spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	2d96fba5cf	Add HttpsRedirectFilter Closes gh-16678	11 months ago
Josh Cummings	e569c7a39e	Fix Tests Issue gh-16517	11 months ago
topiam	85f0f3f34a	Support Custom RequestMatchers for WebAuthn Closes gh-16517 Signed-off-by: topiam <support@topiam.cn>	11 months ago
Rob Winch	9417f02790	Deprecate PortResolver Closes gh-15972	11 months ago
Rob Winch	5f5427bd03	PortResolver.NO_OP Closes gh-16666	11 months ago
Josh Cummings	588220a020	Add PathPatterRequestMatcher Closes gh-16429 Clsoes gh-16430	11 months ago
Steve Riesenberg	7fc5d50adf	Polish gh-16551	12 months ago
Max Batischev	0ccbd20f0a	Add Support ServerFormPostRedirectStrategy Closes gh-16542 Signed-off-by: Max Batischev <mblancer@mail.ru>	12 months ago
tejas-teju	c4b223266c	Return Invalid Credentials message on login error Closes gh-16484 Signed-off-by: tejas-teju <tejas8196@gmail.com>	12 months ago
Josh Cummings	946812691e	Make AuthenticatorAttestation Serializable Issue gh-16481	12 months ago
Max Batischev	b5a4218a0b	Make WebAuthnAuthenticationRequestToken Serializable Closes gh-16481 Signed-off-by: Max Batischev <mblancer@mail.ru>	12 months ago
Max Batischev	879b44f9a1	Make PublicKeyCredentialRequestOptions Serializable Closes gh-16432 Signed-off-by: Max Batischev <mblancer@mail.ru>	12 months ago
ying.li	6494ea9b18	fix for typo	12 months ago
Daniel Garnier-Moiroux	238f47ce5e	One Time Token login registers the default login page closes gh-16414 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	12 months ago
Daniel Garnier-Moiroux	5ee6b83953	Introduce OneTimeTokenAuthenticationFilter closes gh-16539 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	12 months ago
Max Batischev	be81377235	Add Support ServerGenerateOneTimeTokenRequestResolver Closes gh-16488 Signed-off-by: Max Batischev <mblancer@mail.ru>	12 months ago
Steve Riesenberg	54a6a19e05	Polish gh-16214 This commit applies the following changes: * Added local Content-Security-Policy with script-src nonce directive * Removed form-redirect.js and associated changes * Renamed to FormPostRedirectStrategy * Removed HtmlUtils usage * Moved to same package as DefaultRedirectStrategy	1 year ago
Craig Andrews	58534e7f60	Add FormRedirectStrategy to enable POST OIDC Logout FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method. Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler. Closes gh-13002 Signed-off-by: Craig Andrews <candrews@integralblue.com>	1 year ago
Max Batischev	61d92e9db9	Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver Signed-off-by: Max Batischev <mblancer@mail.ru>	1 year ago
NeoTraveler	e31f04bebc	`withValue` used incorrectly Closes gh-16525 Closes gh-16527 Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>	1 year ago
Steve Riesenberg	b32f4f1afc	Polish gh-16502	1 year ago
earlgrey02	1fa1848f9f	Add HttpStatusAccessDeniedHandler Signed-off-by: earlgrey02 <san06036@naver.com>	1 year ago
Max Batischev	c7bc4c98db	Make PublicKeyCredentialRequestOptions Serializable Closes gh-16432 Signed-off-by: Max Batischev <mblancer@mail.ru>	1 year ago
Josh Cummings	d043884e32	Support Serialization Issue gh-16276	1 year ago
Tran Ngoc Nhan	e557c7227b	Implement Serializable for WebAuthnAuthentication Closes gh-16273 Closes gh-16285 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 year ago
Max Batischev	474b5e151a	Add Support GenerateOneTimeTokenRequestResolver Closes gh-16291 Signed-off-by: Max Batischev <mblancer@mail.ru>	1 year ago
Daniel Garnier-Moiroux	bb8e757c4b	Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) closes gh-16458 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	1 year ago
Rob Winch	3209930cca	Add TestBytes Closes gh-16461	1 year ago
Max Batischev	80e8e14500	Add GenerateOneTimeTokenFilterTests	1 year ago
DingHao	f4491f388e	Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean Closes gh-16369 Signed-off-by: DingHao <dh.hiekn@gmail.com>	1 year ago
DingHao	8181cec06c	Set HttpMessageConverter by DSL Closes gh-16369 Signed-off-by: DingHao <dh.hiekn@gmail.com>	1 year ago
Josh Cummings	bbe4f87641	Mark Serialization Support for Events Issue gh-16276	1 year ago
DingHao	45f22a46e3	Use spring.security prefix instead of security.security Closes gh-16422 Signed-off-by: DingHao <dh.hiekn@gmail.com>	1 year ago
Josh Cummings	443af32314	Move Servlet Mocks to Web Issue gh-13551	1 year ago
Josh Cummings	244fd2eb51	Support Serialization in Exceptions Issue gh-16276	1 year ago
Josh Cummings	8e59fa1719	Don't Support Serialization for Jackson (De)serializers Issue gh-16276	1 year ago
Josh Cummings	8735368d9e	Don't Support Serialization of Jackson Modules Issu gh-16276	1 year ago
Josh Cummings	6f379aa907	Add Serializable to Csrf Components Issue gh-16276	1 year ago
Max Batischev	fd267dfb71	Add Support JdbcPublicKeyCredentialUserEntityRepository Closes gh-16224	1 year ago
Max Batischev	7b07ef5ff3	Add Support JdbcUserCredentialRepository Closes gh-16224	1 year ago
Max Batischev	38523faaa0	Remove Unused loggers Closes gh-16319	1 year ago
Max Batischev	e9bdb5b96e	Polish SecurityFilterChain Validation Issue gh-15982	1 year ago
Josh Cummings	1104b45832	Polish SessionLimit - Move to the web.authentication.session package since it is only needed by web.authentication.session elements and does not access any other web element itself. - Add Kotlin support - Add documentation Issue gh-16206	1 year ago
Claudenir Machado	1864577e98	Address SessionLimitStrategy Closes gh-16206	1 year ago
Josh Cummings	3eeb4317f6	Add setFavorRelativeUris This places the new functionality behind a setting so that we can remain passive until we can change the setting in the next major release. Issue gh-7273	1 year ago
Michal Okosy	7848b959da	Use relative URLs in /login redirects Closes gh-7273	1 year ago
Josh Cummings	27c2a8ad11	Add Serializable Compatibility to Web Authentication Exceptions Issue gh-16276	1 year ago
Yoshikazu Nojima	d7d5253607	Change attestation in PublicKeyCredentialCreationOptions to none The attestation option in PublicKeyCredentialCreationOptions is a parameter that controls whether to request attestation from the security key. However, Spring Security Passkeys currently doesn't implement attestation verification. Therefore, requesting attestation is unnecessary. Specifying `direct` to request attestation may trigger browsers to display additional privacy related dialog to users, so it is best to avoid specifying `direct` unnecessarily.	1 year ago
Rob Winch	6a0b683e60	StrictFirewallHttpRequest.buid returns StrictFirewallHttpRequest Closes gh-16069	1 year ago
Josh Cummings	4cbaabb239	Added Testing Issue gh-16177	1 year ago

1 2 3 4 5 ...

1878 Commits (72070cd19133d10e28baaec2448a92faee4f4bb7)