Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.
Issue gh-8945
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.
Issue gh-8945
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.
Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.
Issue gh-8945
AuthenticationConverterServerWebExchangeMatcher is ServerWebExchangeMatcher implementation based on AuthenticationConverter which matches if ServerWebExchange can be converted to Authentication.
It can be used as a matcher where SecurityFilterChain should be matched based on used authentication method.
BearerTokenServerWebExchangeMatcher was replaced by this matcher.
Closes gh-8824
Before:
1. SimpleSavedRequest#getMethod returned null
2. SimpleSavedRequest(SavedRequest request) constructor did not set the method field from request
After:
1. SimpleSavedRequest#getMethod returns method property value
2. SimpleSavedRequest(SavedRequest request) constructor sets the method field from request
Closes gh-8675
While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall).
It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.
Adds methods to configure validation of header names and values and
parameter names and values:
* setAllowedHeaderNames(Predicate)
* setAllowedHeaderValues(Predicate)
* setAllowedParameterNames(Predicate)
* setAllowedParameterValues(Predicate)
By default, header names, header values, and parameter names that
contain ISO control characters or unassigned unicode characters are
rejected. No parameter value validation is performed by default.
Issue gh-8644
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
Phillip Webb
Joe Grandja
Eleftheria Stein
Artur Otrzonsek
Josh Cummings
Dávid Kováč
majian
Roman Sydorov
Rob Winch
Zeeshan Adnan
michal
Craig Andrews
Astushi Yoshikawa
cbornet