Commit Graph

11797 Commits

Author SHA1 Message Date
Marcus Da Coregio 7756247c3a Simplify checkSamples task
Closes gh-11814
2022-09-16 09:36:12 -03:00
Steve Riesenberg 8f44f74d44
Update What's New for 5.8 2022-09-14 15:13:41 -05:00
Daniel Garnier-Moiroux bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Steve Riesenberg 70eea8dc67
Update What's New for 5.8 2022-09-14 14:58:48 -05:00
slam 45bbd86f7e
HttpSecurityDsl should support apply method
Closes gh-11754
2022-09-14 13:58:42 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
2022-09-13 16:45:36 -05:00
Steve Riesenberg cc988fc287
Merge branch '5.7.x' into 5.8.x
Merged using the ours strategy.
2022-09-12 15:52:10 -05:00
Steve Riesenberg 937c86cb55
Merge branch '5.6.x' into 5.7.x
Merged using ours strategy.
2022-09-12 15:48:15 -05:00
Dan Allen 3387149a0f repurpose 5.6.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:41:12 -05:00
Dan Allen 3e42119f84 repurpose 5.7.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:37:13 -05:00
Dan Allen ab9ed26ad2 repurpose 5.8.x branch to provide local docs build
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 14:40:56 -05:00
aSemy 6e2e8c41b5
typo fitler -> filter 2022-09-12 10:43:41 -05:00
aSemy e7880b1815
Javadoc typo 'sue' -> 'use' 2022-09-12 10:43:03 -05:00
Rob Winch 5ae492b1c1 Add What's New @WithMockUser Supported as Merged Annotation 2022-09-08 09:49:00 -05:00
mariusz b478e5bc93 gh-6899: @WithMockUser as metaannotation 2022-09-08 09:44:32 -05:00
Steve Riesenberg 86fbb8db07 Add new interfaces for CSRF request processing
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
Marcus Da Coregio ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio 0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill 8b74bf9742 Updated reference to architecture page
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
Steve Riesenberg 6b297cc3a3
Polish javadoc in Kotlin DSL
Issue gh-11646
2022-08-30 13:10:35 -05:00
Steve Riesenberg 5bdbc3f78d
Polish javadoc in Kotlin DSL
Issue gh-11646
2022-08-30 12:53:37 -05:00
Steve Riesenberg 2e26e875c8
Remove WebSecurityConfigurerAdapter in Kotlin DSL
Issue gh-11277
Closes gh-11646
2022-08-30 12:53:18 -05:00
Marcus Da Coregio c4a4524f4b Merge branch '5.7.x' into 5.8.x
Closes gh-11768
2022-08-30 10:56:34 -03:00
Marcus Da Coregio db95f6d5c5 Merge branch '5.6.x' into 5.7.x
Closes gh-11767
2022-08-30 10:54:50 -03:00
Marcus Da Coregio 40abf87ae6 Add buildScan to checkRemote
Closes gh-11766
2022-08-30 09:11:08 -03:00
he1ex-tG 568277f8bc
Mistake in Kotlin code representation is fixed 2022-08-29 15:11:10 -05:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support
Closes gh-11326
2022-08-26 15:59:08 -06:00
Bert Vanwolleghem a5351f3d89
LogoutPageGeneratingWebFilter Uses Context Path
Closes gh-11716
2022-08-25 15:36:04 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements
Issue gh-9401
2022-08-25 14:36:03 -06:00
Josh Cummings e990174c89
Polish ReactiveMethodSecurity Support
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
2022-08-25 14:36:03 -06:00
Josh Cummings 6fd23d2567
Add MockMethodInvocation Constructor
Issue gh-9401
2022-08-25 14:36:02 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support
Closes gh-10920
2022-08-25 14:36:02 -06:00
Evgeniy Cheban cbb4f40f0c ReactiveAuthorizationManager + Reactive Method Security
Closes gh-9401
2022-08-25 14:35:04 -06:00
shinD 4ff0724c87
slight improvement in HttpSessionRequestCache
Closes gh-11666
2022-08-24 16:44:23 -05:00
Steve Riesenberg afc087102b
Merge branch '5.7.x' into 5.8.x 2022-08-24 16:42:01 -05:00
Steve Riesenberg 517631eb8c
Merge branch '5.6.x' into 5.7.x 2022-08-24 16:41:16 -05:00
Steve Riesenberg 1c014eb512
Use 6.0.x instead of 3.0.x as default branch 2022-08-24 16:38:27 -05:00
Rob Winch 32dbaceec5 Fix mockito 4.7.0 merge
Issue gh-11748
2022-08-24 08:58:00 -05:00
Rob Winch 232838bf50 Fix mockito 4.7.0 merge
Issue gh-11748
2022-08-23 16:10:24 -05:00
Rob Winch 26f8f2ce2d Merge branch 'mockito-update-5.8.x' into 5.8.x
Closes gh-11748
2022-08-23 16:02:19 -05:00
Rob Winch ebf180833e Update to mockito 4.7.0
Closes gh-11748
2022-08-23 16:01:46 -05:00
Rob Winch 2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Rob Winch 0c2c95c02f Merge branch '5.7.x' into 5.8.x 2022-08-23 13:47:10 -05:00
Rob Winch 7d972b10db Merge branch '5.6.x' into 5.7.x 2022-08-23 13:46:56 -05:00
Rob Winch 8c69699458 Remove backportbot.yml
Issue gh-11736
2022-08-23 13:46:32 -05:00
Rob Winch e3c447d761 Merge branch '5.7.x' into 5.8.x
Closes gh-11746
2022-08-23 13:42:37 -05:00
Rob Winch d37c413460 Merge branch '5.7.x' into 5.8.x 2022-08-23 13:39:25 -05:00
Rob Winch f774c4de39 Merge branch '5.6.x' into 5.7.x
Closes gh-11738
2022-08-23 13:30:59 -05:00
Rob Winch fc10d5fc29 repository=spring-projects/spring-security
Previously the repository used spring-project (missing the s)
2022-08-23 13:30:20 -05:00