Marcus Da Coregio
e05c9f4bba
Improve log message when no CSRF token found
...
Closes gh-10436
2021-11-19 08:43:48 -03:00
Marcus Da Coregio
89db1c37a3
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-22 14:49:13 -03:00
Steve Riesenberg
0704c709dc
Revert "Lock Dependencies for Release"
...
This reverts commit 03c2c49d66 .
2021-10-18 17:38:07 -05:00
Steve Riesenberg
03c2c49d66
Lock Dependencies for Release
2021-10-18 17:34:42 -05:00
Steve Riesenberg
c83bd075a2
Revert "Lock Dependencies for Release"
...
This reverts commit bedb569f0d .
2021-10-18 16:49:15 -05:00
Steve Riesenberg
bedb569f0d
Lock Dependencies for Release
2021-10-18 15:38:17 -05:00
Josh Cummings
ba468c7e6e
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-18 15:38:16 -05:00
Joe Grandja
ec6b2203ca
Revert "Lock Dependencies for Release"
...
This reverts commit 067bdd0dd9 .
2021-08-16 11:55:39 -04:00
Joe Grandja
067bdd0dd9
Lock Dependencies for Release
2021-08-16 11:12:40 -04:00
Steve Riesenberg
c17767883f
Revert "Lock Dependencies for Release"
...
This reverts commit d71be4ca28 .
2021-06-21 12:57:05 -05:00
Josh Cummings
d71be4ca28
Lock Dependencies for Release
2021-06-21 10:33:10 -06:00
Marcus Hert da Coregio
4d18d06d9c
Adjust createNewSessionIfAllowed to prevent NPE
...
Ensure that isTransientAuthentication reuses the same authentication object from saveContext
Closes gh-8947
2021-05-26 13:51:52 -03:00
Josh Cummings
2c625f30e0
Add NPE Guards
...
- Like values, names are only validated if they are not null
Closes gh-9598
2021-04-22 11:28:25 -06:00
Craig Andrews
b97e93a486
Add guard around logger.debug statement
...
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled
Issue gh-9648
2021-04-16 10:37:48 -06:00
Joe Grandja
8850ccb1c6
Revert "Lock Dependencies"
...
This reverts commit 924ceac681 .
2021-04-12 13:47:04 -04:00
Joe Grandja
924ceac681
Lock Dependencies
2021-04-12 13:36:39 -04:00
佚名
9570d0cada
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com >
Closes gh-9561
2021-04-09 21:47:11 -06:00
Josh Cummings
71e0967b53
Revert "Lock Dependencies for Release"
...
This reverts commit 8c04074264 .
2021-02-17 15:59:48 -07:00
Josh Cummings
8c04074264
Lock Dependencies for Release
2021-02-17 14:59:17 -07:00
Josh Cummings
cf032d86d6
Revert "Lock Dependencies"
...
This reverts commit 9535a41d5a .
2021-02-11 18:38:07 -07:00
Josh Cummings
9535a41d5a
Lock Dependencies
2021-02-11 17:43:39 -07:00
Rob Winch
4b6b417d5a
Additional Test for HttpSessionSecurityContextRepository
...
Issue gh-9387
2021-02-11 17:39:49 -07:00
Rob Winch
c72a6fac04
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 17:39:48 -07:00
Josh Cummings
f449da8b78
Revert "Lock Dependencies"
...
This reverts commit d17ebf53f9 .
2021-02-11 17:28:01 -07:00
Josh Cummings
d17ebf53f9
Lock Dependencies
2021-02-11 16:56:28 -07:00
Josh Cummings
da7141eb5b
Polish Tests
...
Issue gh-9331
2021-02-03 09:13:38 -07:00
happier233
e30d78086a
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
2021-02-03 09:13:28 -07:00
Rob Winch
acb5ae607b
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:09:21 -06:00
Rob Winch
77a1befcc2
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
2021-01-12 11:38:01 -06:00
Rob Winch
61b75bb2d6
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:19:11 -06:00
Josh Cummings
1af21a9d02
Revert "Lock Dependencies for 5.4.2"
...
This reverts commit 046bc9789f .
2020-12-02 22:21:02 -07:00
Josh Cummings
046bc9789f
Lock Dependencies for 5.4.2
2020-12-02 17:36:26 -07:00
Eleftheria Stein
1d96579265
Fix CookieRequestCache for URL encoded query parameters
...
Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request.
Closes gh-9203
2020-11-26 18:35:59 +01:00
Josh Cummings
84737e7b23
Revert "Lock Dependencies for 5.4.1"
...
This reverts commit 48ac47418d .
2020-10-07 16:38:48 -06:00
Josh Cummings
48ac47418d
Lock Dependencies for 5.4.1
2020-10-07 16:01:34 -06:00
Phillip Webb
c502312719
Replace expected @Test attributes with AssertJ
...
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
Phillip Webb
20baa7d409
Replace ExpectedException @Rules with AssertJ
...
Replace JUnit ExpectedException @Rules with AssertJ calls.
2020-09-22 16:13:51 -06:00
Phillip Webb
910b81928f
Replace try/catch with AssertJ
...
Replace manual try/catch/fail blocks with AssertJ calls.
2020-09-22 16:13:51 -06:00
Tomoki Tsubaki
65f788532e
Fix broken Mono chain
...
This commit restore broken Mono chain in WebSessionServerCsrfTokenRepository.generateToken(ServerWebExchange).
Closes gh-9017
2020-09-16 09:53:23 -06:00
Tomoki Tsubaki
2c297fbd63
Create the CSRF token on the bounded elactic scheduler
...
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.
Closes gh-9018
2020-09-16 08:48:00 -06:00
Joe Grandja
7b1f574769
Revert "Lock Dependency Versions for 5.4.0"
...
This reverts commit 3d0e459182 .
2020-09-09 18:14:12 -04:00
Joe Grandja
3d0e459182
Lock Dependency Versions for 5.4.0
2020-09-09 13:45:03 -04:00
Eleftheria Stein-Kousathana
02d1516c56
Restructure BasicAuthenticationFilter Logs
...
Issue gh-6311
2020-09-02 07:42:03 -06:00
Josh Cummings
fa7baf551d
Restructure Logs
...
Followed common use cases based off of HelloWorld sample:
- Public endpoint
- Unauthorized endpoint
- Undefined endpoint
- Successful form login
- Failed form login
- Post-login redirect
Issue gh-6311
2020-09-02 07:37:59 -06:00
Phillip Webb
319d3364aa
Migrate to assertThatExceptionOfType
...
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb
ef8f113619
Use assertThat instead of Java assert
...
Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather
than Java's `assert` keyword.
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb
a5aa6b3d7f
Remove blank lines from all tests
...
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb
5bdd757108
Polish spring-security-web main code
...
Manually polish `spring-security-web` following the formatting
and checkstyle fixes.
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb
ee661f7b71
Fix whitespace issues in format-off code
...
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.
Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
834dcf5bcf
Use consistent ternary expression style
...
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.
For example: `a = (a != null) ? a : b`
Issue gh-8945
2020-08-24 17:33:08 -05:00