Commit Graph

1657 Commits

Author SHA1 Message Date
Josh Cummings
e19c9995ae Merge branch '6.5.x' 2025-05-19 09:46:36 -06:00
Josh Cummings
78dd02a4c1 Merge branch '6.4.x' into 6.5.x
Closes gh-17147
2025-05-19 09:46:24 -06:00
Josh Cummings
edc8735eb8 Merge branch '6.3.x' into 6.4.x
Closes gh-17146
2025-05-19 09:46:10 -06:00
Mark Putsiata
cae3467a8d Improve AbstractPreAuthenticatedProcessingFilter docs
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.

Closes gh-14137

Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
2025-05-19 09:45:53 -06:00
Tran Ngoc Nhan
86550fb84b Cleanup code
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-13 12:40:18 -06:00
yybmion
d48c463c03 Add logging to CsrfTokenRequestHandler implementations
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
2025-05-12 18:49:40 -06:00
yybmion
a90ce5142c Add logging to CsrfTokenRequestHandler implementations
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
2025-05-12 18:48:45 -06:00
Tran Ngoc Nhan
1e4dd713c5 Remove APPLICATION_JSON_UTF8 usage
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-07 14:59:14 -05:00
M-Faheem-Khan
241c3cd35a Remove deprecated Cookie usage
Remove usage of comment and verison usage

Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com>
2025-05-07 14:55:54 -05:00
milaneuh
7fda87aecd Remove deprecated methods from CookieServerCsrfTokenRepository 2025-05-07 10:50:41 -05:00
Rob Winch
b453840c0a HttpHeaders no longer a MultiValueMap
Closes gh-17060
2025-05-06 13:27:13 -05:00
Rob Winch
e5e962ef90 Jakarta Cookie HttpOnly Serialization
The new specification represents Cookie attribute using HttpOnly: "" vs
HttpOnly: "true".

This updates the test to correspond to the new Servlet specification and
is a breaking change related to jakarta updates.
2025-05-06 13:27:13 -05:00
Rob Winch
607705347c MediaType.sortBySpecificityAndQuality->sortBySpecificity
Closes gh-17059
2025-05-06 13:26:17 -05:00
Rob Winch
cb0fdef236 Remove MediaType.APPLICATION_JSON_UTF
Closes gh-17050
2025-05-06 13:26:14 -05:00
Zhoudong
6624e302ac Favor Spring Framework NonNull over Reactor NonNull
Signed-off-by: Zhoudong <jearton@users.noreply.github.com>
2025-05-06 10:52:05 -06:00
Josh Cummings
aa338e9b0d Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00
Josh Cummings
57fc29e614 Merge branch '6.3.x' into 6.4.x
Closes gh-17032
2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e Propagate StrictFirewallRequest Wrapper
Closes gh-16978
2025-05-02 10:57:07 -06:00
Tran Ngoc Nhan
29380a87a0 Polish javadoc
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-04-23 14:36:45 -06:00
Max Batischev
8525f0e3fd Add FunctionalInterface To X509PrincipalExtractor
Closes gh-16949

Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-04-23 14:27:42 -06:00
Josh Cummings
7d6bdfedc8 Add Null Guard for Authorization Result 2025-04-23 12:11:10 -06:00
Josh Cummings
0ab01eac14 Update Deprecated Security Usage 2025-04-23 12:11:08 -06:00
Josh Cummings
216680bb50 Update Deprecated Spring Jdbc Usage 2025-04-23 11:29:18 -06:00
Josh Cummings
2ad859a63c Add Missing Deprecation Markers 2025-04-23 11:29:18 -06:00
Josh Cummings
3f7f3dabe7 Correct JavaDoc Class Reference 2025-04-23 11:29:18 -06:00
Daeho Kwon
9908d96644 DeferredCsrfToken Implements Supplier
Closes gh-16870

Signed-off-by: Daeho Kwon <trewq231@naver.com>
2025-04-09 14:24:11 -06:00
Josh Cummings
f93a7a2f85 Deprecate HandlerMappingIntrospectorRequestTransformer
Closes gh-16536
2025-04-07 13:56:18 -06:00
Josh Cummings
b7d399ab89 Merge branch '6.4.x' 2025-04-01 12:02:53 -06:00
Josh Cummings
0954638d57 Merge branch '6.3.x' into 6.4.x
Closes gh-16862
2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-04-01 11:59:51 -06:00
Max Batischev
9a897d0b62 Add Support Postgres To JdbcUserCredentialRepository
Closes gh-16832

Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-03-31 16:43:36 -06:00
wtigerhyunsu
bdbf6a2be3 Add toString() to IpAddressMatcher.java
Closes gh-16795

Signed-off-by: wtigerhyunsu <jack951@naver.com>
2025-03-27 16:38:53 -06:00
Josh Cummings
99345537d6 Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter
Issue gh-16417
2025-03-26 16:38:39 -06:00
Josh Cummings
15d9c13984 Add RequestMatcher MigrationPath for SwitchUserFilter
To simplify migration, the filter's setter methods still use AntPathRequestMatcher.
Users can call the equivalent RequestMatcher setter methods to opt-in to the change early.

Issue gh-16417
2025-03-26 16:38:38 -06:00
Josh Cummings
1618963255 Deprecate AntPathRequestMatcher
Closes gh-16632
2025-03-26 13:40:05 -06:00
Josh Cummings
de07b1108f Use PathPatternRequestMatcher in Web Components
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
2025-03-26 13:28:58 -06:00
Rob Winch
491d28b6bb Merge branch '6.4.x'
- Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity

Closes gh-16821
2025-03-25 16:19:14 -05:00
Rob Winch
1f3dd53bdf Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity
Closes gh-16606
2025-03-25 16:14:58 -05:00
Rob Winch
593f7c4490 Use !isAuthenticated
It's more verbose to see if the user is not null and not anonymous

Issue gh-16385
2025-03-25 16:14:25 -05:00
Rob Winch
4e20d56d2d Fix format for WebAuthn4jRelyingPartyOperations
Issue gh-16385
2025-03-25 16:14:25 -05:00
Josh Cummings
05fdcd6a08 Deprecate MvcRequestMatcher
Closes gh-16631
2025-03-24 22:03:22 -06:00
Tomas Borghi
0a084135ec Delete import unused
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
2025-03-24 16:50:39 -03:00
Tomas Borghi
5571ad1b27 Fix issues identified in PR review
Signed-off-by: Tomas Borghi <137845283+Borghii@users.noreply.github.com>
2025-03-24 13:18:23 -03:00
Borghi
e3a715b8f5 Fix issues identified in PR review
Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
2025-03-24 13:00:27 -03:00
Josh Cummings
56e757a2a1 Provide Authentication to AuthenticationExceptions
Issue gh-16444
2025-03-21 21:54:32 -06:00
Josh Cummings
464e506429 Polish ExceptionTranslateWebFilter
- Isolated exception construction
- Isolated entry point subscription

Issue gh-16444
2025-03-21 21:54:32 -06:00
Josh Cummings
3d96878d43 Cache RequestPath
In this way PathPatternRequestMatcher won't need to reparse for each
request matcher.

Issue gh-16771
2025-03-21 14:43:05 -06:00
Josh Cummings
86599afd43 Rename servletPath to basePath
Closes gh-16765
2025-03-21 12:04:46 -06:00
Josh Cummings
c53bf2befe PathPatternRequestParser Retains Servlet Path
Issue gh-16765
2025-03-21 12:04:45 -06:00
Josh Cummings
1966ff3ce8 Parse RequestPath when cache is empty
Closes gh-16771
2025-03-21 12:03:56 -06:00