Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,311 Commits 33 Branches 337 Tags
Commit Graph

2652 Commits

Author SHA1 Message Date
Josh Cummings
37a2812d1a
Mimic Annotation Fallback Logic 
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.

This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.

Issue gh-15352
 2024-07-31 16:17:42 -06:00
Marcus Hert Da Coregio
304685521c Fix tags order 2024-07-29 15:35:48 -03:00
Marcus Hert Da Coregio
8231b8a03b Merge branch '6.3.x' 2024-07-29 14:56:16 -03:00
Marcus Hert Da Coregio
c1b3b329af Merge branch '6.2.x' into 6.3.x 2024-07-29 14:56:09 -03:00
baezzys
3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource 
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
 2024-07-29 14:55:55 -03:00
Marcus Hert Da Coregio
98af8d1123 Add permissionsPolicyHeader 
This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`.

Closes gh-14803
 2024-07-29 09:26:42 -03:00
Josh Cummings
9d8888c5f0 Use AssertingPartyMetadata 
Issue gh-15394
 2024-07-19 18:48:23 -07:00
Josh Cummings
fdcf3c6df9
Merge branch '6.3.x' 2024-07-18 15:51:21 -06:00
Josh Cummings
ba714d78ab
Merge branch '6.2.x' into 6.3.x 
Closes gh-15440
 2024-07-18 15:51:10 -06:00
Josh Cummings
3daeeb8789
Merge branch '5.8.x' into 6.2.x 
Closes gh-15439
 2024-07-18 15:50:58 -06:00
Josh Cummings
dab48d25b0
Improve Error Message When Registration Missing 
Closes gh-15363
 2024-07-18 15:50:41 -06:00
Josh Cummings
796e4d6b6c
Add query parameter support for authn requests 
Closes gh-15017
 2024-07-13 23:57:57 -06:00
Josh Cummings
8ee497f4c5
Merge branch '6.2.x' into 6.3.x 
Closes gh-15410
 2024-07-12 11:04:08 -06:00
Josh Cummings
7422a1134a Allow logout+jwt JWT type 
Closes gh-15003
 2024-07-12 10:03:40 -07:00
Josh Cummings
773e86701e
Add ParameterRequestMatcher 
Closes gh-15342
 2024-07-02 15:17:54 -06:00
Marcus Hert Da Coregio
aa9c1bab67 Upgrade to Spring Framework 6.2.0-M4 
Closes gh-15266
 2024-06-18 14:07:05 -03:00
Josh Cummings
0e7566ede3
Adjust any-request check 
Storing the request matcher outside of the for loop means that
if one of the SecurityFilterChain instances is not of type
DefaultSecurityFilterChain, then the error may print out an
earlier request matcher instead of the current one.

Instead, this commit changes to print out the entire filter chain
so that it can be inside of the for loop, regardless of type.

Issue gh-15220
 2024-06-17 14:34:03 -06:00
Max Batischev
4c780bf8d4 Add support checking AnyRequestMatcher securityFilterChains 
Closes gh-15220
 2024-06-17 13:05:36 -06:00
Steve Riesenberg
7eaab95639
Polish gh-15237 2024-06-13 16:05:15 -05:00
Max Batischev
4e52eda0f5
Add support configuring OAuth2AuthorizationRequestResolver as bean 
Closes gh-15236
 2024-06-13 16:05:15 -05:00
Marcus Hert Da Coregio
b4c8fdf91d Add missing @Test annotation 2024-06-10 15:43:52 -03:00
Marcus Hert Da Coregio
7c43fc111f Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL 
Closes gh-15136
 2024-06-10 15:41:28 -03:00
Josh Cummings
4ca0de9c2d
Sync XSD with RncToXsd Task 2024-06-06 15:17:56 -06:00
Josh Cummings
a7f9ccb6d6
Use GrantedAuthorityDefaults Bean in Kotlin DSL 
Closes gh-15171
 2024-06-06 15:16:32 -06:00
Josh Cummings
87ee464dce
Merge branch '6.3.x' 2024-06-06 13:36:39 -06:00
Josh Cummings
22c7b8760a
Merge branch '6.2.x' into 6.3.x 
Closes gh-15211
 2024-06-06 13:36:20 -06:00
Josh Cummings
f231ea277d
Merge branch '5.8.x' into 6.2.x 
Closes gh-15210
 2024-06-06 13:35:56 -06:00
Josh Cummings
6aabd768a8
Pick MvcRequestMatcher for MockMvc requests 
Closes gh-13849
 2024-06-06 13:17:43 -06:00
Josh Cummings
81abc453fe
Merge branch '6.3.x' 2024-06-03 17:43:12 -06:00
Josh Cummings
0aed8df549
Merge branch '6.2.x' into 6.3.x 
Closes gh-15197
 2024-06-03 17:42:58 -06:00
Josh Cummings
d6228e0882
Merge branch '5.8.x' into 6.2.x 
Closes gh-15196
 2024-06-03 17:42:25 -06:00
Josh Cummings
cdd626644e Use Request-Level Servlet Context 
Spring Security cannot use the ServletContext attached
to the ApplicationContext since there may be child
ApplicationContext's with their own ServletContext.

Because of that, it is necessary to always use the
ServletContext attached to the request.

Closes gh-14418
 2024-06-03 17:41:51 -06:00
Josh Cummings
5a798e93f1 Polish MVC Tests 
Issue gh-14418
 2024-06-03 17:41:51 -06:00
Josh Cummings
9101bf1f7d
Allow logout+jwt JWT type 
Closes gh-15003
 2024-05-31 14:41:05 -06:00
Josh Cummings
f104d1aeea
Update Copyright 
PR gh-15013
 2024-05-31 12:39:17 -06:00
earlgrey02
3b7f714f00 Add SecurityContextRepository to Kotlin Reactive DSL 2024-05-31 12:38:17 -06:00
Marcus Hert Da Coregio
c89647a56e Deprecate shouldFilterAllDispatcherTypes from Kotlin DSL 
Issue gh-12138
 2024-05-27 09:00:54 -03:00
Marcus Hert Da Coregio
9f44f3b79a Deprecate authorizeRequests from Kotlin DSL 
Closes gh-15173
 2024-05-27 08:51:32 -03:00
Marcus Hert Da Coregio
f6ea99d8a3 Prepare for Spring Security 6.4 
Closes gh-15155
 2024-05-24 11:41:28 -03:00
Marcus Hert Da Coregio
ddcaeb5c20 Serialize objects from 6.3.x 
Issue gh-3737
 2024-05-24 09:47:29 -03:00
Marcus Hert Da Coregio
08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Marcus Hert Da Coregio
b3c7f3ff19 Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision 
Issue gh-7395
 2024-04-30 08:38:03 -03:00
Josh Cummings
47775f5167
Merge branch '6.2.x' 2024-04-26 17:09:29 -06:00
Josh Cummings
29d3b438b9
Merge branch '6.1.x' into 6.2.x 2024-04-26 17:09:17 -06:00
Josh Cummings
1ecb036fba
Merge branch '5.8.x' into 6.1.x 2024-04-26 17:09:05 -06:00
sheheryarumair
0e211382ee Remove useBase64 parameter 2024-04-26 17:05:49 -06:00
Josh Cummings
11421c6385
Merge branch '6.2.x' 2024-04-25 14:03:27 -06:00
Josh Cummings
664dfd9b45
Defer Anonymous Filter Construction 
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.

This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.

Closes gh-14941
 2024-04-25 14:03:10 -06:00
Daniel Garnier-Moiroux
7ddc00521e Improve logging for Global Authentication 
Closes gh-14663
 2024-04-25 11:35:59 -06:00
Josh Cummings
2bcbef1695
Add Saml2Logout DSL Support 
Closes gh-14935
 2024-04-22 11:12:45 -06:00