spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	371389580b	Update JavaDoc Issue gh-10564	4 years ago
Yuriy Savchenko	0fb6840db3	Make WebAuthenticationDetails constructor public Closes gh-10564	4 years ago
Josh Cummings	cbd87fac89	Polish ignoring() log messaging - Public API remains unchanged Issue gh-9334	4 years ago
Manuel Jordan	01ed617d5f	Print ignore message DefaultSecurityFilterChain When either `web.ignoring().mvcMatchers(...)` or `web.ignoring().antMatchers(...)` methods are used, for all their variations, the DefaultSecurityFilterChain class now indicates correctly through its ouput what paths are ignored according the `ignoring()` settings. Closes gh-9334	4 years ago
Rob Winch	70fa8b1fdb	Add Support for @Transient SecurityContext Closes gh-9995	4 years ago
Marcus Da Coregio	1c10c10f73	RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext Closes gh-10779	4 years ago
Josh Cummings	9baf1134c7	Add Request-based AuthenticationManagerResolvers Closes gh-6762	4 years ago
Rob Winch	0e8c03401b	javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api Issue gh-10501	4 years ago
Rob Winch	8f64bb6c8c	javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api Issue gh-10501	4 years ago
Juan Carlos	7435da6bbf	Add serialVersionUID to DefaultSavedRequest and SavedCookie Closes gh-10594	4 years ago
Josh Cummings	75f25bff82	Polish multiple RequestRejectedHandlers support Issue gh-10603	4 years ago
Adam Ostrožlík	4ea57f3e3f	Support multiple RequestRejectedHandler beans Closes gh-10603	4 years ago
Josh Cummings	aaaf7d3523	Use noNullElements Collection#contains(null) does not work for all collection types Closes gh-10703	4 years ago
heowc	1ab0705b47	Fix typo	4 years ago
Marcus Da Coregio	f04cd641b0	Fix @since tag Issue gh-10590, gh-10554	4 years ago
Marcus Da Coregio	18427b6411	Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains Closes gh-10554	4 years ago
Marcus Da Coregio	7e17a00197	Add RequestMatcherEntry	4 years ago
Marcus Da Coregio	53b8cff26f	Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator Closes gh-10590	4 years ago
Marcus Da Coregio	65426a40ec	Add Cross Origin Policies headers Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers Closes gh-9385, gh-10118	4 years ago
Steve Riesenberg	62e8799a8d	Use BDD in tests	4 years ago
Steve Riesenberg	df0f6f83af	Polish gh-9597	4 years ago
Karl Tinawi	925d531cbe	Set details on authentication token created by HttpServlet3RequestFactory Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated. This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource. Closes gh-9579	4 years ago
Steve Riesenberg	bb2d80fea3	Update copyright year Issue gh-10557	4 years ago
Steve Riesenberg	f49c286050	Fix case sensitive headers comparison Closes gh-10557	4 years ago
Josh Cummings	1251cde04c	Add Missing Since Issue gh-10482	4 years ago
Igor Pelesic	a3a9de1b9b	PermitAllSupport supports AuthorizeHttpRequestsConfigurer PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown. Closes gh-10482	4 years ago
Steve Riesenberg	204f0b4599	Polish gh-10007	4 years ago
Guirong Hu	43317c5a61	Support IP whitelist for Spring Security Webflux Closes gh-7765	4 years ago
Rob Winch	96a6fef820	Prevent Save @Transient Authentication with existing HttpSession Previously, @Transient Authentication would get saved if an existing HttpSession existed but it shouldn't. This commit always prevents @Transient Authentication from being saved. Closes gh-9992	4 years ago
Marcus Da Coregio	caad3d57e2	Improve log message when no CSRF token found Closes gh-10436	4 years ago
Emil Sierżęga	04b47c5928	Fixed various broken links in Javadocs	4 years ago
Emil Sierżęga	a188138715	Javadocs author tag doesn't work in methods	4 years ago
Rob Winch	f836897190	Checkstyle Fixes - Javadoc tag ordering - Private constructors before inner classes Issue gh-10394	4 years ago
Rob Winch	e1f4ec1137	Fix Jackson	4 years ago
Marcus Da Coregio	faec20bc69	Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext Closes gh-10208	4 years ago
Josh Cummings	7b98c2ea95	Restructure SwitchUserFilter Logs Issue gh-6311	4 years ago
Marcus Da Coregio	02b2fcc6f0	Restore ManagementConfigurationPlugin Issue gh-9615	4 years ago
Marcus Da Coregio	d2e5f2ae0d	Update Gradle to 7.2 Closes gh-9615	4 years ago
Eleftheria Stein	7d81a52780	Allow AuthenticationPrincipal argument type to be primitive Closes gh-10172	4 years ago
heowc	84d173c310	Fix typo	4 years ago
Bogdan Ilchyshyn	a4c088a3b3	Introducing WebSessionServerLogoutHandler Closes gh-4838	5 years ago
Hiroshi Shirosaki	6f3e346b76	Add SecurityContextHolder#addListener Closes gh-10032	5 years ago
Josh Cummings	b8d51725c7	Immutable SecurityContext Issue gh-10032	5 years ago
Rob Winch	f73f213f50	Remove DependencySetPlugin Closes gh-10070	5 years ago
Rob Winch	f800d2c993	Add hamcrest dependency	5 years ago
Rob Winch	b6ff4d3674	Fix mockito UnnecessaryStubbingException	5 years ago
Rob Winch	3e93b024d6	openrewrite Junit Migration	5 years ago
Rob Winch	14240b2559	Remove Powermock Powermock does not support JUnit5 yet, so we need to remove it to support JUnit 5. Additionally, maintaining additional libraries adds extra work for the team. Mockito now supports final classes and static method mocking. This commit replaces Powermock with mockito-inline. Closes gh-6025	5 years ago
Evgeniy Cheban	d121ab9565	Support A Well-Known URL for Changing Passwords Closes gh-8657	5 years ago
Alexey Markevich	3219fd554d	DigestAuthenticationFilter decodes nonce only once Closes gh-8455	5 years ago

1 2 3 4 5 ...

1176 Commits (5.7.0-M2)