spring-security

Commit Graph

Author	SHA1	Message	Date
Marcus Da Coregio	d884d9a461	Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains Closes gh-10554	4 years ago
Marcus Da Coregio	18427b6411	Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains Closes gh-10554	4 years ago
Josh Cummings	81a9302045	Polish enableSessionUrlRewriting Clarification Closes gh-7644	4 years ago
James Howe	c1b0e5930a	Clarify behaviour of enableSessionUrlRewriting See #3087	4 years ago
Josh Cummings	cd8983d4e5	Polish enableSessionUrlRewriting Clarification Closes gh-7644	4 years ago
James Howe	5598688fa6	Clarify behaviour of enableSessionUrlRewriting See #3087	4 years ago
Marcus Da Coregio	0beb725259	Add Cross Origin Policies headers Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers Closes gh-9385, gh-10118	4 years ago
Marcus Da Coregio	65426a40ec	Add Cross Origin Policies headers Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers Closes gh-9385, gh-10118	4 years ago
Marcus Da Coregio	263665ad55	Prevent using both authorizeRequests and authorizeHttpRequests Closes gh-10573	4 years ago
Marcus Da Coregio	ed3b0fbaad	Prevent using both authorizeRequests and authorizeHttpRequests Closes gh-10573	4 years ago
Steve Riesenberg	df0f6f83af	Polish gh-9597	4 years ago
Karl Tinawi	925d531cbe	Set details on authentication token created by HttpServlet3RequestFactory Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated. This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource. Closes gh-9579	4 years ago
Steve Riesenberg	d37ff18b69	Polish gh-9597	4 years ago
Karl Tinawi	c57fc309c2	Set details on authentication token created by HttpServlet3RequestFactory Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated. This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource. Closes gh-9579	4 years ago
Steve Riesenberg	074e38d565	Add missing since Issue gh-7765	4 years ago
Steve Riesenberg	3af619d565	Add hasIpAddress to Reactive Kotlin DSL Closes gh-10571	4 years ago
Steve Riesenberg	be802f57ba	Add hasIpAddress to Reactive Kotlin DSL Closes gh-10571	4 years ago
Steve Riesenberg	176f7b2b04	Add missing since Issue gh-7765	4 years ago
Josh Cummings	a68411566e	Polish Memory Leak Mitigation Issue gh-9841	4 years ago
Hiroshi Shirosaki	2bc643d6c8	Address SecurityContextHolder memory leak To get current context without creating a new context. Creating a new context may cause ThreadLocal leak. Closes gh-9841	4 years ago
Igor Pelesic	a3a9de1b9b	PermitAllSupport supports AuthorizeHttpRequestsConfigurer PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown. Closes gh-10482	4 years ago
Igor Pelesic	72109e2921	PermitAllSupport supports AuthorizeHttpRequestsConfigurer PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown. Closes gh-10482	4 years ago
Josh Cummings	78857c62f4	Polish Memory Leak Mitigation Issue gh-9841	4 years ago
Hiroshi Shirosaki	809ff883b0	Address SecurityContextHolder memory leak To get current context without creating a new context. Creating a new context may cause ThreadLocal leak. Closes gh-9841	4 years ago
Guirong Hu	43317c5a61	Support IP whitelist for Spring Security Webflux Closes gh-7765	4 years ago
Guirong Hu	9f51240bf1	Support IP whitelist for Spring Security Webflux Closes gh-7765	4 years ago
Josh Cummings	ba5a68ec63	Polish LdapAuthenticationPopulator Support PR gh-9276	4 years ago
Filip Hanik	ae08608011	LdapAuthoritiesPopulator should be postProcessed To enable customizations through withObjectPostProcessor	4 years ago
Norbert Nowak	4bc55769a3	Import cleanup Issue gh-10333	4 years ago
Norbert Nowak	4f186f2c1f	Move Dsl files to annotation Package Closes gh-10333	4 years ago
Marcus Da Coregio	25feedb870	Fix removal of framework deprecated code Issue https://github.com/spring-projects/spring-framework/issues/27686	4 years ago
« Christophe	e85958f65c	Fix CsrfConfigurer default AccessDeniedHandler consistency Fix when AccessDeniedHandler is specified per RequestMatcher on ExceptionHandlingConfigurer. This introduces evolutions on : - CsrfConfigurer#getDefaultAccessDeniedHandler, to retrieve an AccessDeniedHandler similar to the one used by ExceptionHandlingConfigurer. - OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to handle CsrfException with the default AccessDeniedHandler implementation Fixes: gh-6511	4 years ago
« Christophe	4318a51971	Fix CsrfConfigurer default AccessDeniedHandler consistency Fix when AccessDeniedHandler is specified per RequestMatcher on ExceptionHandlingConfigurer. This introduces evolutions on : - CsrfConfigurer#getDefaultAccessDeniedHandler, to retrieve an AccessDeniedHandler similar to the one used by ExceptionHandlingConfigurer. - OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to handle CsrfException with the default AccessDeniedHandler implementation Fixes: gh-6511	4 years ago
Rob Winch	0aa75e04b7	Fix imports for ChannelSecurityConfigurerTests gh-7997	4 years ago
Stephane Nicoll	2e4c6c3bf1	Avoid using SpEL to change the meaning of the injection point This commit removes the use of SpEL expression and replaces it with an explicit call to the underlying method.	4 years ago
Stephane Nicoll	61ee4e5a76	Avoid using SpEL to change the meaning of the injection point This commit removes the use of SpEL expression and replaces it with an explicit call to the underlying method.	4 years ago
Onur Kagan Ozcan	ef25304a30	Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes	4 years ago
Onur Kagan Ozcan	aa0f788f59	Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes	4 years ago
Josh Cummings	7b15098570	Update Spring Security to 5.7 Closes gh-10509	4 years ago
Josh Cummings	76ebbb84f7	Separate Namespace Servlet Docs Issue gh-10367	4 years ago
Josh Cummings	869e379099	Separate Namespace Servlet Docs Issue gh-10367	4 years ago
Marcus Da Coregio	caf4c47105	Remove CAS module Closes gh-10441	4 years ago
Marcus Da Coregio	db60df2f9c	Update to Spring Framework 6.0 Issue gh-10360	4 years ago
Marcus Da Coregio	b2e6c60d94	Remove remoting technologies support Closes gh-10366	4 years ago
Marcus Da Coregio	010f719344	Upgrade to JDK 17 Closes gh-10343	4 years ago
Marcus Da Coregio	12f3e908b0	Update to Spring Security 6.0	4 years ago
Rob Winch	e4a76b0ec9	Checkstyle Fixes - Javadoc tag ordering - Private constructors before inner classes Issue gh-10394	4 years ago
Marcus Da Coregio	2f1638ec57	Fix javadoc Closes gh-10382	4 years ago
Emil Sierżęga	cb70b6a39b	Fixed invalid usage of & tag in Javadocs	4 years ago
Emil Sierżęga	04b47c5928	Fixed various broken links in Javadocs	4 years ago

... 11 12 13 14 15 ...

2645 Commits (820e3f57504a7fb8fcc8a74e06a481ab47a10ea2)