efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
3 years ago
c9f8d2b111
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
3 years ago
c2d79fcbd6
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
3 years ago
aa225943d2
Polish Tests
...
Issue gh-11657
3 years ago
07ea139ebf
Polish HttpSecurity
3 years ago
67544f36f9
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
3 years ago
05725af4d8
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
3 years ago
4fbbfd2c8b
Skip workflows on forks of spring-security
3 years ago
66da4301fc
Use cache and user.name system property on Windows
3 years ago
8929bd5abc
Only run prerequisites job if on upstream repo
3 years ago
e3d1405f67
Simplify dependency graph
3 years ago
e756a1df19
Use Spring Gradle Build Action
...
Closes gh-11630
3 years ago
81fae2db2c
Polish gh-11367
3 years ago
054a3f0bc0
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
3 years ago
409998a3fe
Add hash-based Content-Security-Policy for SAML pages
...
Closes gh-11631
3 years ago
e5ae35ab71
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
3 years ago
0d74da4f97
Fix Snapshot Sources/Javadoc
...
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.
Closes gh-10602
3 years ago
2a336d4f49
"Well-Know" should be "Well-Known"
3 years ago
5322352427
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
4 years ago
561f65b34d
Merge Same-named Attribute Elements
...
Closes gh-11042
4 years ago
631076e4dd
Build only on branches
...
Issue gh-11480
4 years ago
8d147100ee
Next development version
4 years ago
8d3586f949
Release 5.8.0-M1
4 years ago
95155ddb0c
Deprecate Resource Owner Password Credentials grant
...
Closes gh-11590
4 years ago
1be9be97a1
Exclude JavadocPackageCheck from Spring Checks
...
Issue gh-11422
4 years ago
33e4b07cc8
Update spring-ldap-core to 2.4.1
...
Closes gh-11563
4 years ago
5ddc1011a7
Update org.springframework.data to 2021.2.2
...
Closes gh-11562
4 years ago
58a9733b4c
Update org.springframework to 5.3.22
...
Closes gh-11561
4 years ago
2625388a87
Update jsonassert to 1.5.1
...
Closes gh-11560
4 years ago
3d0d8bdbe0
Update htmlunit-driver to 2.63.0
...
Closes gh-11559
4 years ago
0d2b71ed86
Update junit-bom to 5.9.0-RC1
...
Closes gh-11557
4 years ago
d20d6f5247
Update org.jetbrains.kotlinx to 1.6.4
...
Closes gh-11556
4 years ago
f69102f1a6
Update org.jetbrains.kotlin to 1.7.10
...
Closes gh-11555
4 years ago
e112e24efb
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11554
4 years ago
1f0a317923
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11553
4 years ago
0b18ebbd61
Update assertj-core to 3.23.1
...
Closes gh-11552
4 years ago
d152b38194
Update htmlunit to 2.63.0
...
Closes gh-11551
4 years ago
d6904fa84d
Update io.spring.javaformat to 0.0.34
...
Closes gh-11550
4 years ago
8d99e4b0c7
Update io.projectreactor to 2020.0.21
...
Closes gh-11548
4 years ago
eba9779205
Update mockk to 1.12.4
...
Closes gh-11547
4 years ago
4350f5fb9d
Update aspectj-plugin to 6.5.0.3
...
Closes gh-11546
4 years ago
32271ec811
Update com.nimbusds to 9.38.1
...
Closes gh-11545
4 years ago
bb06265552
Update jackson-bom to 2.13.3
...
Closes gh-11542
4 years ago
f45c4d4b8e
Add SHA256 as an algorithm option for Remember Me token hashing
...
Closes gh-8549
4 years ago
5dff157755
Polish HttpSecurity Formatting
...
Issue gh-11360
4 years ago
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
4 years ago
57d6ab7134
Improve docs on dispatcherTypeMatcher
...
Closes gh-11467
4 years ago
624fdfa731
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
4 years ago
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
4 years ago
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
4 years ago
Igor Bolic
Rob Winch
Josh Cummings
Steve Riesenberg
naveen
Ulrich Grave
Marcus Da Coregio
Desmond Silveira
Yuriy Savchenko
github-actions[bot]
Joe Grandja
Evgeniy Cheban