spring-security

Commit Graph

Author	SHA1	Message	Date
Ankur Pathak	ffe602fdbe	HTML markup fixed in DefaultLoginPageGeneratingFilter Ending div moved out of condition. Fixes: gh-6417	7 years ago
Josh Cummings	c82440ee82	Polish CompositeHeaderWriterTests Changed test to favor mocks in order to provide a stronger guarantee that the composite delegates to its components. Issue: gh-6453	7 years ago
Josh Cummings	bb1b9d9b86	Polish Javadoc and Whitespacing Issue: gh-6453	7 years ago
Ankur Pathak	718641a1e5	Added CompositeHeaderWriter 1. Added new CompositeHeaderWriter 2. Improvement in HeaderWriterFilter using CompositeHeaderWriter. Fixes: gh-6453	7 years ago
Ankur Pathak	b7ed919cee	Add preload support to Strict-Transport-Security 1. Preload support in Servlet Security(XML & Java) 2. Preload support in Reactive Security 3. Test for preload support in Servlet Security 4. Test for preload support in Reactive Security Fixes: gh-6312	7 years ago
Denis Washington	3be11a22cd	Save query parameters in WebSessionServerRequestCache Previously, URL query parameters were lost when saving a request in WebSessionServerRequestCache. Now it is properly saved and restored.	7 years ago
guo fei	c0e66a9ba1	1. add customization support for double forwardslash in StrickHttpFirewall 2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall Fixes gh-6292	7 years ago
Johnny Lim	c94f13a971	Polish tests	7 years ago
Slava Semushin	d8d9abed2a	LazyCsrfTokenRepository: fix a typo in javadoc.	7 years ago
Josh Cummings	7a55af246e	Polish tests and javadoc When using AssertJ, it's easy to commit the following error assertThat(some boolean condition) The above actually does nothing. It at least needs to be assertThat(some boolean condition).isTrue() This commit refines some assertions that were missing a verify condition. Also, one Javadoc was just a little bit confusing, so this clarifies it. Issue: gh-6259	7 years ago
Rafael Dominguez	086b105273	Remove Servlet 2.5 Support for Session Fixation This commit removes existence validation of a method only available in Servlet 3.1. Spring Framework baseline is Servlet 3.1 so is not longer required. Fixes: gh-6259	7 years ago
finke-ba	b838f7c7b7	Add WebFlux support for spring security web jackson module. Fixes: gh-6303	7 years ago
Shawn Biesan	a919b4e916	Remove servlet getHeader check and test Fixes: gh-6265	7 years ago
finke-ba	9c7cab835f	Add conditionally servlet based support for spring security web jackson module.	7 years ago
Dongmin Shin	3230cd653c	Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository Fixes: gh-6261	7 years ago
Dongmin Shin	733a380bc7	Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter Fixes: gh-6260	7 years ago
Rob Winch	a90c217446	Fix LoginPageGeneratingWebFilter Markup Fixes: gh-6295	7 years ago
Ian He	9818da79fe	Fix DefaultLoginPageGeneratingFilter Markup the `</h3>` should be `</h2>`.	7 years ago
Dongmin Shin	fc802e1a7c	Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF Fixes: gh-6263, Fixes: gh-6262	7 years ago
Dongmin Shin	0d2af416aa	Add cookieDomain to CookieCsrfTokenRepository Fixes: gh-4315	7 years ago
Ankur Pathak	2b369cfe98	Added support for Anonymous Authentication 1. Created new WebFilter AnonymousAuthenticationWebFilter to for anonymous authentication 2. Created class AnonymousSpec, method anonymous to configure anonymous authentication in ServerHttpSecurity 3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for anonymous authentication in SecurityWebFiltersOrder 4. Added tests for anonymous authentication in AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests 5. Added support for Controller in WebTestClientBuilder Fixes: gh-5934	7 years ago
lmagyar	3c35f4cfab	SecurityContextCallableProcessingInterceptor thread visibility fix Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile. Fixes gh-6143	7 years ago
Bhavik Kumar	90b9cfaf55	Use SpringUtils to check scheme Fixes 6183	7 years ago
John Coyne	7618d236c4	CookieClearingLogoutHandler updates based on comments Changed the implementation to use an anonymous function Issue: gh-6078	7 years ago
John Coyne	14c2d96c86	Clean up code to conform to basic checkstyle Issue: gh-6078	7 years ago
John Coyne	d05ad19276	CookieClearingLogoutHandler enhancement Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path Issue: gh-6078	7 years ago
Josh Cummings	8a475e39be	Write Security Headers Before Servlet Include HeaderWriterFilter wraps request dispatcher so it can write security headers before the include occurs. Fixes: gh-5499	7 years ago
sunflower-seed	2e6ff72c31	Update SubjectDnX509PrincipalExtractor.java Added missing asterisk	7 years ago
Eric Deandrea	b060ec050a	Automatically add CsrfServerLogoutHandler if csrf enabled The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled Fixes gh-5337	7 years ago
Rob Winch	e4597b5213	WebSessionServerRequestCache ignores favicon and html Fixes: gh-5874	7 years ago
Rob Winch	8e4d540bfb	Default Log Out Pages Use HTTPS for CSS Fixes: gh-5873	7 years ago
Rob Winch	9c749bf556	Fix SwitchUserFilter matchers Fixes: gh-4249	7 years ago
Rob Winch	8b19f7a71a	AntPathRequestMatcher supports UrlPathHelper Fixes: gh-5846	7 years ago
Rob Winch	96d85ad2b5	Polish HttpsRedirectWebFilter Issue: gh-5749	7 years ago
Josh Cummings	2c982a4168	Reactive Redirect to Https This introduces the capability to configure Reactive Spring Security to upgrade requests to HTTPS Fixes: gh-5749	7 years ago
Josh Cummings	21e62683ab	Polish Commit on Reactive Http Basic Test	7 years ago
Tim Koopman	6df4dfe47b	Reactive HttpBasic Support For Coloned Passwords This makes so that reactive httpBasic supports passwords containing one or more colons.	7 years ago
Josh Cummings	1c74706232	Delegating ServerAccessDeniedHandler by exchange Fixes: gh-5747	8 years ago
Vedran Pavic	cb0ba58b58	Fix WhitespaceAfterCheck Checkstyle check	8 years ago
Rob Winch	1640a1f462	Polish ServerAuthenticationConverter Fix package tangles Issue: gh-5338	8 years ago
Josh Cummings	416a276436	Expose Default Reactive CsrfProtectionMatcher Make so that users can augment the default protection logic with their own. Fixes: gh-5725	8 years ago
Rob Winch	f5701b5fe0	Fix OptimizeAntPathRequestMatcher Previously the logic for determining if the pathInfo should be appended was inverted. This correctly concatenates url + pathInfo if url is a non empty String. Fixes: gh-5473	8 years ago
Christoph Dreis	4ccd2f7ebd	Optimize AntPathRequestMatcher.getRequestPath()	8 years ago
Vedran Pavic	f382b69507	Add reactive support for Referrer-Policy security header	8 years ago
Vedran Pavic	10621a0f2c	Add reactive support for Content-Security-Policy security header	8 years ago
Vedran Pavic	29cfc3dd1d	Add reactive support for Feature-Policy security header Closes gh-5672	8 years ago
Rob Winch	f843da1942	Add OAuth2LoginAuthenticationWebFilter This is necessary so that the saving of the authorized client occurs outside of the ReactiveAuthenticationManager. It will allow for saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository is added. Issue: gh-5621	8 years ago
Rob Winch	e3eaa99ad0	Polish ServerAuthenticationConverter Update changes for ServerAuthenticationConverter to be passive. Issue: gh-5338	8 years ago
Eric Deandrea	b6afe66d32	Add ServerAuthenticationConverter interface - Adding an ServerAuthenticationConverter interface - Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter, ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter, and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter - Deprecate existing AuthenticationWebFilter.setAuthenticationConverter and add overloaded one which takes ServerAuthenticationConverter Fixes gh-5338	8 years ago
Vedran Pavic	c6ea447cc0	Add support for Feature-Policy security header	8 years ago

1 2 3 4 5 ...

869 Commits (ffe602fdbe49994458d1fd2fe7c10e7be78c8ca0)