Rob Winch
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
Rob Winch
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
Rob Winch
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00
Rob Winch
192776858d
HttpStatusServerAccessDeniedHandler write error message
2017-10-28 22:59:24 -05:00
Rob Winch
e63c53e267
Add AuthorizationWebFilterTests
2017-10-28 22:58:55 -05:00
Rob Winch
2060125ebd
ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:52 -05:00
Rob Winch
4777a869bc
Logout at the end of logout method
...
Issue: gh-4719
2017-10-27 18:17:40 -05:00
Rob Winch
5bcf3c559b
Remove wrappedExchange from AuthenticationWebFilter
...
Issue: gh-4719
2017-10-27 18:17:29 -05:00
Rob Winch
437ba56415
ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter
...
Issue: gh-4719
2017-10-27 18:17:10 -05:00
Rob Winch
c63b258b16
AuthorizeWebFilter uses ReactiveSecurityContextHolder
...
Issue gh-4719
2017-10-27 18:16:59 -05:00
Rob Winch
747473257f
Use ReactorSecurityContextHolder
...
Issue gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
44b41e78cd
Flux member variables in favor of Collections
...
Fix gh-4694
2017-10-25 07:41:37 -05:00
Rob Winch
fcc1152f78
WebFilterChainProxy not matched continues WebFilterChain
...
Fixes gh-4668
2017-10-24 16:22:07 -05:00
Rob Winch
b81c1ce2c0
Move spring-security-webflux into spring-security-web
...
Fixes gh-4662
2017-10-18 16:20:09 -05:00
Rob Winch
a74f7c6faa
Fix CSRF / DefaultLoginPageGeneratingFilter package tangle
...
Issue: gh-4636
2017-10-16 16:36:49 -05:00
Andreas Gebhardt
0c830f9ba8
fix JavaDoc typo on BasicAuthenticationEntryPoint
2017-10-12 07:42:58 -05:00
Rob Winch
23f56f568c
Update MockitJunitRunner import
...
Issue: gh-4608
2017-10-09 16:13:33 -05:00
Rob Winch
445834784a
Update to Mockito 2.10.0
...
Issue: gh-4608
2017-10-09 16:13:11 -05:00
Rob Winch
f3828924ff
Fix equals and hashCode alignment
...
Fixes gh-4588
2017-09-28 17:25:00 -05:00
Rob Winch
646b3e48b3
Avoid Exception Message in HTTP Response
...
Fixes gh-4587
2017-09-28 17:24:49 -05:00
Vedran Pavic
95de158909
Add ForwardLogoutSuccessHandler
2017-09-06 15:15:02 -05:00
Joe Grandja
4951550d7d
Add context path to authorization request URI
...
Fixes gh-4510
2017-08-26 18:55:23 -04:00
Rob Winch
e16b8e7976
Fix logback-test.xml
2017-08-17 16:42:01 -05:00
Kyle Anderson
d8a678df6f
Removed Unicode Character from Parameter Name
2017-06-29 16:03:29 -05:00
Takuma Setoguchi
f2c04dd9b1
fix typo
2017-06-20 08:17:15 -05:00
Vedran Pavic
85719fcd64
Use Base64 implementation provided by Java 8
2017-05-10 00:27:36 -05:00
Joe Grandja
829c386756
Add support for OAuth 2.0 Login
...
Fixes gh-3907
2017-04-28 10:58:59 -04:00
Rob Winch
5a65da400d
Use ReflectionTestUtils rather than Whitebox
...
This is better because it no longer uses Mockito's internal API
Fixes gh-4305
2017-04-21 10:54:58 -05:00
Rob Winch
9d9aadb80f
Fix DefaultSavedRequestMixinTests with Spring 5
...
Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.
This commit ensures that the Cookie header is not added by overriding the
class we are writing.
Fixes gh-4272
2017-04-12 15:51:26 -05:00
Joe Grandja
2b81983f7c
Update to Java 8 compatibility
...
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
2017-04-07 16:49:38 -04:00
borlafu
8a458eb9e1
Avoid multiple X-Frame-Options headers
...
XFrameOptionsHeaderWriter should not *add*, but *set* the
X-Frame-Options header. According to
https://tools.ietf.org/html/rfc7034#section-2.1 , having
multiple values for the header is disallowed:
"There are three different values for the header field.
These values are mutually exclusive; that is, the header
field MUST be set to exactly one of the three values."
With this change, only the latest XFrameOptionsHeaderWriter
will remain.
2017-03-08 15:49:18 -06:00
Rob Winch
247f54dc41
Fix SwitchUserFilter.setSwitchFailureUrl assertion
...
Fixes gh-4198
2017-03-02 00:47:09 -06:00
Rob Winch
017e9834bd
Fix NPE in UrlUtils with null url
...
Fixes gh-4233
2017-03-02 00:46:01 -06:00
Rob Winch
168f4b8f70
Prevent Duplicate Cache Headers
...
Fixes gh-4199
2017-03-01 16:14:12 -06:00
Rob Winch
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
Kazuki Shimizu
38492a5794
Add since version in javadoc
...
Issue: gh-4130
2016-12-21 16:12:39 -06:00
Eddú Meléndez
028854b936
Add HttpSessionRequestCache sessionAttrName property
...
This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.
Fixes gh-4130
2016-12-21 10:22:09 -06:00
Rob Winch
d39f3385b6
Polish DefaultHttpFirewallTests
...
Issue gh-4169
2016-12-21 09:29:23 -06:00
Rob Winch
666e356ebc
Block URL Encoded "/" in DefaultHttpFirewall
...
Fixes gh-4169
2016-12-21 09:04:00 -06:00
Rob Winch
697daeab7c
Add Jackson2 Support for PreAuthenticatedAuthenticationToken
...
Fixes gh-4120
2016-11-09 16:55:10 -06:00
Rob Winch
f0a9421aa4
SecurityJacksonModules->SecurityJackson2Modules
...
Fixes gh-4121
2016-11-09 16:42:41 -06:00
Kazuki Shimizu
d2c28c58e2
Polishing the ReferrerPolicyHeaderWriter gh-4110
2016-11-09 13:16:41 -06:00
Eddú Meléndez
23294c4c57
Add Referrer-Policy header support
...
Fixes gh-4110
2016-11-08 13:21:35 -06:00
Rob Winch
57d7ad05f9
Revert "Cache Control only written if not set"
...
This reverts commit 242b831f20 .
Spring MVC fixed the issue we were working around and the changes
in Spring Security were unreliable.
Fixes gh-3975
2016-10-24 15:57:26 -05:00
Johnny Lim
50b72dddbc
Fix typo in Javadoc
...
This commit simply fixes typo in Javadoc.
2016-10-20 21:07:15 -05:00
Rob Winch
aaa9708b95
Add BeanResolver to AuthenticationPrincipalArgumentResolver
...
Previously @AuthenticationPrincipal's expression attribute didn't support
bean references because the BeanResolver was not set on the SpEL context.
This commit adds a BeanResolver and ensures that the configuration
sets a BeanResolver.
Fixes gh-3949
2016-10-18 19:45:54 -05:00
Rob Winch
2c99cd3bbf
Remove MatcherAssertionErrors
...
Spring 5 removes MatcherAssertionErrors. We should not have been using
this class anyways.
This commit updates to using assertj in favor of MatcherAssertionErrors.
Issue gh-4080
2016-10-17 17:00:17 -05:00
Rob Winch
08c1f500a7
Version bumps for Spring 5
...
Issue gh-4080
2016-10-17 17:00:17 -05:00
Rob Winch
8b89e804e3
Polish RequestAttributeAuthenticationFilter
...
Issue gh-3978
2016-09-23 13:08:08 -05:00
Rob Winch
6fb564a629
Polish HTTP Response Splitting
...
Issue gh-3910
2016-09-23 12:49:01 -05:00