Tree: beca5ccbad

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/main/ch.qos.logback-logback-classic-1.5.27

dependabot/gradle/main/io.spring.nullability-io.spring.nullability.gradle.plugin-0.0.11

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'beca5ccbad'

${ noResults }

Commit Graph

1736 Commits (beca5ccbad0ddec00cecd9a17e129a359295ca7e)

Author	SHA1	Message	Date
Rob Winch	7f714ebb23	SEC-2422: Session timeout detection with CSRF protection	12 years ago
David Alberto	f9998d582a	Correct typo in AbstractRememberMeServices assertion	12 years ago
Rob Winch	59e13e7bbb	SEC-2404: CsrfAuthenticationStrategy creates new valid CsrfToken	12 years ago
Rob Winch	1a1f577a8b	SEC-2358: Add RequestHEaderRequestMatcher#toString()	12 years ago
Rob Winch	e638f0a547	SEC-2357: old RequestMatcher interface extends new RequestMatcher	12 years ago
Rob Winch	04b091c385	SEC-2369: PreAuthenticatedGrantedAuthoritiesUserDetailsService fix case to createUserDetails method	12 years ago
Rob Winch	15a63c58a7	SEC-2368: DebugFilter outputs headers and HTTP method	12 years ago
Rob Winch	1351c8bada	SEC-2362: Clarify AbstractRememberMeServices loginSuccess javadoc	12 years ago
Adrien be	e50b587d60	SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd	12 years ago
Rob Winch	0b0e7dbea9	SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter	12 years ago
Rob Winch	51171efa7a	SEC-2357: Move *RequestMatcher to .matcher package	12 years ago
Rob Winch	45ad74a0bd	SEC-2357: Fix package cycles	12 years ago
Rob Winch	14b9050616	SEC-2357: Move *RequestMatchers to .matchers package	12 years ago
Rob Winch	7d99436740	SEC-2358: Add RequestHeaderRequestMatcher	12 years ago
Rob Winch	0ac1176152	Polish RequestMatcher logging and toString	13 years ago
Rob Winch	cffbefadd1	SEC-2306: Fix Session Fixation logging race condition ... Previously session fixation protection could output an incorrect warning that session fixation protection did not work. The code now synchronizes on WebUtils.getSessionMutex(..).	13 years ago
kazuki43zoo	611a97023d	SEC-2352: HttpSessionCsrfTokenRepository lazy session creation	13 years ago
Rob Winch	17efd25717	SEC-2331: Include Expires: 0 in security headers documentation	13 years ago
Rob Winch	cea0cf9260	SEC-2243: Remove additional Debug Filter	13 years ago
Rob Winch	b591881e95	SEC-2302: Provide beforeSpringSecurityFilterChain hook ... This allows inserting filters before the springSecurityFilterChain.	13 years ago
Rob Winch	ddc0ef7ab3	SEC-2339: Added Logical (Or, And, Negated) RequestMatchers	13 years ago
Rob Winch	788ba9a1fa	SEC-2329: Allow injecting of AuthenticationTrustResolver	13 years ago
Rob Winch	9133c33f1d	SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache ... The method getRequest use to cast to DefaultRequestCache, but this is not necessary. Now the cast is to SavedRequest.	13 years ago
Rob Winch	8f8c6169e8	SEC-2331: Cache Control now includes Expires: 0	13 years ago
Rob Winch	0114b457c0	SEC-2330: CacheControlHeadersWriter use a single header	13 years ago
Rob Winch	32e9239fd2	SEC-2320: AuthenticationPrincipal can be null on invalid type ... Previously a ClassCastException was thrown if the type was invalid. Now a flag exists on AuthenticationPrincipal which indicates if a ClassCastException should be thrown or not with the default being no error.	13 years ago
Rob Winch	b22acd0768	SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet	13 years ago
Rob Winch	8e74407381	SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated ... See throws documentation at http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29	13 years ago
Rob Winch	e8ac11641b	SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer	13 years ago
Rob Winch	43f4d01cf3	SEC-2292: Add test to assert CSRF bypass of methods is case sensitive ... HTTP methods should be case sensitive, so add test to ensure that this is the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1	13 years ago
Rob Winch	6e9fb7930b	SEC-2298: Add AuthenticationPrincipalArgumentResolver	13 years ago
Rob Winch	086056f191	SEC-2289: Make compatible with Spring 4 as well ... There are a few subtle changes in Spring 4 that this commit addresses	13 years ago
Rob Winch	26166ef6e8	SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3	13 years ago
Rob Winch	3f69847a4e	SEC-2286: Log invalid CSRF tokens at debug level	13 years ago
Rob Winch	33db440961	SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions	13 years ago
Rob Winch	534989c8ea	SEC-2103: Fix tests to verify debug logging instead of info	13 years ago
Rob Winch	acb2b680d0	SEC-2103: Change log of no results to debug	13 years ago
Rob Winch	48283ec004	SEC-2276: Delay saving CsrfToken until token is accessed ... This also removed the CsrfToken from the response headers to prevent the token from being saved. If user's wish to return the CsrfToken in the response headers, they should use the CsrfToken found on the request.	13 years ago
Rob Winch	e9bb9e766e	SEC-1574: Add CSRF Support	13 years ago
Rob Winch	797df51264	SEC-2135: Support HttpServletRequest#changeSessionId()	13 years ago
Rob Winch	75fb971d23	SEC-2221: Fix the ignored media types to use includes instead of equals	13 years ago
Rob Winch	13da42ca1b	SEC-2137: Allow disabling session fixation and enable concurrency control	13 years ago
Rob Winch	867f02e8ac	SEC-2249: AbstractSecurityWebApplicationInitializer does not delegate WebApplicationInitializer ... Previously AbstractSecurityWebApplicationInitializer delegated to a WebApplicationInitializer, but it caused issues in some instances where a container would pass the annonymous inner class to SpringServletContainerInitializer which caused errors on startup. Now AbstractSecurityWebApplicationInitializer registers the ContextLoaderListener on its own instead of delegating.	13 years ago
Rob Winch	e8278f3b9b	SEC-2249: AbstractSecurityWebApplicationInitializer allows register config	13 years ago
Rob Winch	fdb73fac23	Remove @Override from interface define methods	13 years ago
Rob Winch	94a73fee37	SEC-2230: Polish scoping and finals	13 years ago
Rob Winch	606bddf598	SEC-2230: Add Header JavaConfig ... Added JavaConfig for Headers. In the process, more HeaderWriter instances were added so that we can reuse logic between the XML and JavaConfig. This also prompted repackaging the writers.	13 years ago
Rob Winch	c85328c5d1	SEC-2230: HTTP Strict Transport Security (HSTS)Add support for Strict ... This is a distinct filter as apposed to reusing StaticHeaderWriter since the specification specifies that the "Strict-Transport-Security" header should only be set on secure requests. It would not make sense to require DelegatingRequestMatcherHeaderWriter since this requirement is in the specification.	13 years ago
Rob Winch	8013cd54d6	SEC-2230: Added Cache Control support	13 years ago
Rob Winch	7b164bb5e1	SEC-2230: Polish pull request	13 years ago