e8c56420bf
Update mockk to 1.12.5
...
Closes gh-11690
2022-08-11 14:20:24 -06:00
627809d2dc
Update org.springframework.data to 2021.1.6
...
Closes gh-11686
2022-08-10 14:52:51 -03:00
4b1d7e9479
Update org.springframework to 5.3.22
...
Closes gh-11685
2022-08-10 14:52:51 -03:00
d9980a4dfe
Update jsonassert to 1.5.1
...
Closes gh-11684
2022-08-10 14:52:51 -03:00
8eb7e589eb
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11683
2022-08-10 14:52:51 -03:00
0d7dce9d71
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11682
2022-08-10 14:52:51 -03:00
da09788be9
Update io.projectreactor to 2020.0.22
...
Closes gh-11680
2022-08-10 14:52:51 -03:00
425b3501b7
Remove `@Configuration` from `@Enable*` Annotations
...
This removes `@Configuration` from all `@Enable` Annotations and explicitly
adds `@Configuration` to wherever the `@Enable*` Annotations are used.
Closes gh-11653
2022-08-09 17:00:24 -05:00
a5069d7e35
Fix Add @Configuration to @Enable*Security Usage
...
Issue gh-6613
2022-08-09 17:00:16 -05:00
ead587c597
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:42 -03:00
6a2ca52aae
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:10 -03:00
24bb83e2c7
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:31:45 -03:00
1c4d6ed098
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:30:15 -03:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
c23324e7a7
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 14:14:12 -05:00
269c711a64
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 13:52:56 -05:00
c9f8d2b111
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 13:52:12 -05:00
ed58ac7d78
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:49:48 -06:00
9e8a04d414
Polish Tests
...
Issue gh-11657
2022-08-03 17:49:46 -06:00
c2d79fcbd6
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:34:31 -06:00
aa225943d2
Polish Tests
...
Issue gh-11657
2022-08-03 17:34:26 -06:00
f8971742f2
Remove FilterSecurityInterceptor from WebSecurity
...
Closes gh-11325
2022-08-02 15:34:02 -03:00
508f7d7b8a
Update OpenSamlAuthenticationRequestResolverTests from Junit 4 to Junit 5
2022-08-02 08:02:22 -06:00
947445fcc5
Add ID to Saml2 Post and Redirect Requests
...
Closes gh-11468
2022-08-02 08:02:22 -06:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
99f768bab9
Polish HttpSecurity
2022-07-29 17:43:00 -05:00
984355e637
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:43:00 -05:00
09173c95d6
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:43:00 -05:00
07ea139ebf
Polish HttpSecurity
2022-07-29 17:42:39 -05:00
67544f36f9
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:39 -05:00
05725af4d8
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:39 -05:00
15f525c614
Polish HttpSecurity
2022-07-29 17:42:20 -05:00
0c0c75ce22
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:20 -05:00
9861769b02
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:20 -05:00
02459919cc
Skip workflows on forks of spring-security
2022-07-28 15:13:56 -05:00
57d212ddca
Use cache and user.name system property on Windows
2022-07-28 15:13:55 -05:00
539b17f6da
Only run prerequisites job if on upstream repo
2022-07-28 15:13:54 -05:00
37e1ad27fe
Simplify dependency graph
2022-07-28 15:13:53 -05:00
043fdd6f03
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:13:52 -05:00
3234e05085
Polish gh-11367
2022-07-28 15:13:51 -05:00
f957e3c051
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:13:51 -05:00
24033be046
Skip workflows on forks of spring-security
2022-07-28 15:11:09 -05:00
47a5665767
Use cache and user.name system property on Windows
2022-07-28 15:11:08 -05:00
aad60cc6af
Only run prerequisites job if on upstream repo
2022-07-28 15:11:07 -05:00
13e94935ae
Simplify dependency graph
2022-07-28 15:11:06 -05:00
6c29007fac
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:11:05 -05:00
6ad567f0fa
Polish gh-11367
2022-07-28 15:11:05 -05:00
8c634f8a9d
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:11:04 -05:00
4fbbfd2c8b
Skip workflows on forks of spring-security
2022-07-28 15:07:02 -05:00
Josh Cummings
Marcus Da Coregio
Rob Winch
Igor Bolic
Scott Shidlovsky
Joshua Sattler
Steve Riesenberg
naveen