1342 Commits

Author SHA1 Message Date
Marcus Da Coregio
1c10c10f73 RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext
Closes gh-10779
2022-01-31 09:43:18 -03:00
Josh Cummings
9baf1134c7 Add Request-based AuthenticationManagerResolvers
Closes gh-6762
2022-01-26 09:09:02 -07:00
Rob Winch
04f3bbcefa javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
Issue gh-10501
2022-01-19 15:32:12 -06:00
Rob Winch
c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 15:32:12 -06:00
Rob Winch
0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch
8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Juan Carlos
7435da6bbf Add serialVersionUID to DefaultSavedRequest and SavedCookie
Closes gh-10594
2022-01-18 09:26:56 -03:00
Josh Cummings
75f25bff82 Polish multiple RequestRejectedHandlers support
Issue gh-10603
2022-01-14 16:49:38 -07:00
Adam Ostrožlík
4ea57f3e3f Support multiple RequestRejectedHandler beans
Closes gh-10603
2022-01-14 16:46:15 -07:00
Josh Cummings
ca353d6781 Use noNullElements
Collection#contains(null) does not work for all collection types

Closes gh-10703
2022-01-14 15:19:13 -07:00
Josh Cummings
6c5ac0d8ec Use noNullElements
Collection#contains(null) does not work for all collection types

Closes gh-10703
2022-01-14 15:09:21 -07:00
Josh Cummings
aaaf7d3523 Use noNullElements
Collection#contains(null) does not work for all collection types

Closes gh-10703
2022-01-14 15:08:38 -07:00
heowc
1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio
60595f2801 Fix @since tag
Issue gh-10590, gh-10554
2022-01-06 13:22:58 -03:00
Marcus Da Coregio
e7e3f06044 Fix @since tag
Issue gh-10590, gh-10554
2022-01-06 13:22:13 -03:00
Marcus Da Coregio
f04cd641b0 Fix @since tag
Issue gh-10590, gh-10554
2022-01-06 13:18:25 -03:00
Marcus Da Coregio
994e93741b Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
Closes gh-10554
2022-01-05 14:06:47 -03:00
Marcus Da Coregio
04e1a11e35 Add RequestMatcherEntry 2022-01-05 14:06:47 -03:00
Marcus Da Coregio
547056d5cc Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
Closes gh-10590
2022-01-05 14:06:47 -03:00
Marcus Da Coregio
ba810e468f Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
Closes gh-10554
2022-01-05 14:01:57 -03:00
Marcus Da Coregio
40dfe8f259 Add RequestMatcherEntry 2022-01-05 14:00:47 -03:00
Marcus Da Coregio
b448954f43 Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
Closes gh-10590
2022-01-05 13:57:36 -03:00
Marcus Da Coregio
18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
Closes gh-10554
2021-12-13 08:57:30 -03:00
Marcus Da Coregio
7e17a00197 Add RequestMatcherEntry 2021-12-13 08:57:30 -03:00
Marcus Da Coregio
53b8cff26f Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
Closes gh-10590
2021-12-13 08:57:30 -03:00
Marcus Da Coregio
65426a40ec Add Cross Origin Policies headers
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
2021-12-07 17:23:06 +01:00
Steve Riesenberg
62e8799a8d Use BDD in tests 2021-12-02 17:44:47 -06:00
Steve Riesenberg
df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi
925d531cbe Set details on authentication token created by HttpServlet3RequestFactory
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
2021-12-02 17:44:46 -06:00
Steve Riesenberg
47b8860681 Update copyright year
Issue gh-10557
2021-12-01 17:36:52 -06:00
Steve Riesenberg
c7ffd2513a Update copyright year
Issue gh-10557
2021-12-01 17:36:19 -06:00
Steve Riesenberg
bb2d80fea3 Update copyright year
Issue gh-10557
2021-12-01 17:35:43 -06:00
Steve Riesenberg
828cac8889 Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:19:33 -06:00
Steve Riesenberg
f49c286050 Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:05:13 -06:00
Steve Riesenberg
b3e0f167ff Fix case sensitive headers comparison
Closes gh-10557
2021-12-01 15:01:06 -06:00
Josh Cummings
1251cde04c Add Missing Since
Issue gh-10482
2021-11-30 15:17:48 -07:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
2021-11-30 15:17:22 -07:00
Steve Riesenberg
204f0b4599 Polish gh-10007 2021-11-30 15:27:58 -06:00
Guirong Hu
43317c5a61 Support IP whitelist for Spring Security Webflux
Closes gh-7765
2021-11-30 15:27:58 -06:00
Marcus Da Coregio
2bf7a5ae80 Improve log message when no CSRF token found
Closes gh-10436
2021-11-19 08:37:25 -03:00
Rob Winch
96a6fef820 Prevent Save @Transient Authentication with existing HttpSession
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
2021-11-16 14:44:49 -06:00
Marcus Da Coregio
caad3d57e2 Improve log message when no CSRF token found
Closes gh-10436
2021-10-29 14:06:17 -03:00
Marcus Da Coregio
00f4033b9b Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
Closes gh-10208
2021-10-22 13:22:12 -03:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-22 10:19:34 -05:00
Emil Sierżęga
04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Rob Winch
e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Josh Cummings
6e86fab19d Restructure SwitchUserFilter Logs
Issue gh-6311
2021-10-18 13:02:42 -05:00
Marcus Da Coregio
faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
Closes gh-10208
2021-10-14 09:27:02 -03:00