Commit Graph

1949 Commits

Author SHA1 Message Date
Gaurav Tiwari 33708e61fb Add postProcess support to Saml2LogoutConfigurer
Closes gh-10311
2021-10-13 12:05:48 -06:00
Josh Cummings fbb7691be4 Polish SecurityNamespaceHandler Tests
Issue gh-8974
2021-10-13 11:50:14 -06:00
Emil Sierżęga 8daa6ec1fd SecurityNamespaceHandler: update schema version to 5.6
Closes gh-8974
2021-10-13 11:49:57 -06:00
Eleftheria Stein ba8844a67e Deprecate Kotlin methods that don't use reified types
Closes gh-10365
2021-10-13 10:16:37 +02:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2
Closes gh-9615
2021-10-04 15:19:40 -03:00
Marcus Da Coregio 7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId
Closes gh-10176
2021-10-04 09:54:40 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package
Moving to solve package tangles

Issue gh-9185
2021-09-29 14:10:39 -03:00
Rob Winch 3b64cdfc03 Fix XsdDocumentedTests
Issue gh-5835
2021-09-24 10:25:26 -05:00
Josh Cummings c3ba2332da Wire BeanResolver into DefaultMethodSecurityExpressionHandler
Closes gh-10305
2021-09-22 14:14:29 -06:00
Josh Cummings 7b599d4770 Share JWKSource Instances
Closes gh-10312
2021-09-22 13:28:08 -06:00
Marcus Da Coregio 0364518b69 Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean
Closes gh-10268
2021-09-17 08:13:19 -03:00
Eleftheria Stein 1e76b11b3c Remove duplicate entry from test LDIF file
Closes gh-10274
2021-09-16 10:26:06 +02:00
Josh Cummings 4f06fc6ed1 Add Saml2LogoutConfigurer
Closes gh-9497
2021-09-13 16:39:48 -06:00
Josh Cummings 6488295cad Add RelyingPartyRegistrationResolver
Closes gh-9486
2021-09-13 16:39:48 -06:00
Derek Van Blerkom 58d50888df Fix return type to allow further security config 2021-09-13 15:31:02 -03:00
Yanming Zhou f2b2e6002f Replace static "ROLE_" with customized role prefix
Fix gh-4134
2021-09-09 11:48:25 -06:00
Eleftheria Stein 3ab6bee856 Make method static to prevent circular dependency error
Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport.

Closes gh-10076
2021-08-11 13:46:45 +02:00
Marcus Da Coregio 662ab10416 Fix test getting stuck
The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class

Issue gh-6025
2021-07-27 14:55:53 -06:00
Marcus Da Coregio 16e17d242e Add Saml2AuthenticationRequestRepository
Closes gh-9185
2021-07-27 14:55:53 -06:00
Josh Cummings 6b68a6d62b
Apply rnc2Xsd
Issue gh-8657
2021-07-27 13:22:42 -06:00
Josh Cummings 6370906ead
Add SpringOpaqueTokenIntrospector
Closes gh-9354
2021-07-26 10:50:50 -06:00
Abdul Al-Faraj d1dfb2b9ee Improve OpenSAML Version Check
Closes gh-10077
2021-07-26 10:42:40 -06:00
Nick McKinney 5c8fb254c2 Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL
Closes gh-9838
2021-07-16 15:42:00 +02:00
Nick McKinney b1612b1283 Add AuthenticationDetailsSource to Form Login Kotlin DSL
Closes gh-9837
2021-07-16 15:42:00 +02:00
Rob Winch f73f213f50 Remove DependencySetPlugin
Closes gh-10070
2021-07-12 15:31:38 -05:00
Rob Winch 342884e851 kotlin uses @ExtendWith(SpringTestContextExtension::class)
cd config/src/test/kotlin
rg 'SpringTestContext' -l | xargs sed -i '/^import org.junit.jupiter.api.Test/a import org.junit.jupiter.api.extension.ExtendWith'
rg 'SpringTestContext' -l | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext/a import org.springframework.security.config.test.SpringTestContextExtension'
rg 'SpringTestContext' -l | xargs sed -i '/^class .*/i @ExtendWith(SpringTestContextExtension::class)'
2021-07-09 15:57:21 -05:00
Rob Winch cc732bda3b Use @ExtendWith(SpringExtension::class) 2021-07-09 15:57:21 -05:00
Rob Winch 3b3ccb962d Fix @Test(expected = 2021-07-09 15:57:21 -05:00
Rob Winch 2bd55f0f62 @Test to JUnit 5 for kotlin
rg -g "*.kt" "import org.junit.Test" -l | xargs sed -i 's/import org.junit.Test/import org.junit.jupiter.api.Test/'
2021-07-09 15:57:21 -05:00
Rob Winch e251abb1ae more import cleanup 2021-07-09 14:49:47 -05:00
Rob Winch 3c4e15264c Add @ExtendWith(SpringTestContextExtension.class)
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'
2021-07-09 14:49:46 -05:00
Rob Winch 7dfd169ece Add import ExtendWith
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'
2021-07-09 14:49:45 -05:00
Rob Winch e4b09f62f0 Add SpringTestContextExtension to existing ExtendWith
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' -l | xargs sed -E -i 's/@ExtendWith\((.*)\)/@ExtendWith({ \1, SpringTestContextExtension.class })/'
2021-07-09 14:49:42 -05:00
Rob Winch 5133340bf8 Add import SpringTestContextExtension
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext;/a import org.springframework.security.config.test.SpringTestContextExtension;'
2021-07-09 14:47:54 -05:00
Rob Winch 60078df62a remove @Rule
rg '@Rule' -g '!buildSrc/**' -l | xargs sed -i '/@Rule/d'
rg 'import org.junit.Rule' -g '!buildSrc/**' -l | xargs sed -i '/import org.junit.Rule/d'
2021-07-09 14:46:51 -05:00
Rob Winch 671040bb27 SpringTestRule to SpringTestContext
rg 'new SpringTestRule()' -l | xargs sed -i 's/new SpringTestRule()/new SpringTestContext(this)/'
rg 'val spring = SpringTestRule()' -l | xargs sed -i 's/val spring = SpringTestRule()/val spring = SpringTestContext(this)/'
2021-07-09 14:41:51 -05:00
Rob Winch e8c44e6390 Add SpringTestContextExtension 2021-07-09 14:35:10 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 2a62c4d976 Fix NamespaceHttpInterceptUrlTests 2021-07-09 14:32:52 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Eleftheria Stein 79054093c9 Add AuthenticationManager to Kotlin ServerHttpSecurityDsl
Closes gh-10053
2021-07-09 10:34:57 +02:00
Rob Winch 14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Eleftheria Stein 6a09ffe113 Add AuthenticationManager to Kotlin JwtDsl
Closes gh-10045
2021-07-08 13:50:09 +02:00
Eleftheria Stein 5c8e409d98 Add AuthenticationManager to Kotlin OpaqueTokenDsl
Closes gh-10044
2021-07-08 12:46:50 +02:00
Eleftheria Stein b4f76b2314 Fix typo in Saml2Dsl 2021-07-08 12:03:29 +02:00
Eleftheria Stein 585788ad0a Add AuthenticationManager to HttpSecurity
Closes gh-10040
2021-07-07 15:44:42 +02:00
Evgeniy Cheban d121ab9565 Support A Well-Known URL for Changing Passwords
Closes gh-8657
2021-07-01 16:57:53 -06:00
Josh Cummings e91cacfdaf
Polish no-parameter authorizeHttpRequests
- Cleaned up JavaDoc
- Updated implementation to align with no-parameter authorizeRequests
- Updated test names and content for clarity, specifically identified
tests that target no-parameter authorizeHttpRequests with noParameter in
the name
- Switched order of methods to match others in HttpSecurity
- Updated copyright year

Issue gh-9498
2021-06-28 15:45:24 -06:00
sdratler1 3820f0f3a3
Add no-parameter authorizeHttpRequests method
Closes gh-9498
2021-06-28 15:34:49 -06:00
/usr/local/ΕΨΗΕΛΩΝ fe99c3b83b
https://stackoverflow.com/questions/67520600/redirect-to-different-page-after-login-based-on-user-role-with-spring-security/67531436#67531436
Closes gh-7282
2021-06-28 11:48:07 +02:00
Eleftheria Stein 94a3adb928 Apply DefaultLoginPageConfigurer before logout
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
2021-06-24 10:26:13 +02:00
Eleftheria Stein dfd0047f0b Disable default logout page when logout disabled
Closes gh-9475
2021-06-17 16:38:23 +02:00
Thomas Vitale b44d0fb319 Load ReactiveJwtAuthenticationConverter bean in OAuth2 Resource Server config
When a bean of type ReactiveJwtAuthenticationConverter is defined,
the OAuth2 Resource Server configuration will use it automatically
when no other converter is defined through the DSL.

Closes gh-9698
2021-06-15 14:22:15 -06:00
Eleftheria Stein aeed286e8a Add AuthenticationManager to saml2Login Kotlin DSL
Closes gh-9905
2021-06-15 09:53:53 +02:00
Marcus Hert da Coregio 9d2db89838 Fix Adding Filter Relative to Custom Filter
Closes gh-9787
2021-06-14 14:37:21 -03:00
Josh Cummings 65239e93f9
Update Copyright Header
Issue gh-9845
2021-06-09 11:33:48 -06:00
Josh Cummings 5b49433ed1
Add GlobalMethodSecurityConfiguration Test
Issue gh-9845
2021-06-09 09:29:52 -06:00
Kay-Uwe Janssen 7a233c41f0 Some infrastructure beans are not marked properly
Added missing infrastructure role to methodSecurityMetadataSource bean
and move the post processing of the defaultMethodExpressionHandler to
the end of afterSingletonsInstantiated.

Closes gh-9845
2021-06-09 09:28:55 -06:00
theexiile1305 3074ad4136 Migrate Kotlin tests from java Mockito to Mockk
Closes gh-9785
2021-06-07 13:13:31 +02:00
Eleftheria Stein 204a32aba8 Replace < and > with &lt and &gt in Javadoc
Closes gh-9847
2021-06-04 12:26:07 +03:00
Rob Winch 68f91edbb8 Make XsdDocumentedTests Parsing More Lenient
Closes gh-9830
2021-05-27 18:37:14 -05:00
Rob Winch 8400b841e9 Improve XsdDocumentedTests Error Message
This makes it easier to compare the expected and actual values.

Closes gh-9829
2021-05-27 18:37:02 -05:00
Eleftheria Stein fa77f4c8ff Deprecate feature-policy where not already deprecated
Issue gh-9262
2021-05-19 10:04:09 +02:00
Eleftheria Stein be903b8e25 Cleanup unused import 2021-05-19 10:04:09 +02:00
Eleftheria Stein 1728b06b30 Ensure Kotlin 1.3 compatibility
Closes gh-9765
2021-05-19 10:04:08 +02:00
Josh Cummings 67e5c05a47 Polish AuthorizationManager Method Security
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
2021-05-18 17:34:04 -06:00
Evgeniy Cheban 84e2e80915 Consider AuthorizationManager for Method Security
Closes gh-9289
2021-05-18 17:34:04 -06:00
Josh Cummings d203235567
Update to Spring Security 5.6
Closes gh-9695
2021-05-18 10:45:17 -06:00
Rob Winch 4d251157b2 opensaml4MainCompile 2021-05-17 23:21:17 -05:00
Rob Winch eda38b8f88 opensaml fixes 2021-05-17 15:51:55 -05:00
Rob Winch e5a652e749 Update to Kotlin 1.5.0
Closes gh-9763
2021-05-17 10:30:26 -05:00
Joe Grandja e51ca79954 Document Jwt Client Authentication support
Closes gh-9578
2021-05-14 22:58:44 -04:00
Joe Grandja f874a12ddb Document jwt-bearer authorization grant
Closes gh-9580
2021-05-14 14:48:37 -04:00
Josh Cummings ca2bc4feb3
Bump Schema Version
Closes gh-9694
2021-04-29 16:52:29 -06:00
Josh Cummings 4d564ffb50
Update AuthorizationManager references
Issue gh-9692
2021-04-28 11:58:30 -06:00
Josh Cummings 17cfc6ade3
Inline ResourceKeyConverterAdapter
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
Eleftheria Stein de0cd11a72 Fix PreAuthorize when returning Kotlin Flow
Closes gh-9676
2021-04-28 12:33:18 +02:00
Joe Grandja 53e94bca45 Add oauth2Login() tests
Issue gh-9548 gh-9660 gh-9266
2021-04-20 08:37:19 -04:00
Joe Grandja 5afeaa3ce7 WebFlux httpBasic() matches on XHR requests
Closes gh-9660
2021-04-20 08:36:42 -04:00
Rob Winch a31a855146 Fix HttpSecurity.addFilter* Ordering
Closes gh-9633
2021-04-14 17:47:31 -05:00
Denis Washington 2b4b856b32 Limit oauth2Login() links to redirect-based flows
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
2021-04-14 05:02:30 -04:00
Josh Cummings 163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings 404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
This reverts commit d19ff12813.
2021-04-12 14:43:37 -06:00
Josh Cummings 4e81bbe386
Revert "Add Saml2LogoutConfigurer"
This reverts commit 6f52baba29.
2021-04-12 14:43:19 -06:00
Josh Cummings 6f52baba29
Add Saml2LogoutConfigurer
Closes gh-9497
2021-04-10 00:25:34 -06:00
Josh Cummings d19ff12813
Publish CsrfTokenRepository as shared object
Closes gh-9595
2021-04-10 00:25:34 -06:00
Josh Cummings df8abcfae7
Use Interceptors instead of Advice
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
2021-04-09 18:45:31 -06:00
Josh Cummings 6828987b4b
Add AfterMethodAuthorizationManager
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
2021-04-09 18:43:56 -06:00
Josh Cummings 2b494ebc5f
Polish AOP Structure
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings 62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler
Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings 68cf74468c
Add check for custom advice
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified

Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings 45376b359b
Adjust Packaging
Issue gh-9289
2021-04-09 17:46:32 -06:00
Evgeniy Cheban 20778f727b
Consider AuthorizationManager for Method Security
Closes gh-9289
2021-04-09 17:46:32 -06:00
Josh Cummings 7ded671858
Refactor AuthenticationDetailsSource support
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
2021-04-09 12:41:16 -06:00
Eleftheria Stein e03fe7f089 Add coroutine support to pre/post authorize
Closes gh-8143
2021-04-09 19:33:06 +02:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies"))
Closes gh-9540
2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names
Closes gh-9540
2021-04-05 10:36:36 -05:00
Eleftheria Stein 0f3df3e714 Consider Order on SecurityFilterChain bean definitions
Closes gh-9154
2021-03-24 11:02:29 +02:00
Eleftheria Stein f5fe64cd5b Fix typo 2021-03-24 11:00:37 +02:00
Josh Cummings d0d0a8d958 Add OpenSAML 4 Support
Closes gh-9095
2021-03-23 19:07:23 -06:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3"
This reverts commit f05cc6269c.
2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings b774e91734
Polish BearerTokenAuthenticationConverter
Issue gh-8840
2021-03-12 15:05:06 -07:00
Jeongjin Kim 31f310fd22
Add BearerTokenAuthenticationConverter
BearerTokenAuthenticationConverter is introduced to solve the
problem of not being able to change AuthenticationDetailsSource.
BearerTokenAuthenticationFilter delegates to
BearerTokenAuthenticationConverter the task of creating
BearerTokenAuthenticationToken and setting AuthenticationDetailsSource.
BearerTokenAuthenticationConverter is customizable and the customized
converter can be used in BearerTokenAuthenticationFilter.

Closes gh-8840
2021-03-12 15:05:06 -07:00
Eleftheria Stein 92b3a7b01b Clarify in .csrf() enables CSRF protection
Closes gh-9489
2021-03-05 16:11:12 +01:00
wonwoo cf2bb62442 Fix typo in doc 2021-03-05 14:09:30 +01:00
Han YanJing f3fa8e8800
Polish
Issue gh-9310
2021-03-02 12:04:22 -07:00
Han YanJing 6e41246a2b
Throw Saml2AuthenticationException
Closes gh-9310
2021-03-02 12:04:22 -07:00
Ivan Pavlov 857830f695 Add RememberMeDsl
Issue: gh-9319
2021-02-22 09:15:40 +01:00
Josh Cummings f129410ff9
Add Java 8 Polyfill for Apache DS tests
Closes gh-9416
2021-02-17 11:53:51 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies"
This reverts commit a85caa4098.
2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings ccb3b02888
Bearer Token Server-side Errors Return 500
Closes gh-9395
2021-02-10 12:35:34 -07:00
Josh Cummings ca5e303308
Fix Test Configuration
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable

Closes gh-9421
2021-02-10 11:31:30 -07:00
Josh Cummings 3e1616c311
Remove BearerTokenAuthenticationWebFilter
Closes gh-9377
2021-01-26 10:23:17 -07:00
Josh Cummings 76229cfab7
Migrate SAML 2.0 Tests and Docs to PCFOne
Issue gh-9362
2021-01-22 15:14:03 -07:00
Ihor Ilkevych 43a071a89e Add WebFlux oauth2Login with formLogin test
Closes gh-9326
2021-01-20 15:04:06 -05:00
Josh Cummings 65d3b0d71c
Add ResourceKeyConverterAdapter
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding

Issue gh-9316
2021-01-15 22:15:56 -07:00
Ivan Pavlov f4d78d00ef Extend CorsDsl with CorsConfigurationSource property
Issue: gh-9314
2021-01-13 10:22:07 +01:00
Evgeniy Cheban 8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods
Closes gh-9284
2021-01-09 21:42:16 +03:00
Eleftheria Stein 8cefc8a792 Fix bug with multiple AuthenticationManager beans
Closes gh-9256
2021-01-06 16:26:26 +01:00
Josh Cummings 337d24e6db
Update Copyright Messages
Issue gh-9202
2021-01-05 15:30:51 -07:00
Mazen Aissa c907838440
Make max-session configurable
Closes gh-9202
2021-01-05 15:30:51 -07:00
Josh Cummings c066e23a86
Add @since attributes
Issue gh-8900
2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager
Closes gh-8900
2020-12-16 15:58:36 -07:00
Nick McKinney 5306d4c4d5 Minor cleanup on Ant / Regex Request Matchers
- Removed duplicative code for transforming String into HttpMethod
 - Removed an unnecessary array initialization
2020-12-14 14:19:23 +01:00
Nick McKinney 6be25df1db Introduced DispatcherType request matcher
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.

Closes gh-9205
2020-12-14 14:19:23 +01:00
Christophe Gilles 54d3839f63 Add permissionsPolicy http header 2020-12-11 12:32:18 +01:00
Eleftheria Stein d3ef340b26 Fix typos 2020-12-03 11:05:22 +01:00
Joe Grandja 58e3235093 Deprecate ClientAuthenticationMethod BASIC and POST
Closes gh-9220
2020-11-25 15:13:28 -05:00
Josh Cummings 4602e9a661
Use HttpBasicConfigurer's Conneg Strategy
Closes gh-9100
2020-11-12 16:26:10 -07:00
Eleftheria Stein 5661e06e9c Fix typo UserDetailService -> UserDetailsService 2020-11-09 13:13:32 +01:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Eleftheria Stein 5c8972b7d5 Add test for ordered WebSecurityCustomizers
Issue gh-9154
2020-11-02 14:19:14 +01:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Eleftheria Stein aac6d2f56b Kotlin MockMvc result matchers use parentheses
Closes gh-9155
2020-10-27 10:57:49 +01:00
Josh Cummings b1a3aef4f8
Update Test Controllers
Closes gh-9121
2020-10-12 17:41:16 -06:00
Josh Cummings 366146ff80
Polish JWT Signature Algorithm Discovery
- Moved support to JwtDecoders and ReactiveJwtDecoders since there is
already the expectation that those classes make an outbound connection
to complete configuration. Since there's no outbound connection when
configuring a NimbusJwtDecoder or NimbusReactiveJwtDecoder, it would be
more intrusive to change that.

Closes gh-7160
2020-10-09 14:17:30 -06:00
Nick Hitchan 290786438c
Add Support for JWK Signature Algorithm Discovery
Issue gh-7160
2020-10-09 13:09:38 -06:00
Josh Cummings ce68431037
Bump Schema, Serialization, and Taglib to 5.5 2020-10-07 17:17:58 -06:00
Artem Grankin dc5f2444ae Replace expired msdn link with latest web archive copy
Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016
2020-09-28 17:04:59 -06:00
Geonu Jeon fd615535b3 fix comment of authenticationFailureHandler 2020-09-24 05:18:22 -04:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ
Replace JUnit ExpectedException @Rules with AssertJ calls.
2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ
Replace manual try/catch/fail blocks with AssertJ calls.
2020-09-22 16:13:51 -06:00
Josh Cummings b667cbbb86
Align Raw Types
Closes gh-9026
2020-09-18 16:21:53 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0"
This reverts commit 3d0e459182.
2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Eleftheria Stein 4e2a050c14 Customizer for WebSecurity
Closes gh-8978
2020-09-09 09:34:52 -04:00
Josh Cummings fa7baf551d
Restructure Logs
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
2020-09-02 07:37:59 -06:00
Evgeniy Cheban 17f1540280 Resolve oauth2 client placeholders
Closes gh-8453
2020-09-01 08:26:44 -04:00
Eleftheria Stein 902fca65a4 Add authenticationManagerResolver to Kotlin DSL
Closes gh-8981
2020-08-28 11:48:55 +02:00
Rob Winch 2abf59b695 Merge Formatting Changes
Issue gh-8945
2020-08-24 17:33:23 -05:00
Rob Winch 254f2e2aec Polish config format
Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 2f8e835b11 Use assertThatObject to save casting
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 0a3eeb9c80 Remove incorrect AssertJ imports
Fix a few tests that were accidentally importing incorrect AssertJ
classes.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb 7bf6008efe Polish spring-security-config main code
Manually polish `spring-security-config` following the formatting
and checkstyle fixes.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb ee661f7b71 Fix whitespace issues in format-off code
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 612fb22a7f Remove unnecessary lambda blocks
Remove lambda blocks that aren't needed and replace instead with a
simple expression.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 52f20b5281 Use parenthesis with single-arg lambdas
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 01d90c9881 Hide utility class constructors
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb ff94944313 Add whitespace after copyright header
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 31ec450d05 Remove superfluous comments
Remove a few comments that previously add noise but don't offer a great
deal of value.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 8d80166aaf Update exception variable names
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb e9130489a6 Remove restricted static imports
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb b69825d925 Simplify boolean expression
Simplify boolean expression of the form `if (b == true)` to instead
just use the form `if (b)`.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb db55ef4b3b Migrate to BDD Mockito
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb f1cee9500f Ensure classes are defined in their own files
Ensure that all classes are defined in their own files. Mostly classes
have been changed to inner-types.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 053af720a4 Ensure no whitespace before lines
Fix a few issues cause by the automatic formatting that meant additional
leading whitespace was present.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb 4d487e8dc3 Ensure all files end with a new line
Update all files to ensure that they always end with a new-line
character.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 218480fb7c Reduce the number of nested if statements
Refactor `HeadersBeanDefinitionParser` and `AclImpl` to reduce the
number of nested if statements. A few extracted methods are now used
to hopefully improve readability.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a0b9442265 Use consistent modifier order
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 3e700e7571 Remove (non-Javadoc) comments
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb a2f2e9ac8d Move inner-types so that they are always last
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 9e08b51ed3 Apply code cleanup rules to projects
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 8866fa6fb0 Always use 'this.' when accessing fields
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 6894ff5d12 Make classes final where possible
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb b5d499e2eb Remove empty block
Refactor a few classes so that empty blocks are not longer used. For
example, rather than:

	if(x) {
	} else {
		i++;
	}

use:

	if(!x) {
		i++;
	}

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 37fa94fafc Organize imports
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 8142e4046f Use compact annotation style
Always use compact annotations when possible. For example, replace
`@Target(value = ElementType.TYPE)` with `@Target(ElementType.TYPE)`.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 71bc145ae4 Remove superfluous comments
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.

Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat
Run `./gradlew format` to reformat all java files.

Issue gh-8945
2020-08-24 17:32:56 -05:00
Martin Vietz 0486d5add9 scopes_supported metadata not used as default in ClientRegistrations
Closes gh-8514
2020-08-20 08:09:54 -04:00
Josh Cummings af5c55c380
Polish AuthnRequest Customization Support
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.

Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.

Issue gh-8776
2020-08-19 14:27:31 -06:00
Josh Cummings 1069e91645
RSocket Deprecations
Stop using deprecated RSocket APIs in integration tests

Issue gh-8948
2020-08-13 17:51:59 -06:00
koishikawa11 be6d2f117e
Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL
Closes gh-8892
2020-08-11 07:59:22 -04:00
Phillip Webb 9caa39e370 Fix malformed formatter-on/off javadoc
Remove the formatter-on/formatter-off comments from Javadoc examples
so that they don't confuse checkstyle. The comments are not necessary
in the Javadoc since `pre` blocks are not formatted in the same
way as code.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 8e092f8d2c Add noformat blocks around withDefaultPasswordEncoder
Find `withDefaultPasswordEncoder` calls and protect them against
formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 6979125ccf Add noformat blocks around User.withUsername
Find `User.withUsername` calls and protect them against formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 63b5998fad Add noformat blocks around auth config
Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 103d822e46 Add noformat blocks around http config
Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Phillip Webb 27ac046d8a Rename *Test.java -> *Tests.java
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1"
This reverts commit f3a1e5d40c.
2020-08-05 14:59:11 -04:00
Rob Winch 74b42ba956 Move RSocket integration tests to integration tests
Closes gh-8944
2020-08-05 13:23:20 -05:00