Marcus Da Coregio
18e88366d2
Resolve The matchingRequestParameterName From The Query String
...
Prior to this commit, the ServletRequest#getParameter method was used in order to verify if the matchingRequestParameterName was present in the request. That method has some side effects like interfering in the execution of the ServletRequest#getInputStream and ServletRequest#getReader method when the request is an HTTP POST (if those methods are invoked after getParameter, or vice-versa, the content won't be available). This commit makes that we only use the query string to check for the parameter, avoiding draining the request's input stream.
Closes gh-13731
2023-09-14 21:25:25 +01:00
Marcus Da Coregio
db37bdfe94
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13795
2023-09-12 16:21:48 +01:00
Marcus Da Coregio
ce012a4661
CookieRequestCache Should Preserve Request Locale
...
Closes gh-13792
2023-09-12 16:21:27 +01:00
Marcus Da Coregio
629540f9d8
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13758
2023-08-31 10:12:59 -03:00
Marcus Da Coregio
96d1763fc4
WWW-Authenticate header should not be added twice
...
Closes gh-13737
2023-08-31 10:07:10 -03:00
Marcus Da Coregio
cbef118026
Merge branch '5.8.x' into 6.0.x
2023-07-17 09:16:20 -03:00
Marcus Da Coregio
a939f17890
Merge branch '5.7.x' into 5.8.x
2023-07-17 09:15:56 -03:00
Marcus Da Coregio
fe9bc26bdc
Merge branch '5.6.x' into 5.7.x
2023-07-17 09:13:28 -03:00
Marcus Da Coregio
7813a9ba26
Use default PathPatternParser instance
2023-07-17 09:12:28 -03:00
Josh Cummings
83c0f4231e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13481
2023-07-10 16:13:04 -06:00
Josh Cummings
40d61743b9
Replace Existing Continue Parameter
...
Closes gh-13438
2023-07-10 16:12:05 -06:00
Marcus Da Coregio
ce5aa9e694
Merge branch '5.8.x' into 6.0.x
2023-05-24 15:00:17 -03:00
Marcus Da Coregio
f8e39336cb
Merge branch '5.7.x' into 5.8.x
2023-05-24 14:59:27 -03:00
Marcus Da Coregio
a53cbb838b
Polish
...
Issue gh-13155
2023-05-24 14:59:16 -03:00
joerg-richter-5234
8287289bcb
Fix XContentTypeOptionsServerHttpHeadersWriter
...
set constant value to X-Content-Type-Options
Closes gh-13155
2023-05-24 14:59:14 -03:00
Dennis Frommknecht
af233a2a00
Use consistent list of micrometer tags in web observation handler
...
The tag `spring.security.reached.filter.name` is only set if a
filter-name is available, otherwise the tag is omitted entirely. This
leads to issues with metric-exporters that don't support dynamic tags,
but rather expect tag-names of a metric to be always the same. The most
prominent example is the Prometheus-exporter.
Instead of omitting the tag if no filer-name is set, a none-value is
applied instead, making the tag-list consistent in all cases
Closes gh-13179
2023-05-18 09:17:02 -06:00
Josh Cummings
e033e347b4
Remove Redundant Close
...
Closes gh-12787
2023-05-10 16:12:34 -06:00
Marcus Da Coregio
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
Marcus Da Coregio
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
Marcus Da Coregio
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
Josh Cummings
4813ec1e09
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13000
2023-04-11 17:08:54 -06:00
Josh Cummings
dad1fba1bf
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12999
2023-04-11 17:02:16 -06:00
Christian Marck
442faccb5f
Avoid NPE in FilterInvocation
...
Handle unknown headers in dummy request wrapper.
Closes gh-12998
2023-04-11 17:01:59 -06:00
Josh Cummings
6db2b0dcd0
Align Filter Chain Observability Lineage
...
Closes gh-12849
2023-03-27 16:30:32 -06:00
Marcus Da Coregio
177514b6c5
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12919
2023-03-22 08:54:57 -03:00
Marcus Da Coregio
8d664bc4c2
DelegatingSecurityContextRepository should call loadContext
...
Closes gh-12314
2023-03-22 08:53:19 -03:00
Josh Cummings
3fbb64db96
Fix javax package
2023-03-20 16:28:52 -06:00
Josh Cummings
229325a0bb
Merge branch '5.8.x' into 6.0.x
2023-03-20 16:22:23 -06:00
Josh Cummings
a74008cc79
Merge branch '5.7.x' into 5.8.x
2023-03-20 16:20:46 -06:00
twosom
3d7e22a4e9
Add test to SimpleUrlAuthenticationSuccessHandlerTests
2023-03-20 16:20:30 -06:00
Josh Cummings
6935045172
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12909
2023-03-20 16:10:35 -06:00
twosom
abd51f7b63
Polished DefaultLoginPageGeneratingFilterTests Validation
...
Closes gh-12694
2023-03-20 15:31:59 -06:00
Marcus Da Coregio
cdc0fa0e5b
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12836
2023-03-07 13:28:31 -03:00
Marcus Da Coregio
2e92dad761
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12835
2023-03-07 13:27:57 -03:00
Marcus Da Coregio
84cca81edf
Use HttpSessionSecurityContextRepository by default in SwitchUserFilter
...
Closes gh-12834
2023-03-07 13:27:18 -03:00
Josh Cummings
8ca726f4fa
Specify query string
...
Issue gh-12665
2023-02-14 08:24:07 -07:00
Josh Cummings
e7d65966fd
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12671
2023-02-14 08:01:31 -07:00
Josh Cummings
0d4c619648
Include continue in query string
...
Closes gh-12665
2023-02-14 08:00:19 -07:00
Steve Riesenberg
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
Steve Riesenberg
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
Marcus Da Coregio
d1fc789ae2
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12511
2023-01-10 09:42:48 -03:00
Marcus Da Coregio
ae46032ced
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12510
2023-01-10 09:39:40 -03:00
Marcus Da Coregio
ffdb397830
Save the SecurityContext when switching user
...
Closes gh-12504
2023-01-10 09:27:56 -03:00
Josh Cummings
c308e4665a
Polish Event Name
...
Provide a name with no spaces separate from the human-friendly
one with spaces.
Closes gh-12490
2023-01-06 11:13:11 -07:00
Marcus Da Coregio
898c36287c
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12368
2022-12-12 16:55:14 -03:00
Marcus Da Coregio
99d6d21554
Apply SecurityContextHolderFilter to all dispatcher types
...
Closes gh-11962
2022-12-12 11:45:24 -08:00
Josh Cummings
701f754e37
Cast FilterChainObservationContext Safely
...
Closes gh-12268
2022-11-29 16:24:56 -07:00
Steve Riesenberg
fd547321e8
Default to XorCsrfTokenRequestAttributeHandler
...
As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.
Issue gh-11960
Closes gh-12235
2022-11-18 22:50:26 -06:00
Steve Riesenberg
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
Steve Riesenberg
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00