Josh Cummings
e19c9995ae
Merge branch '6.5.x'
2025-05-19 09:46:36 -06:00
Josh Cummings
78dd02a4c1
Merge branch '6.4.x' into 6.5.x
...
Closes gh-17147
2025-05-19 09:46:24 -06:00
Josh Cummings
edc8735eb8
Merge branch '6.3.x' into 6.4.x
...
Closes gh-17146
2025-05-19 09:46:10 -06:00
Mark Putsiata
cae3467a8d
Improve AbstractPreAuthenticatedProcessingFilter docs
...
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.
Closes gh-14137
Signed-off-by: Mark Putsiata <m.putsiata@gmail.com >
2025-05-19 09:45:53 -06:00
Tran Ngoc Nhan
86550fb84b
Cleanup code
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com >
2025-05-13 12:40:18 -06:00
yybmion
d48c463c03
Add logging to CsrfTokenRequestHandler implementations
...
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com >
2025-05-12 18:49:40 -06:00
yybmion
a90ce5142c
Add logging to CsrfTokenRequestHandler implementations
...
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com >
2025-05-12 18:48:45 -06:00
Tran Ngoc Nhan
1e4dd713c5
Remove APPLICATION_JSON_UTF8 usage
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com >
2025-05-07 14:59:14 -05:00
M-Faheem-Khan
241c3cd35a
Remove deprecated Cookie usage
...
Remove usage of comment and verison usage
Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com >
2025-05-07 14:55:54 -05:00
milaneuh
7fda87aecd
Remove deprecated methods from CookieServerCsrfTokenRepository
2025-05-07 10:50:41 -05:00
Rob Winch
b453840c0a
HttpHeaders no longer a MultiValueMap
...
Closes gh-17060
2025-05-06 13:27:13 -05:00
Rob Winch
e5e962ef90
Jakarta Cookie HttpOnly Serialization
...
The new specification represents Cookie attribute using HttpOnly: "" vs
HttpOnly: "true".
This updates the test to correspond to the new Servlet specification and
is a breaking change related to jakarta updates.
2025-05-06 13:27:13 -05:00
Rob Winch
607705347c
MediaType.sortBySpecificityAndQuality->sortBySpecificity
...
Closes gh-17059
2025-05-06 13:26:17 -05:00
Rob Winch
cb0fdef236
Remove MediaType.APPLICATION_JSON_UTF
...
Closes gh-17050
2025-05-06 13:26:14 -05:00
Zhoudong
6624e302ac
Favor Spring Framework NonNull over Reactor NonNull
...
Signed-off-by: Zhoudong <jearton@users.noreply.github.com >
2025-05-06 10:52:05 -06:00
Josh Cummings
aa338e9b0d
Merge branch '6.4.x'
2025-05-02 10:58:22 -06:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x
...
Closes gh-17032
2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper
...
Closes gh-16978
2025-05-02 10:57:07 -06:00
Tran Ngoc Nhan
29380a87a0
Polish javadoc
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com >
2025-04-23 14:36:45 -06:00
Max Batischev
8525f0e3fd
Add FunctionalInterface To X509PrincipalExtractor
...
Closes gh-16949
Signed-off-by: Max Batischev <mblancer@mail.ru >
2025-04-23 14:27:42 -06:00
Josh Cummings
7d6bdfedc8
Add Null Guard for Authorization Result
2025-04-23 12:11:10 -06:00
Josh Cummings
0ab01eac14
Update Deprecated Security Usage
2025-04-23 12:11:08 -06:00
Josh Cummings
216680bb50
Update Deprecated Spring Jdbc Usage
2025-04-23 11:29:18 -06:00
Josh Cummings
2ad859a63c
Add Missing Deprecation Markers
2025-04-23 11:29:18 -06:00
Josh Cummings
3f7f3dabe7
Correct JavaDoc Class Reference
2025-04-23 11:29:18 -06:00
Daeho Kwon
9908d96644
DeferredCsrfToken Implements Supplier
...
Closes gh-16870
Signed-off-by: Daeho Kwon <trewq231@naver.com >
2025-04-09 14:24:11 -06:00
Josh Cummings
f93a7a2f85
Deprecate HandlerMappingIntrospectorRequestTransformer
...
Closes gh-16536
2025-04-07 13:56:18 -06:00
Josh Cummings
b7d399ab89
Merge branch '6.4.x'
2025-04-01 12:02:53 -06:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x
...
Closes gh-16862
2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08
WithHttpOnlyCookie defaults to false
...
Closes gh-16820
Signed-off-by: DingHao <dh.hiekn@gmail.com >
2025-04-01 11:59:51 -06:00
Max Batischev
9a897d0b62
Add Support Postgres To JdbcUserCredentialRepository
...
Closes gh-16832
Signed-off-by: Max Batischev <mblancer@mail.ru >
2025-03-31 16:43:36 -06:00
wtigerhyunsu
bdbf6a2be3
Add toString() to IpAddressMatcher.java
...
Closes gh-16795
Signed-off-by: wtigerhyunsu <jack951@naver.com >
2025-03-27 16:38:53 -06:00
Josh Cummings
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter
...
Issue gh-16417
2025-03-26 16:38:39 -06:00
Josh Cummings
15d9c13984
Add RequestMatcher MigrationPath for SwitchUserFilter
...
To simplify migration, the filter's setter methods still use AntPathRequestMatcher.
Users can call the equivalent RequestMatcher setter methods to opt-in to the change early.
Issue gh-16417
2025-03-26 16:38:38 -06:00
Josh Cummings
1618963255
Deprecate AntPathRequestMatcher
...
Closes gh-16632
2025-03-26 13:40:05 -06:00
Josh Cummings
de07b1108f
Use PathPatternRequestMatcher in Web Components
...
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.
Issue gh-16632
2025-03-26 13:28:58 -06:00
Rob Winch
491d28b6bb
Merge branch '6.4.x'
...
- Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity
Closes gh-16821
2025-03-25 16:19:14 -05:00
Rob Winch
1f3dd53bdf
Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity
...
Closes gh-16606
2025-03-25 16:14:58 -05:00
Rob Winch
593f7c4490
Use !isAuthenticated
...
It's more verbose to see if the user is not null and not anonymous
Issue gh-16385
2025-03-25 16:14:25 -05:00
Rob Winch
4e20d56d2d
Fix format for WebAuthn4jRelyingPartyOperations
...
Issue gh-16385
2025-03-25 16:14:25 -05:00
Josh Cummings
05fdcd6a08
Deprecate MvcRequestMatcher
...
Closes gh-16631
2025-03-24 22:03:22 -06:00
Tomas Borghi
0a084135ec
Delete import unused
...
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com >
2025-03-24 16:50:39 -03:00
Tomas Borghi
5571ad1b27
Fix issues identified in PR review
...
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com >
2025-03-24 13:18:23 -03:00
Borghi
e3a715b8f5
Fix issues identified in PR review
...
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com >
2025-03-24 13:00:27 -03:00
Josh Cummings
56e757a2a1
Provide Authentication to AuthenticationExceptions
...
Issue gh-16444
2025-03-21 21:54:32 -06:00
Josh Cummings
464e506429
Polish ExceptionTranslateWebFilter
...
- Isolated exception construction
- Isolated entry point subscription
Issue gh-16444
2025-03-21 21:54:32 -06:00
Josh Cummings
3d96878d43
Cache RequestPath
...
In this way PathPatternRequestMatcher won't need to reparse for each
request matcher.
Issue gh-16771
2025-03-21 14:43:05 -06:00
Josh Cummings
86599afd43
Rename servletPath to basePath
...
Closes gh-16765
2025-03-21 12:04:46 -06:00
Josh Cummings
c53bf2befe
PathPatternRequestParser Retains Servlet Path
...
Issue gh-16765
2025-03-21 12:04:45 -06:00
Josh Cummings
1966ff3ce8
Parse RequestPath when cache is empty
...
Closes gh-16771
2025-03-21 12:03:56 -06:00