Commit Graph

1466 Commits

Author SHA1 Message Date
Steve Riesenberg 43a1f8249c
Update What's New for 6.0 2022-09-29 15:57:48 -05:00
Steve Riesenberg 4d62621094
Merge branch '5.8.x' 2022-09-29 14:09:21 -05:00
Steve Riesenberg 7b1158ddb7
Merge branch '5.7.x' into 5.8.x 2022-09-29 14:09:10 -05:00
Steve Riesenberg 70c61dc1dd
Merge branch '5.6.x' into 5.7.x 2022-09-29 14:08:17 -05:00
Dan Allen c44230ba24
switch to offical Antora plugin for Gradle
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
Steve Riesenberg 6c6aedf772
Update What's New for 6.0 2022-09-26 10:07:50 -05:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login()
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
2022-09-26 10:06:31 -05:00
Steve Riesenberg c0e784b16d
Update What's New for 6.0 2022-09-26 09:48:52 -05:00
Steve Riesenberg bcb21c9384
Merge branch '5.8.x'
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
Steve Riesenberg 46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch 0efe26c1fd Merge branch '5.8.x'
Closes gh-11894
2022-09-22 13:47:04 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
2022-09-22 11:09:44 -05:00
Josh Cummings 70460ca009
Adjust OAuth2 Resource Server packaging
Closes gh-7349
2022-09-20 17:44:05 -06:00
Josh Cummings 61c80bcac5
Move Saml2 Authentication Filters
Closes gh-8819
2022-09-20 17:18:05 -06:00
Rob Winch 48e31f87e4 Remove Deprecated OpenSAML 3 Support
Closes gh-10556
2022-09-20 16:57:38 -06:00
Marcus Da Coregio 983ca6ea27 Update What's New for 5.8 2022-09-20 08:33:38 -03:00
Marcus Da Coregio 2b4a3a85f9 Update What's New for 6.0 2022-09-20 08:33:11 -03:00
github-actions[bot] 9564f1b5e4 Next development version 2022-09-19 16:55:17 +00:00
github-actions[bot] 009032e03c Next development version 2022-09-19 15:47:44 +00:00
github-actions[bot] dcbe900ff8 Release 5.8.0-M3 2022-09-19 15:24:11 +00:00
github-actions[bot] a0a92b81f7 Release 6.0.0-M7 2022-09-19 15:23:23 +00:00
Steve Riesenberg 8f44f74d44
Update What's New for 5.8 2022-09-14 15:13:41 -05:00
Steve Riesenberg 70eea8dc67
Update What's New for 5.8 2022-09-14 14:58:48 -05:00
Steve Riesenberg 2431dd1103
Merge branch '5.8.x' 2022-09-13 17:38:10 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
2022-09-13 16:45:36 -05:00
Dan Allen 3387149a0f repurpose 5.6.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:41:12 -05:00
Dan Allen 3e42119f84 repurpose 5.7.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:37:13 -05:00
Dan Allen ab9ed26ad2 repurpose 5.8.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 14:40:56 -05:00
Dan Allen d22ee32c7d reconfigure branch for local builds and as scheduler for docs workflows
- set up placeholder and trigger for Deploy Docs workflow in docs-build branch
- set up placeholder and trigger for Rebuild Search Index workflow in docs-build branch
- remove obsolete Deploy Reference workflow
- upgrade Antora to 3.1
- reconfigure docs build for local build only
- add patch to support using linked worktree as Antora content source
- remove Antora extensions only needed for the production docs build
2022-09-09 12:57:00 -05:00
Rob Winch 5ae492b1c1 Add What's New @WithMockUser Supported as Merged Annotation 2022-09-08 09:49:00 -05:00
Rob Winch d996c2a2c6 Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`
This method is insecure. Users should instead encrypt with their database.

Closes gh-8980
2022-09-07 13:51:58 -05:00
Steve Riesenberg ed41a60aae
Merge branch '5.8.x'
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
#	config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
#	web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
2022-09-06 11:51:55 -05:00
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
Marcus Da Coregio e17989d92d Merge branch '5.8.x' 2022-09-01 09:39:33 -03:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
Steve Riesenberg 8474acebf2
Merge branch '5.8.x' 2022-08-29 15:12:48 -05:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-26 16:01:40 -06:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support
Closes gh-11326
2022-08-26 15:59:08 -06:00
Josh Cummings 84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 14:46:48 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements
Issue gh-9401
2022-08-25 14:36:03 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support
Closes gh-10920
2022-08-25 14:36:02 -06:00
Rob Winch 81d6b6df6c Add Explicit SessionAuthenticationStrategy Option
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
2022-08-18 17:38:03 -05:00
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
2022-08-18 17:00:47 -05:00
jujunChen 13feb87171
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
jujunChen d93bde7465
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:06 -06:00
jujunChen e3d85881e9
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:48:14 -06:00