Tree: cb94fb2c99

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.4.x/ch.qos.logback-logback-classic-1.5.25

dependabot/gradle/6.4.x/io.spring.develocity.conventions-0.0.25

dependabot/gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.41.Final

dependabot/gradle/6.5.x/ch.qos.logback-logback-classic-1.5.25

dependabot/gradle/6.5.x/io.spring.develocity.conventions-0.0.25

dependabot/gradle/6.5.x/org.hibernate.orm-hibernate-core-6.6.41.Final

dependabot/gradle/main/com.fasterxml.jackson-jackson-bom-2.20.2

dependabot/gradle/main/io.spring.develocity.conventions-0.0.25

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'cb94fb2c99'

${ noResults }

Commit Graph

426 Commits (cb94fb2c9993bd752cd9ab8992a57aee34b041d5)

Author	SHA1	Message	Date
Rob Winch	2082d3747a	SEC-2578: HttpSessionSecurityContextRepository traverses HttpServletResponseWrapper	12 years ago
Mattias Severson	2b3becf666	SEC-2573: RequestHeaderRequestMatcher constructor argument name has typo	12 years ago
Rob Winch	8baf82532c	SEC-2015: Add spring-security-test	12 years ago
Rob Winch	c0590e614a	SEC-2177: Polish	12 years ago
Maciej Zasada	7cf37856c0	SEC-2177: Striping off all leading schemes ... Striping off all leading schemes in the DefaultRedirectStrategy, so it will be less vulnerable to open redirect phishing attacks. More info can be found at SEC-2177 JIRA issue.	12 years ago
Julien Dubois	7325b97c76	SEC-2519: RememberMeAuthenticationException supports root cause ... Added a constructor which keeps the root cause of the exception, and added some documentation	12 years ago
Rob Winch	ea902e5829	SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation	12 years ago
Rob Winch	e15cee62f4	SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header	12 years ago
getvictor	6de138c2f2	SEC-2511: Remove double ALLOW-FROM from X-Frame-Options header. ... The interface documentation for getAllowFromValue states: Gets the value for ALLOW-FROM excluding the ALLOW-FROM.	12 years ago
Rob Winch	8d8475deb1	SEC-2455: form-login@login-processing-url & logout@logout-url use matchers ... Remove the deprecation warnings of using setFilterProcessingUrl by invoking the matcher methods instead.	12 years ago
Rob Winch	2df5541905	SEC-2448: Update to HSQL 2.3.1	12 years ago
Rob Winch	ca1080fb96	SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter	12 years ago
Rob Winch	aaa7cec32e	SEC-2326: CsrfRequestDataValueProcessor implements RequestDataValueProcessor ... Previously there was unecessary complexity in CsrfRequestDataValueProcessor due to the non-passive changes in RequestDataValueProcessor. Now it simply implements the interface with the methods for both versions of the interface. This works since linking happens at runtime.	12 years ago
Rob Winch	7f714ebb23	SEC-2422: Session timeout detection with CSRF protection	12 years ago
David Alberto	f9998d582a	Correct typo in AbstractRememberMeServices assertion	12 years ago
Rob Winch	59e13e7bbb	SEC-2404: CsrfAuthenticationStrategy creates new valid CsrfToken	12 years ago
Rob Winch	1a1f577a8b	SEC-2358: Add RequestHEaderRequestMatcher#toString()	12 years ago
Rob Winch	e638f0a547	SEC-2357: old RequestMatcher interface extends new RequestMatcher	12 years ago
Rob Winch	04b091c385	SEC-2369: PreAuthenticatedGrantedAuthoritiesUserDetailsService fix case to createUserDetails method	12 years ago
Rob Winch	15a63c58a7	SEC-2368: DebugFilter outputs headers and HTTP method	12 years ago
Rob Winch	1351c8bada	SEC-2362: Clarify AbstractRememberMeServices loginSuccess javadoc	12 years ago
Adrien be	e50b587d60	SEC-2360: AbstractRememberMeServices provide message for Assert on key fieldd	12 years ago
Rob Winch	0b0e7dbea9	SEC-2359: Merge DefaultLoginPageViewFilter w/ DefaultLoginPageGeneratingFilter	12 years ago
Rob Winch	51171efa7a	SEC-2357: Move *RequestMatcher to .matcher package	12 years ago
Rob Winch	45ad74a0bd	SEC-2357: Fix package cycles	12 years ago
Rob Winch	14b9050616	SEC-2357: Move *RequestMatchers to .matchers package	12 years ago
Rob Winch	7d99436740	SEC-2358: Add RequestHeaderRequestMatcher	12 years ago
Rob Winch	0ac1176152	Polish RequestMatcher logging and toString	12 years ago
Rob Winch	cffbefadd1	SEC-2306: Fix Session Fixation logging race condition ... Previously session fixation protection could output an incorrect warning that session fixation protection did not work. The code now synchronizes on WebUtils.getSessionMutex(..).	12 years ago
kazuki43zoo	611a97023d	SEC-2352: HttpSessionCsrfTokenRepository lazy session creation	12 years ago
Rob Winch	17efd25717	SEC-2331: Include Expires: 0 in security headers documentation	12 years ago
Rob Winch	cea0cf9260	SEC-2243: Remove additional Debug Filter	13 years ago
Rob Winch	b591881e95	SEC-2302: Provide beforeSpringSecurityFilterChain hook ... This allows inserting filters before the springSecurityFilterChain.	13 years ago
Rob Winch	ddc0ef7ab3	SEC-2339: Added Logical (Or, And, Negated) RequestMatchers	13 years ago
Rob Winch	788ba9a1fa	SEC-2329: Allow injecting of AuthenticationTrustResolver	13 years ago
Rob Winch	9133c33f1d	SEC-2246: HttpSessionRequestCache.getRequest casts to RequestCache ... The method getRequest use to cast to DefaultRequestCache, but this is not necessary. Now the cast is to SavedRequest.	13 years ago
Rob Winch	8f8c6169e8	SEC-2331: Cache Control now includes Expires: 0	13 years ago
Rob Winch	0114b457c0	SEC-2330: CacheControlHeadersWriter use a single header	13 years ago
Rob Winch	32e9239fd2	SEC-2320: AuthenticationPrincipal can be null on invalid type ... Previously a ClassCastException was thrown if the type was invalid. Now a flag exists on AuthenticationPrincipal which indicates if a ClassCastException should be thrown or not with the default being no error.	13 years ago
Rob Winch	b22acd0768	SEC-2314: AbstractSecurityWebApplicationInitializer.getSessionTrackingModes() uses EnumSet	13 years ago
Rob Winch	8e74407381	SEC-2296: HttpServletRequest.login should throw ServletException if already authenticated ... See throws documentation at http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login%28java.lang.String,%20java.lang.String%29	13 years ago
Rob Winch	e8ac11641b	SEC-2297: Add DispatchType.ASYNC as default for AbstractSecurityWebApplicationInitializer	13 years ago
Rob Winch	43f4d01cf3	SEC-2292: Add test to assert CSRF bypass of methods is case sensitive ... HTTP methods should be case sensitive, so add test to ensure that this is the case http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1	13 years ago
Rob Winch	6e9fb7930b	SEC-2298: Add AuthenticationPrincipalArgumentResolver	13 years ago
Rob Winch	086056f191	SEC-2289: Make compatible with Spring 4 as well ... There are a few subtle changes in Spring 4 that this commit addresses	13 years ago
Rob Winch	26166ef6e8	SEC-2272: CsrfRequestDataValueProcessor support Spring 4 and Spring 3	13 years ago
Rob Winch	3f69847a4e	SEC-2286: Log invalid CSRF tokens at debug level	13 years ago
Rob Winch	33db440961	SEC-2129: AntPathRequestMatcher also supports case sensitive comparisions	13 years ago
Rob Winch	534989c8ea	SEC-2103: Fix tests to verify debug logging instead of info	13 years ago
Rob Winch	acb2b680d0	SEC-2103: Change log of no results to debug	13 years ago