cf79af2386
Update Kotlin Test Usage
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
a08036aee5
Change from AwaitKt to MonoKt
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
6c3636d780
Update Removed Usages
...
Issue gh-13544
2023-07-14 18:38:58 -06:00
a99dff7de3
Remove Reference to LocalVariableTableParameterNameDiscoverer
...
Issue gh-2572
2023-07-14 18:38:58 -06:00
b62dd851a2
Merge branch '6.1.x'
...
Closes gh-13489
2023-07-11 17:03:53 -06:00
0579be0d25
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13488
2023-07-11 17:02:59 -06:00
6393702e70
Fix allOf/anyOf Abstain Logic
...
Closes gh-13487
2023-07-11 17:02:07 -06:00
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
0cefb27928
Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration
...
Closes gh-11624
2023-06-22 16:07:30 -03:00
339185998a
Update JavaDoc
...
Issue gh-12782
2023-06-22 11:26:45 -06:00
fa2bc745f7
Use AuthoritiesAuthorizationManager in Jsr250AuthorizationManager
...
Closes gh-12782
2023-06-22 11:25:54 -06:00
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
97cff7c715
Polish TestingAuthenticationToken
...
Restore List constructor to retain binary compatibility.
2023-06-22 11:22:15 -06:00
f25d76c48f
TestingAuthenticationToken takes broader collection type
...
So that callers do not have to cast.
Closes gh-12953
2023-06-22 11:22:15 -06:00
fb910e2997
Prepare for Spring Security 6.2
...
Closes gh-14316
2023-06-22 11:03:28 -06:00
1f04baa4a3
Polish gh-13290
...
Issue gh-12533
2023-06-13 14:17:40 -05:00
4def405067
Allow authorities to be overridden in UserBuilder
...
Issue gh-12533
2023-06-13 14:12:47 -05:00
613165b86c
Merge branch '6.0.x'
2023-05-11 11:46:10 -06:00
c6c091b12e
Merge branch '5.8.x' into 6.0.x
2023-05-11 11:43:37 -06:00
05ef215b88
Align Formatting
...
Issue gh-13132
2023-05-11 11:42:51 -06:00
9669747245
Ignore synthetic methods when checking for duplicate annotations
...
Closes gh-13132
2023-05-11 11:42:51 -06:00
a44e91d044
fix javadoc typo
2023-04-24 16:41:17 -06:00
9244989b2e
Fix allOf/anyOf Abstain Logic
...
Closes gh-13069
2023-04-24 15:36:17 -06:00
072feb2fb8
Merge branch '6.0.x'
2023-04-24 12:52:36 -06:00
599ed3e96b
Polish Format
...
Issue gh-13079
2023-04-24 12:52:26 -06:00
57294be795
Merge branch '6.0.x'
...
Closes gh-13083
2023-04-24 12:49:56 -06:00
73a543d318
Handle Empty Role
...
Closes gh-13079
2023-04-24 12:49:30 -06:00
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
20b0156d5a
Merge branch '6.0.x'
...
Closes gh-12984
2023-04-10 11:26:01 -05:00
9c3f91a2d3
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12983
2023-04-10 11:25:32 -05:00
16dcfd1cfe
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12982
2023-04-10 11:25:01 -05:00
c69df9fba0
Fix javadoc typo in ReactiveAuthorizationManager
...
Closes gh-12978
2023-04-10 11:24:49 -05:00
25ff3d69bd
Polish WebFlux Observation contextualName
...
Issue gh-12156
2023-04-04 13:15:44 -06:00
5e2dd0351d
Merge branch '6.0.x'
...
Closes gh-12964
2023-04-04 10:21:52 -03:00
44c4a4ae86
Add new DaoAuthenticationProvider constructor
...
Add a new constructor to the DaoAuthenticationProvider, which allows
providing a custom PasswordEncoder to prevent instantiation of the
default delegating PasswordEncoder in the default constructor.
This provides a way to instantiate the DaoAuthenticationProvider on JDKs
where the default delegating PasswordEncoder cannot be instantiated due
to limited JCE providers for compliance reasons (e.g., FIPS).
Closes gh-12874
2023-04-04 10:21:22 -03:00
607e40d366
Polish ObservationConvention Configuration
...
Change to setObservationConvention so that it reads more clearly
when used, for example `authenticationManager.setObservationConvention`
is clearer than `authenticationManager.setConvention`.
Change unit test names to follow team conventions.
Issue gh-12534
2023-03-28 15:01:26 -06:00
f1b14de3ba
Format ObservationConvention Configuration
...
Issue gh-12534
2023-03-28 15:01:26 -06:00
8d933fcb03
Support Customizing Observation Conventions
...
Closes gh-12534
2023-03-28 15:01:26 -06:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
f588f9fa9a
Merge branch '6.0.x'
2023-03-03 15:02:51 -07:00
acf48721cd
Merge branch '5.8.x' into 6.0.x
2023-03-03 15:02:34 -07:00
ebabcaa51a
Merge branch '5.7.x' into 5.8.x
2023-03-03 15:02:07 -07:00
094bf1b527
Validate hasRole Input
...
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.
Closes #12581
2023-03-03 15:00:34 -07:00
659b65a666
Fix javadox typo
2023-02-15 15:20:48 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
3229bfa40f
Add empty authorities by default
...
Closes gh-12533
2023-01-30 15:37:10 -06:00
f9d674cb10
Merge branch '6.0.x'
...
Closes gh-12525
2023-01-11 10:14:01 -07:00
4d2dab9b6b
Lookup Parent Observation
...
Closes gh-12524
2023-01-11 10:13:33 -07:00
782b792e7b
SecuredAuthorizationManager should allow customizing underlying authorization manager
...
Closes gh-12233
2023-01-10 17:48:48 -07:00
3369cf5fe9
Consider replacing SecurityExpressionRoot.AuthenticationSupplier with SingletonSupplier
...
Closes gh-12487
2023-01-06 11:21:33 -07:00
1bbbd046c3
Polish gh-12231
...
- Update copyright header
- Use Set.of instead of HashSet in AuthorityAuthorizationManager
- Align roleHierarchy test name with other tests in AuthoritiesAuthorizationManagerTests
2023-01-05 10:50:52 -07:00
e0d676c03f
SecuredAuthorizationManager should cache annotation's value
...
Closes gh-12232
2023-01-05 10:50:52 -07:00
25133a97f9
Merge branch '6.0.x'
...
Closes gh-12436
2022-12-19 10:45:49 -03:00
f1824f8a5d
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12435
2022-12-19 10:45:25 -03:00
36d83f863a
Fix Javadoc since tag for class ExpressionAuthorizationDecision
...
Closes gh-12411
2022-12-19 10:44:36 -03:00
855282ac3b
Add Authority String AuthorizationManager
...
Closes gh-12231
2022-12-02 14:12:02 -07:00
6cbbf06456
Merge branch '6.0.x'
2022-11-30 14:20:01 -07:00
a76b1f7a51
Merge branch '5.8.x' into 6.0.x
2022-11-30 14:19:38 -07:00
68a344d238
Merge branch '5.7.x' into 5.8.x
2022-11-30 14:18:59 -07:00
e23c1cf7a7
Merge branch '5.6.x' into 5.7.x
2022-11-30 14:18:12 -07:00
14a48ea939
Fix formatting
...
Issue gh-12143
2022-11-29 20:15:13 -07:00
709de43e89
Fix typo in JavaDoc
...
Closes gh-12143
2022-11-29 20:15:12 -07:00
9bf2d3cd86
Polish JavaDoc
...
- Replace ampersand
- Correct since version
Issue gh-11510
2022-11-29 16:46:55 -07:00
5fcbb9f4ed
Add AuthenticationTrustResolver#isFullyAuthenticated
...
Closes gh-11510
2022-11-29 16:46:54 -07:00
4de92145e2
Update version on tag library and global serialization value
2022-11-23 13:12:48 -03:00
9d876fce82
Polish ExpressionAuthorizationDecision
...
Issue gh-11493
2022-11-17 15:09:52 -07:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
88e64bac0c
Polish Tests
...
Issue gh-11992
2022-11-17 15:09:52 -07:00
08948f2c37
Add Polish localization to error messages from ExceptionTranslationFilter
...
Issue gh-9315
2022-11-14 18:10:36 -07:00
a3d278380e
Add Polish localization to error messages from ExceptionTranslationFilter
2022-11-14 18:06:02 -07:00
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
db7f52db4e
Add hints to invoke SecurityContextImpl#getAuthentication
...
Closes gh-11987
2022-10-13 09:06:16 -03:00
d3d8f7d60f
Mark Observations with Security Context Events
...
Closes gh-11992
2022-10-12 20:32:23 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
827384e386
Add Micrometer Dependency
2022-10-12 19:26:21 -06:00
a453a71bed
Merge remote-tracking branch 'origin/5.8.x'
2022-10-10 12:37:15 -06:00
8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
38c05ad31c
Add native hints for basic @PostAuthorize usage
...
Closes gh-11737
2022-08-23 15:17:14 -03:00
bd5a05dcdd
Polish CoreSecurityRuntimeHints
2022-08-23 15:06:07 -03:00
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 13:00:07 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
20def5e25d
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-14 09:25:17 -06:00
8d0084842b
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-14 09:25:16 -06:00
9b43316f4d
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-14 09:25:16 -06:00
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-13 17:58:16 -06:00
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
7abea4a964
Add RuntimeHints suffix for RuntimeHintsRegistrar
...
Closes gh-11497
2022-07-13 10:14:43 -03:00
177baba8c9
RuntimeHintsPredicates moved to predicate package
2022-07-12 16:00:50 -04:00
4a5c0ac904
Fix Formatting
...
Issue gh-11474
2022-07-08 12:35:40 -05:00
03cd9920aa
DelegatingSecurityContextTaskScheduler implements new Methods
...
Closes gh-11474
2022-07-08 12:32:09 -05:00
a87f7aa2e1
Polish CoreSecurityHintsTests
...
Use ParameterizedTest to simplify repetitive test setup
Issue gh-11431
2022-07-06 15:21:45 -03:00
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:19:33 -06:00
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:18:07 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:15:56 -06:00
52d8e10ace
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:08:42 -06:00
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:17:45 -06:00
25c74896d1
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:02:59 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
b6d43e58c0
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 16:59:09 -05:00
a31a99b591
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:58:36 -06:00
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
5eadcba7d1
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 09:00:08 -06:00
d557d2d0eb
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 08:28:16 -06:00
d124fa2858
Fix typo in comment for changePassword method
2022-05-25 12:34:55 -06:00
5540bbcf0b
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:36:17 -06:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
2b4794475e
Polish gh-11188
2022-05-12 16:32:11 -05:00
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
e01b1e7f38
Polish gh-11188
2022-05-12 16:19:48 -05:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
dbd96a9e3f
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:52 -06:00
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
89019fb340
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:03:25 -06:00
286e95893a
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:19:35 -05:00
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
9193e46800
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:15:53 -05:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
33ee3058d4
Add missing insufficientAuthentication property in messages_*.properties
2022-04-29 10:38:42 +02:00
da2a68e182
Add missing untranslated properties in messages_lt
2022-04-29 10:38:42 +02:00
5832202a4d
Fixed bad property name in messages_it
2022-04-29 10:38:42 +02:00
22dac674da
Remove unnecessary dots from messages_cs_CZ
2022-04-29 10:38:42 +02:00
8b06a4bbe2
Remove trailing space from messages_ru
2022-04-29 10:38:42 +02:00
47c4b0426d
Add missing badLdapConnection property in messages_*.properties
2022-04-29 10:38:42 +02:00
61c0a25bcd
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:32:14 -06:00
057f4a86d5
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:29:47 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
Josh Cummings
Claudio Nave
Evgeniy Cheban
kandaguru17
Krzysztof Krason
Laurent Martelli
Steve Riesenberg
Dmitry Korotych
Florian Cramer
SeasonPan
Marcus Da Coregio
Rob Winch
Yuanhang Guo
Petr Svoboda
Braunson
bist
Pascal Verdage
stillya
Guillaume Husta
Junsung Cho
Karthikeyan R
Kacper Piasta
Emil Sierżęga
Joe Grandja
James