Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-17 14:30:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,373 Commits 62 Branches 376 Tags
Commit Graph

928 Commits

Author SHA1 Message Date
Josh Cummings
148c926de0
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 13:01:57 -06:00
Igor Bolic
d96b4a0463 Set the useTrailingSlashMatch to true for tests 
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552.
This causes failures in Spring Security's tests.

Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.

Closes gh-11451
 2022-07-05 11:29:36 -06:00
Josh Cummings
d24a89ad53
Pick up SecurityContextHolderStrategy for WebClient integration 
Issue gh-11061
 2022-06-28 15:07:16 -06:00
Josh Cummings
a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings
944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings
bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:24:27 -06:00
Josh Cummings
484f35ca39
Add SecurityContextHolderStrategy Java Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:17:29 -06:00
Josh Cummings
5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:40:55 -06:00
Josh Cummings
74d646f569
Add SecurityContextHolderStrategy Java Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:17:46 -06:00
Josh Cummings
ef29d3944e
Polish SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:17:44 -06:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Josh Cummings
150b81d008
Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 12:21:10 -06:00
Josh Cummings
ce218c78f9
Add SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:58:38 -06:00
Steve Riesenberg
a061191bd2 Allow form login when single OAuth2 Provider is configured 
Closes gh-6802
 2022-06-15 13:42:06 -05:00
Steve Riesenberg
d18291676f
Update copyright year 
Issue gh-11372
 2022-06-15 13:14:07 -05:00
Steve Riesenberg
c7df39a3e6
Fix tests using root cause for exception messages 
Closes gh-11372
 2022-06-14 17:12:15 -05:00
Houssem BELHADJ AHMED
f4049c18b1 add SAML authentication request support to login configurer 
Closes gh-8873
 2022-06-06 08:05:33 -06:00
Josh Cummings
9683856956
Polish InterceptUrlConfigTests 
Issue gh-11305
 2022-05-31 16:05:17 -06:00
Josh Cummings
2afa9313eb
Use AuthorizationManager in <http> 
Closes gh-11305
 2022-05-31 16:01:41 -06:00
Josh Cummings
f4c0fcb5ef
Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-05-27 13:35:19 -06:00
Juny Tse
f2d6ead398 Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:42:54 -06:00
Josh Cummings
5cbc1a47da
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 15:30:07 -06:00
Josh Cummings
88f9529329
Correctly encode query parameters 
Issue gh-11235
 2022-05-23 15:30:01 -06:00
Josh Cummings
0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Rob Winch
f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio
806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio
dc2bd2b4f8 Update copyright headers 
Issue gh-10956
 2022-05-06 14:33:59 -03:00
Marcus Da Coregio
de9b7b4fb8 Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:33:59 -03:00
Marcus Da Coregio
995b2918bb Remove SAML Deprecations 
Closes gh-11077
 2022-05-06 10:15:42 -03:00
Rob Winch
dec0d97ef0 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:50:56 -05:00
Josh Cummings
4ebd37ae77
Add 5.8 Support 2022-05-03 09:04:34 -06:00
Josh Cummings
397ccbc1c8
Add 5.7 Schema 2022-05-03 09:03:50 -06:00
Eleftheria Stein
736f439bb5 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:48:40 +02:00
Eleftheria Stein
ac06057cf6 Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:44:27 +02:00
Rob Winch
e79b6b3ac8 Default SecurityContextHolderFilter 
Closes gh-11110
 2022-04-15 14:59:38 -05:00
Rob Winch
9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Josh Cummings
c6ad72004e
Revert "Pick up AuthorizationManager Bean" 
This reverts commit 4ca53468714159fddbc9835b1e129c5c7ee1a1e4.

Issue gh-11067
 2022-04-12 09:58:30 -06:00
Marcus Da Coregio
50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Rob Winch
7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Josh Cummings
4ca5346871
Pick up AuthorizationManager Bean 
Closes gh-11067
Closes gh-11068
 2022-04-08 11:42:37 -06:00
Josh Cummings
be434e1540
Add Default Test to HttpBasicConfigurerTests 
Issue gh-10973
 2022-04-05 17:32:13 -06:00
Josh Cummings
f09652d447
Polish Saml2LoginConfigurerTests 
Issue gh-10973
 2022-04-05 17:32:13 -06:00
Josh Cummings
bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Rob Winch
e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Steve Riesenberg
8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Rob Winch
972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Norbert Nowak
abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Marcus Da Coregio
1762a4ce70 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 10:48:34 -03:00