spring-security

Commit Graph

Author	SHA1	Message	Date
Robert Winch	2848b95fe0	Merge Handle null value in OnCommittedResponseWrapper header methods	1 week ago
Josh Cummings	057e5181ea	Adjust Formatting Issue gh-18805 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 week ago
Tran Ngoc Nhan	178ca56aaf	Fallback defaultTargetUrl if refererHeader is empty Closes gh-18805 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 week ago
Robert Winch	51ce11cbd2	Move InetAddressMatcher to spring-security-core Closes gh-18979	1 week ago
Josh Cummings	bae4cdd765	Adjust for Nullability Issue gh-18973 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	1 week ago
Josh Cummings	b6e24db68c	Return Mono.empty on Empty POST Closes gh-18973 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 weeks ago
Daniel Garnier-Moiroux	aeb5fc1fb0	Fix HttpSessionRequestCache#getMatchingRequest query string parsing - URL parsing changed in framework 6.2, and fails when path contains a % sign. - The HttpSessionRequestCache only needs to inspect the query string, not the full URL. Fixes gh-16656 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	2 weeks ago
Andrey Litvitski	2fda37de53	Fix equals nullability annotations for jspecify compliance In this commit, we added `@Nullable` to equals methods of classes that support `jspecify` for consistency with other Spring projects and to avoid bugs that caused other Spring projects to do this natively. Closes: gh-18929, gh-18927 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2 weeks ago
Tran Ngoc Nhan	62f33d3fcf	Add equals and hashCode to HttpMethodRequestMatcher Closes gh-18911 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 weeks ago
Josh Cummings	d76fb7f2e6	Polish WebAttributes ApplicationContext Support Closes gh-8843 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 weeks ago
Ziqin Wang	e726c05e76	Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs The deserializer is updated to properly ignore unknown extensions. Closes gh-18643 Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>	3 weeks ago
Ziqin Wang	a7039fb3e6	Test Jackson 2 deserializer with unknown primitive WebAuthn ext Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>	3 weeks ago
Ziqin Wang	88ea668f47	Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>	3 weeks ago
Josh Cummings	8dcaa6dfcb	Polish Documentation Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	3 weeks ago
Andrey Litvitski	d1ce69ca99	Specify charset in WWW-Authenticate for Basic Auth In this commit, we add support for the charset from RFC-7617, which definitely solves the problem when the client does not know what charset we are parsing with. Closes: gh-18755 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	3 weeks ago
Vishnutheep B	07bfe371b4	Fix CookieRequestCache parameters Previously the parameters were not restored. This commit ensures the parameters are restored. Closes gh-18204 Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>	4 weeks ago
Robert Winch	fb84e24893	HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 Closes gh-18804	1 month ago
Robert Winch	1dae9aa459	Add Missing OnCommitedResponseWrapper Header Overrides Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader` methods. This means that if the `Content-Length` response header is specified using any of those methods then the response body length is not tracked and can be committed before the response headers are written. Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`. This issue is the underlying problem for spring-projects/spring-framework#36381 Closes gh-18797	1 month ago
Robert Winch	d31ca7a758	Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) Closes gh-18357	1 month ago
Josh Long	2dd2863550	aot improvements Signed-off-by: Josh Long <54473+joshlong@users.noreply.github.com>	1 month ago
Minu Kim	18068c9099	fix compile warning in spring-security-test Signed-off-by: Minu Kim <kmw106933@naver.com>	1 month ago
Robert Winch	cc6a005aa5	Add InetAddressMatcher Co-authored-by: Gábor Vaspöri <gabor.vaspori@gmail.com> Co-authored-by: Kian Jamali <kianjamali123@gmail.com> Co-authored-by: Rossen Stoyanchev <rstoyanchev@users.noreply.github.com>	1 month ago
Tran Ngoc Nhan	dbf7f4cfe5	Remove unused `@Nullable` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	dc8ed8b168	Fix checkstyle Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	17933ddab3	Resolve feedback Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	9323775c5f	Update javadoc and apply `StringUtils#hasLength` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	4cc5f543ab	Add author Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	67bc1d8d4a	Polish some methods Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	17b5cdde55	Remove redundant check and exception Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	21bef947b0	Use `String#isEmpty` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Andrey Litvitski	6fcca39500	Mark CsrfTokenRequestAttributeHandler#setCsrfRequestAttributeName as Nullable Closes: gh-18617 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	1 month ago
coehgns	0d3a5d210a	Add tests for PathPatternRequestMatcher path caching Verify parsed request path is cleared when matcher parses it, and preserved when already present. Signed-off-by: coehgns <modooboiroo@gmail.com>	2 months ago
Garvit Joshi	edd82ba82c	gh-18234: Create SHA-1 MessageDigest for every new check request Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>	2 months ago
Robert Winch	d7fbf3673a	Fix consistency with Nullability Usage Issue gh-18564	2 months ago
Robert Winch	9f8ac34c3b	Remove @NullUnmarked Closes gh-18491	2 months ago
Soumik Sarker	3f66d8b770	Fix format Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2 months ago
Soumik Sarker	ea26031a4d	Fix format Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2 months ago
Soumik Sarker	b1d98491cf	Removed nullUnmarked annotation from observability web classes Fixes #17815 Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2 months ago
Robert Winch	0993e5735e	Add missing @NullMarked Closes gh-18514	3 months ago
Robert Winch	048b6bdd88	Update to JDK 25 (release = 17) This commit updates the build to use JDK 25 while remaining compatable with JDK 17. Note that we must update our JAAS related tests to use release=25 due to the disabling of the Security Manager. See https://docs.oracle.com/en/java/javase/25/security/security-manager-is-permanently-disabled.html Closes gh-18512	3 months ago
Guillaume Husta	dd1f097131	Add @FunctionalInterface to RequestMatcher Add `@FunctionalInterface` to `RequestMatcher`. According to the documentation, it is a FunctionalInterface. See: https://docs.spring.io/spring-security/reference/6.5/servlet/authorization/authorize-http-requests.html#match-by-custom Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>	3 months ago
Andrey Litvitski	13f6286e04	Use DefaultParameterNameDiscoverer#getSharedInstance Closes: gh-18330 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	3 months ago
rigu1	0a6883c586	Fix Javadoc warnings in spring-security-web * Use <code> tags for external references in DelegatingMissingAuthorityAccessDeniedHandler and SwitchUserWebFilter * Fix typo in SessionAuthenticationException * Apply javadoc-warnings-error plugin Closes gh-18468 Signed-off-by: rigu1 <dlsrbtla@gmail.com>	3 months ago
Tran Ngoc Nhan	d20c88ecef	Format code Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	3 months ago
Tran Ngoc Nhan	79815e044e	Fix typos Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	3 months ago
Soumik Sarker	244b5a16be	Added test scope for NPE in RequestMethod Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	4 months ago
Josh Cummings	5662e17370	Add Nullable Annotations Added Nullable to methods that may return a null value Closes gh-18046	5 months ago
Rob Winch	aaf738f7ac	MFA is now Opt In This commit ensures that MFA is only performed when users opt in. By doing so, we allow users to decide if they will opt into the semantics of merging two Authentication instances. Closes gh-18126	5 months ago
Rob Winch	ccd39a23c9	Only perform MFA if Authentication.getName() is the same Closes gh-18112	5 months ago
Josh Cummings	793820acfa	Remove Authority Copying From Reactive We will re-address this when adding factors to ReactiveAuthenticationManager implementations. Issue gh-2603	5 months ago

1 2 3 4 5 ...

2021 Commits (2970d2baf9bc1e478394b63500e705dc77dfd3b5)