0eef5b4b42
Add StrictHttpFirewall
8 years ago
6a0833165a
AuthorizationWebFilter handles null Authentication
...
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException
This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null
Fixes: gh-4966
8 years ago
921157cdcd
Remove explicit super() calls
8 years ago
57353d18e5
Use diamond type
8 years ago
c16456623f
Remove unused imports
8 years ago
70be0f3619
Mono<CsrfToken> saveToken->Mono<Void>
...
Issue: gh-4856
8 years ago
d55db837e1
CsrfWebFilter places Mono<CsrfToken>
...
Fixes: gh-4855
8 years ago
701933c7f7
Fix copyright start years
...
See gh-4655
See gh-4725
8 years ago
5f518d00e5
Apply Checkstyle EmptyStatementCheck module
...
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
8 years ago
be397b8b33
WebSessionServerSecurityContextRepository Polish
...
- map(WebSession::getAttributes)
- use Mono.justOrEmpty
Issue: gh-4843
8 years ago
8d30d6110b
WebSessionSecurityContextRepository custom session attribute name
...
Fixes: gh-4843
8 years ago
b7529be3d0
WebSessionSecurityContextRepository changes session id
...
Fixes: gh-4842
8 years ago
b19e14330f
WebSessionServerCsrfTokenRepository session fixation protection
...
Issue: gh-4842
8 years ago
75a7c5268a
ServerRequestCache.removeMatchingRequest
...
Issue: gh-4789
8 years ago
fffd781b03
Add localization to error messages from ExceptionTranslationFilter
...
Fixes gh-4504
8 years ago
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
8 years ago
64ad08e96d
ServerRedirectCache.getRequest->getRedirectUri
...
Issue: gh-4789
8 years ago
1d9b0760d5
ServerRequestCache uses URI
...
Issue: gh-4789
8 years ago
942b51dba7
Reactive Basic does not create session by default
...
Fixes: gh-4825
8 years ago
5f79fdd3eb
requiresLogoutMatcher naming polish
...
Issue: gh-4822
8 years ago
c1f94156f9
serverWebExchange->exchange
...
Issue: gh-4822
8 years ago
11f6e0477c
serverLogoutSuccessHandler->logoutSuccessHandler
...
Issue: gh-4822
8 years ago
bf570854b8
serverLogoutHandler->logoutHandler
...
Issue: gh-4822
8 years ago
1c977ca15f
serverRedirectStrategy->redirectStrategy
...
Issue: gh-4822
8 years ago
2cbdb4ba02
serverCsrfTokenRepository->csrfTokenRepository
...
Issue: gh-4822
8 years ago
3bfda6cff7
serverAccessDeniedHandler->accessDeniedHandler
...
Issue: gh-4822
8 years ago
9e82fc0b83
serverAuthenticationEntryPoint->authenticationEntryPoint
...
Issue: gh-4822
8 years ago
9cf0dc6b38
serverWebExchange->webExchange
...
Issue: gh-4822
8 years ago
520e0a5a68
serverAuthenticationSuccessHandler->authenticationSuccessHandler
...
Issue: gh-4822
8 years ago
5c83f92ddc
serverAuthenticationFailureHandler->authenticationFailureHandler
...
Issue: gh-4822
8 years ago
692233e431
ServerSecurityContextRepository members to securityContextRepository
...
Issue: gh-4822
8 years ago
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
8 years ago
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
8 years ago
8f6491b281
Add RedirectServerAuthenticationFailureHandler
...
Fixes gh-4816
8 years ago
060d8689fe
Make RedirectServer*Tests less specific
...
Issue: gh-4816
8 years ago
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
8 years ago
676020321e
Add reactive CsrfRequestDataValueProcessor
...
Fixes gh-4762
8 years ago
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
8 years ago
776364d403
ServerCsrfTokenRepository.saveToken return Mono<CsrfToken>
...
Fixes gh-4800
8 years ago
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
8 years ago
35706ad60a
Deserialize the principal in a neutral way
...
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
8 years ago
6fd9ff254b
Map values directly from the JSON nodes
...
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
8 years ago
a1fdb7dcb3
Update AbstractRememberMeServices.java
...
this file`s file encode is unkown,maybe is "Eddu Melendez"
8 years ago
832f5c39c1
SEC-3190: Add support for colons in remember-me token values
...
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons. so this
change urlencodes the individual tokens when creating the cookie
string; and urldecodes them decoding the cookie and extracting the
tokens. This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
8 years ago
93ac706d86
Polish XFrameOptionsHeaderWriter
...
Issue: gh-4559
8 years ago
02a78b17b9
Add check to see if return value is DENY
...
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.
This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
8 years ago
bed4ec7d18
Fix leading space characters reported by checkstyle
8 years ago
0771778b81
Polish more AssertJ assertions
8 years ago
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
8 years ago
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
8 years ago
Rob Winch
Johnny Lim
Eddú Meléndez
Benedikt Ritter
Frank Pavageau
SignleMR
Jeremy Waters
Nathan Wong
Antoine