The tag `spring.security.reached.filter.name` is only set if a
filter-name is available, otherwise the tag is omitted entirely. This
leads to issues with metric-exporters that don't support dynamic tags,
but rather expect tag-names of a metric to be always the same. The most
prominent example is the Prometheus-exporter.
Instead of omitting the tag if no filer-name is set, a none-value is
applied instead, making the tag-list consistent in all cases
Closes gh-13179
- Mark setCookieHttpOnly, setCookieDomain, setCookieMaxAge and
setSecure as deprecated.
- Add the method setCookieCustomizer which allows to set properties
to the ResponseCookieBuilder without having to add new setter methods.
Closes gh-12086
As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.
Issue gh-11960
Closes gh-12235
Fixes support for re-generating tokens within a request such as when
CsrfAuthenticationStrategy removes a null token and saves an empty
cookie value on the response.
Closes gh-12141
Sometimes InetSocketAddress#getAddress#getHostAddress retuns null.
In that case, call InetSocketAddress#getHostString instead.
There is no performance loss since IpAddressMatcher#matches attemptsi
to re-parse and resolve the address anyway.
Closes gh-11888
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
Josh Cummings
Marcus Da Coregio
Evgeniy Cheban
Krzysztof Krason
joerg-richter-5234
Dennis Frommknecht
Steve Riesenberg
bvn13
Christian Marck
Christian Schuster
twosom
Dayan Kodippily
Alex Montoya
David Becker
Daniel Garnier-Moiroux
Joe Grandja