Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,162 Commits 54 Branches 379 Tags
78dd02a4c18502fa668ca7736581eaed8193891c
Commit Graph

1950 Commits

Author SHA1 Message Date
Josh Cummings 78dd02a4c1 Merge branch '6.4.x' into 6.5.x 
Closes gh-17147
 2025-05-19 09:46:24 -06:00
Josh Cummings edc8735eb8 Merge branch '6.3.x' into 6.4.x 
Closes gh-17146
 2025-05-19 09:46:10 -06:00
Mark Putsiata cae3467a8d Improve AbstractPreAuthenticatedProcessingFilter docs 
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.

Closes gh-14137

Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
 2025-05-19 09:45:53 -06:00
yybmion d48c463c03 Add logging to CsrfTokenRequestHandler implementations 
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
 2025-05-12 18:49:40 -06:00
Zhoudong 6624e302ac Favor Spring Framework NonNull over Reactor NonNull 
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
 2025-05-06 10:52:05 -06:00
Josh Cummings aa338e9b0d Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00
Josh Cummings 57fc29e614 Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings e48f26e51e Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Max Batischev c855453e40 Fix Typo In SubjectDnX509PrincipalExtractorTests 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-04-29 12:25:41 -06:00
Tran Ngoc Nhan 29380a87a0 Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-23 14:36:45 -06:00
Max Batischev 8525f0e3fd Add FunctionalInterface To X509PrincipalExtractor 
Closes gh-16949

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-04-23 14:27:42 -06:00
Josh Cummings 7d6bdfedc8 Add Null Guard for Authorization Result 2025-04-23 12:11:10 -06:00
Josh Cummings 0ab01eac14 Update Deprecated Security Usage 2025-04-23 12:11:08 -06:00
Josh Cummings 216680bb50 Update Deprecated Spring Jdbc Usage 2025-04-23 11:29:18 -06:00
Josh Cummings 2ad859a63c Add Missing Deprecation Markers 2025-04-23 11:29:18 -06:00
Josh Cummings 3f7f3dabe7 Correct JavaDoc Class Reference 2025-04-23 11:29:18 -06:00
Daeho Kwon 9908d96644 DeferredCsrfToken Implements Supplier 
Closes gh-16870

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-04-09 14:24:11 -06:00
Josh Cummings f93a7a2f85 Deprecate HandlerMappingIntrospectorRequestTransformer 
Closes gh-16536
 2025-04-07 13:56:18 -06:00
chu3la 8cbe02e3aa Update WebAuthn Test Objects Class Names 
Closes gh-16604

Signed-off-by: chu3la <elmansouri.houssam@gmail.com>
 2025-04-03 16:33:34 -06:00
Josh Cummings 4cdc6dab21 Fix Formatting 
Issue gh-16604
 2025-04-03 12:55:51 -06:00
Vasanth 04d7130975 Update WebAuthn Test Objects Class Names 
Renamed the WebAuthn test object class names

Closes gh-16604

Signed-off-by: Vasanth <76898064+vasanth-79@users.noreply.github.com>
 2025-04-03 12:55:50 -06:00
Josh Cummings b7d399ab89 Merge branch '6.4.x' 2025-04-01 12:02:53 -06:00
Josh Cummings 0954638d57 Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao 857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Max Batischev 9a897d0b62 Add Support Postgres To JdbcUserCredentialRepository 
Closes gh-16832

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-31 16:43:36 -06:00
wtigerhyunsu bdbf6a2be3 Add toString() to IpAddressMatcher.java 
Closes gh-16795

Signed-off-by: wtigerhyunsu <jack951@naver.com>
 2025-03-27 16:38:53 -06:00
Josh Cummings 99345537d6 Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Josh Cummings 15d9c13984 Add RequestMatcher MigrationPath for SwitchUserFilter 
To simplify migration, the filter's setter methods still use AntPathRequestMatcher.
Users can call the equivalent RequestMatcher setter methods to opt-in to the change early.

Issue gh-16417
 2025-03-26 16:38:38 -06:00
Josh Cummings 1eec51ab6c Polish SwitchUserFilterTests 
Ensure that the appropriate HTTP Method is specified in tests

Issue gh-16417
 2025-03-26 16:38:38 -06:00
Josh Cummings 1618963255 Deprecate AntPathRequestMatcher 
Closes gh-16632
 2025-03-26 13:40:05 -06:00
Josh Cummings de07b1108f Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00
Josh Cummings 50ad378a29 Polish MockHttpServletRequest Usage 
This commit makes so that the requestURI is set to a value that makes
sense with the other properties being mocked.

Issue gh-16632
 2025-03-26 13:27:17 -06:00
Rob Winch 491d28b6bb Merge branch '6.4.x' 
- Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity

Closes gh-16821
 2025-03-25 16:19:14 -05:00
Rob Winch 1f3dd53bdf Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity 
Closes gh-16606
 2025-03-25 16:14:58 -05:00
Rob Winch a6b5c05da9 Additional WebAuthn4jRelyingPartyOperationTests 
- verify that anonymous users not saved
- verify that when user found the CredentialRecord is allowed

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch 9c054474a8 Use Test Name Conventions 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch 593f7c4490 Use !isAuthenticated 
It's more verbose to see if the user is not null and not anonymous

Issue gh-16385
 2025-03-25 16:14:25 -05:00
Rob Winch 4e20d56d2d Fix format for WebAuthn4jRelyingPartyOperations 
Issue gh-16385
 2025-03-25 16:14:25 -05:00
Josh Cummings 05fdcd6a08 Deprecate MvcRequestMatcher 
Closes gh-16631
 2025-03-24 22:03:22 -06:00
Tomas Borghi 0a084135ec Delete import unused 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 16:50:39 -03:00
Tomas Borghi 5571ad1b27 Fix issues identified in PR review 
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:18:23 -03:00
Borghi e3a715b8f5 Fix issues identified in PR review 
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
 2025-03-24 13:00:27 -03:00
Josh Cummings 56e757a2a1 Provide Authentication to AuthenticationExceptions 
Issue gh-16444
 2025-03-21 21:54:32 -06:00
Josh Cummings 464e506429 Polish ExceptionTranslateWebFilter 
- Isolated exception construction
- Isolated entry point subscription

Issue gh-16444
 2025-03-21 21:54:32 -06:00
Josh Cummings bfc12d55eb Polish Tests 
Issue gh-16771
 2025-03-21 14:43:05 -06:00
Josh Cummings 3d96878d43 Cache RequestPath 
In this way PathPatternRequestMatcher won't need to reparse for each
request matcher.

Issue gh-16771
 2025-03-21 14:43:05 -06:00
Josh Cummings 86599afd43 Rename servletPath to basePath 
Closes gh-16765
 2025-03-21 12:04:46 -06:00
Josh Cummings c53bf2befe PathPatternRequestParser Retains Servlet Path 
Issue gh-16765
 2025-03-21 12:04:45 -06:00
Josh Cummings 1966ff3ce8 Parse RequestPath when cache is empty 
Closes gh-16771
 2025-03-21 12:03:56 -06:00
Josh Cummings 861a9a914e OneTimeToken Missing Token Propagates Request 
Closes gh-16780
 2025-03-20 17:23:06 -06:00