Commit Graph

10283 Commits

Author SHA1 Message Date
Steve Riesenberg 0d2b71ed86
Update junit-bom to 5.9.0-RC1
Closes gh-11557
2022-07-15 12:40:36 -05:00
Steve Riesenberg d20d6f5247
Update org.jetbrains.kotlinx to 1.6.4
Closes gh-11556
2022-07-15 12:40:33 -05:00
Steve Riesenberg f69102f1a6
Update org.jetbrains.kotlin to 1.7.10
Closes gh-11555
2022-07-15 12:40:31 -05:00
Steve Riesenberg e112e24efb
Update hibernate-entitymanager to 5.6.10.Final
Closes gh-11554
2022-07-15 12:40:28 -05:00
Steve Riesenberg 1f0a317923
Update org.eclipse.jetty to 9.4.48.v20220622
Closes gh-11553
2022-07-15 12:40:26 -05:00
Steve Riesenberg 0b18ebbd61
Update assertj-core to 3.23.1
Closes gh-11552
2022-07-15 12:40:23 -05:00
Steve Riesenberg d152b38194
Update htmlunit to 2.63.0
Closes gh-11551
2022-07-15 12:40:21 -05:00
Steve Riesenberg d6904fa84d
Update io.spring.javaformat to 0.0.34
Closes gh-11550
2022-07-15 12:40:18 -05:00
Steve Riesenberg 8d99e4b0c7
Update io.projectreactor to 2020.0.21
Closes gh-11548
2022-07-15 12:40:13 -05:00
Steve Riesenberg eba9779205
Update mockk to 1.12.4
Closes gh-11547
2022-07-15 12:40:09 -05:00
Steve Riesenberg 4350f5fb9d
Update aspectj-plugin to 6.5.0.3
Closes gh-11546
2022-07-15 12:40:07 -05:00
Steve Riesenberg 32271ec811
Update com.nimbusds to 9.38.1
Closes gh-11545
2022-07-15 12:40:04 -05:00
Steve Riesenberg bb06265552
Update jackson-bom to 2.13.3
Closes gh-11542
2022-07-15 12:39:56 -05:00
Marcus Da Coregio f45c4d4b8e Add SHA256 as an algorithm option for Remember Me token hashing
Closes gh-8549
2022-07-15 10:41:03 -03:00
Josh Cummings 5dff157755
Polish HttpSecurity Formatting
Issue gh-11360
2022-07-14 12:50:40 -06:00
Evgeniy Cheban 400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
2022-07-14 12:48:39 -06:00
Marcus Da Coregio 57d6ab7134 Improve docs on dispatcherTypeMatcher
Closes gh-11467
2022-07-14 09:13:46 -03:00
Josh Cummings 624fdfa731
Add AuthorizationManager for protect-pointcut
Closes gh-11323
2022-07-13 17:58:16 -06:00
Josh Cummings db25a37320
Consolidate ExpressionAuthorizationDecision
Issue gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings 281814a955
Add MethodExpressionAuthorizationManager
Closes gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings 51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
Issue gh-11328
2022-07-13 17:57:38 -06:00
Steve Riesenberg 68bdb63faf
Use JDK 11 with spring-gradle-build-action 2022-07-13 14:27:34 -05:00
Steve Riesenberg de45964f55 Backport release automation and github actions
Closes gh-11480
2022-07-13 13:43:13 -05:00
Steve Riesenberg d3b8bacc3c
Polish InterceptMethodsBeanDefinitionDecorator 2022-07-13 11:38:50 -05:00
Tim te Beek ce67fb08fd
Clearly end sentence in note before next sentence 2022-07-11 17:38:44 -06:00
Tim te Beek 6e63278ab9
Use Collection<ConfigAttribute> in examples
To match `org.springframework.security.access.ConfigAttribute`.
2022-07-11 17:38:44 -06:00
Josh Cummings 7560a32460
Polish InterceptMethodsBeanDefinitionDecorator
Issue gh-11328
2022-07-11 16:39:41 -06:00
Josh Cummings ba0f8ec3ef
Correct input validation for 31 rounds
Closes gh-11470
2022-07-11 14:06:15 -06:00
Josh Cummings 3f13fa0285
Improve Upgrading
Closes gh-11259
2022-07-11 14:06:04 -06:00
Rob Winch 1c61748bb9 Fix logging for AnonymousAuthenticationFilter
Currently if trace logging is enabled a StackOverflowException is thrown
when trying to resolve toString of the authentication.

java.lang.StackOverflowError: null
        at java.base/java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:538) ~[na:na]
        at java.base/java.lang.StringBuilder.append(StringBuilder.java:174) ~[na:na]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$0(AnonymousAuthenticationFilter.java:105) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.lambda$setDeferredContext$2(ThreadLocalSecurityContextHolderStrategy.java:67) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.core.context.ThreadLocalSecurityContextHolderStrategy.getContext(ThreadLocalSecurityContextHolderStrategy.java:43) ~[spring-security-core-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.lambda$defaultWithAnonymous$2(AnonymousAuthenticationFilter.java:126) ~[spring-security-web-5.8.0-SNAPSHOT.jar:5.8.0-SNAPSHOT]
        at org.springframework.core.log.LogMessage$SupplierMessage.buildString(LogMessage.java:155) ~[spring-core-5.3.12.jar:5.3.12]
        at org.springframework.core.log.LogMessage.toString(LogMessage.java:70) ~[spring-core-5.3.12.jar:5.3.12]
        at java.base/java.lang.String.valueOf(String.java:2951) ~[na:na]
        at org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog.trace(LogAdapter.java:482) ~[spring-jcl-5.3.12.jar:5.3.12]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.defaultWithAnonymous(AnonymousAuthenticationFilter.java:125)

Issue gh-11457
2022-07-08 15:39:53 -05:00
Josh Cummings c9a3d21b9b
Add Configuration Test
Issue gh-11327
2022-07-07 14:46:37 -06:00
Josh Cummings d27d431bbc
Add AuthorizationFilter to filter chain validator
Closes gh-11327
2022-07-07 13:52:36 -06:00
Josh Cummings cdafa4ee21
Clarify variable names
Issue gh-11327
2022-07-07 13:38:42 -06:00
Steve Riesenberg 0c48b6bc7f
Use relative schema location for tests
Issue gh-11328
Issue gh-11353
Issue gh-11365
2022-07-07 13:03:20 -05:00
Josh Cummings 74a007dc91
Support AuthorizationManager for intercept-methods Element
Closes gh-11328
2022-07-06 12:54:05 -06:00
Rob Winch 415a674edc AnonymousAuthenticationFilter Avoids Eager SecurityContext Access
Previously AnonymousAuthenticationFilter accessed the SecurityContext to
determine if anonymous authentication needed setup eagerly. Now this is done
lazily to avoid unnecessary access to the SecurityContext which in turn avoids
unnecessary HTTP Session access.

Closes gh-11457
2022-07-05 15:34:21 -05:00
Rob Winch 28c0d1459c Request Cache supports matchingRequestParameterName 2022-07-01 16:35:06 -05:00
Josh Cummings 38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
Issue gh-11060
2022-06-30 11:18:07 -06:00
Josh Cummings 5357cb8c95
Use SecurityContextHolderStrategy for NullSecurityContextRepository
Issue gh-11060
2022-06-28 15:32:20 -06:00
Josh Cummings 03a5c3b08a
Use SecurityContextHolderStrategy for Concurrency Filter
Issue gh-11060
Issue gh-11061
2022-06-28 15:32:05 -06:00
Josh Cummings e8723f1f43
Pick up SecurityContextHolderStrategy for WebClient integration
Issue gh-11061
2022-06-28 14:58:53 -06:00
Josh Cummings 27de315e5e
Use SecurityContextHolderStrategy for Async Requests
Issue gh-11060
Issue gh-11061
2022-06-28 14:46:52 -06:00
Josh Cummings 135e602472
Use SecurityContextHolderStrategy for Digest
Issue gh-11060
2022-06-28 13:54:29 -06:00
Josh Cummings e1c211c11f
Use SecurityContextHolderStrategy for Switch User
Issue gh-11060
2022-06-28 13:34:04 -06:00
Josh Cummings 98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
Issue gh-11060
Issue gh-11061
2022-06-28 12:04:37 -06:00
Josh Cummings b3be35da31
Polish SecurityContextHolderStrategy XML Configuration for Defaults
Issue gh-11061
2022-06-28 12:04:37 -06:00
Josh Cummings 4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me
Issue gh-11060
Isuse gh-11061
2022-06-28 11:08:57 -06:00
Josh Cummings ee66850aed
Add SecurityContextHolderStrategy for Jaas
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
Josh Cummings 52d8e10ace
Use SecurityContextHolderStrategy for Database Support
Issue gh-11060
2022-06-28 09:08:42 -06:00
Josh Cummings 74bc271ec2
Use SecurityContextHolderStrategy for ACL
Issue gh-11060
2022-06-28 08:05:15 -06:00