e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
f5a4b520d1
Merge branch '6.0.x'
...
Closes gh-12781
2023-02-24 11:04:03 -07:00
bbd31f0e33
Defer ObservationRegistry Lookup
...
Closes gh-12780
2023-02-24 11:03:32 -07:00
963a18a27f
Merge branch '6.0.x'
...
Closes gh-12778
2023-02-23 15:17:47 -03:00
7d22e02593
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12777
2023-02-23 15:17:25 -03:00
97ba596ca3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12776
2023-02-23 15:17:04 -03:00
1c3ce1e401
Fix entity-id ignored in RelyingPartyRegistration XML config
...
Closes gh-11898
2023-02-23 15:16:40 -03:00
afb5a4ae2c
Merge branch '6.0.x'
...
Closes gh-12688
2023-02-16 14:56:55 -07:00
cedb9fd199
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12687
2023-02-16 14:56:32 -07:00
0baf650f38
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12686
2023-02-16 14:55:22 -07:00
000b4bc495
Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
...
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
2023-02-16 14:54:44 -07:00
cef13a6a16
Fix Javadoc Type Parameter
2023-02-15 15:31:09 -07:00
c79dac49ca
Fix Typo
2023-02-15 15:31:09 -07:00
d91837eadc
Merge branch '6.0.x'
...
Closes gh-12641
2023-02-07 12:46:42 -07:00
7dd5cc6082
Pick Up Custom SecurityContextRespository
...
Closes gh-12579
2023-02-07 12:46:12 -07:00
c66370c092
Update javadoc in EnableWebSecurity
2023-02-07 12:45:23 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
da28a426f2
Merge branch '6.0.x'
...
Closes gh-12625
2023-02-03 14:35:08 -03:00
3572111cf5
Add JwtDecoder hint for oauth2Login
...
Closes gh-12615
2023-02-03 14:34:32 -03:00
59829321a8
Allow configuring SecurityContextRepository for BasicAuthenticationFilter
...
Closes gh-12031
2023-02-03 10:09:16 -06:00
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
13487be268
Default to XorCsrfChannelInterceptor in 6.0.x
...
Closes gh-12378
2023-01-26 15:45:04 -06:00
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
1243d1327e
Merge branch '6.0.x'
...
Closes gh-12593
2023-01-26 14:09:19 -07:00
c3563df25a
Include HttpStatusRequestRequestedHandler
...
Closes gh-12548
2023-01-26 14:07:22 -07:00
66711f2365
Add RequestRejectedHandler Test
...
Issue gh-12548
2023-01-26 13:07:16 -07:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
d84b8d2d12
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context
...
Closes gh-12473
2023-01-10 10:54:37 -07:00
e61b17fe13
Merge branch '6.0.x'
...
Closes gh-12514
2023-01-10 10:21:38 -07:00
5b6b3d585f
Change EnableReactiveMethodSecurity Defaults
...
Closes gh-12506
2023-01-10 08:30:52 -07:00
e139f1c2ba
Polish gh-12438
2022-12-22 11:16:19 -05:00
919280b3e4
Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration
...
Closes gh-12430
2022-12-22 10:12:18 -05:00
ca333203aa
Merge branch '6.0.x'
...
Closes gh-12372
2022-12-14 10:30:55 -03:00
7080ea652f
Add hints for ProxyFactoryBean AuthenticationManager
...
Closes gh-12367
2022-12-14 10:16:04 -03:00
03438ffc03
Merge branch '6.0.x'
2022-12-05 14:57:43 -08:00
f1698ec188
Fix removed code by merge
2022-12-05 14:57:28 -08:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
f39f215140
Replace javadoc with SecurityFilterChain bean definition
2022-12-05 14:40:05 -08:00
a5464ed819
Fix typo in DefaultLoginPageConfigurer Javadoc
...
'isLogoutRequest' seems to have nothing to do here.
2022-12-05 14:31:15 -08:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
e774bd480b
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12261
2022-11-21 10:25:43 -03:00
f561d3784e
Improve deprecation notice in WebSecurityConfigurerAdapter
...
Closes gh-12260
2022-11-21 10:05:08 -03:00
dd9f954ace
Fix tests in CsrfConfigurerTests
...
Closes gh-12241
2022-11-18 14:58:41 -06:00
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository
...
Issue gh-12236
2022-11-18 13:12:59 -06:00
hdeadman
Josh Cummings
Marcus Da Coregio
Leonid Rozenblyum
twosom
Tobias Meurer
Evgeniy Cheban
Steve Riesenberg
Joe Grandja
Spas Poptchev
Mitja Kotnik
Guillaume Husta