20b0156d5a
Merge branch '6.0.x'
...
Closes gh-12984
2023-04-10 11:26:01 -05:00
9c3f91a2d3
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12983
2023-04-10 11:25:32 -05:00
16dcfd1cfe
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12982
2023-04-10 11:25:01 -05:00
c69df9fba0
Fix javadoc typo in ReactiveAuthorizationManager
...
Closes gh-12978
2023-04-10 11:24:49 -05:00
25ff3d69bd
Polish WebFlux Observation contextualName
...
Issue gh-12156
2023-04-04 13:15:44 -06:00
5e2dd0351d
Merge branch '6.0.x'
...
Closes gh-12964
2023-04-04 10:21:52 -03:00
44c4a4ae86
Add new DaoAuthenticationProvider constructor
...
Add a new constructor to the DaoAuthenticationProvider, which allows
providing a custom PasswordEncoder to prevent instantiation of the
default delegating PasswordEncoder in the default constructor.
This provides a way to instantiate the DaoAuthenticationProvider on JDKs
where the default delegating PasswordEncoder cannot be instantiated due
to limited JCE providers for compliance reasons (e.g., FIPS).
Closes gh-12874
2023-04-04 10:21:22 -03:00
607e40d366
Polish ObservationConvention Configuration
...
Change to setObservationConvention so that it reads more clearly
when used, for example `authenticationManager.setObservationConvention`
is clearer than `authenticationManager.setConvention`.
Change unit test names to follow team conventions.
Issue gh-12534
2023-03-28 15:01:26 -06:00
f1b14de3ba
Format ObservationConvention Configuration
...
Issue gh-12534
2023-03-28 15:01:26 -06:00
8d933fcb03
Support Customizing Observation Conventions
...
Closes gh-12534
2023-03-28 15:01:26 -06:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
f588f9fa9a
Merge branch '6.0.x'
2023-03-03 15:02:51 -07:00
acf48721cd
Merge branch '5.8.x' into 6.0.x
2023-03-03 15:02:34 -07:00
ebabcaa51a
Merge branch '5.7.x' into 5.8.x
2023-03-03 15:02:07 -07:00
094bf1b527
Validate hasRole Input
...
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.
Closes #12581
2023-03-03 15:00:34 -07:00
659b65a666
Fix javadox typo
2023-02-15 15:20:48 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
3229bfa40f
Add empty authorities by default
...
Closes gh-12533
2023-01-30 15:37:10 -06:00
f9d674cb10
Merge branch '6.0.x'
...
Closes gh-12525
2023-01-11 10:14:01 -07:00
4d2dab9b6b
Lookup Parent Observation
...
Closes gh-12524
2023-01-11 10:13:33 -07:00
782b792e7b
SecuredAuthorizationManager should allow customizing underlying authorization manager
...
Closes gh-12233
2023-01-10 17:48:48 -07:00
3369cf5fe9
Consider replacing SecurityExpressionRoot.AuthenticationSupplier with SingletonSupplier
...
Closes gh-12487
2023-01-06 11:21:33 -07:00
1bbbd046c3
Polish gh-12231
...
- Update copyright header
- Use Set.of instead of HashSet in AuthorityAuthorizationManager
- Align roleHierarchy test name with other tests in AuthoritiesAuthorizationManagerTests
2023-01-05 10:50:52 -07:00
e0d676c03f
SecuredAuthorizationManager should cache annotation's value
...
Closes gh-12232
2023-01-05 10:50:52 -07:00
25133a97f9
Merge branch '6.0.x'
...
Closes gh-12436
2022-12-19 10:45:49 -03:00
f1824f8a5d
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12435
2022-12-19 10:45:25 -03:00
36d83f863a
Fix Javadoc since tag for class ExpressionAuthorizationDecision
...
Closes gh-12411
2022-12-19 10:44:36 -03:00
855282ac3b
Add Authority String AuthorizationManager
...
Closes gh-12231
2022-12-02 14:12:02 -07:00
6cbbf06456
Merge branch '6.0.x'
2022-11-30 14:20:01 -07:00
a76b1f7a51
Merge branch '5.8.x' into 6.0.x
2022-11-30 14:19:38 -07:00
68a344d238
Merge branch '5.7.x' into 5.8.x
2022-11-30 14:18:59 -07:00
e23c1cf7a7
Merge branch '5.6.x' into 5.7.x
2022-11-30 14:18:12 -07:00
14a48ea939
Fix formatting
...
Issue gh-12143
2022-11-29 20:15:13 -07:00
709de43e89
Fix typo in JavaDoc
...
Closes gh-12143
2022-11-29 20:15:12 -07:00
9bf2d3cd86
Polish JavaDoc
...
- Replace ampersand
- Correct since version
Issue gh-11510
2022-11-29 16:46:55 -07:00
5fcbb9f4ed
Add AuthenticationTrustResolver#isFullyAuthenticated
...
Closes gh-11510
2022-11-29 16:46:54 -07:00
4de92145e2
Update version on tag library and global serialization value
2022-11-23 13:12:48 -03:00
9d876fce82
Polish ExpressionAuthorizationDecision
...
Issue gh-11493
2022-11-17 15:09:52 -07:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
88e64bac0c
Polish Tests
...
Issue gh-11992
2022-11-17 15:09:52 -07:00
08948f2c37
Add Polish localization to error messages from ExceptionTranslationFilter
...
Issue gh-9315
2022-11-14 18:10:36 -07:00
a3d278380e
Add Polish localization to error messages from ExceptionTranslationFilter
2022-11-14 18:06:02 -07:00
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
db7f52db4e
Add hints to invoke SecurityContextImpl#getAuthentication
...
Closes gh-11987
2022-10-13 09:06:16 -03:00
d3d8f7d60f
Mark Observations with Security Context Events
...
Closes gh-11992
2022-10-12 20:32:23 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
827384e386
Add Micrometer Dependency
2022-10-12 19:26:21 -06:00
a453a71bed
Merge remote-tracking branch 'origin/5.8.x'
2022-10-10 12:37:15 -06:00
8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
38c05ad31c
Add native hints for basic @PostAuthorize usage
...
Closes gh-11737
2022-08-23 15:17:14 -03:00
bd5a05dcdd
Polish CoreSecurityRuntimeHints
2022-08-23 15:06:07 -03:00
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 13:00:07 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
20def5e25d
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-14 09:25:17 -06:00
8d0084842b
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-14 09:25:16 -06:00
9b43316f4d
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-14 09:25:16 -06:00
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-13 17:58:16 -06:00
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
7abea4a964
Add RuntimeHints suffix for RuntimeHintsRegistrar
...
Closes gh-11497
2022-07-13 10:14:43 -03:00
177baba8c9
RuntimeHintsPredicates moved to predicate package
2022-07-12 16:00:50 -04:00
4a5c0ac904
Fix Formatting
...
Issue gh-11474
2022-07-08 12:35:40 -05:00
03cd9920aa
DelegatingSecurityContextTaskScheduler implements new Methods
...
Closes gh-11474
2022-07-08 12:32:09 -05:00
a87f7aa2e1
Polish CoreSecurityHintsTests
...
Use ParameterizedTest to simplify repetitive test setup
Issue gh-11431
2022-07-06 15:21:45 -03:00
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:19:33 -06:00
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:18:07 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:15:56 -06:00
52d8e10ace
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:08:42 -06:00
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:17:45 -06:00
25c74896d1
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:02:59 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
b6d43e58c0
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 16:59:09 -05:00
a31a99b591
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:58:36 -06:00
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
5eadcba7d1
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 09:00:08 -06:00
d557d2d0eb
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 08:28:16 -06:00
d124fa2858
Fix typo in comment for changePassword method
2022-05-25 12:34:55 -06:00
5540bbcf0b
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:36:17 -06:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
2b4794475e
Polish gh-11188
2022-05-12 16:32:11 -05:00
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
e01b1e7f38
Polish gh-11188
2022-05-12 16:19:48 -05:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
dbd96a9e3f
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:52 -06:00
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
89019fb340
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:03:25 -06:00
286e95893a
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:19:35 -05:00
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
9193e46800
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:15:53 -05:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
33ee3058d4
Add missing insufficientAuthentication property in messages_*.properties
2022-04-29 10:38:42 +02:00
da2a68e182
Add missing untranslated properties in messages_lt
2022-04-29 10:38:42 +02:00
5832202a4d
Fixed bad property name in messages_it
2022-04-29 10:38:42 +02:00
22dac674da
Remove unnecessary dots from messages_cs_CZ
2022-04-29 10:38:42 +02:00
8b06a4bbe2
Remove trailing space from messages_ru
2022-04-29 10:38:42 +02:00
47c4b0426d
Add missing badLdapConnection property in messages_*.properties
2022-04-29 10:38:42 +02:00
61c0a25bcd
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:32:14 -06:00
057f4a86d5
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:29:47 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
990831db85
Add authorization events
...
Closes gh-9288
2022-03-29 16:22:43 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
4ede1feae5
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 14:17:17 -07:00
2334610fa9
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 14:17:17 -07:00
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
a2d1965c25
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:30:45 +01:00
c6b185465d
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:24:23 +01:00
70fa8b1fdb
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-03 09:45:51 -06:00
6f0029fc44
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-02 17:04:44 -06:00
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
58090c37ea
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
5902b46e9b
Remove jcl-over-slf4j
...
Issue gh-10499
# Conflicts:
# dependencies/spring-security-dependencies.gradle
2022-01-19 15:32:01 -06:00
44bc953a39
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:40:56 -06:00
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
e1cb375fbf
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-12 16:39:50 -03:00
60ed3602f6
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-11 09:19:41 -03:00
3935f4bffe
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:53:00 -03:00
86ed937a47
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:51:54 -03:00
22379e79e7
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:50:36 -03:00
a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
78857c62f4
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 14:29:18 -07:00
809ff883b0
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 14:29:18 -07:00
bbeca7cd65
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 18:03:15 +01:00
3c18278123
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 18:03:03 +01:00
4f8c1b34af
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 17:59:24 +01:00
7cfd415cb5
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 17:49:57 +01:00
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
5a0f1d51c3
Drop EhCache2 support
...
Issue gh-10363
2021-11-01 09:02:42 -03:00
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
b2e6c60d94
Remove remoting technologies support
...
Closes gh-10366
2021-11-01 09:02:42 -03:00
010f719344
Upgrade to JDK 17
...
Closes gh-10343
2021-11-01 09:02:42 -03:00
12f3e908b0
Update to Spring Security 6.0
2021-11-01 09:02:41 -03:00
e0821f2a99
DaoAuthenticationProviderTests#avg returns fraction
2021-10-28 09:35:52 -06:00
5e091b94a9
Deprecate RemoteAuthentication* for 5.6
...
Closes gh-10430
2021-10-21 11:39:11 -05:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
7fa39c8807
Deprecate EhCache2 support
...
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations
Closes gh-10362
2021-10-14 14:51:27 -03:00
86c24da38b
Improve Method Security logging
...
Closes gh-10247
2021-10-08 14:22:09 -03:00
ef01124eb9
Add reasons to AuthorizationDecisions
...
Closes gh-9287
2021-10-08 14:22:09 -03:00
570092c467
Remove trace logs for PrePostAnnotationSecurityMetadataSource
...
Those logs were producing too much noise on the console without adding much value.
Issue gh-10247
2021-10-08 14:22:09 -03:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
8c74d6cea5
Fix isAssignable order
...
Closes gh-10236
2021-09-30 13:56:37 -06:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
658aff501c
Assert Error-Messages already includes dashes
...
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.
I took the output message via copy and paste, but it was still not valid ;-(
Only the output is affected, the checks itself is correct.
2021-09-27 09:53:55 -03:00
7b73b94198
Fix typo
2021-09-22 16:29:50 -06:00
5da55448f9
Polish SecurityContextChangedEvent
...
- Changed methods to getOldContext and getNewContext
Closes gh-10249
2021-09-13 16:04:36 -06:00
3e87ef84ae
Replace SecurityContextHolder#addListener
...
Closes gh-10226
2021-09-13 15:57:06 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
01af7877ea
Polish RsaKeyConverters
...
- Remove potential for returning null
- Remove potential for parsing more than one header
Issue gh-9736
2021-07-12 14:21:23 -06:00
5f7d871258
Add X.509 Certificate Support
...
Closes gh-9736
2021-07-12 14:21:08 -06:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
81ded2a0e5
Polish Assertion
...
By using the supplier version of Assert.notNull, the
string concatenation is delayed.
Issue gh-3403
2021-06-30 10:12:27 -06:00
19aa44af41
Improve Error Message for Invalid Properties
...
Closes gh-3403
2021-06-30 10:07:21 -06:00
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen
2021-06-15 09:11:53 -05:00
25fa187406
Add insufficient authentication message for French
...
Partially fix gh-9315
2021-06-15 09:08:59 -05:00
20577c39c1
Add insufficient authentication message for Simplified Chinese and Traditional Chinese
...
Partially fix gh-9315
2021-06-14 16:00:29 -05:00
7ed38f1a26
Adjust Test Names
...
Issue gh-9514
2021-06-07 14:31:05 -06:00
e1e31939a3
Add @since
...
Issue gh-9514
2021-06-07 14:26:29 -06:00
80743a267c
Add SecurityContext to delegating TaskScheduler
...
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.
- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler
Closes gh-9514
2021-06-07 13:54:24 -06:00
67e5c05a47
Polish AuthorizationManager Method Security
...
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations
Issue gh-9289
2021-05-18 17:34:04 -06:00
84e2e80915
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-05-18 17:34:04 -06:00
1898446f68
core depends on crypto
...
Issue gh-9767
2021-05-18 16:03:38 -05:00
56b7c662e4
Remove spring-security-crypto from spring-core pom
...
Instead of having api extend included configuration, we should use the
*Classpath configurations.
Closes gh-9767
2021-05-18 15:30:44 -05:00
d203235567
Update to Spring Security 5.6
...
Closes gh-9695
2021-05-18 10:45:17 -06:00
304636520d
buildSrc to publish
2021-05-17 14:00:56 -05:00
17cfc6ade3
Inline ResourceKeyConverterAdapter
...
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
de0cd11a72
Fix PreAuthorize when returning Kotlin Flow
...
Closes gh-9676
2021-04-28 12:33:18 +02:00
Rob Winch
Yuanhang Guo
Josh Cummings
Marcus Da Coregio
Petr Svoboda
Braunson
bist
Pascal Verdage
stillya
Evgeniy Cheban
Guillaume Husta
Junsung Cho
Karthikeyan R
Kacper Piasta
Steve Riesenberg
Emil Sierżęga
Joe Grandja
James
Parikshit Dutta
Norbert Nowak
Ulrich Grave
Eleftheria Stein
Guirong Hu
Hiroshi Shirosaki
Markus Heiden
Emil Sierżęga
Alexander Furer
heowc
OllisGit
shazin
Ruben Suarez Alvarez
YBCoding
pxzxj
Giacomo Baso