Commit Graph

912 Commits

Author SHA1 Message Date
Josh Cummings
229325a0bb Merge branch '5.8.x' into 6.0.x 2023-03-20 16:22:23 -06:00
Josh Cummings
a74008cc79 Merge branch '5.7.x' into 5.8.x 2023-03-20 16:20:46 -06:00
twosom
3d7e22a4e9 Add test to SimpleUrlAuthenticationSuccessHandlerTests 2023-03-20 16:20:30 -06:00
Josh Cummings
6935045172 Merge branch '5.8.x' into 6.0.x
Closes gh-12909
2023-03-20 16:10:35 -06:00
twosom
abd51f7b63 Polished DefaultLoginPageGeneratingFilterTests Validation
Closes gh-12694
2023-03-20 15:31:59 -06:00
Marcus Da Coregio
cdc0fa0e5b Merge branch '5.8.x' into 6.0.x
Closes gh-12836
2023-03-07 13:28:31 -03:00
Marcus Da Coregio
2e92dad761 Merge branch '5.7.x' into 5.8.x
Closes gh-12835
2023-03-07 13:27:57 -03:00
Marcus Da Coregio
84cca81edf Use HttpSessionSecurityContextRepository by default in SwitchUserFilter
Closes gh-12834
2023-03-07 13:27:18 -03:00
Josh Cummings
8ca726f4fa Specify query string
Issue gh-12665
2023-02-14 08:24:07 -07:00
Josh Cummings
e7d65966fd Merge branch '5.8.x' into 6.0.x
Closes gh-12671
2023-02-14 08:01:31 -07:00
Josh Cummings
0d4c619648 Include continue in query string
Closes gh-12665
2023-02-14 08:00:19 -07:00
Steve Riesenberg
1363a4eece Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Steve Riesenberg
c306df9b46 Add XorCsrfChannelInterceptor
Issue gh-12378
2023-01-23 16:00:35 -06:00
Marcus Da Coregio
d1fc789ae2 Merge branch '5.8.x' into 6.0.x
Closes gh-12511
2023-01-10 09:42:48 -03:00
Marcus Da Coregio
ae46032ced Merge branch '5.7.x' into 5.8.x
Closes gh-12510
2023-01-10 09:39:40 -03:00
Marcus Da Coregio
ffdb397830 Save the SecurityContext when switching user
Closes gh-12504
2023-01-10 09:27:56 -03:00
Josh Cummings
c308e4665a Polish Event Name
Provide a name with no spaces separate from the human-friendly
one with spaces.

Closes gh-12490
2023-01-06 11:13:11 -07:00
Marcus Da Coregio
898c36287c Merge branch '5.8.x' into 6.0.x
Closes gh-12368
2022-12-12 16:55:14 -03:00
Marcus Da Coregio
99d6d21554 Apply SecurityContextHolderFilter to all dispatcher types
Closes gh-11962
2022-12-12 11:45:24 -08:00
Josh Cummings
701f754e37 Cast FilterChainObservationContext Safely
Closes gh-12268
2022-11-29 16:24:56 -07:00
Steve Riesenberg
fd547321e8 Default to XorCsrfTokenRequestAttributeHandler
As of gh-11960, Xor CSRF tokens are the default in 6.0. This commit
makes CsrfAuthenticationStrategy consistent with CsrfFilter.

Issue gh-11960
Closes gh-12235
2022-11-18 22:50:26 -06:00
Steve Riesenberg
5da78f44f2 Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg
2ed7cff643 Check for existing token before clearing
Closes gh-12236
2022-11-18 13:12:59 -06:00
Marcus Da Coregio
063f06e7bf Register FilterChainProxy for all dispatcher types
Closes gh-12180
2022-11-16 09:55:21 -03:00
Marcus Da Coregio
3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1
Closes gh-12146
Closes gh-12148
2022-11-08 08:34:21 -03:00
Steve Riesenberg
36f668dd9c Merge branch '5.8.x'
Closes gh-12142
2022-11-04 18:12:34 -05:00
Steve Riesenberg
6b0ed0205b Re-generate tokens in CookieCsrfTokenRepository
Fixes support for re-generating tokens within a request such as when
CsrfAuthenticationStrategy removes a null token and saves an empty
cookie value on the response.

Closes gh-12141
2022-11-04 18:10:15 -05:00
Steve Riesenberg
801ceb0832 Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg
66f2f1cde7 Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg
2915a70bf7 Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg
6530777742 Merge branch '5.5.x' into 5.6.x
Closes gh-dry-run
2022-10-28 11:31:50 -05:00
Marcus Da Coregio
1f481aafff Fix AuthorizationFilter incorrectly extending OncePerRequestFilter
Closes gh-12102
2022-10-28 11:29:35 -05:00
Josh Cummings
d651da5ac3 Merge remote-tracking branch 'origin/5.8.x'
Closes gh-12077
2022-10-24 16:54:03 -06:00
Josh Cummings
dd30694979 Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
Closes gh-12076
2022-10-24 16:46:08 -06:00
David Becker
2b426872a3 Use InetSocketAddress#getHostString
Sometimes InetSocketAddress#getAddress#getHostAddress retuns null.
In that case, call InetSocketAddress#getHostString instead.

There is no performance loss since IpAddressMatcher#matches attemptsi
to re-parse and resolve the address anyway.

Closes gh-11888
2022-10-24 16:32:19 -06:00
Steve Riesenberg
8554e70c09 Remove deprecated loadContext(request)
Closes gh-12048
2022-10-17 20:13:51 -05:00
Steve Riesenberg
bd43c1f28a Merge branch '5.8.x'
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
Steve Riesenberg
acc35aeb18 Add DelegatingSecurityContextRepository
Issue gh-12023
2022-10-17 19:33:58 -05:00
Steve Riesenberg
c75ca10900 Add DeferredSecurityContext
Issue gh-12023
2022-10-17 19:33:58 -05:00
Josh Cummings
f4cc27c375 Change Default for (Server)AuthenticationEntryPointFailureHandler
Closes gh-9429
2022-10-13 20:03:03 -06:00
Josh Cummings
5afc7cb04f Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Josh Cummings
099aaa33ff Remove Deprecation Markers
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.

Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.

At that time, BearerTokenAuthenticationFilter can change to use
the handler.

Closes gh-11932
2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux
200b7fecd3 Add (Server)AuthenticationEntryPointFailureHandlerAdapter
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
Steve Riesenberg
9090f62d9b Merge branch '5.8.x' 2022-10-13 16:46:53 -05:00
Evgeniy Cheban
56b9badcfe AnonymousAuthenticationFilter should cache its Supplier<SecurityContext>
Closes gh-11900
2022-10-13 16:44:48 -05:00
Joe Grandja
753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny
Closes gh-11958
2022-10-13 11:12:00 -04:00
Steve Riesenberg
2407d07890 Default to Xor CSRF tokens in CsrfWebFilter
Closes gh-11960
2022-10-13 09:39:57 -05:00
Steve Riesenberg
2a2051cd7b Default to Xor CSRF tokens in CsrfFilter
Issue gh-11960
2022-10-13 09:39:55 -05:00
Joe Grandja
6026f9f70f Merge branch '5.8.x' 2022-10-13 06:31:37 -04:00
Joe Grandja
185991a606 Revert "Add default AuthorizationManager"
This reverts commit 4ddec07d0e.
2022-10-13 06:18:00 -04:00