a4c088a3b3
Introducing WebSessionServerLogoutHandler
...
Closes gh-4838
4 years ago
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
4 years ago
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
4 years ago
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
5 years ago
f800d2c993
Add hamcrest dependency
5 years ago
b6ff4d3674
Fix mockito UnnecessaryStubbingException
5 years ago
3e93b024d6
openrewrite Junit Migration
5 years ago
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
5 years ago
d121ab9565
Support A Well-Known URL for Changing Passwords
...
Closes gh-8657
5 years ago
3219fd554d
DigestAuthenticationFilter decodes nonce only once
...
Closes gh-8455
5 years ago
3bb8e1d200
Remove redundant translations in spring-security-web
5 years ago
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen
5 years ago
ca76c54471
Polish CsrfWebFilterTests
...
Issue gh-9113
5 years ago
0c8b6df82a
Cache Mono that generate the CSRF token
...
Closes gh-9113
5 years ago
baac9e0cf2
Properly clean cookies with context path after logout
...
Closes gh-8846
5 years ago
2a7998d0fc
Adjust createNewSessionIfAllowed to prevent NPE
...
Ensure that isTransientAuthentication reuses the same authentication object from saveContext
Closes gh-8947
5 years ago
cf74ad3a52
Anonymous in ExceptionTranslationWebFilter
...
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.
Closes gh-9130
5 years ago
a7fbae8355
Add test for RequestedUrlRedirectInvalidSessionStrategy
5 years ago
0e6d47b082
Add guard around debug logging involving string concatenation
5 years ago
0af74ce134
Use ServletUriComponentsBuilder instead of UrlPathHelper
5 years ago
2bcd4627fa
Eliminate use of Optional
5 years ago
10a264c144
Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy
...
Performs a redirect to the original request URL when an invalid requested session is detected.
In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
5 years ago
df6ebc7051
Rename DelegatingAuthorizationManager
...
Closes gh-9692
5 years ago
e2993d93e1
Make Csrf cookie secure flag configurable (WebFlux)
...
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.
Closes gh-9678
5 years ago
cb6e4f4a11
Add NPE Guards
...
- Like values, names are only validated if they are not null
Closes gh-9598
5 years ago
7dc4de05b1
Add guard around logger.debug statement
...
The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled
5 years ago
4f7d529c5d
Polish Csrf Tests
...
Issue gh-9561
5 years ago
87ed527023
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
5 years ago
f3f1106624
Update io.spring.javaformat to 0.0.27
...
Closes gh-9553
5 years ago
60d3db5798
add management platform(project(":spring-security-dependencies"))
...
Closes gh-9540
5 years ago
1a76ee7442
Update Gradle configuration names
...
Closes gh-9540
5 years ago
4a492846f1
Revert "Lock dependencies for 2.5.0-M3"
...
This reverts commit f05cc6269c
5 years ago
f05cc6269c
Lock dependencies for 2.5.0-M3
5 years ago
95da12110b
Additional Test for HttpSessionSecurityContextRepository
...
Issue gh-9387
5 years ago
3116369f02
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
5 years ago
c4be1c6a56
Revert "Lock Dependencies"
...
This reverts commit a85caa4098
5 years ago
a85caa4098
Lock Dependencies
5 years ago
107f38fff9
Polish Tests
...
Issue gh-9331
5 years ago
873b9bdbca
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
5 years ago
77484018bb
Reconsider AntPathRequestMatcher matching logic
...
Closes gh-9285
5 years ago
0201c31deb
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
5 years ago
a1083d9a5c
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
5 years ago
160a4a3676
Reformat MvcRequestMatcher
...
- Moved related private methods together
Issue gh-9284
5 years ago
8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods
...
Closes gh-9284
5 years ago
848bd44837
Remove unused code
...
Issue gh-9203
5 years ago
40e027c56d
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
5 years ago
c066e23a86
Add @since attributes
...
Issue gh-8900
5 years ago
34b4b1054f
Add AuthorizationManager
...
Closes gh-8900
5 years ago
5306d4c4d5
Minor cleanup on Ant / Regex Request Matchers
...
- Removed duplicative code for transforming String into HttpMethod
- Removed an unnecessary array initialization
5 years ago
6be25df1db
Introduced DispatcherType request matcher
...
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.
Closes gh-9205
5 years ago
Bogdan Ilchyshyn
Hiroshi Shirosaki
Josh Cummings
Rob Winch
Evgeniy Cheban
Alexey Markevich
Steve Riesenberg
Ruben Suarez Alvarez
Tomoki Tsubaki
AlexeyAnufriev
Marcus Hert da Coregio
César Revert
Craig Andrews
Thomas Vitale
佚名
Eleftheria Stein
happier233
Zeeshan Adnan
Rob Winch
Nick McKinney