47775f5167
Merge branch '6.2.x'
2024-04-26 17:09:29 -06:00
29d3b438b9
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:09:17 -06:00
1ecb036fba
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:09:05 -06:00
0e211382ee
Remove useBase64 parameter
2024-04-26 17:05:49 -06:00
11421c6385
Merge branch '6.2.x'
2024-04-25 14:03:27 -06:00
664dfd9b45
Defer Anonymous Filter Construction
...
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.
This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.
Closes gh-14941
2024-04-25 14:03:10 -06:00
7ddc00521e
Improve logging for Global Authentication
...
Closes gh-14663
2024-04-25 11:35:59 -06:00
2bcbef1695
Add Saml2Logout DSL Support
...
Closes gh-14935
2024-04-22 11:12:45 -06:00
a4dbf458ab
Add relying-party-registrations#id
...
Closes gh-14487
2024-04-18 12:56:56 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
fd891d8fe3
Add proxyBeanMethods=false
...
Addresses too early creation warning of a configuration imported by
ReactiveOAuth2ClientConfiguration.
Closes gh-14900
2024-04-12 11:17:41 -05:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
75197ca531
inject PasswordEncoder into DaoAuthenticationProvider constructor
...
Closes gh-14691
2024-04-08 09:39:25 -05:00
d6ae058ee1
Merge branch '6.2.x'
...
Closes gh-14866
2024-04-08 11:16:30 -03:00
697d0c9af4
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14865
2024-04-08 11:16:15 -03:00
472c9f8275
Avoid initializing raw bean during runtime in native-images
...
Closes gh-14825
2024-04-08 11:11:23 -03:00
61e93ee68b
Merge branch '6.2.x'
2024-04-04 14:56:32 -05:00
16e2bdc9bc
Merge branch '6.1.x' into 6.2.x
2024-04-04 14:55:45 -05:00
c2447ec257
Merge branch '5.8.x' into 6.1.x
2024-04-04 14:55:03 -05:00
39dbd24dcb
Polish gh-14742
2024-04-04 14:51:19 -05:00
bb43174752
Fix Bean Name
...
Issue gh-14480
2024-04-04 13:30:30 -06:00
3f7355abc6
Synthesize all annotation attributes
...
Issue gh-14601
2024-04-04 13:30:29 -06:00
33ebd5405a
Removed dataSource null validation
...
Fixed data source validation
2024-04-04 14:21:18 -05:00
6f07d63938
Support SpEL Returning AuthorizationDecision
...
Closes gh-14598
2024-04-04 11:32:00 -06:00
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
...
This reverts commit 77f2977c55
2024-04-04 11:31:45 -06:00
77f2977c55
Support SpEL Returning AuthorizationDecision
...
Closes gh-14599
2024-04-04 09:52:15 -07:00
d85857f905
Add Authorization Denied Handlers for Method Security
...
Closes gh-14601
2024-04-03 09:25:12 -03:00
ff19f04fca
Add JwtValidators append to default
...
Implemented simplified creation of default OAuth2TokenValidator with additional validators.
Closes gh-14831
2024-04-02 14:41:35 -07:00
7d66525e23
Add Compromised Password Checker
...
Closes gh-7395
2024-04-01 09:48:07 -03:00
abf9dc165a
Merge branch '6.2.x'
2024-03-26 10:55:48 -05:00
614123e6f9
Update tests that fail on Windows
...
Issue gh-14609
2024-03-26 10:49:47 -05:00
44033cd8b9
Make Internal Logout URI Configurable
...
Closes gh-14609
2024-03-22 16:31:44 -06:00
e18ec48134
Fix Test
...
Issue gh-14553
2024-03-22 16:31:42 -06:00
662cfed349
Make Internal Logout URI Configurable
...
Closes gh-14609
2024-03-22 16:28:21 -06:00
c95f009b23
Fix Test
...
Issue gh-14553
2024-03-22 16:27:16 -06:00
9898e0e993
Move AuthorizationAdvisorProxyFactory
...
To prevent package tangles
Issue gh-14596
2024-03-22 11:00:39 -06:00
795e44d11f
Add Value-Type Ignore Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
ce54a6db18
Add TestAuthentication convenience method
...
Issue gh-14597
2024-03-19 10:27:03 -06:00
d169d5a835
Add AuthorizeReturnObject
...
Closes gh-14597
2024-03-19 10:27:03 -06:00
c611b7e33b
Add AuthorizationProxyFactory Reactive Support
...
Issue gh-14596
2024-03-15 11:44:30 -06:00
f541bce492
Polish AuthorizationAdvisorProxyFactory
...
- Ensure Reasonable Defaults
- Simplify Construction
Issue gh-14596
2024-03-15 11:44:30 -06:00
77c30c431e
Polish tests
...
Issue gh-11783
Issue gh-13763
2024-03-14 15:40:43 -05:00
80a8d3831a
Simplify reactive OAuth2 Client configuration
...
Closes gh-13763
2024-03-14 15:40:43 -05:00
52dfbfb5b3
Add Authorization Proxy Support
...
Closes gh-14596
2024-03-13 14:35:07 -06:00
d6382b83dc
Configure token-exchange via a bean
...
Issue gh-5199
Issue gh-11783
Closes gh-14701
2024-03-07 11:03:10 -06:00
bade66e588
Fix Circular Dependency
...
Closes gh-14674
2024-03-01 14:21:13 -07:00
f8ff056eb6
Update Max Sessions on WebFlux
...
Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler
Issue gh-6192
2024-02-28 10:06:45 -03:00
a5ce8ae87f
Polish Max Sessions on WebFlux
...
This commit changes the PreventLoginServerMaximumSessionsExceededHandler to invalidate the WebSession in addition to throwing the error, this is needed otherwise the session would still be saved with the security context. It also changes the SessionRegistryWebSession to first perform the operation on the delegate and then invoke the needed method on the ReactiveSessionRegistry
Issue gh-6192
2024-02-27 11:12:50 -03:00
c639d0a514
Add AOP Integration Test
...
Closes gh-14637
2024-02-26 13:56:56 -07:00
4d383023cb
Add meta-annotation parameter support
...
Closes gh-14480
2024-02-26 10:50:35 -07:00
347eeb17d5
Merge branch '6.2.x'
2024-02-26 10:17:18 -07:00
2471df4d36
Merge branch '6.1.x' into 6.2.x
2024-02-26 10:17:04 -07:00
27cd9fa86c
Don't Use Deprecated Class
...
Issue gh-14628
2024-02-26 10:06:59 -07:00
093b5572af
Merge branch '6.2.x'
2024-02-22 12:15:42 -07:00
bb6045ebea
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14648
2024-02-22 12:15:17 -07:00
2fdd541ea5
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14647
2024-02-22 12:15:00 -07:00
45c37c4454
Remove duplicate setSecurityContextHolderStrategy
...
Closes gh-14592
2024-02-22 12:14:35 -07:00
21580fd27d
Merge branch '6.2.x'
2024-02-16 13:31:20 -03:00
15306c1007
Merge branch '6.1.x' into 6.2.x
2024-02-16 13:21:15 -03:00
750cb30ce4
Add AuthenticationTrustResolver.isAuthenticated
2024-02-16 13:08:29 -03:00
7f0433c805
Merge branch '6.2.x'
2024-02-12 17:01:38 -07:00
2702a64be7
Use Localhost for Internal Logout Endpoint
...
Closes gh-14553
2024-02-12 17:00:58 -07:00
34526c3e01
Merge branch '6.2.x'
2024-02-12 12:54:29 -07:00
3ab323663a
Do Not Wire Default OidcSessionStrategy without OidcLogoutConfigurer
...
Closes gh-14558
2024-02-12 12:53:48 -07:00
ccb2f06d0d
Partially revert fc658d10
...
OpenIDAuthenticationFilter exists in versions < 6.0
Issue gh-14531
2024-02-07 10:13:34 -03:00
dea6d6b49c
Merge branch '6.2.x'
...
Closes gh-14566
2024-02-07 09:38:10 -03:00
ad96837e59
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14565
2024-02-07 09:38:02 -03:00
ba1068e368
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14564
2024-02-07 09:37:52 -03:00
fc658d10d3
fix security filter sort in javadoc
...
Closes gh-14531
2024-02-07 09:37:01 -03:00
915d68e216
Remove includeExpiredSessions parameter
...
The reactive implementation of max sessions does not keep track of expired sessions, therefore we do not need such parameter
Issue gh-6192
2024-02-06 10:43:00 -03:00
a282887906
Merge branch '6.2.x'
2024-02-05 15:42:09 -07:00
b43b3b144e
Merge branch '6.1.x' into 6.2.x
2024-02-05 15:41:58 -07:00
ffe9577487
Merge branch '5.8.x' into 6.1.x
2024-02-05 15:41:35 -07:00
7c3a6a567e
Fix Compilation Errors
...
Issue gh-14525
2024-02-05 15:18:31 -07:00
07e0b1dc37
Saml2 LogoutFilter Is Placed Before Common LogoutFilter
...
Closes gh-14525
2024-02-05 15:18:31 -07:00
3a53422478
Fix Failing Test
...
Closes gh-14467
2024-01-29 17:14:30 -07:00
27ebeefb14
Fix Failing Test
...
Closes gh-14467
2024-01-26 11:24:00 -07:00
bdc0bd6b78
Add usernameParameter and passwordParameter to FormLoginDsl
...
Closes gh-14474
2024-01-24 09:56:38 -03:00
3f65f600de
Use AuthorizationEventPublisher Bean
...
- For Jsr250MethodInterceptor and SecuredMethodInterceptor
Closes gh-14401
2024-01-17 17:40:38 -07:00
1daa9e27e2
Merge branch '6.2.x'
2024-01-05 15:17:01 -03:00
e2bab7b7ef
Add .serialized suffix and consider them as binary in Git
...
Issue gh-3737
2024-01-05 15:14:22 -03:00
85177c0178
Merge branch '6.2.x'
...
Closes gh-14408
2024-01-05 14:22:49 -03:00
4fb6a33d36
Verify Serializable Objects Are Deserializable Between Minor Versions
...
This commit introduces a test that verifies that Spring Security domain classes that implements Serializable and have the same serialVersionUID as SpringSecurityCoreVersion#SERIAL_VERSION_UID can be deserialized between minor versions.
This commit also introduces another test that should be used to generate the files containing the serialized content of the objects.
Closes gh-3737
2024-01-05 12:00:02 -03:00
eeb2f5d108
Merge branch '6.2.x'
2023-12-28 12:56:52 -06:00
428a3a2703
Merge branch '6.1.x' into 6.2.x
2023-12-28 12:56:36 -06:00
3beb583207
Merge branch '5.8.x' into 6.1.x
2023-12-28 12:56:25 -06:00
16dc6be3c8
Update copyright year
...
Issue gh-14329
2023-12-28 12:54:29 -06:00
c88aaedb48
Updated broken documentation link in javadocs
2023-12-28 12:54:29 -06:00
707588f870
Merge branch '6.2.x'
2023-12-26 15:58:51 -03:00
d385b53e3c
Merge branch '6.1.x' into 6.2.x
2023-12-26 15:58:39 -03:00
92af758f1f
Make springSecurityHandlerMappingIntrospectorBeanDefinitionRegistryPostProcessor passive
...
Instead of excluding the bean from AOT processing, we avoid redefining the beans if they are present or in the expected state.
Issue gh-14362
2023-12-26 15:58:16 -03:00
778a63a763
Revert "Exclude SpringSecurityHandlerMappingIntrospectorBeanDefinitionRegistryPostProcessor from AOT processing"
...
This reverts commit 8a93178da7
2023-12-26 15:10:15 -03:00
5ad34d1f92
Merge branch '6.2.x'
...
Closes gh-14381
2023-12-26 11:20:51 -03:00
dd20f0694d
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14380
2023-12-26 11:20:41 -03:00
7cd626fe25
Fix FilterChainProxy cannot be found when @EnableWebSecurity(debug = true)
...
Closes gh-14370
2023-12-26 11:20:09 -03:00
08d764dc84
Merge branch '6.2.x'
...
Closes gh-14378
2023-12-26 10:42:45 -03:00
f95cda6be7
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14377
2023-12-26 10:42:37 -03:00
364bc10e78
Add hints for CompositeFilterChainProxy
...
Closes gh-14359
2023-12-26 10:41:56 -03:00
a628384d20
Merge branch '6.2.x'
...
Closes gh-14368
2023-12-22 08:40:24 -03:00
Josh Cummings
sheheryarumair
Daniel Garnier-Moiroux
Marcus Hert Da Coregio
Steve Riesenberg
DingHao
Max Batischev
Rob Winch
Andreas Asplund
y-tomida
Geir Hedemark
DingHao