709de43e89
Fix typo in JavaDoc
...
Closes gh-12143
2022-11-29 20:15:12 -07:00
9bf2d3cd86
Polish JavaDoc
...
- Replace ampersand
- Correct since version
Issue gh-11510
2022-11-29 16:46:55 -07:00
5fcbb9f4ed
Add AuthenticationTrustResolver#isFullyAuthenticated
...
Closes gh-11510
2022-11-29 16:46:54 -07:00
4de92145e2
Update version on tag library and global serialization value
2022-11-23 13:12:48 -03:00
9d876fce82
Polish ExpressionAuthorizationDecision
...
Issue gh-11493
2022-11-17 15:09:52 -07:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
88e64bac0c
Polish Tests
...
Issue gh-11992
2022-11-17 15:09:52 -07:00
08948f2c37
Add Polish localization to error messages from ExceptionTranslationFilter
...
Issue gh-9315
2022-11-14 18:10:36 -07:00
a3d278380e
Add Polish localization to error messages from ExceptionTranslationFilter
2022-11-14 18:06:02 -07:00
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
db7f52db4e
Add hints to invoke SecurityContextImpl#getAuthentication
...
Closes gh-11987
2022-10-13 09:06:16 -03:00
d3d8f7d60f
Mark Observations with Security Context Events
...
Closes gh-11992
2022-10-12 20:32:23 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
827384e386
Add Micrometer Dependency
2022-10-12 19:26:21 -06:00
a453a71bed
Merge remote-tracking branch 'origin/5.8.x'
2022-10-10 12:37:15 -06:00
8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
38c05ad31c
Add native hints for basic @PostAuthorize usage
...
Closes gh-11737
2022-08-23 15:17:14 -03:00
bd5a05dcdd
Polish CoreSecurityRuntimeHints
2022-08-23 15:06:07 -03:00
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 13:00:07 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
20def5e25d
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-14 09:25:17 -06:00
8d0084842b
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-14 09:25:16 -06:00
9b43316f4d
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-14 09:25:16 -06:00
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-13 17:58:16 -06:00
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
7abea4a964
Add RuntimeHints suffix for RuntimeHintsRegistrar
...
Closes gh-11497
2022-07-13 10:14:43 -03:00
177baba8c9
RuntimeHintsPredicates moved to predicate package
2022-07-12 16:00:50 -04:00
4a5c0ac904
Fix Formatting
...
Issue gh-11474
2022-07-08 12:35:40 -05:00
03cd9920aa
DelegatingSecurityContextTaskScheduler implements new Methods
...
Closes gh-11474
2022-07-08 12:32:09 -05:00
a87f7aa2e1
Polish CoreSecurityHintsTests
...
Use ParameterizedTest to simplify repetitive test setup
Issue gh-11431
2022-07-06 15:21:45 -03:00
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:19:33 -06:00
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:18:07 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:15:56 -06:00
52d8e10ace
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:08:42 -06:00
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:17:45 -06:00
25c74896d1
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:02:59 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
b6d43e58c0
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 16:59:09 -05:00
a31a99b591
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:58:36 -06:00
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
5eadcba7d1
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 09:00:08 -06:00
d557d2d0eb
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 08:28:16 -06:00
d124fa2858
Fix typo in comment for changePassword method
2022-05-25 12:34:55 -06:00
5540bbcf0b
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:36:17 -06:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
2b4794475e
Polish gh-11188
2022-05-12 16:32:11 -05:00
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
e01b1e7f38
Polish gh-11188
2022-05-12 16:19:48 -05:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
dbd96a9e3f
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:52 -06:00
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
89019fb340
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:03:25 -06:00
286e95893a
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:19:35 -05:00
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
9193e46800
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:15:53 -05:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
33ee3058d4
Add missing insufficientAuthentication property in messages_*.properties
2022-04-29 10:38:42 +02:00
da2a68e182
Add missing untranslated properties in messages_lt
2022-04-29 10:38:42 +02:00
5832202a4d
Fixed bad property name in messages_it
2022-04-29 10:38:42 +02:00
22dac674da
Remove unnecessary dots from messages_cs_CZ
2022-04-29 10:38:42 +02:00
8b06a4bbe2
Remove trailing space from messages_ru
2022-04-29 10:38:42 +02:00
47c4b0426d
Add missing badLdapConnection property in messages_*.properties
2022-04-29 10:38:42 +02:00
61c0a25bcd
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:32:14 -06:00
057f4a86d5
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:29:47 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
990831db85
Add authorization events
...
Closes gh-9288
2022-03-29 16:22:43 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
4ede1feae5
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 14:17:17 -07:00
2334610fa9
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 14:17:17 -07:00
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
a2d1965c25
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:30:45 +01:00
c6b185465d
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:24:23 +01:00
70fa8b1fdb
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-03 09:45:51 -06:00
6f0029fc44
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-02 17:04:44 -06:00
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
58090c37ea
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
5902b46e9b
Remove jcl-over-slf4j
...
Issue gh-10499
# Conflicts:
# dependencies/spring-security-dependencies.gradle
2022-01-19 15:32:01 -06:00
44bc953a39
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:40:56 -06:00
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
e1cb375fbf
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-12 16:39:50 -03:00
60ed3602f6
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-11 09:19:41 -03:00
3935f4bffe
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:53:00 -03:00
86ed937a47
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:51:54 -03:00
22379e79e7
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:50:36 -03:00
a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
78857c62f4
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 14:29:18 -07:00
809ff883b0
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 14:29:18 -07:00
bbeca7cd65
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 18:03:15 +01:00
3c18278123
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 18:03:03 +01:00
4f8c1b34af
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 17:59:24 +01:00
7cfd415cb5
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 17:49:57 +01:00
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
5a0f1d51c3
Drop EhCache2 support
...
Issue gh-10363
2021-11-01 09:02:42 -03:00
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
b2e6c60d94
Remove remoting technologies support
...
Closes gh-10366
2021-11-01 09:02:42 -03:00
010f719344
Upgrade to JDK 17
...
Closes gh-10343
2021-11-01 09:02:42 -03:00
12f3e908b0
Update to Spring Security 6.0
2021-11-01 09:02:41 -03:00
e0821f2a99
DaoAuthenticationProviderTests#avg returns fraction
2021-10-28 09:35:52 -06:00
5e091b94a9
Deprecate RemoteAuthentication* for 5.6
...
Closes gh-10430
2021-10-21 11:39:11 -05:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
7fa39c8807
Deprecate EhCache2 support
...
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations
Closes gh-10362
2021-10-14 14:51:27 -03:00
86c24da38b
Improve Method Security logging
...
Closes gh-10247
2021-10-08 14:22:09 -03:00
ef01124eb9
Add reasons to AuthorizationDecisions
...
Closes gh-9287
2021-10-08 14:22:09 -03:00
570092c467
Remove trace logs for PrePostAnnotationSecurityMetadataSource
...
Those logs were producing too much noise on the console without adding much value.
Issue gh-10247
2021-10-08 14:22:09 -03:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
8c74d6cea5
Fix isAssignable order
...
Closes gh-10236
2021-09-30 13:56:37 -06:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
658aff501c
Assert Error-Messages already includes dashes
...
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.
I took the output message via copy and paste, but it was still not valid ;-(
Only the output is affected, the checks itself is correct.
2021-09-27 09:53:55 -03:00
7b73b94198
Fix typo
2021-09-22 16:29:50 -06:00
5da55448f9
Polish SecurityContextChangedEvent
...
- Changed methods to getOldContext and getNewContext
Closes gh-10249
2021-09-13 16:04:36 -06:00
3e87ef84ae
Replace SecurityContextHolder#addListener
...
Closes gh-10226
2021-09-13 15:57:06 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
01af7877ea
Polish RsaKeyConverters
...
- Remove potential for returning null
- Remove potential for parsing more than one header
Issue gh-9736
2021-07-12 14:21:23 -06:00
5f7d871258
Add X.509 Certificate Support
...
Closes gh-9736
2021-07-12 14:21:08 -06:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
81ded2a0e5
Polish Assertion
...
By using the supplier version of Assert.notNull, the
string concatenation is delayed.
Issue gh-3403
2021-06-30 10:12:27 -06:00
19aa44af41
Improve Error Message for Invalid Properties
...
Closes gh-3403
2021-06-30 10:07:21 -06:00
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen
2021-06-15 09:11:53 -05:00
25fa187406
Add insufficient authentication message for French
...
Partially fix gh-9315
2021-06-15 09:08:59 -05:00
20577c39c1
Add insufficient authentication message for Simplified Chinese and Traditional Chinese
...
Partially fix gh-9315
2021-06-14 16:00:29 -05:00
7ed38f1a26
Adjust Test Names
...
Issue gh-9514
2021-06-07 14:31:05 -06:00
e1e31939a3
Add @since
...
Issue gh-9514
2021-06-07 14:26:29 -06:00
80743a267c
Add SecurityContext to delegating TaskScheduler
...
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.
- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler
Closes gh-9514
2021-06-07 13:54:24 -06:00
67e5c05a47
Polish AuthorizationManager Method Security
...
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations
Issue gh-9289
2021-05-18 17:34:04 -06:00
84e2e80915
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-05-18 17:34:04 -06:00
1898446f68
core depends on crypto
...
Issue gh-9767
2021-05-18 16:03:38 -05:00
56b7c662e4
Remove spring-security-crypto from spring-core pom
...
Instead of having api extend included configuration, we should use the
*Classpath configurations.
Closes gh-9767
2021-05-18 15:30:44 -05:00
d203235567
Update to Spring Security 5.6
...
Closes gh-9695
2021-05-18 10:45:17 -06:00
304636520d
buildSrc to publish
2021-05-17 14:00:56 -05:00
17cfc6ade3
Inline ResourceKeyConverterAdapter
...
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
de0cd11a72
Fix PreAuthorize when returning Kotlin Flow
...
Closes gh-9676
2021-04-28 12:33:18 +02:00
163b5943ca
Revert AuthorizationManager Method Security
2021-04-12 15:53:22 -06:00
df8abcfae7
Use Interceptors instead of Advice
...
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization
Issue gh-9289
2021-04-09 18:45:31 -06:00
6bcf479659
Polish Javadoc
...
Issue gh-9289
2021-04-09 18:44:25 -06:00
6828987b4b
Add AfterMethodAuthorizationManager
...
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability
Closes gh-9591
2021-04-09 18:43:56 -06:00
2b494ebc5f
Polish AOP Structure
...
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes
Issue gh-9289
2021-04-09 17:46:33 -06:00
45376b359b
Adjust Packaging
...
Issue gh-9289
2021-04-09 17:46:32 -06:00
20778f727b
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-04-09 17:46:32 -06:00
e03fe7f089
Add coroutine support to pre/post authorize
...
Closes gh-8143
2021-04-09 19:33:06 +02:00
60d3db5798
add management platform(project(":spring-security-dependencies"))
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
1a76ee7442
Update Gradle configuration names
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
e4c03e9e5a
Update plugins to support api/implementation
...
Issue gh-9540
2021-04-05 10:36:35 -05:00
8d82ebaa2f
Update ComparableVersion to version from Maven 3.6.3
2021-03-26 11:39:26 -05:00
4a492846f1
Revert "Lock dependencies for 2.5.0-M3"
...
This reverts commit f05cc6269c
2021-03-15 23:18:45 +01:00
f05cc6269c
Lock dependencies for 2.5.0-M3
2021-03-15 11:00:19 +01:00
c4be1c6a56
Revert "Lock Dependencies"
...
This reverts commit a85caa4098
2021-02-11 15:49:59 -07:00
a85caa4098
Lock Dependencies
2021-02-11 15:00:38 -07:00
65d3b0d71c
Add ResourceKeyConverterAdapter
...
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding
Issue gh-9316
2021-01-15 22:15:56 -07:00
c066e23a86
Add @since attributes
...
Issue gh-8900
2020-12-16 15:58:53 -07:00
34b4b1054f
Add AuthorizationManager
...
Closes gh-8900
2020-12-16 15:58:36 -07:00
d3ef340b26
Fix typos
2020-12-03 11:05:22 +01:00
d7612e346e
Fix typo in Javadoc
2020-11-11 06:48:22 -05:00
2b9efccc50
Implement MessageSourceAware where missing
...
Closes gh-8951
2020-11-05 10:57:33 -07:00
b95e1aa209
Revert "Lock dependencies for 5.5.0-M1"
...
This reverts commit 25a7482c8c
2020-11-03 19:53:28 -05:00
25a7482c8c
Lock dependencies for 5.5.0-M1
2020-10-30 17:52:03 -05:00
ce68431037
Bump Schema, Serialization, and Taglib to 5.5
2020-10-07 17:17:58 -06:00
6d14482378
Add try-with-resources to close stream
...
Closes gh-9041
2020-09-29 08:25:45 -06:00
c502312719
Replace expected @Test attributes with AssertJ
...
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
910b81928f
Replace try/catch with AssertJ
...
Replace manual try/catch/fail blocks with AssertJ calls.
2020-09-22 16:13:51 -06:00
a5b97bb569
Prevent NullPointerException when session ID changes
...
The old session ID may not exist in the session registry if the user is not authenticated.
Closes gh-9011
2020-09-18 10:51:12 +02:00
7b1f574769
Revert "Lock Dependency Versions for 5.4.0"
...
This reverts commit 3d0e459182
2020-09-09 18:14:12 -04:00
3d0e459182
Lock Dependency Versions for 5.4.0
2020-09-09 13:45:03 -04:00
fa7baf551d
Restructure Logs
...
Followed common use cases based off of HelloWorld sample:
- Public endpoint
- Unauthorized endpoint
- Undefined endpoint
- Successful form login
- Failed form login
- Post-login redirect
Issue gh-6311
2020-09-02 07:37:59 -06:00
4fd67b48e0
Polish core format
...
Issue gh-8945
2020-08-24 17:33:09 -05:00
319d3364aa
Migrate to assertThatExceptionOfType
...
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
2020-08-24 17:33:09 -05:00
Junsung Cho
Josh Cummings
Karthikeyan R
Marcus Da Coregio
Kacper Piasta
Steve Riesenberg
Emil Sierżęga
Evgeniy Cheban
Rob Winch
Joe Grandja
James
Parikshit Dutta
Norbert Nowak
Ulrich Grave
Eleftheria Stein
Guirong Hu
Hiroshi Shirosaki
Markus Heiden
Emil Sierżęga
Alexander Furer
heowc
OllisGit
shazin
Ruben Suarez Alvarez
YBCoding
pxzxj
Giacomo Baso
Craig Andrews
Eleftheria Stein
Angel Aguilera
Arnaud Mergey
Malyshau Stanislau
Phillip Webb