spring-security

Commit Graph

Author	SHA1	Message	Date
/usr/local/ΕΨΗΕΛΩΝ	2c1126c5aa	Improve AuthenticationManagerBeanDefinitionParser XML parsing Closes gh-7282	5 years ago
Eleftheria Stein	f91608dcba	Disable default logout page when logout disabled Closes gh-9475	5 years ago
Marcus Hert da Coregio	5a4cfe1226	Fix Adding Filter Relative to Custom Filter Closes gh-9787	5 years ago
Joe Grandja	99db0ca2c5	WebFlux httpBasic() matches on XHR requests Closes gh-9660	5 years ago
Rob Winch	adf3e94c9f	Fix HttpSecurity.addFilter* Ordering Closes gh-9633	5 years ago
Denis Washington	521706d496	Limit oauth2Login() links to redirect-based flows This prevents the generated login page from showing links for authorization grant types like "client_credentials" which are not redirect-based, and thus not meant for interactive use in the browser. Closes gh-9457	5 years ago
Josh Cummings	005eca7bd9	Fix Test Configuration - Typo in PlaceholderConfig was causing Windows builds to resolve the CLASSPATH environment variable Closes gh-9421	5 years ago
Josh Cummings	52ad49074d	Migrate SAML 2.0 Tests and Docs to PCFOne Issue gh-9362	5 years ago
Josh Cummings	0462c42290	Update Test Controllers Closes gh-9121	5 years ago
Artem Grankin	6dad918e7b	Replace expired msdn link with latest web archive copy Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016	5 years ago
Josh Cummings	0efdb2c92c	Polish WebSecurityConfigurerAdapter JavaDoc Issue gh-8784	6 years ago
Romil Patel	79d8b616f0	WebSecurityConfigurerAdapter JavaDoc Closes gh-8784	6 years ago
Evgeniy Cheban	bff6d82dd0	DefaultWebSecurityExpressionHandler uses RoleHierarchy bean Fixes gh-7059	6 years ago
Joe Grandja	674e2c0a8e	OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException Issue gh-8609	6 years ago
Eleftheria Stein	0e37c722e2	Revert "Temporarily ignore RSocket integration tests" This reverts commit `d5eeec0ae6`. Fixes gh-8643	6 years ago
Eleftheria Stein	d5eeec0ae6	Temporarily ignore RSocket integration tests Issue gh-8643	6 years ago
Rob Winch	24fd9579c5	Delay AuthenticationPrincipalArgumentResolver Creation Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its lookup. Closes gh-8613	6 years ago
Dávid Kovács	c399185365	Add ROLE_INFRASTRUCTURE to infrastructure beans Closes gh-8407	6 years ago
Rob Winch	7b34b223e6	Logout defaults to use Global SecurityContextServerLogoutHandler Closes gh-8375	6 years ago
hotire	f011c36ba4	Fix typo in Javadoc of ServerHttpSecurity#hasAuthority Closes gh-8336	6 years ago
Eleftheria Stein	bb654fdcdf	Fix HttpSecurity Javadoc Fixes gh-4404	6 years ago
Rob Winch	615f9a3f05	Fix HttpServlet3RequestFactory Logout Handlers Previously there was a problem with Servlet API logout integration when Servlet API was configured before log out. This ensures that logout handlers is a reference to the logout handlers vs copying the logout handlers. This ensures that the ordering does not matter. Closes gh-4760	6 years ago
Rob Winch	32c3353921	SpringTestContext returns ConfigurableWebApplicationContext Closes gh-8233	6 years ago
Josh Cummings	cb7786bf97	Malformed Bearer Token Returns 401 for WebFlux Fixes gh-7668	6 years ago
Joe Grandja	4706b16a2b	oauth2Login WebFlux does not auto-redirect for XHR request Fixes gh-8118	6 years ago
Eleftheria Stein	256aba7b37	Fix rsocket test Request route that exists; add additional error message verification Fixes gh-8154	6 years ago
Erik van Paassen	86e25ff2ab	Fix typo in Javadoc of HttpSecurity#csrf() `HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.	6 years ago
Markus Engelbrecht	75f22285c6	Fix typo 'properites' in documentation Fixes gh-8095	6 years ago
Josh Cummings	9092115b8a	Register Authentication Provider in Init Phase Fixes gh-8031	6 years ago
Stephane Maldini	0012e24c46	Don't force downcasting of RequestAttributes to ServletRequestAttributes Fixes gh-7953	6 years ago
Josh Cummings	c4ccc96655	Polish Error Messages for OpaqueTokenIntrospectors	6 years ago
Eleftheria Stein	9dd3dfe718	Fix requiresAuthenticationMatcher not being used The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863	6 years ago
Eleftheria Stein	edb6cd3729	Fix authenticationFailureHandler not being used The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782	6 years ago
Johannes Edmeier	cc956a66df	Don't cache requests with `Accept: text/event-stream` by default. The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..	6 years ago
Filip Hanik	b754a3d635	Use the custom ServerRequestCache that the user configures on for the default authentication entry point and authentication success handler Fixes gh-7721 https://github.com/spring-projects/spring-security/issues/7721 Set RequestCache on the Oauth2LoginSpec default authentication success handler import static ReflectionTestUtils.getField Feedback incorporated per https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359	6 years ago
Eleftheria Stein	0d24e2b8cf	Fix WebFlux logout disabling Fixes: gh-7682	6 years ago
Joe Grandja	e4aa3be4c5	WebFlux oauth2Login() redirects on failed authentication Fixes gh-5562 gh-6484	6 years ago
Alexey Nesterov	0babe7d930	Correctly configure authorization requests repository for OAuth2 login To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is correctly configured, but the latter always uses default, WebSession based repository. So authorization code created before redirect to authorization endpoint will never be found to complete OAuth2 login when custom ServerAuthorizationRequestRepository is used. This change also makes OAuth2Client and OAuth2Login authentication converters consistent. Fixes gh-7675	6 years ago
Eleftheria Stein	8a95e5798d	Update @MessageMapping to match input/output cardinality	6 years ago
Pim Moerenhout	cd0bec48de	Fix typo in log message.	6 years ago
Paul Pazderski	0d35194b47	Add sessionFixation Javadoc	6 years ago
Adrian Pena	ca8877c8c5	Updates javadoc for InitializeUserDetailsBeanManagerConfigurer	6 years ago
Eleftheria Stein	1188a3bb5f	Polish RememberMeConfigurer Issue: gh-4140	6 years ago
邓超	b13f750646	Retrieve remember-me key from service as fallback Fixes: gh-4140	6 years ago
Yanming Zhou	9f6a36444a	Add missing schemas	6 years ago
Josh Cummings	925bf48ec0	Polish OAuth2ResourceServerConfigurerTests To confirm that resource server only produces SCOPE_<scope> authorities by default. Issue gh-7596	6 years ago
Filip Hanik	0cafcf37e2	Make the loginProcessingUrl configurable for saml2Login() Fixes gh-7565 https://github.com/spring-projects/spring-security/issues/7565	6 years ago
Josh Cummings	5f17032ffd	Restore Removed Throws Clauses In a recent clean-up, certain exceptions were removed from various throws clauses. This PR re-introduces throws clauses that are important for one of the following reasons: 1. It's a method on a public interface 2. It's a method clearly designed for inheritance, for example, a method stub, an abstract method, or indicated as such in the docs. Fixes gh-7541	6 years ago
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	6 years ago
Vitalii Mahas	0ac5f5456f	Fix typo 'is' -> 'if' in javadoc	6 years ago

1 2 3 4 5 ...

1496 Commits (5.2.x)