spring-security

mirror of synced 2026-05-22 21:33:16 +00:00

Author	SHA1	Message	Date
Alonso Araya Calvo	1ac1271972	Adds the ability to set the CSRF Token cookie max age value Closes gh-11432	2022-06-24 16:42:05 -06:00
Rob Winch	d32f74d19d	SecurityContextHolder Deferred SecurityContext Closes gh-10913	2022-06-17 17:03:19 -05:00
Rob Winch	b6d43e58c0	SecurityContextHolder Deferred SecurityContext Closes gh-10913	2022-06-17 16:59:09 -05:00
Rob Winch	d4a03dc2b1	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 15:28:57 -05:00
Rob Winch	29db051f7a	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 14:52:35 -05:00
Rob Winch	591d1edc7d	Cache SecurityContextRepository.loadContext(HttpServletRequest) Result Closes gh-11390	2022-06-17 14:52:01 -05:00
Josh Cummings	a31a99b591	Add SecurityContextHolderStrategy to Default Components Issue gh-11060	2022-06-17 11:58:36 -06:00
Josh Cummings	31e25b115e	Add SecurityContextHolderStrategy to Default Components Issue gh-11060	2022-06-17 11:28:10 -06:00
j3graham	29ba67b6d7	Remove dependency on commons-codec by using java.util.Base64 Closes gh-11318	2022-06-09 06:50:01 -06:00
j3graham	f3c96fa9cd	Remove dependency on commons-codec by using java.util.Base64 Closes gh-11318	2022-06-09 06:49:39 -06:00
Zhivko Delchev	e97c5a533b	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:47:35 -05:00
Zhivko Delchev	d882bfcf2b	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:47:14 -05:00
Zhivko Delchev	cf69cdf008	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204 Closes gh-11205	2022-06-06 15:46:28 -05:00
Zhivko Delchev	1483a57018	Reverse content type check When MultipartFormData is enabled currently the CsrfWebFilter compares the content-type header against MULTIPART_FORM_DATA MediaType which leads to NullPointerExecption when there is no content-type header. This commit reverse the check to compare the MULTIPART_FORM_DATA MediaType against the content-type which contains null check and avoids the exception. closes gh-11204	2022-06-06 15:45:55 -05:00
Josh Cummings	57fe5b8b5c	Fix Import Order Checkstyle Error Issue gh-9667	2022-05-23 15:55:21 -06:00
Evgeniy Cheban	5540bbcf0b	createEvaluationContext should defer lookup of Authentication - Added createEvaluationContext method that accepts Supplier<Authentication> - Refactored classes that use EvaluationContext to use lazy initialization of Authentication Closes gh-9667	2022-05-18 17:36:17 -06:00
Evgeniy Cheban	362f15534e	createEvaluationContext should defer lookup of Authentication - Added createEvaluationContext method that accepts Supplier<Authentication> - Refactored classes that use EvaluationContext to use lazy initialization of Authentication Closes gh-9667	2022-05-18 17:34:14 -06:00
Rob Winch	5b0dab5d3e	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:54:16 -05:00
Rob Winch	7d97839235	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:53:29 -05:00
Rob Winch	66d1cd592a	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 09:04:46 -05:00
Rob Winch	077c9e0b3e	StrictHttpFirewall allows CJKV characters Closes gh-11264	2022-05-18 08:56:57 -05:00
Rob Winch	e2eed33eca	Add StrictHttpFirewall.allow* new lines and separators Issue gh-11264	2022-05-17 22:24:31 -05:00
Rob Winch	5bf478e72e	Fix Formatting Issue gh-11264	2022-05-17 16:16:02 -05:00
Rob Winch	e0a6a9efa9	StrictHttpFirewall allows CJKV characters Issue gh-11264	2022-05-17 15:53:18 -05:00
Rob Winch	472c25b5e8	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 11:32:01 -05:00
Rob Winch	0df5ece758	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 11:32:01 -05:00
Rob Winch	538252cf07	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:22:30 -05:00
Rob Winch	04ca7ef91b	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:22:30 -05:00
Rob Winch	c6461d61ba	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:18:12 -05:00
Rob Winch	4405cf18f3	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:18:11 -05:00
Rob Winch	70863952ae	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:17:44 -05:00
Rob Winch	af95be34c6	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:17:44 -05:00
Rob Winch	ee28896f42	AntRegexRequestMatcher Optimization Closes gh-11234	2022-05-16 10:17:26 -05:00
Rob Winch	6b823fb27e	Extract rejectNonPrintableAsciiCharactersInFieldName Closes gh-11234	2022-05-16 10:17:26 -05:00
Josh Cummings	0814136ee8	Polish WebExpressionAuthorizationManager - Add support for request variables - Added additional tests Issue gh-11105	2022-05-13 14:14:42 -06:00
Evgeniy Cheban	c4766e64fe	Add AuthorizationManager that uses ExpressionHandler Closes gh-11105	2022-05-13 14:05:34 -06:00
Josh Cummings	ffaf5b4e61	Polish WebExpressionAuthorizationManager - Add support for request variables - Added additional tests Issue gh-11105	2022-05-13 13:53:38 -06:00
Evgeniy Cheban	07b0be3f42	Add AuthorizationManager that uses ExpressionHandler Closes gh-11105	2022-05-13 13:52:49 -06:00
Rob Winch	f34ea188e2	RequestRejectedException is 400 by Default Closes gh-7568	2022-05-12 10:32:27 -05:00
Marcus Da Coregio	000b87f9aa	Revert "Use Spring Framework version 6.0.0-M3" This reverts commit `b803e845e7`.	2022-05-11 08:36:14 -03:00
Marcus Da Coregio	806e05855c	Replace removed context-related operators Closes gh-11194	2022-05-10 14:58:02 -03:00
Marcus Da Coregio	b803e845e7	Use Spring Framework version 6.0.0-M3 Closes gh-11193	2022-05-10 14:49:02 -03:00
Marcus Da Coregio	ce86f4e4b5	Polish ServerWebExchangeDelegatingServerHttpHeadersWriter Issue gh-11073	2022-05-06 09:51:28 -03:00
David Herberth	57cededd49	Add DelegatingServerHttpHeadersWriter Servlet Spring Security has DelegatingRequestMatcherHeaderWriter the reactive world of Spring Security was missing a class to conditionally write headers. Closes gh-11073	2022-05-06 09:51:28 -03:00
Marcus Da Coregio	195d767d98	Polish ServerWebExchangeDelegatingServerHttpHeadersWriter Issue gh-11073	2022-05-06 09:43:34 -03:00
David Herberth	0e2fc51bad	Add DelegatingServerHttpHeadersWriter Servlet Spring Security has DelegatingRequestMatcherHeaderWriter the reactive world of Spring Security was missing a class to conditionally write headers. Closes gh-11073	2022-05-06 09:43:34 -03:00
Rob Winch	67830f4111	Fix WebSessionReactiveSecurityRepository Supports Cache Fix the checkstyle for this feature Closes gh-8422	2022-05-03 21:10:07 -05:00
Rob Winch	768267c131	Fix WebSessionReactiveSecurityRepository Supports Cache Fix the checkstyle for this feature Closes gh-8422	2022-05-03 21:09:41 -05:00
Rob Winch	3c259b4be5	Fix WebSessionReactiveSecurityRepository Supports Cache Fix the checkstyle for this feature Closes gh-8422	2022-05-03 21:08:51 -05:00
Rob Winch	dbe7e37f2b	WebSessionReactiveSecurityRepository Supports Cache	2022-05-03 16:40:51 -05:00

... 2 3 4 5 6 ...

1382 Commits