spring-security

Commit Graph

Author	SHA1	Message	Date
Rob Winch	dcd2137418	LoginPageGeneratingWebFilter honors context path Closes gh-8807	6 years ago
Eleftheria Stein	a6dd119266	Mock request with non-standard HTTP method in test Fixes gh-8594	6 years ago
Rob Winch	bd93616567	Fix non-standard HTTP method for CsrfWebFilter Closes gh-8452	6 years ago
Josh Cummings	258627eaee	SwitchUserFilter Defaults to POST Fixes gh-4183	6 years ago
Zeeshan Adnan	a49a325db2	Fix exception for empty basic auth header token fixes spring-projectsgh-7976	6 years ago
Peter Keller	2dbedf7af5	Set charset of BasicAuthenticationFilter converter Allow BasicAuthenticationFilter to pick up the given credentials charset. Fixes: gh-7835	6 years ago
Rob Winch	29182abb34	Fix HttpHeaderWriterWebFilterTests Ensure setComplete() is subscribed to	6 years ago
Rob Winch	29eb8b9177	CompositeServerHttpHeadersWriter Executes Sequentially Fixes gh-7731	6 years ago
Rob Winch	bd6ff1f319	DelegatingServerAuthenticationSuccessHandler Executes Sequentially Fixes gh-7728	6 years ago
Rob Winch	6db7b457b7	DelegatingServerLogoutHandler Executes Sequentially Fixes gh-7723	6 years ago
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	6 years ago
Michel Palourdio	d26f40f062	DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.	6 years ago
Tadaya Tsuyukubo	62c7de03c3	Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter Moved the existing auth check logic to the matcher. Issue: gh-5928	6 years ago
Eleftheria Stein	264daec697	Test context relative URL with multiple schemes	6 years ago
Josh Cummings	b764af6b9b	CookieServerCsrfTokenRepositoryTests Leading Dot ResponseCookie removed support for having a leading dot in the cookie domain. Fixes gh-7500	6 years ago
Josh Cummings	7949dd492a	Move DelegatingServerAuthenticationSuccessHandlerTests Moved from src/test/groovy to src/test/java Issue gh-5332	6 years ago
Josh Cummings	5f905232cb	Polish CurrentSecurityContextArgumentResolvers Fixes gh-7487	6 years ago
Onur Kagan Ozcan	034b5e9e93	Introduce LogoutSuccessEvent LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout. By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event. This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency. Fixes gh-2900	6 years ago
Josh Cummings	7576dc44d7	AuthenticationFilter Session Fixation Protection Fixes gh-7446	6 years ago
Josh Cummings	aa12748c9b	Add Request-level CSRF Skip Fixes gh-7367	6 years ago
Filip Hanik	e9a44bc0ce	HttpSecurity.saml2login() - MVP Core Code Implements minimal SAML 2.0 login/authentication functionality with the following feature set: - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId} - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId} - Supports basic java-configuration via DSL - Provides an integration sample using Spring Boot Not implemented with this MVP - Single Logout - Dynamic Service Provider Metadata Fixes gh-6019	6 years ago
Josh Cummings	39e84013f7	ClearSiteDataHeaderWriter Directives Fixes gh-7347	6 years ago
Eleftheria Stein	ad0d3e9702	Polish remember me username check	6 years ago
Lars Grefer	95511331fa	fix checkstyle	7 years ago
Lars Grefer	34dd5fea30	Remove redundant throws clauses Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.	7 years ago
Daniel Wegener	1a233a58c7	Add OnCommittedResponseWrapper.setContentLengthLong Add setContentLengthLong tracking to OnCommittedResponseWrapper in order to detect commits on servlets that use setContentLengthLong to announce the entity size they are about to write (as used in the Apache Tomcat's DefaultServlet). Fixes gh-7261	7 years ago
Eleftheria Stein	4bc231872f	Expire as many sessions as exceed maximum allowed Fixes: gh-7166	7 years ago
Josh Cummings	9735a718cc	Remove MultiTenantAuthenticationManagerResolver Fixes gh-7259	7 years ago
Lars Grefer	ec6ca97226	Fix tests	7 years ago
Lars Grefer	ff1070df36	remove redundant modifiers found by checkstyle	7 years ago
Lars Grefer	fb39d9c255	Anonymous type can be replaced with lambda	7 years ago
Lars Grefer	05f42a4995	Remove unused imports	7 years ago
Lars Grefer	2306d987e9	Cleanup unnecessary boxing	7 years ago
Eddú Meléndez	496579dde2	Add match result for servlet requests Fixes gh-7148	7 years ago
Eddú Meléndez	f712c5598c	Add support for allowedHostnames in StrictHttpFirewall Introduce a new method `setAllowedHostnames` which perform the validation against untrusted hostnames. Fixes gh-4310	7 years ago
Lars Grefer	776a4c3760	Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers	7 years ago
Rob Winch	ad2f999c25	Polish BasicAuthenticationConverter This reverts to the old behavior from BasicAuthenticationFilter. Specifically, if a token has an empty password, it still parses a username and an empty String password. Issue gh-7025	7 years ago
Eleftheria Stein	b55322b2cb	Make basic authentication scheme case-insensitive Fixes: gh-7163	7 years ago
sbespalov	f1187bdfc2	issue/6506: AuthenticationConverter implementation	7 years ago
Clement Ng	ab6440db10	Throws exception when passed IP address with too long mask Fixes gh-2790	7 years ago
Lars Grefer	3ea9d376b2	Cleanup explicit type arguments	7 years ago
Lars Grefer	c5b5cc507c	Cleanup redundant type casts	7 years ago
Eleftheria Stein	758397f102	Allow configuration of headers through nested builder Issue: gh-5557	7 years ago
Lars Grefer	43737a56bd	Use foreach where possible	7 years ago
Josh Cummings	f5da63118e	Add MultiTenantAuthenticationManagerResolver A class with a number of handy request-based implementations of AuthenticationManagerResolver targeted at common multi-tenancy scenarios. Fixes: gh-6976	7 years ago
Rafiullah Hamedy	f6ed1db702	Introduced ReactiveAuthenticationManagerResolver Suitable for multi-tenant reactive applications needing to branch authentication strategies based on request details.	7 years ago
Clement Ng	e66369f6c6	Added null checks and tests to constructors RequestKey, JaasGrantedAuthority, and SwitchUserGrantedAuthority assume certain final members are non-null. Issue: gh-6892	7 years ago
Alexey Nesterov	9a67441507	Add x509 support for Reactive Security [gh #5038]	7 years ago
MD Sayem Ahmed	2c136f7b6c	Add Reactive Clear-Site-Data Support 1. A new implementation of ServerHttpHeadersWriter has been created to add Clear-Site-Data header support. 2. A new implementation of ServerLogoutHandler has been created which can be configured to write response headers during logout. 3. Added unit tests for both implementations. Fixes gh-6743	7 years ago
Josh Cummings	20a7bc4785	Improved DigestAuthenticationFilter Test Coverage Issue: gh-5462	7 years ago

1 2 3 4 5 ...

531 Commits (79d8b616f06da28d9b91c721a641bf36e1804e75)