Rob Winch
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
Rob Winch
dbcb5004b4
Extract createSecurityContextRepository()
...
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.
Issue gh-9635
2022-03-11 17:21:49 -06:00
Norbert Nowak
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
Marcus Da Coregio
93d4fd3559
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 09:18:01 -03:00
Marcus Da Coregio
73f839312d
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 09:18:01 -03:00
Josh Cummings
7a02bd14c1
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:19:03 -07:00
m0k045e
3aa7a65cb4
OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
...
Closes gh-10846
2022-02-28 15:30:19 -07:00
Eleftheria Stein
e97c643870
Deprecate WebSecurityConfigurerAdapter
...
Closes gh-10822
2022-02-17 12:13:50 +01:00
Eleftheria Stein
c2635ba6bf
Apply configurers from spring.factories to HttpSecurity bean
...
Closes gh-10814
2022-02-09 14:40:57 +01:00
Josh Cummings
cbd87fac89
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 14:50:28 -07:00
Manuel Jordan
01ed617d5f
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 14:50:19 -07:00
Josh Cummings
d538423f98
Add Saml2AuthenticationRequestResolver
...
Closes gh-10355
2022-01-24 15:09:45 -07:00
Rob Winch
ba922dcdf0
Exclude javax from hibernate dependency
...
Issue gh-10501
2022-01-19 14:35:25 -06:00
Rob Winch
27e1a2ca69
Remove javax.transaction
...
Issue gh-10501
2022-01-19 14:35:05 -06:00
Rob Winch
9d4ecc9c37
Additional removal of javax.inject
...
Issue gh-10501
2022-01-19 14:34:45 -06:00
Rob Winch
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
Rob Winch
0e8c03401b
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch
8f64bb6c8c
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 14:33:53 -06:00
Rob Winch
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
Rob Winch
3c641dee75
Remove commons-logging
...
Closes gh-10499
2022-01-19 14:33:44 -06:00
Eleftheria Stein
a537b636c1
Add LDAP factory beans
...
Issue gh-10138
2022-01-18 15:11:30 +01:00
Josh Cummings
75f25bff82
Polish multiple RequestRejectedHandlers support
...
Issue gh-10603
2022-01-14 16:49:38 -07:00
Adam Ostrožlík
4ea57f3e3f
Support multiple RequestRejectedHandler beans
...
Closes gh-10603
2022-01-14 16:46:15 -07:00
Marcus Da Coregio
60ed3602f6
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-11 09:19:41 -03:00
heowc
1ab0705b47
Fix typo
2022-01-10 16:17:42 +01:00
Marcus Da Coregio
18427b6411
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2021-12-13 08:57:30 -03:00
Josh Cummings
cd8983d4e5
Polish enableSessionUrlRewriting Clarification
...
Closes gh-7644
2021-12-09 12:14:40 -07:00
James Howe
5598688fa6
Clarify behaviour of enableSessionUrlRewriting
...
See #3087
2021-12-09 12:06:30 -07:00
Marcus Da Coregio
65426a40ec
Add Cross Origin Policies headers
...
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers
Closes gh-9385, gh-10118
2021-12-07 17:23:06 +01:00
Marcus Da Coregio
ed3b0fbaad
Prevent using both authorizeRequests and authorizeHttpRequests
...
Closes gh-10573
2021-12-06 15:47:49 -03:00
Steve Riesenberg
df0f6f83af
Polish gh-9597
2021-12-02 17:44:47 -06:00
Karl Tinawi
925d531cbe
Set details on authentication token created by HttpServlet3RequestFactory
...
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.
Closes gh-9579
2021-12-02 17:44:46 -06:00
Steve Riesenberg
074e38d565
Add missing since
...
Issue gh-7765
2021-12-02 12:09:57 -06:00
Steve Riesenberg
3af619d565
Add hasIpAddress to Reactive Kotlin DSL
...
Closes gh-10571
2021-12-02 12:01:11 -06:00
Josh Cummings
a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
Igor Pelesic
a3a9de1b9b
PermitAllSupport supports AuthorizeHttpRequestsConfigurer
...
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
2021-11-30 15:17:22 -07:00
Guirong Hu
43317c5a61
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
2021-11-30 15:27:58 -06:00
« Christophe
4318a51971
Fix CsrfConfigurer default AccessDeniedHandler consistency
...
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.
This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation
Fixes: gh-6511
2021-11-16 14:22:35 -06:00
Stephane Nicoll
61ee4e5a76
Avoid using SpEL to change the meaning of the injection point
...
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
2021-11-16 13:53:00 -06:00
Onur Kagan Ozcan
aa0f788f59
Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes
2021-11-16 13:44:18 -06:00
Josh Cummings
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
Josh Cummings
76ebbb84f7
Separate Namespace Servlet Docs
...
Issue gh-10367
2021-11-05 12:45:46 -06:00
Marcus Da Coregio
2f1638ec57
Fix javadoc
...
Closes gh-10382
2021-10-22 11:20:37 -03:00
Emil Sierżęga
cb70b6a39b
Fixed invalid usage of & tag in Javadocs
2021-10-21 11:47:04 +02:00
Emil Sierżęga
04b47c5928
Fixed various broken links in Javadocs
2021-10-21 11:47:04 +02:00
Emil Sierżęga
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
Emil Sierżęga
6b26032ce7
Fixed invalid usege of > tag in Javadocs
2021-10-21 11:47:04 +02:00
Rob Winch
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
Philipp Neuschwander
6db58cbf8a
Conditionally resolve bearer token from request parameters
...
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.
This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).
Closes gh-10326
2021-10-13 17:10:50 -05:00
Gaurav Tiwari
33708e61fb
Add postProcess support to Saml2LogoutConfigurer
...
Closes gh-10311
2021-10-13 12:05:48 -06:00
Josh Cummings
fbb7691be4
Polish SecurityNamespaceHandler Tests
...
Issue gh-8974
2021-10-13 11:50:14 -06:00
Emil Sierżęga
8daa6ec1fd
SecurityNamespaceHandler: update schema version to 5.6
...
Closes gh-8974
2021-10-13 11:49:57 -06:00
Eleftheria Stein
ba8844a67e
Deprecate Kotlin methods that don't use reified types
...
Closes gh-10365
2021-10-13 10:16:37 +02:00
Marcus Da Coregio
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
Marcus Da Coregio
7112ee3eaa
Allow SAML 2.0 loginProcessingURL without registrationId
...
Closes gh-10176
2021-10-04 09:54:40 -03:00
Marcus Da Coregio
e36e2b2a97
Move Saml2AuthnRequestRepository to web package
...
Moving to solve package tangles
Issue gh-9185
2021-09-29 14:10:39 -03:00
Rob Winch
3b64cdfc03
Fix XsdDocumentedTests
...
Issue gh-5835
2021-09-24 10:25:26 -05:00
Josh Cummings
c3ba2332da
Wire BeanResolver into DefaultMethodSecurityExpressionHandler
...
Closes gh-10305
2021-09-22 14:14:29 -06:00
Josh Cummings
7b599d4770
Share JWKSource Instances
...
Closes gh-10312
2021-09-22 13:28:08 -06:00
Marcus Da Coregio
0364518b69
Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean
...
Closes gh-10268
2021-09-17 08:13:19 -03:00
Eleftheria Stein
1e76b11b3c
Remove duplicate entry from test LDIF file
...
Closes gh-10274
2021-09-16 10:26:06 +02:00
Josh Cummings
4f06fc6ed1
Add Saml2LogoutConfigurer
...
Closes gh-9497
2021-09-13 16:39:48 -06:00
Josh Cummings
6488295cad
Add RelyingPartyRegistrationResolver
...
Closes gh-9486
2021-09-13 16:39:48 -06:00
Derek Van Blerkom
58d50888df
Fix return type to allow further security config
2021-09-13 15:31:02 -03:00
Yanming Zhou
f2b2e6002f
Replace static "ROLE_" with customized role prefix
...
Fix gh-4134
2021-09-09 11:48:25 -06:00
Eleftheria Stein
3ab6bee856
Make method static to prevent circular dependency error
...
Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport.
Closes gh-10076
2021-08-11 13:46:45 +02:00
Marcus Da Coregio
662ab10416
Fix test getting stuck
...
The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class
Issue gh-6025
2021-07-27 14:55:53 -06:00
Marcus Da Coregio
16e17d242e
Add Saml2AuthenticationRequestRepository
...
Closes gh-9185
2021-07-27 14:55:53 -06:00
Josh Cummings
6b68a6d62b
Apply rnc2Xsd
...
Issue gh-8657
2021-07-27 13:22:42 -06:00
Josh Cummings
6370906ead
Add SpringOpaqueTokenIntrospector
...
Closes gh-9354
2021-07-26 10:50:50 -06:00
Abdul Al-Faraj
d1dfb2b9ee
Improve OpenSAML Version Check
...
Closes gh-10077
2021-07-26 10:42:40 -06:00
Nick McKinney
5c8fb254c2
Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL
...
Closes gh-9838
2021-07-16 15:42:00 +02:00
Nick McKinney
b1612b1283
Add AuthenticationDetailsSource to Form Login Kotlin DSL
...
Closes gh-9837
2021-07-16 15:42:00 +02:00
Rob Winch
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch
342884e851
kotlin uses @ExtendWith(SpringTestContextExtension::class)
...
cd config/src/test/kotlin
rg 'SpringTestContext' -l | xargs sed -i '/^import org.junit.jupiter.api.Test/a import org.junit.jupiter.api.extension.ExtendWith'
rg 'SpringTestContext' -l | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext/a import org.springframework.security.config.test.SpringTestContextExtension'
rg 'SpringTestContext' -l | xargs sed -i '/^class .*/i @ExtendWith(SpringTestContextExtension::class)'
2021-07-09 15:57:21 -05:00
Rob Winch
cc732bda3b
Use @ExtendWith(SpringExtension::class)
2021-07-09 15:57:21 -05:00
Rob Winch
3b3ccb962d
Fix @Test(expected =
2021-07-09 15:57:21 -05:00
Rob Winch
2bd55f0f62
@Test to JUnit 5 for kotlin
...
rg -g "*.kt" "import org.junit.Test" -l | xargs sed -i 's/import org.junit.Test/import org.junit.jupiter.api.Test/'
2021-07-09 15:57:21 -05:00
Rob Winch
e251abb1ae
more import cleanup
2021-07-09 14:49:47 -05:00
Rob Winch
3c4e15264c
Add @ExtendWith(SpringTestContextExtension.class)
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'
2021-07-09 14:49:46 -05:00
Rob Winch
7dfd169ece
Add import ExtendWith
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'
2021-07-09 14:49:45 -05:00
Rob Winch
e4b09f62f0
Add SpringTestContextExtension to existing ExtendWith
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' -l | xargs sed -E -i 's/@ExtendWith\((.*)\)/@ExtendWith({ \1, SpringTestContextExtension.class })/'
2021-07-09 14:49:42 -05:00
Rob Winch
5133340bf8
Add import SpringTestContextExtension
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext;/a import org.springframework.security.config.test.SpringTestContextExtension;'
2021-07-09 14:47:54 -05:00
Rob Winch
60078df62a
remove @Rule
...
rg '@Rule' -g '!buildSrc/**' -l | xargs sed -i '/@Rule/d'
rg 'import org.junit.Rule' -g '!buildSrc/**' -l | xargs sed -i '/import org.junit.Rule/d'
2021-07-09 14:46:51 -05:00
Rob Winch
671040bb27
SpringTestRule to SpringTestContext
...
rg 'new SpringTestRule()' -l | xargs sed -i 's/new SpringTestRule()/new SpringTestContext(this)/'
rg 'val spring = SpringTestRule()' -l | xargs sed -i 's/val spring = SpringTestRule()/val spring = SpringTestContext(this)/'
2021-07-09 14:41:51 -05:00
Rob Winch
e8c44e6390
Add SpringTestContextExtension
2021-07-09 14:35:10 -05:00
Rob Winch
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
Rob Winch
2a62c4d976
Fix NamespaceHttpInterceptUrlTests
2021-07-09 14:32:52 -05:00
Rob Winch
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
Eleftheria Stein
79054093c9
Add AuthenticationManager to Kotlin ServerHttpSecurityDsl
...
Closes gh-10053
2021-07-09 10:34:57 +02:00
Rob Winch
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
Eleftheria Stein
6a09ffe113
Add AuthenticationManager to Kotlin JwtDsl
...
Closes gh-10045
2021-07-08 13:50:09 +02:00
Eleftheria Stein
5c8e409d98
Add AuthenticationManager to Kotlin OpaqueTokenDsl
...
Closes gh-10044
2021-07-08 12:46:50 +02:00
Eleftheria Stein
b4f76b2314
Fix typo in Saml2Dsl
2021-07-08 12:03:29 +02:00
Eleftheria Stein
585788ad0a
Add AuthenticationManager to HttpSecurity
...
Closes gh-10040
2021-07-07 15:44:42 +02:00
Evgeniy Cheban
d121ab9565
Support A Well-Known URL for Changing Passwords
...
Closes gh-8657
2021-07-01 16:57:53 -06:00
Josh Cummings
e91cacfdaf
Polish no-parameter authorizeHttpRequests
...
- Cleaned up JavaDoc
- Updated implementation to align with no-parameter authorizeRequests
- Updated test names and content for clarity, specifically identified
tests that target no-parameter authorizeHttpRequests with noParameter in
the name
- Switched order of methods to match others in HttpSecurity
- Updated copyright year
Issue gh-9498
2021-06-28 15:45:24 -06:00
sdratler1
3820f0f3a3
Add no-parameter authorizeHttpRequests method
...
Closes gh-9498
2021-06-28 15:34:49 -06:00
/usr/local/ΕΨΗΕΛΩΝ
fe99c3b83b
https://stackoverflow.com/questions/67520600/redirect-to-different-page-after-login-based-on-user-role-with-spring-security/67531436#67531436
...
Closes gh-7282
2021-06-28 11:48:07 +02:00
Eleftheria Stein
94a3adb928
Apply DefaultLoginPageConfigurer before logout
...
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.
Closes gh-9973
2021-06-24 10:26:13 +02:00
Eleftheria Stein
dfd0047f0b
Disable default logout page when logout disabled
...
Closes gh-9475
2021-06-17 16:38:23 +02:00
Thomas Vitale
b44d0fb319
Load ReactiveJwtAuthenticationConverter bean in OAuth2 Resource Server config
...
When a bean of type ReactiveJwtAuthenticationConverter is defined,
the OAuth2 Resource Server configuration will use it automatically
when no other converter is defined through the DSL.
Closes gh-9698
2021-06-15 14:22:15 -06:00
Eleftheria Stein
aeed286e8a
Add AuthenticationManager to saml2Login Kotlin DSL
...
Closes gh-9905
2021-06-15 09:53:53 +02:00
Marcus Hert da Coregio
9d2db89838
Fix Adding Filter Relative to Custom Filter
...
Closes gh-9787
2021-06-14 14:37:21 -03:00
Josh Cummings
65239e93f9
Update Copyright Header
...
Issue gh-9845
2021-06-09 11:33:48 -06:00
Josh Cummings
5b49433ed1
Add GlobalMethodSecurityConfiguration Test
...
Issue gh-9845
2021-06-09 09:29:52 -06:00
Kay-Uwe Janssen
7a233c41f0
Some infrastructure beans are not marked properly
...
Added missing infrastructure role to methodSecurityMetadataSource bean
and move the post processing of the defaultMethodExpressionHandler to
the end of afterSingletonsInstantiated.
Closes gh-9845
2021-06-09 09:28:55 -06:00
theexiile1305
3074ad4136
Migrate Kotlin tests from java Mockito to Mockk
...
Closes gh-9785
2021-06-07 13:13:31 +02:00
Eleftheria Stein
204a32aba8
Replace < and > with < and > in Javadoc
...
Closes gh-9847
2021-06-04 12:26:07 +03:00
Rob Winch
68f91edbb8
Make XsdDocumentedTests Parsing More Lenient
...
Closes gh-9830
2021-05-27 18:37:14 -05:00
Rob Winch
8400b841e9
Improve XsdDocumentedTests Error Message
...
This makes it easier to compare the expected and actual values.
Closes gh-9829
2021-05-27 18:37:02 -05:00
Eleftheria Stein
fa77f4c8ff
Deprecate feature-policy where not already deprecated
...
Issue gh-9262
2021-05-19 10:04:09 +02:00
Eleftheria Stein
be903b8e25
Cleanup unused import
2021-05-19 10:04:09 +02:00
Eleftheria Stein
1728b06b30
Ensure Kotlin 1.3 compatibility
...
Closes gh-9765
2021-05-19 10:04:08 +02:00
Josh Cummings
67e5c05a47
Polish AuthorizationManager Method Security
...
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations
Issue gh-9289
2021-05-18 17:34:04 -06:00
Evgeniy Cheban
84e2e80915
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-05-18 17:34:04 -06:00
Josh Cummings
d203235567
Update to Spring Security 5.6
...
Closes gh-9695
2021-05-18 10:45:17 -06:00
Rob Winch
4d251157b2
opensaml4MainCompile
2021-05-17 23:21:17 -05:00
Rob Winch
eda38b8f88
opensaml fixes
2021-05-17 15:51:55 -05:00
Rob Winch
e5a652e749
Update to Kotlin 1.5.0
...
Closes gh-9763
2021-05-17 10:30:26 -05:00
Joe Grandja
e51ca79954
Document Jwt Client Authentication support
...
Closes gh-9578
2021-05-14 22:58:44 -04:00
Joe Grandja
f874a12ddb
Document jwt-bearer authorization grant
...
Closes gh-9580
2021-05-14 14:48:37 -04:00
Josh Cummings
ca2bc4feb3
Bump Schema Version
...
Closes gh-9694
2021-04-29 16:52:29 -06:00
Josh Cummings
4d564ffb50
Update AuthorizationManager references
...
Issue gh-9692
2021-04-28 11:58:30 -06:00
Josh Cummings
17cfc6ade3
Inline ResourceKeyConverterAdapter
...
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
Eleftheria Stein
de0cd11a72
Fix PreAuthorize when returning Kotlin Flow
...
Closes gh-9676
2021-04-28 12:33:18 +02:00
Joe Grandja
53e94bca45
Add oauth2Login() tests
...
Issue gh-9548 gh-9660 gh-9266
2021-04-20 08:37:19 -04:00
Joe Grandja
5afeaa3ce7
WebFlux httpBasic() matches on XHR requests
...
Closes gh-9660
2021-04-20 08:36:42 -04:00
Rob Winch
a31a855146
Fix HttpSecurity.addFilter* Ordering
...
Closes gh-9633
2021-04-14 17:47:31 -05:00
Denis Washington
2b4b856b32
Limit oauth2Login() links to redirect-based flows
...
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
2021-04-14 05:02:30 -04:00
Josh Cummings
163b5943ca
Revert AuthorizationManager Method Security
2021-04-12 15:53:22 -06:00
Josh Cummings
404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
...
This reverts commit d19ff12813
.
2021-04-12 14:43:37 -06:00
Josh Cummings
4e81bbe386
Revert "Add Saml2LogoutConfigurer"
...
This reverts commit 6f52baba29
.
2021-04-12 14:43:19 -06:00
Josh Cummings
6f52baba29
Add Saml2LogoutConfigurer
...
Closes gh-9497
2021-04-10 00:25:34 -06:00
Josh Cummings
d19ff12813
Publish CsrfTokenRepository as shared object
...
Closes gh-9595
2021-04-10 00:25:34 -06:00
Josh Cummings
df8abcfae7
Use Interceptors instead of Advice
...
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization
Issue gh-9289
2021-04-09 18:45:31 -06:00
Josh Cummings
6828987b4b
Add AfterMethodAuthorizationManager
...
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability
Closes gh-9591
2021-04-09 18:43:56 -06:00
Josh Cummings
2b494ebc5f
Polish AOP Structure
...
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes
Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler
...
Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
68cf74468c
Add check for custom advice
...
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified
Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
45376b359b
Adjust Packaging
...
Issue gh-9289
2021-04-09 17:46:32 -06:00
Evgeniy Cheban
20778f727b
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-04-09 17:46:32 -06:00
Josh Cummings
7ded671858
Refactor AuthenticationDetailsSource support
...
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle
Closes gh-9576
2021-04-09 12:41:16 -06:00
Eleftheria Stein
e03fe7f089
Add coroutine support to pre/post authorize
...
Closes gh-8143
2021-04-09 19:33:06 +02:00
Rob Winch
60d3db5798
add management platform(project(":spring-security-dependencies"))
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch
1a76ee7442
Update Gradle configuration names
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
Eleftheria Stein
0f3df3e714
Consider Order on SecurityFilterChain bean definitions
...
Closes gh-9154
2021-03-24 11:02:29 +02:00
Eleftheria Stein
f5fe64cd5b
Fix typo
2021-03-24 11:00:37 +02:00