat Update to Gradle 5.5 2019-07-11 22:15:42 -04:00
notice.txt URL Cleanup 2019-03-19 23:53:23 -05:00
settings.gradle Upgrade to Gradle Enterprise Plugin 3.2 2020-03-27 12:44:12 -05:00

README.adoc 

image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]

= Spring Security

Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].

== Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]

== Downloading Artifacts
See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.

== Documentation
Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].

== Quick Start
We recommend you visit https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.

== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.

=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----

=== Install all spring-\* jars into your local Maven cache
[indent=0]
----
./gradlew install
----

=== Compile and test; build all jars, distribution zips, and docs
[indent=0]
----
./gradlew build
----

Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].

== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/services[Commercial support] is available too.

== Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc[contributor guidelines] for details.

== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].