Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com>
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com>
The test should not provide SavedCookie.class to the ObjectMapper
since this is not done in production. In particular, it provides the
type that it should be deserialized, but this must be provided in the
JSON since the type is unknown at the time of deserialization.
Issue gh-17006
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
(see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
The new specification represents Cookie attribute using HttpOnly: "" vs
HttpOnly: "true".
This updates the test to correspond to the new Servlet specification and
is a breaking change related to jakarta updates.
Josh Cummings
yybmion
Joe Grandja
Rob Winch
Tran Ngoc Nhan
M-Faheem-Khan
kiruthiga1793
Steve Riesenberg
Ferdinand Jacobs
milaneuh
Shenker93
dependabot[bot]
Yanming Zhou
Max Batischev