Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,173 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

10173 Commits

Author SHA1 Message Date
nor-ek 23cc1eb32b
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:56:51 -06:00
Josh Cummings 8a03d1fcec Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-05-27 12:20:48 -06:00
Evgeniy Cheban 495028eb85 Some Security Expressions cause NPE when used within Query annotation 
Added trustResolver, roleHierarchy, permissionEvaluator, defaultRolePrefix
fields to SecurityEvaluationContextExtension along with setter methods to override defaults.

Closes gh-11196
 2022-05-26 14:35:40 -05:00
Juny Tse 16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:43:50 -06:00
Josh Cummings 53e509f0c6
Remove duplicate check 
Closes gh-11192
 2022-05-23 16:00:15 -06:00
Josh Cummings b51c71c3b3
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 13:56:28 -06:00
Josh Cummings 5adb6e25a3
Correctly encode query parameters 
Issue gh-11235
 2022-05-20 17:46:40 -06:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch 7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Ulrich Grave 9b874bcde2 Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest 
Closes gh-11195
 2022-05-17 16:21:54 -06:00
Rob Winch 538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch 04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Josh Cummings ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban 07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Evgeniy Cheban 3f861f7f20
Polish gh-11188 2022-05-12 16:20:43 -05:00
Marcus Da Coregio 032fdcefdf Point to samples branch 5.8.x 
Closes gh-11203
 2022-05-12 11:16:23 -03:00
Marcus Da Coregio b544159226 Use properties in the checkSamples job 
Issue gh-10344
 2022-05-11 16:12:36 -03:00
Marcus Da Coregio 723648af00 Add initScripts and projectProperties to IncludeCheckRemotePlugin 
Issue gh-10344
 2022-05-11 16:12:36 -03:00
Evgeniy Cheban 9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:05:04 -06:00
Marcus Da Coregio 18c220c870 Update copyright headers 
Issue gh-10956
 2022-05-06 14:26:29 -03:00
Marcus Da Coregio 18345feeed Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:26:29 -03:00
Marcus Da Coregio ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth 57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Josh Cummings 13795cdec1
Polish Relay State Resolver 
Issue gh-11065
 2022-05-05 17:28:30 -06:00
sebastiano 4dfc349914
Allow custom relay state 
Closes gh-11065
 2022-05-05 17:26:39 -06:00
Rob Winch 768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch 6420cf28a9 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:52:22 -05:00
Evgeniy Cheban 66bbfc7a50 @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:17:23 -05:00
Ulrich Grave 3cbb60750d Add Jackson Support for Saml2AuthenticationException 
Closes gh-11169
 2022-05-02 17:41:52 -05:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:13:52 +02:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:43:13 +02:00
nor-ek a3e7e54b70 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:34:44 +02:00
Marcus Da Coregio 23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator 
Issue gh-10908
 2022-04-25 09:42:00 -03:00
Marcus Da Coregio 97acbcc2d0 Exclude duplicate issues from changelog 
Closes gh-11154
 2022-04-20 09:02:55 -03:00
Rob Winch 6c8f64d2bd Next Development Version 2022-04-18 14:55:35 -05:00
Rob Winch e80b3cc5a2 Release 5.7.0-RC1 2022-04-18 14:50:15 -05:00
Rob Winch 8a54cea6f0 Revert to aspectj-plugin-6.4.1 
There appears to be an issue with publication of aspectj plugin, so
this commit reverts to a previous working version.

See https://github.com/freefair/gradle-plugins/issues/511
 2022-04-18 14:03:14 -05:00
Rob Winch 2b858f9371 Use gradlePluginPortal() 2022-04-18 14:02:21 -05:00
Rob Winch f52bf98350 Update org.springframework to 5.3.19 
Closes gh-11152
 2022-04-18 13:38:21 -05:00
Rob Winch e223d23e84 Update org.jetbrains.kotlinx to 1.6.1 
Closes gh-11151
 2022-04-18 13:38:19 -05:00
Rob Winch 6e5b2f23a9 Update org.jetbrains.kotlin to 1.6.20 
Closes gh-11150
 2022-04-18 13:38:17 -05:00
Rob Winch 0803a9e09d Update hibernate-entitymanager to 5.6.8.Final 
Closes gh-11149
 2022-04-18 13:38:14 -05:00
Rob Winch 359137dfae Update org.eclipse.jetty to 9.4.46.v20220331 
Closes gh-11148
 2022-04-18 13:38:12 -05:00
Rob Winch a62bdd15b4 Update org.aspectj to 1.9.9.1 
Closes gh-11147
 2022-04-18 13:38:10 -05:00
Rob Winch 694ceb3fb1 Update io.rsocket to 1.1.2 
Closes gh-11146
 2022-04-18 13:38:08 -05:00
Rob Winch 0989652a33 Update io.projectreactor to 2020.0.18 
Closes gh-11144
 2022-04-18 13:38:03 -05:00