Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,844 Commits 54 Branches 379 Tags
3cb2b0606ea3f81ff7363228f4914e61ba723b33
Commit Graph

1326 Commits

Author SHA1 Message Date
Josh Cummings 5357cb8c95 Use SecurityContextHolderStrategy for NullSecurityContextRepository 
Issue gh-11060
 2022-06-28 15:32:20 -06:00
Josh Cummings 03a5c3b08a Use SecurityContextHolderStrategy for Concurrency Filter 
Issue gh-11060
Issue gh-11061
 2022-06-28 15:32:05 -06:00
Josh Cummings 27de315e5e Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:46:52 -06:00
Josh Cummings 135e602472 Use SecurityContextHolderStrategy for Digest 
Issue gh-11060
 2022-06-28 13:54:29 -06:00
Josh Cummings e1c211c11f Use SecurityContextHolderStrategy for Switch User 
Issue gh-11060
 2022-06-28 13:34:04 -06:00
Josh Cummings 98995f2225 Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:04:37 -06:00
Josh Cummings 4a2d77d3f2 Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:08:57 -06:00
Josh Cummings ee66850aed Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings 0fee05d023 Use SecurityContextHolderStrategy for AuthenticationFilter 
Issue gh-11060
 2022-06-27 16:26:42 -06:00
Josh Cummings 772f29e063 Polish SecurityContextHolderStrategy for Defaults 
gh-11060
 2022-06-27 13:00:24 -06:00
Alonso Araya Calvo 1ac1271972 Adds the ability to set the CSRF Token cookie max age value 
Closes gh-11432
 2022-06-24 16:42:05 -06:00
Rob Winch d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00
Rob Winch 29db051f7a Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:35 -05:00
Rob Winch 591d1edc7d Cache SecurityContextRepository.loadContext(HttpServletRequest) Result 
Closes gh-11390
 2022-06-17 14:52:01 -05:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
j3graham 29ba67b6d7 Remove dependency on commons-codec by using java.util.Base64 
Closes gh-11318
 2022-06-09 06:50:01 -06:00
Zhivko Delchev e97c5a533b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:35 -05:00
Zhivko Delchev d882bfcf2b Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:47:14 -05:00
Zhivko Delchev cf69cdf008 Reverse content type check 
When MultipartFormData is enabled currently the CsrfWebFilter compares
the content-type header against MULTIPART_FORM_DATA MediaType which
leads to NullPointerExecption when there is no content-type header.
This commit reverse the check to compare the MULTIPART_FORM_DATA
MediaType against the content-type which contains null check and avoids
the exception.

closes gh-11204
Closes gh-11205
 2022-06-06 15:46:28 -05:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch 7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Rob Winch 66d1cd592a StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:04:46 -05:00
Rob Winch 077c9e0b3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 08:56:57 -05:00
Rob Winch e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch 5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00
Rob Winch 538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch 04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch c6461d61ba AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:18:12 -05:00
Rob Winch 4405cf18f3 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:18:11 -05:00
Rob Winch 70863952ae AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch af95be34c6 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch ee28896f42 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch 6b823fb27e Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Josh Cummings ffaf5b4e61 Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban 07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Marcus Da Coregio ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth 57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Rob Winch 67830f4111 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:10:07 -05:00
Rob Winch 768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch c6eaa05fc5 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:38 -05:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Rob Winch 3a9b080bbe Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:36:08 -05:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Eleftheria Stein 725a57fccc Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 13:12:17 +02:00
Josh Cummings c175118f62 Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings 061f69eb70 Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta bd9434882f Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00