Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,116 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1862 Commits

Author SHA1 Message Date
Josh Cummings 147ab42440
Revert "Pick up AuthorizationManager Bean" 
This reverts commit 32b83aae63.

Issue gh-11067
 2022-04-12 09:32:09 -06:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Josh Cummings 32b83aae63
Pick up AuthorizationManager Bean 
Closes gh-11067
Closes gh-11068
 2022-04-08 10:08:33 -06:00
Josh Cummings b39f213e64
Revert "Add AuthorizationManager to Messaging" 
This reverts commit 77a6e014a9.
 2022-04-07 17:39:34 -06:00
Josh Cummings 77a6e014a9
Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-04-07 17:39:10 -06:00
Josh Cummings 66213e5b2e
Add Default Test to HttpBasicConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:39 -06:00
Josh Cummings 47c8676be7
Polish Saml2LoginConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:38 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Josh Cummings a43677d36a
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 15:44:16 -06:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Yuriy Savchenko 446ab5047c
Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 09:39:06 -06:00
Yuriy Savchenko 3016ed0067
Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:27:29 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-11 17:21:49 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00
m0k045e 3aa7a65cb4 OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager 
Closes gh-10846
 2022-02-28 15:30:19 -07:00
Eleftheria Stein e97c643870 Deprecate WebSecurityConfigurerAdapter 
Closes gh-10822
 2022-02-17 12:13:50 +01:00
Eleftheria Stein c2635ba6bf Apply configurers from spring.factories to HttpSecurity bean 
Closes gh-10814
 2022-02-09 14:40:57 +01:00
Josh Cummings cbd87fac89 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:50:28 -07:00
Manuel Jordan 01ed617d5f Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:50:19 -07:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Rob Winch ba922dcdf0 Exclude javax from hibernate dependency 
Issue gh-10501
 2022-01-19 14:35:25 -06:00
Rob Winch 27e1a2ca69 Remove javax.transaction 
Issue gh-10501
 2022-01-19 14:35:05 -06:00
Rob Winch 9d4ecc9c37 Additional removal of javax.inject 
Issue gh-10501
 2022-01-19 14:34:45 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Rob Winch 3c641dee75 Remove commons-logging 
Closes gh-10499
 2022-01-19 14:33:44 -06:00
Eleftheria Stein a537b636c1 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:11:30 +01:00
Josh Cummings 75f25bff82 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 16:49:38 -07:00
Adam Ostrožlík 4ea57f3e3f Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 16:46:15 -07:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
heowc 1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio 18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Josh Cummings cd8983d4e5 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:14:40 -07:00
James Howe 5598688fa6 Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:06:30 -07:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Marcus Da Coregio ed3b0fbaad Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:47:49 -03:00
Steve Riesenberg df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi 925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg 074e38d565 Add missing since 
Issue gh-7765
 2021-12-02 12:09:57 -06:00
Steve Riesenberg 3af619d565 Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 12:01:11 -06:00
Josh Cummings a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Igor Pelesic a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00