Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,559 Commits 54 Branches 379 Tags
c6841d83ebaa51c022ecee979c6aec774ad52fd5
Commit Graph

1556 Commits

Author SHA1 Message Date
Marcus Da Coregio 18e88366d2 Resolve The matchingRequestParameterName From The Query String 
Prior to this commit, the ServletRequest#getParameter method was used in order to verify if the matchingRequestParameterName was present in the request. That method has some side effects like interfering in the execution of the ServletRequest#getInputStream and ServletRequest#getReader method when the request is an HTTP POST (if those methods are invoked after getParameter, or vice-versa, the content won't be available). This commit makes that we only use the query string to check for the parameter, avoiding draining the request's input stream.

Closes gh-13731
 2023-09-14 21:25:25 +01:00
Marcus Da Coregio db37bdfe94 Merge branch '5.8.x' into 6.0.x 
Closes gh-13795
 2023-09-12 16:21:48 +01:00
Marcus Da Coregio ce012a4661 CookieRequestCache Should Preserve Request Locale 
Closes gh-13792
 2023-09-12 16:21:27 +01:00
Marcus Da Coregio 629540f9d8 Merge branch '5.8.x' into 6.0.x 
Closes gh-13758
 2023-08-31 10:12:59 -03:00
Marcus Da Coregio 96d1763fc4 WWW-Authenticate header should not be added twice 
Closes gh-13737
 2023-08-31 10:07:10 -03:00
Marcus Da Coregio cbef118026 Merge branch '5.8.x' into 6.0.x 2023-07-17 09:16:20 -03:00
Marcus Da Coregio a939f17890 Merge branch '5.7.x' into 5.8.x 2023-07-17 09:15:56 -03:00
Marcus Da Coregio fe9bc26bdc Merge branch '5.6.x' into 5.7.x 2023-07-17 09:13:28 -03:00
Marcus Da Coregio 7813a9ba26 Use default PathPatternParser instance 2023-07-17 09:12:28 -03:00
Josh Cummings 83c0f4231e Merge branch '5.8.x' into 6.0.x 
Closes gh-13481
 2023-07-10 16:13:04 -06:00
Josh Cummings 40d61743b9 Replace Existing Continue Parameter 
Closes gh-13438
 2023-07-10 16:12:05 -06:00
Marcus Da Coregio 863aa5f65f Fix Documented Default Value for AuthorizationFilter properties 
Closes gh-13456
 2023-07-07 14:35:11 -03:00
Josh Cummings 45683349a4 Merge branch '5.8.x' into 6.0.x 
Closes gh-13278
 2023-06-05 12:48:43 -06:00
Josh Cummings 9ac286e8ea Merge branch '5.7.x' into 5.8.x 
Closes gh-13231
 2023-06-05 12:47:23 -06:00
Christoph Zuleger 06e58e4c34 Update JavaDoc of BasicAuthenticationFilter 
Remove deprecated hint to use Digest Auth in favor of Basic Auth.
 2023-06-05 12:46:30 -06:00
Marcus Da Coregio ce5aa9e694 Merge branch '5.8.x' into 6.0.x 2023-05-24 15:00:17 -03:00
Marcus Da Coregio f8e39336cb Merge branch '5.7.x' into 5.8.x 2023-05-24 14:59:27 -03:00
Marcus Da Coregio a53cbb838b Polish 
Issue gh-13155
 2023-05-24 14:59:16 -03:00
joerg-richter-5234 8287289bcb Fix XContentTypeOptionsServerHttpHeadersWriter 
set constant value to X-Content-Type-Options

Closes gh-13155
 2023-05-24 14:59:14 -03:00
Josh Cummings 4c5bf3bdf5 Polish 
Use StringUtils#hasText

PR gh-13179
 2023-05-18 09:17:02 -06:00
Dennis Frommknecht af233a2a00 Use consistent list of micrometer tags in web observation handler 
The tag `spring.security.reached.filter.name` is only set if a
filter-name is available, otherwise the tag is omitted entirely. This
leads to issues with metric-exporters that don't support dynamic tags,
but rather expect tag-names of a metric to be always the same. The most
prominent example is the Prometheus-exporter.

Instead of omitting the tag if no filer-name is set, a none-value is
applied instead, making the tag-list consistent in all cases

Closes gh-13179
 2023-05-18 09:17:02 -06:00
Josh Cummings e033e347b4 Remove Redundant Close 
Closes gh-12787
 2023-05-10 16:12:34 -06:00
Josh Cummings 5d903b5b71 Enforce start happens-before stop 
Closes gh-13133
 2023-05-08 14:07:05 -06:00
Marcus Da Coregio a484044591 Merge branch '5.8.x' into 6.0.x 2023-04-17 07:29:42 -03:00
Marcus Da Coregio 6cf8c53aaa Merge branch '5.7.x' into 5.8.x 2023-04-17 07:16:47 -03:00
Marcus Da Coregio 2d52fb8e4b Clear Repository on Logout 2023-04-17 06:47:57 -03:00
Josh Cummings 4813ec1e09 Merge branch '5.8.x' into 6.0.x 
Closes gh-13000
 2023-04-11 17:08:54 -06:00
Josh Cummings dad1fba1bf Merge branch '5.7.x' into 5.8.x 
Closes gh-12999
 2023-04-11 17:02:16 -06:00
Christian Marck 442faccb5f Avoid NPE in FilterInvocation 
Handle unknown headers in dummy request wrapper.

Closes gh-12998
 2023-04-11 17:01:59 -06:00
Josh Cummings 6db2b0dcd0 Align Filter Chain Observability Lineage 
Closes gh-12849
 2023-03-27 16:30:32 -06:00
Marcus Da Coregio 177514b6c5 Merge branch '5.8.x' into 6.0.x 
Closes gh-12919
 2023-03-22 08:54:57 -03:00
Marcus Da Coregio 8d664bc4c2 DelegatingSecurityContextRepository should call loadContext 
Closes gh-12314
 2023-03-22 08:53:19 -03:00
Josh Cummings 3fbb64db96 Fix javax package 2023-03-20 16:28:52 -06:00
Josh Cummings 229325a0bb Merge branch '5.8.x' into 6.0.x 2023-03-20 16:22:23 -06:00
Josh Cummings a74008cc79 Merge branch '5.7.x' into 5.8.x 2023-03-20 16:20:46 -06:00
twosom 3d7e22a4e9 Add test to SimpleUrlAuthenticationSuccessHandlerTests 2023-03-20 16:20:30 -06:00
Josh Cummings 6935045172 Merge branch '5.8.x' into 6.0.x 
Closes gh-12909
 2023-03-20 16:10:35 -06:00
twosom abd51f7b63 Polished DefaultLoginPageGeneratingFilterTests Validation 
Closes gh-12694
 2023-03-20 15:31:59 -06:00
Marcus Da Coregio cdc0fa0e5b Merge branch '5.8.x' into 6.0.x 
Closes gh-12836
 2023-03-07 13:28:31 -03:00
Marcus Da Coregio 2e92dad761 Merge branch '5.7.x' into 5.8.x 
Closes gh-12835
 2023-03-07 13:27:57 -03:00
Marcus Da Coregio 84cca81edf Use HttpSessionSecurityContextRepository by default in SwitchUserFilter 
Closes gh-12834
 2023-03-07 13:27:18 -03:00
Josh Cummings c06e604278 Address Observability Thread Safety 
Closes gh-12829
 2023-03-06 12:46:23 -07:00
Josh Cummings 8ca726f4fa Specify query string 
Issue gh-12665
 2023-02-14 08:24:07 -07:00
Josh Cummings e7d65966fd Merge branch '5.8.x' into 6.0.x 
Closes gh-12671
 2023-02-14 08:01:31 -07:00
Josh Cummings 0d4c619648 Include continue in query string 
Closes gh-12665
 2023-02-14 08:00:19 -07:00
Steve Riesenberg 1363a4eece Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Steve Riesenberg c306df9b46 Add XorCsrfChannelInterceptor 
Issue gh-12378
 2023-01-23 16:00:35 -06:00
Josh Cummings 4d2dab9b6b Lookup Parent Observation 
Closes gh-12524
 2023-01-11 10:13:33 -07:00
Steve Riesenberg 4e80338a9b Polish gh-12466 2023-01-10 11:31:51 -06:00
Wellington Domiciano 2c8854bb7f Adjusts setRequestHandler javadoc in CsrfFilter 
Adjusts setRequestHandler method javadoc in CsrfFilter class to reflect
changes in 6.0.

In 6.0, the default CsrfTokenRequestHandler changed to
XorCsrfTokenRequestAttributeHandler, however, the javadoc for the
setRequestHandler method still said it was
CsrfTokenRequestAttributeHandler.

This change adjusts the information to make it more accurate, because,
although XorCsrfTokenRequestAttributeHandler is a subclass of
CsrfTokenRequestAttributeHandler, the behavior is quite different.

Closes gh-12464
 2023-01-10 11:31:51 -06:00