6f0029fc44
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-02 17:04:44 -06:00
0048805c2a
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext
...
Closes gh-10779
2022-01-31 10:17:40 -03:00
08821369a3
Add Request-based AuthenticationManagerResolvers
...
Closes gh-6762
2022-01-26 09:21:07 -07:00
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
2624150052
Add serialVersionUID to DefaultSavedRequest and SavedCookie
...
Closes gh-10594
2022-01-18 09:36:54 -03:00
feff747669
Polish multiple RequestRejectedHandlers support
...
Issue gh-10603
2022-01-14 17:21:04 -07:00
27cfb9c89d
Support multiple RequestRejectedHandler beans
...
Closes gh-10603
2022-01-14 17:21:00 -07:00
b2fe9149cf
Use noNullElements
...
Collection#contains(null) does not work for all collection types
Issue gh-10703
2022-01-14 14:33:17 -07:00
6c5fd38a3f
Fix typo
2022-01-10 16:24:53 +01:00
750dcafbd2
Fix @since tag
...
Issue gh-10590, gh-10554
2022-01-06 13:21:26 -03:00
d884d9a461
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2021-12-13 09:19:41 -03:00
51b4bd67c9
Add RequestMatcherEntry
2021-12-13 09:19:28 -03:00
eda346863d
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2021-12-13 09:19:13 -03:00
c68a75bcde
Correct imports to jakarta
...
Issue gh-9385, gh-10118
2021-12-08 11:43:13 +01:00
0beb725259
Add Cross Origin Policies headers
...
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers
Closes gh-9385, gh-10118
2021-12-08 11:07:09 +01:00
aa3c883f87
Use BDD in tests
2021-12-02 17:40:25 -06:00
d37ff18b69
Polish gh-9597
2021-12-02 17:24:17 -06:00
c57fc309c2
Set details on authentication token created by HttpServlet3RequestFactory
...
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.
Closes gh-9579
2021-12-02 17:24:17 -06:00
5dd2565348
Update copyright year
...
Issue gh-10557
2021-12-01 17:34:16 -06:00
41c6776455
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 14:55:50 -06:00
7e55c84cfc
Add Missing Since
...
Issue gh-10482
2021-11-30 15:15:35 -07:00
72109e2921
PermitAllSupport supports AuthorizeHttpRequestsConfigurer
...
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
2021-11-30 15:00:04 -07:00
898ba67098
Polish gh-10007
2021-11-30 13:59:55 -06:00
9f51240bf1
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
2021-11-30 13:59:55 -06:00
9a9136d96d
Fix import spacing
2021-11-30 13:56:46 -06:00
c6a27d44e5
Remove failing test due to HttpMethod changes
...
Closes gh-10569
2021-11-30 13:31:39 -06:00
25feedb870
Fix removal of framework deprecated code
...
Issue https://github.com/spring-projects/spring-framework/issues/27686
2021-11-19 13:06:13 -03:00
bd34d70f97
Prevent Save @Transient Authentication with existing HttpSession
...
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.
This commit always prevents @Transient Authentication from being saved.
Closes gh-9992
2021-11-16 14:45:34 -06:00
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
caad3d57e2
Improve log message when no CSRF token found
...
Closes gh-10436
2021-10-29 14:06:17 -03:00
04b47c5928
Fixed various broken links in Javadocs
2021-10-21 11:47:04 +02:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
e1f4ec1137
Fix Jackson
2021-10-18 21:03:12 -05:00
faec20bc69
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-14 09:27:02 -03:00
7b98c2ea95
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-12 13:32:29 -06:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
7d81a52780
Allow AuthenticationPrincipal argument type to be primitive
...
Closes gh-10172
2021-10-04 16:22:21 +02:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
a4c088a3b3
Introducing WebSessionServerLogoutHandler
...
Closes gh-4838
2021-08-16 13:08:35 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
f800d2c993
Add hamcrest dependency
2021-07-09 15:57:21 -05:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
d121ab9565
Support A Well-Known URL for Changing Passwords
...
Closes gh-8657
2021-07-01 16:57:53 -06:00
3219fd554d
DigestAuthenticationFilter decodes nonce only once
...
Closes gh-8455
2021-06-18 15:25:00 -04:00
Rob Winch
Marcus Da Coregio
Josh Cummings
Juan Carlos
Adam Ostrožlík
heowc
Eleftheria Stein
Steve Riesenberg
Karl Tinawi
Igor Pelesic
Guirong Hu
Emil Sierżęga
Bogdan Ilchyshyn
Hiroshi Shirosaki
Evgeniy Cheban
Alexey Markevich