e48f26e51e
Propagate StrictFirewallRequest Wrapper
...
Closes gh-16978
9 months ago
857ef6fe08
WithHttpOnlyCookie defaults to false
...
Closes gh-16820
Signed-off-by: DingHao <dh.hiekn@gmail.com>
10 months ago
a6b5c05da9
Additional WebAuthn4jRelyingPartyOperationTests
...
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed
Issue gh-16385
10 months ago
9c054474a8
Use Test Name Conventions
...
Issue gh-16385
10 months ago
593f7c4490
Use !isAuthenticated
...
It's more verbose to see if the user is not null and not anonymous
Issue gh-16385
10 months ago
4e20d56d2d
Fix format for WebAuthn4jRelyingPartyOperations
...
Issue gh-16385
10 months ago
0a084135ec
Delete import unused
...
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
10 months ago
5571ad1b27
Fix issues identified in PR review
...
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
10 months ago
e3a715b8f5
Fix issues identified in PR review
...
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
10 months ago
ab6e9d2d1f
Clarify WebInvocationPrivilegeEvaluator JavaDoc
...
Closes gh-16529
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
10 months ago
d9a937f0c1
Correct Closing Tag
...
Closes gh-16600
Signed-off-by: AB <a.bierler@xdev-software.de>
11 months ago
adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
11 months ago
0bc9313fdd
Fix bug PublicKeyCredentialUserEntityRepository saves anonymousUser
...
Issue gh-16385
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
12 months ago
946812691e
Make AuthenticatorAttestation Serializable
...
Issue gh-16481
12 months ago
b5a4218a0b
Make WebAuthnAuthenticationRequestToken Serializable
...
Closes gh-16481
Signed-off-by: Max Batischev <mblancer@mail.ru>
12 months ago
879b44f9a1
Make PublicKeyCredentialRequestOptions Serializable
...
Closes gh-16432
Signed-off-by: Max Batischev <mblancer@mail.ru>
12 months ago
e31f04bebc
`withValue` used incorrectly
...
Closes gh-16525
Closes gh-16527
Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
12 months ago
d043884e32
Support Serialization
...
Issue gh-16276
1 year ago
e557c7227b
Implement Serializable for WebAuthnAuthentication
...
Closes gh-16273
Closes gh-16285
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
1 year ago
bb8e757c4b
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...)
...
closes gh-16458
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
1 year ago
3209930cca
Add TestBytes
...
Closes gh-16461
1 year ago
bbe4f87641
Mark Serialization Support for Events
...
Issue gh-16276
1 year ago
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
1 year ago
8e59fa1719
Don't Support Serialization for Jackson (De)serializers
...
Issue gh-16276
1 year ago
8735368d9e
Don't Support Serialization of Jackson Modules
...
Issu gh-16276
1 year ago
6f379aa907
Add Serializable to Csrf Components
...
Issue gh-16276
1 year ago
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions
...
Issue gh-16276
1 year ago
d7d5253607
Change attestation in PublicKeyCredentialCreationOptions to none
...
The attestation option in PublicKeyCredentialCreationOptions is a
parameter that controls whether to request attestation from the security key.
However, Spring Security Passkeys currently doesn't implement attestation verification.
Therefore, requesting attestation is unnecessary.
Specifying `direct` to request attestation may trigger browsers to
display additional privacy related dialog to users, so it is best to
avoid specifying `direct` unnecessarily.
1 year ago
6a0b683e60
StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest
...
Closes gh-16069
1 year ago
4cbaabb239
Added Testing
...
Issue gh-16177
1 year ago
f565b23b51
Restore Method Parameter Inheritance Support
...
Closes gh-16177
1 year ago
d39e329234
Add @inheritDoc to sessionIdChanged method
...
Closes gh-16211
1 year ago
96a9cf0d2d
Restore Previous Behavior for Servlet 5
...
Closes gh-16173
1 year ago
9c3b11914d
webauthn registerCredential returns transports
...
The webauthn support previously did not pass the transports to webauthn4j.
This meant that the result of
Webauthn4jRelyingPartyOperations.registerCredential did not have any
transports either.
This commit ensures that the transports are passed to the webauth4j lib
and then returned in the result of registerCredential.
Closes gh-16084
1 year ago
dc82a6e97e
Remove the cache since UniqueSecurityAnnotationScanner has cached annotations internally
1 year ago
46fe0124ba
Add RuntimeHints for webauthn Javascript resource
1 year ago
fa5fc6dd62
Fix checkstyle errors for toLower/toUpperCase usage
1 year ago
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
1 year ago
a7bf8f7cc6
Require Locale argument for toLower/toUpperCase usage
1 year ago
285d16b046
Polish IpAddressMatcher
...
(cherry picked from commit 83a79159b8
1 year ago
ddf4542a9e
Add hasText assertion to IpAddressMatcher constructor
...
Issue gh-15527
(cherry picked from commit 3a29819651
1 year ago
554df6fab6
Fix NPE in IpAddressMatcher
...
Closes gh-15527
(cherry picked from commit 52de894c3c
1 year ago
0eaffb37e7
Require Locale argument for toLower/toUpperCase usage
1 year ago
83a79159b8
Polish IpAddressMatcher
1 year ago
3a29819651
Add hasText assertion to IpAddressMatcher constructor
...
Issue gh-15527
1 year ago
52de894c3c
Fix NPE in IpAddressMatcher
...
Closes gh-15527
1 year ago
a1526361b6
webauthn: introduce DefaultResourcesFilter#webauthn
1 year ago
8f1c892fb7
Remove unnecessary parentheses and add static final field
1 year ago
055ec57737
Fix not exist class in WebFilterChainProxy java doc
1 year ago
f46e56de78
Improve Error Message for Conflicting Filter Chains
...
Closes gh-15874
1 year ago
Josh Cummings
DingHao
Rob Winch
Tomas Borghi
Tran Ngoc Nhan
AB
Max Batischev
NeoTraveler
Daniel Garnier-Moiroux
Yoshikazu Nojima
12OneTwo12
Joe Grandja
Steve Riesenberg
nomoreFt
Josh Cummings