Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,316 Commits 54 Branches 379 Tags
1510460a1acb34e331f0d3dd608748535d8bdc6f
Commit Graph

10316 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot] 1510460a1a Next development version 2022-08-15 16:14:19 +00:00
github-actions[bot] 063e56ce8b Release 5.8.0-M2 5.8.0-M2 2022-08-15 15:24:27 +00:00
Marcus Da Coregio 1c4d6ed098 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:30:15 -03:00
Igor Bolic efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Rob Winch c9f8d2b111 RequestAttributeSecurityContextRepository never null SecurityContext 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
 2022-08-08 13:52:12 -05:00
Josh Cummings c2d79fcbd6 Add Conditions to Generating AuthnRequest 
Closes gh-11657
 2022-08-03 17:34:31 -06:00
Josh Cummings aa225943d2 Polish Tests 
Issue gh-11657
 2022-08-03 17:34:26 -06:00
Steve Riesenberg 07ea139ebf Polish HttpSecurity 2022-07-29 17:42:39 -05:00
Steve Riesenberg 67544f36f9 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:42:39 -05:00
Steve Riesenberg 05725af4d8 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:42:39 -05:00
Steve Riesenberg 4fbbfd2c8b Skip workflows on forks of spring-security 2022-07-28 15:07:02 -05:00
Steve Riesenberg 66da4301fc Use cache and user.name system property on Windows 2022-07-28 15:07:02 -05:00
Steve Riesenberg 8929bd5abc Only run prerequisites job if on upstream repo 2022-07-28 15:07:02 -05:00
Steve Riesenberg e3d1405f67 Simplify dependency graph 2022-07-28 15:07:02 -05:00
Steve Riesenberg e756a1df19 Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:07:02 -05:00
Steve Riesenberg 81fae2db2c Polish gh-11367 2022-07-28 15:07:01 -05:00
naveen 054a3f0bc0 Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:07:00 -05:00
Ulrich Grave 409998a3fe Add hash-based Content-Security-Policy for SAML pages 
Closes gh-11631
 2022-07-27 17:59:42 -06:00
Marcus Da Coregio e5ae35ab71 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:39:33 -03:00
Rob Winch 0d74da4f97 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 16:24:54 -05:00
Desmond Silveira 2a336d4f49 "Well-Know" should be "Well-Known" 2022-07-26 15:41:05 -05:00
Yuriy Savchenko 5322352427 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:49:21 -03:00
Josh Cummings 561f65b34d Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:40:20 -06:00
Steve Riesenberg 631076e4dd Build only on branches 
Issue gh-11480
 2022-07-18 11:45:39 -05:00
github-actions[bot] 8d147100ee Next development version 2022-07-18 16:00:47 +00:00
github-actions[bot] 8d3586f949 Release 5.8.0-M1 5.8.0-M1 2022-07-18 15:25:10 +00:00
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Steve Riesenberg 1be9be97a1 Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 13:03:45 -05:00
Steve Riesenberg 33e4b07cc8 Update spring-ldap-core to 2.4.1 
Closes gh-11563
 2022-07-15 12:42:57 -05:00
Steve Riesenberg 5ddc1011a7 Update org.springframework.data to 2021.2.2 
Closes gh-11562
 2022-07-15 12:42:51 -05:00
Steve Riesenberg 58a9733b4c Update org.springframework to 5.3.22 
Closes gh-11561
 2022-07-15 12:40:47 -05:00
Steve Riesenberg 2625388a87 Update jsonassert to 1.5.1 
Closes gh-11560
 2022-07-15 12:40:43 -05:00
Steve Riesenberg 3d0d8bdbe0 Update htmlunit-driver to 2.63.0 
Closes gh-11559
 2022-07-15 12:40:41 -05:00
Steve Riesenberg 0d2b71ed86 Update junit-bom to 5.9.0-RC1 
Closes gh-11557
 2022-07-15 12:40:36 -05:00
Steve Riesenberg d20d6f5247 Update org.jetbrains.kotlinx to 1.6.4 
Closes gh-11556
 2022-07-15 12:40:33 -05:00
Steve Riesenberg f69102f1a6 Update org.jetbrains.kotlin to 1.7.10 
Closes gh-11555
 2022-07-15 12:40:31 -05:00
Steve Riesenberg e112e24efb Update hibernate-entitymanager to 5.6.10.Final 
Closes gh-11554
 2022-07-15 12:40:28 -05:00
Steve Riesenberg 1f0a317923 Update org.eclipse.jetty to 9.4.48.v20220622 
Closes gh-11553
 2022-07-15 12:40:26 -05:00
Steve Riesenberg 0b18ebbd61 Update assertj-core to 3.23.1 
Closes gh-11552
 2022-07-15 12:40:23 -05:00
Steve Riesenberg d152b38194 Update htmlunit to 2.63.0 
Closes gh-11551
 2022-07-15 12:40:21 -05:00
Steve Riesenberg d6904fa84d Update io.spring.javaformat to 0.0.34 
Closes gh-11550
 2022-07-15 12:40:18 -05:00
Steve Riesenberg 8d99e4b0c7 Update io.projectreactor to 2020.0.21 
Closes gh-11548
 2022-07-15 12:40:13 -05:00
Steve Riesenberg eba9779205 Update mockk to 1.12.4 
Closes gh-11547
 2022-07-15 12:40:09 -05:00
Steve Riesenberg 4350f5fb9d Update aspectj-plugin to 6.5.0.3 
Closes gh-11546
 2022-07-15 12:40:07 -05:00
Steve Riesenberg 32271ec811 Update com.nimbusds to 9.38.1 
Closes gh-11545
 2022-07-15 12:40:04 -05:00
Steve Riesenberg bb06265552 Update jackson-bom to 2.13.3 
Closes gh-11542
 2022-07-15 12:39:56 -05:00
Marcus Da Coregio f45c4d4b8e Add SHA256 as an algorithm option for Remember Me token hashing 
Closes gh-8549
 2022-07-15 10:41:03 -03:00
Josh Cummings 5dff157755 Polish HttpSecurity Formatting 
Issue gh-11360
 2022-07-14 12:50:40 -06:00
Evgeniy Cheban 400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 12:48:39 -06:00
Marcus Da Coregio 57d6ab7134 Improve docs on dispatcherTypeMatcher 
Closes gh-11467
 2022-07-14 09:13:46 -03:00