spring-security

Author	SHA1	Message	Date
Marcus Da Coregio	dda98f333c	Polish Make encodingAlgorithm final and add it to the constructor Add since tags Add more tests	4 years ago
Marcus Da Coregio	e17fe8ced9	Add SHA256 as an algorithm option for Remember Me token hashing Closes gh-8549	4 years ago
Josh Cummings	20def5e25d	Consolidate ExpressionAuthorizationDecision Issue gh-11493	4 years ago
Marcus Da Coregio	7abea4a964	Add RuntimeHints suffix for RuntimeHintsRegistrar Closes gh-11497	4 years ago
Joe Grandja	177baba8c9	RuntimeHintsPredicates moved to predicate package	4 years ago
Marcus Da Coregio	6455e98745	FilterSecurityInterceptor applies to every request by default Closes gh-11466	4 years ago
Steve Riesenberg	206c6ffb54	Remove deprecation warnings with Context.putAll Closes gh-11476	4 years ago
Rob Winch	7da34cfa2c	Fix logging for AnonymousAuthenticationFilter Currently if trace logging is enabled a StackOverflowException is thrown when trying to resolve toString of the authentication. java.lang.StackOverflowError: null at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na] at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12] at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12] at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na] at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT] at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12] at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12] at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na] at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) Issue gh-11457	4 years ago
Rob Winch	0bf985ed7c	AnonymousAuthenticationFilter Avoids Eager SecurityContext Access Previously AnonymousAuthenticationFilter accessed the SecurityContext to determine if anonymous authentication needed setup eagerly. Now this is done lazily to avoid unnecessary access to the SecurityContext which in turn avoids unnecessary HTTP Session access. Closes gh-11457	4 years ago
Rob Winch	6510274854	Request Cache supports matchingRequestParameterName Closes gh-7157 gh-11453	4 years ago
Josh Cummings	d18ff25b95	Use SecurityContextHolderStrategy for NullSecurityContextRepository Issue gh-11060	4 years ago
Josh Cummings	05b788d1ac	Use SecurityContextHolderStrategy for Concurrency Filter Issue gh-11060 Issue gh-11061	4 years ago
Josh Cummings	a218d3e140	Use SecurityContextHolderStrategy for Async Requests Issue gh-11060 Issue gh-11061	4 years ago
Josh Cummings	5086409dcf	Use SecurityContextHolderStrategy for Digest Issue gh-11060	4 years ago
Josh Cummings	44d99f41a3	Use SecurityContextHolderStrategy for Switch User Issue gh-11060	4 years ago
Josh Cummings	83b3bb3209	Add SecurityContextHolderStrategy to Pre-authenticated scenarios Issue gh-11060 Issue gh-11061	4 years ago
Josh Cummings	944f565c16	Use SecurityContextHolderStrategy for Remember-me Issue gh-11060 Isuse gh-11061	4 years ago
Josh Cummings	b316a3217b	Add SecurityContextHolderStrategy for Jaas Issue gh-11060 Issue gh-11061	4 years ago
Josh Cummings	f3d99f557b	Use SecurityContextHolderStrategy for AuthenticationFilter Issue gh-11060	4 years ago
Josh Cummings	a7b58c2299	Polish SecurityContextHolderStrategy for Defaults gh-11060	4 years ago
Marcus Da Coregio	a8c30f79e6	Add Core, MVC and MethodSecurity runtime hints Closes gh-11431	4 years ago
Alonso Araya Calvo	7841827169	Adds the ability to set the CSRF Token cookie max age value Closes gh-11432	4 years ago
Rob Winch	b6d43e58c0	SecurityContextHolder Deferred SecurityContext Closes gh-10913	4 years ago
Rob Winch	d4a03dc2b1	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	4 years ago
Josh Cummings	a31a99b591	Add SecurityContextHolderStrategy to Default Components Issue gh-11060	4 years ago
j3graham	f3c96fa9cd	Remove dependency on commons-codec by using java.util.Base64 Closes gh-11318	4 years ago
Zhivko Delchev	1483a57018	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204	4 years ago
Josh Cummings	57fe5b8b5c	Fix Import Order Checkstyle Error Issue gh-9667	4 years ago
Evgeniy Cheban	5540bbcf0b	createEvaluationContext should defer lookup of Authentication - Added createEvaluationContext method that accepts Supplier<Authentication> - Refactored classes that use EvaluationContext to use lazy initialization of Authentication Closes gh-9667	4 years ago
Rob Winch	5b0dab5d3e	StrictHttpFirewall allows CJKV characters Closes gh-11264	4 years ago
Rob Winch	472c25b5e8	AntRegexRequestMatcher Optimization Closes gh-11234	4 years ago
Rob Winch	0df5ece758	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	4 years ago
Josh Cummings	0814136ee8	Polish WebExpressionAuthorizationManager - Add support for request variables - Added additional tests Issue gh-11105	4 years ago
Evgeniy Cheban	c4766e64fe	Add AuthorizationManager that uses ExpressionHandler Closes gh-11105	4 years ago
Rob Winch	f34ea188e2	RequestRejectedException is 400 by Default Closes gh-7568	4 years ago
Marcus Da Coregio	000b87f9aa	Revert "Use Spring Framework version 6.0.0-M3" This reverts commit b803e845e75da8e8927182dd5cb392bb592d51b6.	4 years ago
Marcus Da Coregio	806e05855c	Replace removed context-related operators Closes gh-11194	4 years ago
Marcus Da Coregio	b803e845e7	Use Spring Framework version 6.0.0-M3 Closes gh-11193	4 years ago
Marcus Da Coregio	195d767d98	Polish ServerWebExchangeDelegatingServerHttpHeadersWriter Issue gh-11073	4 years ago
David Herberth	0e2fc51bad	Add DelegatingServerHttpHeadersWriter Servlet Spring Security has DelegatingRequestMatcherHeaderWriter the reactive world of Spring Security was missing a class to conditionally write headers. Closes gh-11073	4 years ago
Rob Winch	3c259b4be5	Fix WebSessionReactiveSecurityRepository Supports Cache Fix the checkstyle for this feature Closes gh-8422	4 years ago
Rob Winch	1ef738ba34	WebSessionReactiveSecurityRepository Supports Cache	4 years ago
Rob Winch	9a9a43a0c0	ForceEagerSessionCreationFilter Closes gh-11109	4 years ago
Marcus Da Coregio	5367524030	Change the default of shouldFilterAllDispatchTypes to true Closes gh-11107	4 years ago
Marcus Da Coregio	84b5c76a7b	Add Option to Filter All Dispatcher Types Closes gh-11092	4 years ago
Rob Winch	0c2b9758fc	Deprecate loadContext(RequestResponseHolder) Fix gh-11032	4 years ago
Marcus Da Coregio	50f8df6f07	Use HttpStatusCode Closes gh-11091	4 years ago
Marcus Da Coregio	bc50146f60	Fix tests in AntPathRequestMatcherTests Closes gh-11090	4 years ago
Rob Winch	7be32872e9	Add DisableUrlRewritingFilter Closes gh-11084	4 years ago
Eleftheria Stein	c4e88415a5	Remove MessageSourceAware from ExceptionTranslationWebFilter Closes gh-11057	4 years ago

1 2 3 4 5 ...

1253 Commits (bbccc48d2ff1694df2bdbfa4ebcee0db57cdd171)