Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,627 Commits 48 Branches 362 Tags
Commit Graph

2758 Commits

Author SHA1 Message Date
Joe Grandja
0eaffb37e7 Require Locale argument for toLower/toUpperCase usage 2024-11-15 11:01:23 -05:00
Marcus Hert Da Coregio
5a7f12f1a9 Check for null Authentication 
Closes gh-14715
 2024-03-18 06:39:08 -03:00
Yuanhang Guo
c69df9fba0 Fix javadoc typo in ReactiveAuthorizationManager 
Closes gh-12978
 2023-04-10 11:24:49 -05:00
bist
094bf1b527 Validate hasRole Input 
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.

Closes #12581
 2023-03-03 15:00:34 -07:00
Josh Cummings
e23c1cf7a7
Merge branch '5.6.x' into 5.7.x 2022-11-30 14:18:12 -07:00
Josh Cummings
14a48ea939
Fix formatting 
Issue gh-12143
 2022-11-29 20:15:13 -07:00
Junsung Cho
709de43e89
Fix typo in JavaDoc 
Closes gh-12143
 2022-11-29 20:15:12 -07:00
Evgeniy Cheban
e01b1e7f38 Polish gh-11188 2022-05-12 16:19:48 -05:00
Evgeniy Cheban
89019fb340 Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:03:25 -06:00
Evgeniy Cheban
286e95893a @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:19:35 -05:00
Josh Cummings
057f4a86d5
Add default strategy constructor 
Closes gh-11059
 2022-04-05 17:29:47 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta
bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Norbert Nowak
ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Josh Cummings
6c3d183a94 Polish Saml2 Jackson Support 
Issue gh-10905
 2022-03-01 13:56:02 -07:00
Ulrich Grave
df84826c95 Add Jackson Support for Saml2 Module 
Closes gh-10905
 2022-03-01 12:07:55 -07:00
Eleftheria Stein
c6b185465d Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant 
Closes gh-10837
 2022-02-15 11:24:23 +01:00
Rob Winch
70fa8b1fdb Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-03 09:45:51 -06:00
Rob Winch
58090c37ea jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch
5902b46e9b Remove jcl-over-slf4j 
Issue gh-10499

# Conflicts:
#	dependencies/spring-security-dependencies.gradle
 2022-01-19 15:32:01 -06:00
Rob Winch
678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch
f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Marcus Da Coregio
e1cb375fbf Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-12 16:39:50 -03:00
Marcus Da Coregio
60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
Guirong Hu
86ed937a47 Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:51:54 -03:00
Guirong Hu
22379e79e7 Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:50:36 -03:00
Josh Cummings
a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki
2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Eleftheria Stein
bbeca7cd65 Polish LDAP serialization 
Closes gh-9263
 2021-11-29 18:03:15 +01:00
Markus Heiden
3c18278123 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 18:03:03 +01:00
Josh Cummings
7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Emil Sierżęga
e0821f2a99 DaoAuthenticationProviderTests#avg returns fraction 2021-10-28 09:35:52 -06:00
Steve Riesenberg
5e091b94a9 Deprecate RemoteAuthentication* for 5.6 
Closes gh-10430
 2021-10-21 11:39:11 -05:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Marcus Da Coregio
7fa39c8807 Deprecate EhCache2 support 
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations

Closes gh-10362
 2021-10-14 14:51:27 -03:00
Marcus Da Coregio
86c24da38b Improve Method Security logging 
Closes gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio
ef01124eb9 Add reasons to AuthorizationDecisions 
Closes gh-9287
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio
570092c467 Remove trace logs for PrePostAnnotationSecurityMetadataSource 
Those logs were producing too much noise on the console without adding much value.

Issue gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Alexander Furer
8c74d6cea5 Fix isAssignable order 
Closes gh-10236
 2021-09-30 13:56:37 -06:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
OllisGit
658aff501c Assert Error-Messages already includes dashes 
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.

I took the output message via copy and paste, but it was still not valid ;-(

Only the output is affected, the checks itself is correct.
 2021-09-27 09:53:55 -03:00
heowc
7b73b94198 Fix typo 2021-09-22 16:29:50 -06:00
Josh Cummings
5da55448f9 Polish SecurityContextChangedEvent 
- Changed methods to getOldContext and getNewContext

Closes gh-10249
 2021-09-13 16:04:36 -06:00
Josh Cummings
3e87ef84ae Replace SecurityContextHolder#addListener 
Closes gh-10226
 2021-09-13 15:57:06 -06:00
Hiroshi Shirosaki
6f3e346b76 Add SecurityContextHolder#addListener 
Closes gh-10032
 2021-08-11 17:12:13 -06:00
Josh Cummings
b8d51725c7 Immutable SecurityContext 
Issue gh-10032
 2021-08-11 17:12:13 -06:00
Rob Winch
f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00