Ali-Hassan
04799c5aac
Update AuthenticationProvider JavaDoc
...
Authentication is an interface, not a class. So, it's not correct
to say "instance of the Authentication class".
2024-03-22 11:27:58 -06:00
Josh Cummings
e1c5dc0e66
Polish JavaDoc
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
Josh Cummings
9898e0e993
Move AuthorizationAdvisorProxyFactory
...
To prevent package tangles
Issue gh-14596
2024-03-22 11:00:39 -06:00
Josh Cummings
12ea8a5738
Add Supplier Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
Josh Cummings
795e44d11f
Add Value-Type Ignore Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
Josh Cummings
ce54a6db18
Add TestAuthentication convenience method
...
Issue gh-14597
2024-03-19 10:27:03 -06:00
Josh Cummings
d169d5a835
Add AuthorizeReturnObject
...
Closes gh-14597
2024-03-19 10:27:03 -06:00
Marcus Hert Da Coregio
a8a9341f2e
Merge branch '6.2.x'
...
Closes gh-14667
2024-03-18 06:43:37 -03:00
Marcus Hert Da Coregio
a972338e1d
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14666
2024-03-18 06:43:09 -03:00
Marcus Hert Da Coregio
f84c4ea583
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14665
2024-03-18 06:42:43 -03:00
Marcus Hert Da Coregio
2c9dc08e43
Merge branch '5.7.x' into 5.8.x
...
Closes gh-14664
2024-03-18 06:40:34 -03:00
Marcus Hert Da Coregio
5a7f12f1a9
Check for null Authentication
...
Closes gh-14715
2024-03-18 06:39:08 -03:00
Josh Cummings
c611b7e33b
Add AuthorizationProxyFactory Reactive Support
...
Issue gh-14596
2024-03-15 11:44:30 -06:00
Josh Cummings
f541bce492
Polish AuthorizationAdvisorProxyFactory
...
- Ensure Reasonable Defaults
- Simplify Construction
Issue gh-14596
2024-03-15 11:44:30 -06:00
Josh Cummings
52dfbfb5b3
Add Authorization Proxy Support
...
Closes gh-14596
2024-03-13 14:35:07 -06:00
Marcus Hert Da Coregio
d17cbf4342
Merge branch '6.2.x'
...
Closes gh-14724
2024-03-12 10:19:05 -03:00
Marcus Hert Da Coregio
940efe76fc
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14723
2024-03-12 10:18:51 -03:00
Marcus Hert Da Coregio
8fe0303bad
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14722
2024-03-12 10:18:33 -03:00
Marcus Hert Da Coregio
8f42c86a57
Use AuthorizationInterceptorsOrder for Post Authorize Method Interceptors
...
Closes gh-14720
2024-03-12 10:17:45 -03:00
Josh Cummings
c5a4405c54
Polish JavaDoc
...
Issue gh-14521
2024-02-26 10:59:54 -07:00
ruabtmh
09010f3f51
Add ContinueOnError Support For Failed Authentications
...
Closes gh-14521
2024-02-26 10:59:54 -07:00
Josh Cummings
4d383023cb
Add meta-annotation parameter support
...
Closes gh-14480
2024-02-26 10:50:35 -07:00
Marcus Hert Da Coregio
21580fd27d
Merge branch '6.2.x'
2024-02-16 13:31:20 -03:00
Marcus Hert Da Coregio
15306c1007
Merge branch '6.1.x' into 6.2.x
2024-02-16 13:21:15 -03:00
Rob Winch
750cb30ce4
Add AuthenticationTrustResolver.isAuthenticated
2024-02-16 13:08:29 -03:00
Marcus Hert Da Coregio
915d68e216
Remove includeExpiredSessions parameter
...
The reactive implementation of max sessions does not keep track of expired sessions, therefore we do not need such parameter
Issue gh-6192
2024-02-06 10:43:00 -03:00
DingHao
b0da37d4fa
Have Method Security Start at Target Class
...
Closes gh-13783
2024-02-01 09:33:25 -07:00
Sam Brannen
2b7d296994
Revise AuthorizationAnnotationUtils
...
This commit revises AuthorizationAnnotationUtils as follows.
- Removes code duplication by treating both Class and Method as
AnnotatedElement.
- Avoids duplicated annotation searches by processing merged
annotations in a single Stream instead of first using the
MergedAnnotations API to find possible duplicates and then again
searching for a single annotation via AnnotationUtils (which
effectively performs the same search using the MergedAnnotations API
internally).
- Uses `.distinct()` within the Stream to avoid the need for the
workaround introduced in gh-13625. Note that the semantics here
result in duplicate "equivalent" annotations being ignored. In other
words, if @PreAuthorize("hasRole('someRole')") is present multiple
times as a meta-annotation, no exception will be thrown and the first
such annotation found will be used.
- Improves the error message when competing annotations are found by
including the competing annotations in the error message.
- Updates AuthorizationAnnotationUtilsTests to cover all known,
supported use cases.
- Configures correct role in @RequireUserRole.
Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.
See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
2024-01-18 07:42:58 -07:00
Marcus Hert Da Coregio
85177c0178
Merge branch '6.2.x'
...
Closes gh-14408
2024-01-05 14:22:49 -03:00
Steve Riesenberg
a32cd66179
Polish gh-14263
2023-12-26 11:56:42 -06:00
Federico Herrera
10e0f98d5e
Add doc and javadoc for CachingUserDetailsService
...
Close gh-10914
2023-12-26 10:57:58 -06:00
Taehong Kim
ec02c22459
Add Request Path Extraction Support
...
Closes gh-13256
2023-12-19 18:15:49 -07:00
Angel Aguilera
13ad66807e
Update messages_es_ES.properties
...
Uncomment and translate message property.
2023-12-14 10:24:19 -06:00
Josh Cummings
db7c5d128b
Fix Typos
...
Closes gh-14268
2023-12-11 11:34:52 -07:00
ahmd-nabil
dfef781e33
Add default implementation in UserDetails
...
Closes gh-14275
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2023-12-11 11:00:57 -07:00
Marcus Da Coregio
57ab15127a
Add Max Sessions on WebFlux
...
Closes gh-6192
2023-12-11 09:48:34 -03:00
Josh Cummings
4a50d5aab3
Merge branch '6.2.x'
2023-12-09 11:52:31 -07:00
Josh Cummings
6e636e6abb
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14267
2023-12-09 11:50:58 -07:00
Josh Cummings
9f90661b6f
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14266
2023-12-09 11:43:04 -07:00
Josh Cummings
be11812fe4
Account for Super-super-interface Inheritance
...
Closes gh-13625
2023-12-09 11:41:02 -07:00
Josh Cummings
92be497d24
Polish RoleHierachyImpl#of
...
- Change to #fromHierarchy to match naming convention
- Keep existing test methods the same
- Deprecate setHierarchy and default constructor
- Add private Map constructor
- Change Adjust RoleHierarchyBuilder to use Map constructor
Issue gh-13788
2023-12-08 11:49:50 -07:00
Toshiaki Maki
c1b3351569
Add RoleHierarchyImpl#of
...
Closes gh-13788
2023-12-08 11:49:50 -07:00
Josh Cummings
bb6b55aca3
Add Not Support
...
Closes gh-14058
2023-12-07 16:24:19 -07:00
Yuriy Savchenko
e49ae096e6
Add AuthorizationManager factory methods
...
Factory methods to create AuthorizationManager with a configurable default AuthorizationDecision.
Closes gh-13085
2023-12-07 15:20:08 -07:00
Josh Cummings
ee8bc78cbc
Polish RoleHierarchyImpl#Builder
...
- Added documentation
- Removed withNoRolePrefix for now; let's see how folks
use the minimal API first
- Adjusted class hierarchy to match AuthorizeHttpRequests more
closely
- Adjusted to match Spring Security style guide
- Added needed @since attributes
Issue gh-13300
2023-12-07 15:18:13 -07:00
Federico Herrera
7d366242ce
Add RoleHierarchyImpl.Builder
...
Closes gh-13300
2023-12-07 15:18:13 -07:00
Angel Aguilera
1ce1ff92de
Update messages_ca.properties
...
Add translation for new message properties
2023-12-07 15:28:06 -06:00
Josh Cummings
d50698a269
Prepare for Spring Security 6.3
...
Closes gh-14210
2023-12-05 15:49:42 -07:00
YangSiJun528
3f6b6aa523
Update Javadoc for getAuthorizationDecision method
...
Added missing description for `@return` tag.
2023-11-21 10:07:42 -03:00
Marcus Hert Da Coregio
e3ab1c94d7
Use assertj assertions
2023-11-17 09:04:50 -03:00
Marcus Hert Da Coregio
a7da9491d9
Use assertj assertions
2023-11-17 09:03:36 -03:00
Josh Cummings
97516727a4
Add Coroutine Support
...
Closes gh-12080
2023-11-15 11:48:37 -07:00
Josh Cummings
24abf45128
Merge remote-tracking branch 'origin/6.1.x'
2023-11-07 13:13:29 -07:00
Josh Cummings
f295e9d28f
Merge branch '6.0.x' into 6.1.x
...
Closes gh-14111
2023-11-07 13:09:20 -07:00
Josh Cummings
bb354f1895
Merge branch '5.8.x' into 6.0.x
...
Closes gh-14110
2023-11-07 13:07:25 -07:00
Josh Cummings
11a21896dd
Defer SecurityContextHolderStrategy Lookup
...
Due to how early method interceptors are loaded during startup
it's reasonable to consider scenarios where applications are
changing the global security context holder strategy during
startup.
Closes gh-12877
2023-11-07 12:36:16 -07:00
Marcus Hert Da Coregio
6e0fb2fc96
Merge branch '6.1.x'
2023-11-06 15:03:06 -03:00
Marcus Hert Da Coregio
99c84aa935
Merge branch '6.0.x' into 6.1.x
2023-11-06 15:02:09 -03:00
Marcus Hert Da Coregio
3893136084
Remove Gradle deprecations
...
Stop using JavaPluginConvention type and replace outputFile with destinationFile
Issue gh-13864
2023-11-06 15:01:38 -03:00
Steve Riesenberg
d0a5ada2da
Fix formatting
2023-10-31 15:38:44 -05:00
Steve Riesenberg
447f40949c
Revert unnecessary merges on 6.1.x
...
This commit removes unnecessary main-branch merges starting from
9f8db22b77
and adds the following
needed commit(s) that were made afterward:
- 4d6ff49b9d
- ed6ff670d1
- c823b00794
- 44fad21363
2023-10-31 15:22:15 -05:00
Steve Riesenberg
9db33f33c7
Revert unnecessary merges on 6.0.x
...
This commit removes unnecessary main-branch merges starting from
8750608b5b
and adds the following
needed commit(s) that were made afterward:
- 5dce82c48b
2023-10-31 15:11:45 -05:00
Martin Lukas
1589d19c8b
Fix typos in spring-security core module
2023-10-31 09:48:43 -03:00
valery1707
cc86afe658
Use same case for all fields in toString
2023-10-16 14:42:53 -06:00
Marcus Da Coregio
07b6c451fd
Merge branch '6.1.x'
...
Closes gh-13884
2023-09-29 11:47:38 -03:00
Marcus Da Coregio
8adfc9b463
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13883
2023-09-29 11:46:48 -03:00
Marcus Da Coregio
92c82191c9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13882
2023-09-29 11:46:00 -03:00
Marcus Da Coregio
64e2a2ff8b
Apply updated Code Style
...
Closes gh-13881
2023-09-29 11:44:32 -03:00
Steve Riesenberg
7f61d40415
Fix code style
2023-09-27 10:51:08 -05:00
Marcus Da Coregio
33fb37e134
Fix Tests on JDK 21
...
Issue gh-13811
2023-09-27 11:59:09 -03:00
Steve Riesenberg
ff374935fb
Verify ReactorContext when using Virtual Threads
...
Closes gh-12791
2023-09-25 12:01:31 -05:00
Steve Riesenberg
247ce5dcab
Add integration tests for virtual threads
...
Closes gh-12790
2023-09-19 10:39:05 -05:00
Steve Riesenberg
ecf8467cac
Fix tests on JDK 21
...
Issue gh-12790
Issue gh-13811
2023-09-19 10:39:04 -05:00
Steve Riesenberg
d6ff58bb7f
Update Mockito to 5.5.0
...
Closes gh-13810
2023-09-19 10:39:03 -05:00
Tim te Beek
9df9cb5aed
refactor: AssertJ best practices
...
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D
Co-authored-by: Moderne <team@moderne.io>
2023-09-12 16:18:14 -06:00
Steve Riesenberg
92256f0522
Support nested suspend calls for Kotlin coroutines
...
Closes gh-13764
2023-09-05 00:23:30 -05:00
Josh Cummings
75e0068925
Merge branch '6.1.x'
2023-08-07 16:03:55 -06:00
Seongguk Jeong
bcd4dcc15c
Refactor equals method
...
Using the accessor method for fields instead of directly access
2023-08-07 16:00:18 -06:00
Seongguk Jeong
8df8d4022e
Fix documentation typo
...
changed "user name" to "username"
2023-08-07 16:00:18 -06:00
Seongguk Jeong
de1357cbd1
Refactor equals method
...
To use the accessor method for username instead of directly accessing the attribute.
2023-08-07 16:00:18 -06:00
Seongguk Jeong
ea19f82b8a
Using pattern matching for instanceof
2023-08-07 16:00:18 -06:00
maimate-dev
7b2cb59dab
Localize AccessDeniedException message
...
Closes gh-13419
2023-07-27 16:50:41 -05:00
Josh Cummings
cf79af2386
Update Kotlin Test Usage
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
Josh Cummings
a08036aee5
Change from AwaitKt to MonoKt
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
Josh Cummings
6c3636d780
Update Removed Usages
...
Issue gh-13544
2023-07-14 18:38:58 -06:00
Josh Cummings
a99dff7de3
Remove Reference to LocalVariableTableParameterNameDiscoverer
...
Issue gh-2572
2023-07-14 18:38:58 -06:00
Josh Cummings
b62dd851a2
Merge branch '6.1.x'
...
Closes gh-13489
2023-07-11 17:03:53 -06:00
Josh Cummings
0579be0d25
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13488
2023-07-11 17:02:59 -06:00
Josh Cummings
6393702e70
Fix allOf/anyOf Abstain Logic
...
Closes gh-13487
2023-07-11 17:02:07 -06:00
Claudio Nave
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
Evgeniy Cheban
0cefb27928
Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration
...
Closes gh-11624
2023-06-22 16:07:30 -03:00
Josh Cummings
339185998a
Update JavaDoc
...
Issue gh-12782
2023-06-22 11:26:45 -06:00
kandaguru17
fa2bc745f7
Use AuthoritiesAuthorizationManager in Jsr250AuthorizationManager
...
Closes gh-12782
2023-06-22 11:25:54 -06:00
Krzysztof Krason
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
Josh Cummings
97cff7c715
Polish TestingAuthenticationToken
...
Restore List constructor to retain binary compatibility.
2023-06-22 11:22:15 -06:00
Laurent Martelli
f25d76c48f
TestingAuthenticationToken takes broader collection type
...
So that callers do not have to cast.
Closes gh-12953
2023-06-22 11:22:15 -06:00
Josh Cummings
fb910e2997
Prepare for Spring Security 6.2
...
Closes gh-14316
2023-06-22 11:03:28 -06:00
Steve Riesenberg
1f04baa4a3
Polish gh-13290
...
Issue gh-12533
2023-06-13 14:17:40 -05:00
Dmitry Korotych
4def405067
Allow authorities to be overridden in UserBuilder
...
Issue gh-12533
2023-06-13 14:12:47 -05:00
Josh Cummings
613165b86c
Merge branch '6.0.x'
2023-05-11 11:46:10 -06:00