Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,390 Commits 35 Branches 337 Tags
Commit Graph

2799 Commits

Author SHA1 Message Date
Marcus Hert Da Coregio
2c9dc08e43 Merge branch '5.7.x' into 5.8.x 
Closes gh-14664
 2024-03-18 06:40:34 -03:00
Marcus Hert Da Coregio
5a7f12f1a9 Check for null Authentication 
Closes gh-14715
 2024-03-18 06:39:08 -03:00
Marcus Hert Da Coregio
8f42c86a57 Use AuthorizationInterceptorsOrder for Post Authorize Method Interceptors 
Closes gh-14720
 2024-03-12 10:17:45 -03:00
Josh Cummings
be11812fe4
Account for Super-super-interface Inheritance 
Closes gh-13625
 2023-12-09 11:41:02 -07:00
Marcus Hert Da Coregio
a7da9491d9 Use assertj assertions 2023-11-17 09:03:36 -03:00
Josh Cummings
11a21896dd
Defer SecurityContextHolderStrategy Lookup 
Due to how early method interceptors are loaded during startup
it's reasonable to consider scenarios where applications are
changing the global security context holder strategy during
startup.

Closes gh-12877
 2023-11-07 12:36:16 -07:00
Marcus Da Coregio
64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Josh Cummings
05ef215b88 Align Formatting 
Issue gh-13132
 2023-05-11 11:42:51 -06:00
Florian Cramer
9669747245 Ignore synthetic methods when checking for duplicate annotations 
Closes gh-13132
 2023-05-11 11:42:51 -06:00
Josh Cummings
9244989b2e
Fix allOf/anyOf Abstain Logic 
Closes gh-13069
 2023-04-24 15:36:17 -06:00
Marcus Da Coregio
54117d7d27 Fix test suffix to align with checkstyle 2023-04-14 13:29:15 -03:00
Rob Winch
16dcfd1cfe Merge branch '5.7.x' into 5.8.x 
Closes gh-12982
 2023-04-10 11:25:01 -05:00
Yuanhang Guo
c69df9fba0 Fix javadoc typo in ReactiveAuthorizationManager 
Closes gh-12978
 2023-04-10 11:24:49 -05:00
Josh Cummings
ebabcaa51a
Merge branch '5.7.x' into 5.8.x 2023-03-03 15:02:07 -07:00
bist
094bf1b527 Validate hasRole Input 
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.

Closes #12581
 2023-03-03 15:00:34 -07:00
Guillaume Husta
36d83f863a Fix Javadoc since tag for class ExpressionAuthorizationDecision 
Closes gh-12411
 2022-12-19 10:44:36 -03:00
Josh Cummings
68a344d238
Merge branch '5.7.x' into 5.8.x 2022-11-30 14:18:59 -07:00
Josh Cummings
e23c1cf7a7
Merge branch '5.6.x' into 5.7.x 2022-11-30 14:18:12 -07:00
Josh Cummings
14a48ea939
Fix formatting 
Issue gh-12143
 2022-11-29 20:15:13 -07:00
Junsung Cho
709de43e89
Fix typo in JavaDoc 
Closes gh-12143
 2022-11-29 20:15:12 -07:00
Kacper Piasta
a3d278380e Add Polish localization to error messages from ExceptionTranslationFilter 2022-11-14 18:06:02 -07:00
Steve Riesenberg
c75ca10900
Add DeferredSecurityContext 
Issue gh-12023
 2022-10-17 19:33:58 -05:00
Josh Cummings
8d096554f8
Add AuthorizationEvent 
Closes gh-11972
 2022-10-10 12:28:57 -06:00
Josh Cummings
f054505d6d
Support Deferred Contexts 
Closes gh-11817
Issue gh-10913
 2022-09-30 16:49:47 -06:00
Evgeniy Cheban
c1d27612af Simplify AuthorizationManager composition 
Closes gh-11625
 2022-09-20 16:24:45 -06:00
Josh Cummings
3f8503f1b4
Deprecate AccessDecisionManager et al 
Closes gh-11302
 2022-09-20 16:09:59 -06:00
Josh Cummings
0f58620643 Add AspectJ AuthorizationManager Support 
Closes gh-11326
 2022-08-26 15:59:08 -06:00
Josh Cummings
e990174c89
Polish ReactiveMethodSecurity Support 
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
 2022-08-25 14:36:03 -06:00
Josh Cummings
6fd23d2567
Add MockMethodInvocation Constructor 
Issue gh-9401
 2022-08-25 14:36:02 -06:00
Evgeniy Cheban
cbb4f40f0c ReactiveAuthorizationManager + Reactive Method Security 
Closes gh-9401
 2022-08-25 14:35:04 -06:00
Rob Winch
2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Evgeniy Cheban
400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 12:48:39 -06:00
Josh Cummings
db25a37320
Consolidate ExpressionAuthorizationDecision 
Issue gh-11493
 2022-07-13 17:58:16 -06:00
Josh Cummings
281814a955
Add MethodExpressionAuthorizationManager 
Closes gh-11493
 2022-07-13 17:58:16 -06:00
Josh Cummings
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator 
Issue gh-11328
 2022-07-13 17:57:38 -06:00
Josh Cummings
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:18:07 -06:00
Josh Cummings
ee66850aed
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings
52d8e10ace
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:08:42 -06:00
Josh Cummings
25c74896d1
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:02:59 -06:00
Rob Winch
d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00
Josh Cummings
31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
Marcus Da Coregio
4c2401a576 Revert "Make source code compatible with JDK 8" 
This reverts commit 60ed3602f6281d1a34c643484dfcb3440e2243d5.
 2022-06-02 19:24:42 +02:00
Evgeniy Cheban
d557d2d0eb Add RoleHierarchy to AuthorityAuthorizationManager 
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.

Closes gh-11304
 2022-06-01 08:28:16 -06:00
Evgeniy Cheban
362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Evgeniy Cheban
3f861f7f20
Polish gh-11188 2022-05-12 16:20:43 -05:00
Evgeniy Cheban
e01b1e7f38 Polish gh-11188 2022-05-12 16:19:48 -05:00
Evgeniy Cheban
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:05:04 -06:00
Evgeniy Cheban
89019fb340 Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:03:25 -06:00
Evgeniy Cheban
286e95893a @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:19:35 -05:00
Evgeniy Cheban
66bbfc7a50 @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:17:23 -05:00