Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,481 Commits 54 Branches 379 Tags
24bb83e2c770c1bb63f274cc0211baa5eaefe45d
Commit Graph

10481 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marcus Da Coregio 24bb83e2c7 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:31:45 -03:00
Igor Bolic 2e66b9f6cc Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:44:01 -05:00
Rob Winch c23324e7a7 RequestAttributeSecurityContextRepository never null SecurityContext 
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext

This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.

Closes gh-11606
 2022-08-08 14:14:12 -05:00
Josh Cummings ed58ac7d78 Add Conditions to Generating AuthnRequest 
Closes gh-11657
 2022-08-03 17:49:48 -06:00
Josh Cummings 9e8a04d414 Polish Tests 
Issue gh-11657
 2022-08-03 17:49:46 -06:00
Marcus Da Coregio f8971742f2 Remove FilterSecurityInterceptor from WebSecurity 
Closes gh-11325
 2022-08-02 15:34:02 -03:00
Scott Shidlovsky 508f7d7b8a Update OpenSamlAuthenticationRequestResolverTests from Junit 4 to Junit 5 2022-08-02 08:02:22 -06:00
Scott Shidlovsky 947445fcc5 Add ID to Saml2 Post and Redirect Requests 
Closes gh-11468
 2022-08-02 08:02:22 -06:00
Steve Riesenberg 15f525c614 Polish HttpSecurity 2022-07-29 17:42:20 -05:00
Steve Riesenberg 0c0c75ce22 Remove references to WebSecurityConfigurerAdapter 
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
 2022-07-29 17:42:20 -05:00
Steve Riesenberg 9861769b02 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity 
Closes gh-11277
 2022-07-29 17:42:20 -05:00
Steve Riesenberg 9d248c7185 Skip workflows on forks of spring-security 2022-07-28 14:17:42 -05:00
Steve Riesenberg 865bf23ecc Use cache and user.name system property on Windows 2022-07-28 13:00:15 -05:00
Ulrich Grave 4393c2ea02 Add hash-based Content-Security-Policy for SAML pages 
Closes gh-11631
 2022-07-27 18:04:39 -06:00
Steve Riesenberg f86d30f4a1 Only run prerequisites job if on upstream repo 2022-07-27 16:01:16 -05:00
Steve Riesenberg dc59d12405 Simplify dependency graph 2022-07-27 16:01:15 -05:00
Steve Riesenberg bdeb32854e Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-27 16:01:15 -05:00
Marcus Da Coregio 7f2c797086 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:39:56 -03:00
Steve Riesenberg a72c5a55db Revert "Remove @Configuration from webflux config examples" 
This reverts commit aec9effb88.
 2022-07-26 16:46:01 -05:00
Joshua Sattler aec9effb88 Remove @Configuration from webflux config examples 2022-07-26 16:34:10 -05:00
Rob Winch 9fbe6b7731 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 15:49:52 -05:00
Rob Winch b6258fe1f9 Apply ArtifactoryPlugin in RootProjectPlugin 
Issue gh-10602
 2022-07-26 15:42:51 -05:00
Rob Winch 8aa6fbfed2 ArtifactoryPlugin only apply default publications for MavenPublishPlugin 
Issue gh-10602
 2022-07-26 15:42:51 -05:00
Rob Winch e3ed6b3539 Update to build-info-extractor-gradle:4.29.0 
Issue gh-10602
 2022-07-26 15:42:50 -05:00
Desmond Silveira 3b9f5ac77b "Well-Know" should be "Well-Known" 2022-07-26 15:41:38 -05:00
Steve Riesenberg 3f4efedd23 Polish gh-11367 2022-07-26 15:33:34 -05:00
naveen 8f93a7fc94 Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-07-26 15:33:33 -05:00
Marcus Da Coregio b76966638d Use Spring Framework 6.0.0-SNAPSHOT 2022-07-25 14:24:55 -03:00
Marcus Da Coregio 0c549ee147 Use SHA256 by default in Remember Me 
Closes gh-11520
 2022-07-25 10:33:12 -03:00
Yuriy Savchenko db9d60e82d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:47:07 -03:00
Josh Cummings e092ec780f Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:33:24 -06:00
github-actions[bot] bf138c5154 Next development version 2022-07-18 17:05:25 +00:00
github-actions[bot] 79912a0a44 Release 6.0.0-M6 6.0.0-M6 2022-07-18 13:29:25 -03:00
Marcus Da Coregio 7e2b344a66 Update org.springframework to 6.0.0-M5 
Closes gh-11594
 2022-07-18 13:28:22 -03:00
Marcus Da Coregio 860c669666 Revert "Release 6.0.0-M6" 
This reverts commit c8fa238cfc.
 2022-07-18 13:18:34 -03:00
github-actions[bot] c8fa238cfc Release 6.0.0-M6 2022-07-18 15:27:55 +00:00
Joe Grandja b5b3ddd6b4 Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:45:00 -04:00
Joe Grandja 6ee1643bae Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11589
 2022-07-15 15:13:40 -04:00
Joe Grandja 054791c26c Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11588
 2022-07-15 15:12:39 -04:00
Joe Grandja 65db5fa028 Remove deprecations in JwtAuthenticationConverter 
Closes gh-11587
 2022-07-15 14:43:08 -04:00
Joe Grandja 1ac6054e6f Remove deprecations in OidcUserInfo 
Closes gh-11586
 2022-07-15 14:42:54 -04:00
Joe Grandja 6b41faaf55 Remove deprecations in ClaimAccessor 
Closes gh-11585
 2022-07-15 14:42:33 -04:00
Joe Grandja 0859da5590 Remove deprecations in OAuth2AuthorizedClientArgumentResolver 
Closes gh-11584
 2022-07-15 14:42:03 -04:00
Joe Grandja 743b6a5bfe Remove deprecations in OidcClientInitiatedLogoutSuccessHandler 
Closes gh-11565
 2022-07-15 14:04:09 -04:00
Joe Grandja cae22867b2 Remove deprecated allowMultipleAuthorizationRequests 
Closes gh-11564
 2022-07-15 13:50:30 -04:00
Marcus Da Coregio 1f26f8c419 Update spring-data-jpa to 3.0.0-M5 
Closes gh-11540
 2022-07-15 14:37:24 -03:00
Marcus Da Coregio afc62bf6af Update reactor-netty to 1.1.0-M4 
Closes gh-11526
 2022-07-15 14:36:41 -03:00
Marcus Da Coregio ee11c3ade7 Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 14:10:53 -03:00
Anbu Sampath 0c14a36ad6 Update Kotlin to 1.7.10 
Closes gh-11374, gh-11534
 2022-07-15 14:10:52 -03:00
Marcus Da Coregio 881b823a2e Update spring-ldap-core to 2.4.1 
Closes gh-11541
 2022-07-15 14:08:51 -03:00