spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00

Author	SHA1	Message	Date
Josh Cummings	4c0d969f1f	Merge branch '6.2.x' into 6.3.x Closes gh-15676	2024-08-22 12:37:45 -06:00
Josh Cummings	3ee5a96e53	Merge branch '5.8.x' into 6.2.x Closes gh-15675	2024-08-22 12:24:56 -06:00
Josh Cummings	5c604b95fb	Correct PostFilterAuthorizationMethodInterceptor Target Type Previously, `postFilterAuthorizationMethodInterceptor` mistakenly was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar` re-publishes each pre/post annotation interceptor also as an `Advisor`, this resulted in a duplicate advisor for `@PostFilter`. Closes gh-15651	2024-08-22 12:10:25 -06:00
Josh Cummings	ae8e4d148e	Produce Exactly One AuthorizationAdvisor Per Annotation Closes gh-15592	2024-08-19 12:30:03 -06:00
Josh Cummings	27af1df87d	Simplify Method Interceptor Configuration Simplifies to use only one ObjectProvider for easier future maintenance Issue gh-15592	2024-08-19 12:27:56 -06:00
Daniel Garnier-Moiroux	b731623b3a	Fix checkstyle errors with @Deprecated	2024-08-19 10:55:58 -03:00
Daniel Garnier-Moiroux	b92ed92548	Fix checkstyle errors with @Deprecated	2024-08-19 10:55:28 -03:00
Marcus Hert Da Coregio	912062d307	Merge branch '6.2.x' into 6.3.x	2024-08-19 09:11:10 -03:00
Daniel Garnier-Moiroux	79fb0113c8	Bump io-spring-javaformat from 0.0.42 to 0.0.43 Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43. Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) --- updated-dependencies: - dependency-name: io.spring.javaformat:spring-javaformat-checkstyle dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... --- Manual updates: - Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST be used together Signed-off-by: dependabot[bot] <support@github.com>	2024-08-19 09:11:05 -03:00
Daniel Garnier-Moiroux	3b8cdc323f	Remove unused method	2024-08-08 15:29:41 -05:00
Daniel Garnier-Moiroux	109da2719f	Use explicit types everywhere instead of var	2024-08-08 15:29:41 -05:00
Josh Cummings	f20ae1a71c	Revert gh-13783 This feature unfortunately regresses pre-existing behavior like that found in gh-15352. As such, this functionality has been removed. Closes gh-15352	2024-07-31 16:16:34 -06:00
Marcus Hert Da Coregio	c1b3b329af	Merge branch '6.2.x' into 6.3.x	2024-07-29 14:56:09 -03:00
baezzys	3d4bcf1b44	fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource - Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present. - Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.	2024-07-29 14:55:55 -03:00
Josh Cummings	ba714d78ab	Merge branch '6.2.x' into 6.3.x Closes gh-15440	2024-07-18 15:51:10 -06:00
Josh Cummings	3daeeb8789	Merge branch '5.8.x' into 6.2.x Closes gh-15439	2024-07-18 15:50:58 -06:00
Josh Cummings	dab48d25b0	Improve Error Message When Registration Missing Closes gh-15363	2024-07-18 15:50:41 -06:00
Josh Cummings	8ee497f4c5	Merge branch '6.2.x' into 6.3.x Closes gh-15410	2024-07-12 11:04:08 -06:00
Josh Cummings	7422a1134a	Allow logout+jwt JWT type Closes gh-15003	2024-07-12 10:03:40 -07:00
Josh Cummings	22c7b8760a	Merge branch '6.2.x' into 6.3.x Closes gh-15211	2024-06-06 13:36:20 -06:00
Josh Cummings	f231ea277d	Merge branch '5.8.x' into 6.2.x Closes gh-15210	2024-06-06 13:35:56 -06:00
Josh Cummings	6aabd768a8	Pick MvcRequestMatcher for MockMvc requests Closes gh-13849	2024-06-06 13:17:43 -06:00
Josh Cummings	0aed8df549	Merge branch '6.2.x' into 6.3.x Closes gh-15197	2024-06-03 17:42:58 -06:00
Josh Cummings	d6228e0882	Merge branch '5.8.x' into 6.2.x Closes gh-15196	2024-06-03 17:42:25 -06:00
Josh Cummings	cdd626644e	Use Request-Level Servlet Context Spring Security cannot use the ServletContext attached to the ApplicationContext since there may be child ApplicationContext's with their own ServletContext. Because of that, it is necessary to always use the ServletContext attached to the request. Closes gh-14418	2024-06-03 17:41:51 -06:00
Josh Cummings	5a798e93f1	Polish MVC Tests Issue gh-14418	2024-06-03 17:41:51 -06:00
Marcus Hert Da Coregio	ddcaeb5c20	Serialize objects from 6.3.x Issue gh-3737	2024-05-24 09:47:29 -03:00
Marcus Hert Da Coregio	08f11f06ab	Revert unnecessary commits from main Issue gh-15016	2024-05-08 13:49:18 -03:00
Marcus Hert Da Coregio	b3c7f3ff19	Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision Issue gh-7395	2024-04-30 08:38:03 -03:00
Josh Cummings	47775f5167	Merge branch '6.2.x'	2024-04-26 17:09:29 -06:00
Josh Cummings	29d3b438b9	Merge branch '6.1.x' into 6.2.x	2024-04-26 17:09:17 -06:00
Josh Cummings	1ecb036fba	Merge branch '5.8.x' into 6.1.x	2024-04-26 17:09:05 -06:00
sheheryarumair	0e211382ee	Remove useBase64 parameter	2024-04-26 17:05:49 -06:00
Josh Cummings	11421c6385	Merge branch '6.2.x'	2024-04-25 14:03:27 -06:00
Josh Cummings	664dfd9b45	Defer Anonymous Filter Construction By delaying when the AnonymousAuthenticationFilter is constructed, it's now possible to call the principal and filter methods inside of a custom DSL implementation. This does not extend to setting the key or the authentication provider though, as these must be set during the init phase. Closes gh-14941	2024-04-25 14:03:10 -06:00
Daniel Garnier-Moiroux	7ddc00521e	Improve logging for Global Authentication Closes gh-14663	2024-04-25 11:35:59 -06:00
Josh Cummings	2bcbef1695	Add Saml2Logout DSL Support Closes gh-14935	2024-04-22 11:12:45 -06:00
Josh Cummings	a4dbf458ab	Add relying-party-registrations#id Closes gh-14487	2024-04-18 12:56:56 -06:00
Marcus Hert Da Coregio	2fbbcc4bd0	Polish Method Authorization Denied Handling - Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied - Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult - @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method Issue gh-14601	2024-04-12 15:55:25 -03:00
Steve Riesenberg	fd891d8fe3	Add proxyBeanMethods=false Addresses too early creation warning of a configuration imported by ReactiveOAuth2ClientConfiguration. Closes gh-14900	2024-04-12 11:17:41 -05:00
Marcus Hert Da Coregio	61eba00654	Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module. Issue gh-7395	2024-04-10 14:58:01 -03:00
Marcus Hert Da Coregio	8d914ef145	Add @AuthorizationDeniedHandler for Method Authorization Denied Handling Issue gh-14601	2024-04-08 14:42:13 -03:00
DingHao	75197ca531	inject PasswordEncoder into DaoAuthenticationProvider constructor Closes gh-14691	2024-04-08 09:39:25 -05:00
Marcus Hert Da Coregio	d6ae058ee1	Merge branch '6.2.x' Closes gh-14866	2024-04-08 11:16:30 -03:00
Marcus Hert Da Coregio	697d0c9af4	Merge branch '6.1.x' into 6.2.x Closes gh-14865	2024-04-08 11:16:15 -03:00
Marcus Hert Da Coregio	472c9f8275	Avoid initializing raw bean during runtime in native-images Closes gh-14825	2024-04-08 11:11:23 -03:00
Steve Riesenberg	61e93ee68b	Merge branch '6.2.x'	2024-04-04 14:56:32 -05:00
Steve Riesenberg	16e2bdc9bc	Merge branch '6.1.x' into 6.2.x	2024-04-04 14:55:45 -05:00
Steve Riesenberg	c2447ec257	Merge branch '5.8.x' into 6.1.x	2024-04-04 14:55:03 -05:00
Steve Riesenberg	39dbd24dcb	Polish gh-14742	2024-04-04 14:51:19 -05:00

1 2 3 4 5 ...

2639 Commits