8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
38c05ad31c
Add native hints for basic @PostAuthorize usage
...
Closes gh-11737
2022-08-23 15:17:14 -03:00
bd5a05dcdd
Polish CoreSecurityRuntimeHints
2022-08-23 15:06:07 -03:00
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 13:00:07 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
20def5e25d
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-14 09:25:17 -06:00
8d0084842b
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-14 09:25:16 -06:00
9b43316f4d
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-14 09:25:16 -06:00
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-13 17:58:16 -06:00
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
7abea4a964
Add RuntimeHints suffix for RuntimeHintsRegistrar
...
Closes gh-11497
2022-07-13 10:14:43 -03:00
177baba8c9
RuntimeHintsPredicates moved to predicate package
2022-07-12 16:00:50 -04:00
4a5c0ac904
Fix Formatting
...
Issue gh-11474
2022-07-08 12:35:40 -05:00
03cd9920aa
DelegatingSecurityContextTaskScheduler implements new Methods
...
Closes gh-11474
2022-07-08 12:32:09 -05:00
a87f7aa2e1
Polish CoreSecurityHintsTests
...
Use ParameterizedTest to simplify repetitive test setup
Issue gh-11431
2022-07-06 15:21:45 -03:00
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:19:33 -06:00
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:18:07 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:15:56 -06:00
52d8e10ace
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:08:42 -06:00
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:17:45 -06:00
25c74896d1
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:02:59 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
b6d43e58c0
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 16:59:09 -05:00
a31a99b591
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:58:36 -06:00
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
5eadcba7d1
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 09:00:08 -06:00
d557d2d0eb
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 08:28:16 -06:00
d124fa2858
Fix typo in comment for changePassword method
2022-05-25 12:34:55 -06:00
5540bbcf0b
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:36:17 -06:00
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
2b4794475e
Polish gh-11188
2022-05-12 16:32:11 -05:00
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
e01b1e7f38
Polish gh-11188
2022-05-12 16:19:48 -05:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
dbd96a9e3f
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:52 -06:00
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
89019fb340
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:03:25 -06:00
286e95893a
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:19:35 -05:00
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
9193e46800
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:15:53 -05:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
33ee3058d4
Add missing insufficientAuthentication property in messages_*.properties
2022-04-29 10:38:42 +02:00
da2a68e182
Add missing untranslated properties in messages_lt
2022-04-29 10:38:42 +02:00
5832202a4d
Fixed bad property name in messages_it
2022-04-29 10:38:42 +02:00
22dac674da
Remove unnecessary dots from messages_cs_CZ
2022-04-29 10:38:42 +02:00
8b06a4bbe2
Remove trailing space from messages_ru
2022-04-29 10:38:42 +02:00
47c4b0426d
Add missing badLdapConnection property in messages_*.properties
2022-04-29 10:38:42 +02:00
61c0a25bcd
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:32:14 -06:00
057f4a86d5
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:29:47 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
990831db85
Add authorization events
...
Closes gh-9288
2022-03-29 16:22:43 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
4ede1feae5
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 14:17:17 -07:00
2334610fa9
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 14:17:17 -07:00
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
a2d1965c25
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:30:45 +01:00
c6b185465d
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:24:23 +01:00
70fa8b1fdb
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-03 09:45:51 -06:00
6f0029fc44
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-02 17:04:44 -06:00
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
58090c37ea
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
5902b46e9b
Remove jcl-over-slf4j
...
Issue gh-10499
# Conflicts:
# dependencies/spring-security-dependencies.gradle
2022-01-19 15:32:01 -06:00
44bc953a39
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:40:56 -06:00
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
e1cb375fbf
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-12 16:39:50 -03:00
60ed3602f6
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-11 09:19:41 -03:00
3935f4bffe
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:53:00 -03:00
86ed937a47
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:51:54 -03:00
22379e79e7
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:50:36 -03:00
a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
78857c62f4
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 14:29:18 -07:00
809ff883b0
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 14:29:18 -07:00
bbeca7cd65
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 18:03:15 +01:00
3c18278123
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 18:03:03 +01:00
4f8c1b34af
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 17:59:24 +01:00
7cfd415cb5
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 17:49:57 +01:00
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
5a0f1d51c3
Drop EhCache2 support
...
Issue gh-10363
2021-11-01 09:02:42 -03:00
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
b2e6c60d94
Remove remoting technologies support
...
Closes gh-10366
2021-11-01 09:02:42 -03:00
010f719344
Upgrade to JDK 17
...
Closes gh-10343
2021-11-01 09:02:42 -03:00
12f3e908b0
Update to Spring Security 6.0
2021-11-01 09:02:41 -03:00
e0821f2a99
DaoAuthenticationProviderTests#avg returns fraction
2021-10-28 09:35:52 -06:00
5e091b94a9
Deprecate RemoteAuthentication* for 5.6
...
Closes gh-10430
2021-10-21 11:39:11 -05:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
7fa39c8807
Deprecate EhCache2 support
...
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations
Closes gh-10362
2021-10-14 14:51:27 -03:00
86c24da38b
Improve Method Security logging
...
Closes gh-10247
2021-10-08 14:22:09 -03:00
ef01124eb9
Add reasons to AuthorizationDecisions
...
Closes gh-9287
2021-10-08 14:22:09 -03:00
570092c467
Remove trace logs for PrePostAnnotationSecurityMetadataSource
...
Those logs were producing too much noise on the console without adding much value.
Issue gh-10247
2021-10-08 14:22:09 -03:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
8c74d6cea5
Fix isAssignable order
...
Closes gh-10236
2021-09-30 13:56:37 -06:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
658aff501c
Assert Error-Messages already includes dashes
...
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.
I took the output message via copy and paste, but it was still not valid ;-(
Only the output is affected, the checks itself is correct.
2021-09-27 09:53:55 -03:00
7b73b94198
Fix typo
2021-09-22 16:29:50 -06:00
5da55448f9
Polish SecurityContextChangedEvent
...
- Changed methods to getOldContext and getNewContext
Closes gh-10249
2021-09-13 16:04:36 -06:00
3e87ef84ae
Replace SecurityContextHolder#addListener
...
Closes gh-10226
2021-09-13 15:57:06 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
01af7877ea
Polish RsaKeyConverters
...
- Remove potential for returning null
- Remove potential for parsing more than one header
Issue gh-9736
2021-07-12 14:21:23 -06:00
5f7d871258
Add X.509 Certificate Support
...
Closes gh-9736
2021-07-12 14:21:08 -06:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
81ded2a0e5
Polish Assertion
...
By using the supplier version of Assert.notNull, the
string concatenation is delayed.
Issue gh-3403
2021-06-30 10:12:27 -06:00
19aa44af41
Improve Error Message for Invalid Properties
...
Closes gh-3403
2021-06-30 10:07:21 -06:00
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen
2021-06-15 09:11:53 -05:00
25fa187406
Add insufficient authentication message for French
...
Partially fix gh-9315
2021-06-15 09:08:59 -05:00
20577c39c1
Add insufficient authentication message for Simplified Chinese and Traditional Chinese
...
Partially fix gh-9315
2021-06-14 16:00:29 -05:00
7ed38f1a26
Adjust Test Names
...
Issue gh-9514
2021-06-07 14:31:05 -06:00
e1e31939a3
Add @since
...
Issue gh-9514
2021-06-07 14:26:29 -06:00
80743a267c
Add SecurityContext to delegating TaskScheduler
...
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.
- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler
Closes gh-9514
2021-06-07 13:54:24 -06:00
67e5c05a47
Polish AuthorizationManager Method Security
...
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations
Issue gh-9289
2021-05-18 17:34:04 -06:00
84e2e80915
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-05-18 17:34:04 -06:00
1898446f68
core depends on crypto
...
Issue gh-9767
2021-05-18 16:03:38 -05:00
56b7c662e4
Remove spring-security-crypto from spring-core pom
...
Instead of having api extend included configuration, we should use the
*Classpath configurations.
Closes gh-9767
2021-05-18 15:30:44 -05:00
d203235567
Update to Spring Security 5.6
...
Closes gh-9695
2021-05-18 10:45:17 -06:00
304636520d
buildSrc to publish
2021-05-17 14:00:56 -05:00
17cfc6ade3
Inline ResourceKeyConverterAdapter
...
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
de0cd11a72
Fix PreAuthorize when returning Kotlin Flow
...
Closes gh-9676
2021-04-28 12:33:18 +02:00
163b5943ca
Revert AuthorizationManager Method Security
2021-04-12 15:53:22 -06:00
df8abcfae7
Use Interceptors instead of Advice
...
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization
Issue gh-9289
2021-04-09 18:45:31 -06:00
6bcf479659
Polish Javadoc
...
Issue gh-9289
2021-04-09 18:44:25 -06:00
6828987b4b
Add AfterMethodAuthorizationManager
...
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability
Closes gh-9591
2021-04-09 18:43:56 -06:00
2b494ebc5f
Polish AOP Structure
...
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes
Issue gh-9289
2021-04-09 17:46:33 -06:00
45376b359b
Adjust Packaging
...
Issue gh-9289
2021-04-09 17:46:32 -06:00
20778f727b
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-04-09 17:46:32 -06:00
e03fe7f089
Add coroutine support to pre/post authorize
...
Closes gh-8143
2021-04-09 19:33:06 +02:00
60d3db5798
add management platform(project(":spring-security-dependencies"))
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
1a76ee7442
Update Gradle configuration names
...
Closes gh-9540
2021-04-05 10:36:36 -05:00
e4c03e9e5a
Update plugins to support api/implementation
...
Issue gh-9540
2021-04-05 10:36:35 -05:00
8d82ebaa2f
Update ComparableVersion to version from Maven 3.6.3
2021-03-26 11:39:26 -05:00
4a492846f1
Revert "Lock dependencies for 2.5.0-M3"
...
This reverts commit f05cc6269c
2021-03-15 23:18:45 +01:00
f05cc6269c
Lock dependencies for 2.5.0-M3
2021-03-15 11:00:19 +01:00
c4be1c6a56
Revert "Lock Dependencies"
...
This reverts commit a85caa4098
2021-02-11 15:49:59 -07:00
a85caa4098
Lock Dependencies
2021-02-11 15:00:38 -07:00
65d3b0d71c
Add ResourceKeyConverterAdapter
...
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding
Issue gh-9316
2021-01-15 22:15:56 -07:00
c066e23a86
Add @since attributes
...
Issue gh-8900
2020-12-16 15:58:53 -07:00
34b4b1054f
Add AuthorizationManager
...
Closes gh-8900
2020-12-16 15:58:36 -07:00
d3ef340b26
Fix typos
2020-12-03 11:05:22 +01:00
d7612e346e
Fix typo in Javadoc
2020-11-11 06:48:22 -05:00
2b9efccc50
Implement MessageSourceAware where missing
...
Closes gh-8951
2020-11-05 10:57:33 -07:00
b95e1aa209
Revert "Lock dependencies for 5.5.0-M1"
...
This reverts commit 25a7482c8c
2020-11-03 19:53:28 -05:00
25a7482c8c
Lock dependencies for 5.5.0-M1
2020-10-30 17:52:03 -05:00
ce68431037
Bump Schema, Serialization, and Taglib to 5.5
2020-10-07 17:17:58 -06:00
6d14482378
Add try-with-resources to close stream
...
Closes gh-9041
2020-09-29 08:25:45 -06:00
c502312719
Replace expected @Test attributes with AssertJ
...
Replace JUnit expected @Test attributes with AssertJ calls.
2020-09-22 16:13:51 -06:00
910b81928f
Replace try/catch with AssertJ
...
Replace manual try/catch/fail blocks with AssertJ calls.
2020-09-22 16:13:51 -06:00
a5b97bb569
Prevent NullPointerException when session ID changes
...
The old session ID may not exist in the session registry if the user is not authenticated.
Closes gh-9011
2020-09-18 10:51:12 +02:00
7b1f574769
Revert "Lock Dependency Versions for 5.4.0"
...
This reverts commit 3d0e459182
2020-09-09 18:14:12 -04:00
3d0e459182
Lock Dependency Versions for 5.4.0
2020-09-09 13:45:03 -04:00
fa7baf551d
Restructure Logs
...
Followed common use cases based off of HelloWorld sample:
- Public endpoint
- Unauthorized endpoint
- Undefined endpoint
- Successful form login
- Failed form login
- Post-login redirect
Issue gh-6311
2020-09-02 07:37:59 -06:00
4fd67b48e0
Polish core format
...
Issue gh-8945
2020-08-24 17:33:09 -05:00
319d3364aa
Migrate to assertThatExceptionOfType
...
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.
Issue gh-8945
2020-08-24 17:33:09 -05:00
1e840cc854
Move @Mock annotations
...
Update a couple of tests to use the more traditional `@Mock` annotation
placement.
Issue gh-8945
2020-08-24 17:33:09 -05:00
2f8e835b11
Use assertThatObject to save casting
...
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.
Issue gh-8945
2020-08-24 17:33:09 -05:00
0a3eeb9c80
Remove incorrect AssertJ imports
...
Fix a few tests that were accidentally importing incorrect AssertJ
classes.
Issue gh-8945
2020-08-24 17:33:09 -05:00
a5aa6b3d7f
Remove blank lines from all tests
...
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.
Issue gh-8945
2020-08-24 17:33:09 -05:00
771ef0dadc
Polish spring-security-core main code
...
Manually polish `spring-security-core` following the formatting
and checkstyle fixes.
Issue gh-8945
2020-08-24 17:33:09 -05:00
ee661f7b71
Fix whitespace issues in format-off code
...
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.
Issue gh-8945
2020-08-24 17:33:08 -05:00
834dcf5bcf
Use consistent ternary expression style
...
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.
For example: `a = (a != null) ? a : b`
Issue gh-8945
2020-08-24 17:33:08 -05:00
8d3f039f76
Reduce method visibility when possible
...
Reduce method visibility for package private classes when possible.
In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.
Issue gh-8945
2020-08-24 17:33:08 -05:00
ec6a4cb3f0
Use consistent equals/hashCode/toString order
...
Ensure that `equals` `hashCode` and `toString` methods always appear in
the same order. This aligns with the style used in Spring Framework.
Issue gh-8945
2020-08-24 17:33:08 -05:00
612fb22a7f
Remove unnecessary lambda blocks
...
Remove lambda blocks that aren't needed and replace instead with a
simple expression.
Issue gh-8945
2020-08-24 17:33:08 -05:00
52f20b5281
Use parenthesis with single-arg lambdas
...
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.
Issue gh-8945
2020-08-24 17:33:08 -05:00
01d90c9881
Hide utility class constructors
...
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.
Issue gh-8945
2020-08-24 17:33:08 -05:00
8559447357
Enforce checkstyle header rule
...
Enforce the checkstyle header rule and fix a few classes that had
malformed headers.
Issue gh-8945
2020-08-24 17:33:08 -05:00
ff94944313
Add whitespace after copyright header
...
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.
Issue gh-8945
2020-08-24 17:33:08 -05:00
31ec450d05
Remove superfluous comments
...
Remove a few comments that previously add noise but don't offer a great
deal of value.
Issue gh-8945
2020-08-24 17:33:08 -05:00
8d80166aaf
Update exception variable names
...
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.
Issue gh-8945
2020-08-24 17:33:08 -05:00
e9130489a6
Remove restricted static imports
...
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
2020-08-24 17:33:08 -05:00
9a3fa6e812
Simplify boolean returns
...
Simplify boolean returns of the form:
if (b) {
return true;
} else {
return false;
}
to:
return b;
Issue gh-8945
2020-08-24 17:33:08 -05:00
db55ef4b3b
Migrate to BDD Mockito
...
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
2020-08-24 17:33:08 -05:00
18f3d13363
Fix parenthesis padding issues
...
Fix a few parenthesis padding issues caused by the formatter.
Issue gh-8945
2020-08-24 17:33:08 -05:00
f1cee9500f
Ensure classes are defined in their own files
...
Ensure that all classes are defined in their own files. Mostly classes
have been changed to inner-types.
Issue gh-8945
2020-08-24 17:33:08 -05:00
4d487e8dc3
Ensure all files end with a new line
...
Update all files to ensure that they always end with a new-line
character.
Issue gh-8945
2020-08-24 17:33:07 -05:00
a0b9442265
Use consistent modifier order
...
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".
Issue gh-8945
2020-08-24 17:33:07 -05:00
3e700e7571
Remove (non-Javadoc) comments
...
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.
Issue gh-8945
2020-08-24 17:33:07 -05:00
a2f2e9ac8d
Move inner-types so that they are always last
...
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.
Issue gh-8945
2020-08-24 17:33:07 -05:00
418c3d6808
Avoid inner assignments
...
Replace code of the form `a = b =c` with distinct statements. Although
this results in more lines of code, they are usually easier to
understand.
Issue gh-8945
2020-08-24 17:33:07 -05:00
9e08b51ed3
Apply code cleanup rules to projects
...
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.
Issue gh-8945
2020-08-24 17:33:07 -05:00
8866fa6fb0
Always use 'this.' when accessing fields
...
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
2020-08-24 17:33:07 -05:00
6894ff5d12
Make classes final where possible
...
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
2020-08-24 17:33:07 -05:00
37fa94fafc
Organize imports
...
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
5f64f53c3f
Use consistent "@" tag order in Javadoc
...
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
71bc145ae4
Remove superfluous comments
...
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.
Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.
Issue gh-8945
2020-08-24 17:33:07 -05:00
b7fc18262d
Reformat code using spring-javaformat
...
Run `./gradlew format` to reformat all java files.
Issue gh-8945
2020-08-24 17:32:56 -05:00
6979125ccf
Add noformat blocks around User.withUsername
...
Find `User.withUsername` calls and protect them against formatting.
Issue gh-8945
2020-08-10 16:24:44 -05:00
27ac046d8a
Rename *Test.java -> *Tests.java
...
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.
Issue gh-8945
2020-08-10 16:24:44 -05:00
1d74d556c2
Revert "Lock Dependency Versions for 5.4.0-RC1"
...
This reverts commit f3a1e5d40c
2020-08-05 14:59:11 -04:00
f3a1e5d40c
Lock Dependency Versions for 5.4.0-RC1
2020-08-05 13:46:11 -04:00
833151ce71
Mongolian translation for messages.properties
...
Closes gh-8778
2020-07-10 04:27:51 -04:00
4269cb0d26
update comments
2020-07-07 17:11:47 -05:00
146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
...
This reverts commit 68538897c8
2020-07-01 13:11:50 -06:00
68538897c8
Lock Dependency Versions for 5.4.0-M2
2020-07-01 12:40:29 -06:00
c177b391d4
Polish ProviderManagerTests
...
- Renamed test to follow naming convention
- Simplified mock with Mockito
- Added note regarding related ticket
Issue gh-8689
2020-06-16 15:56:04 -06:00
5302fb776c
ProviderManager Uses CollectionUtils#contains
...
Closes gh-8689
2020-06-16 15:56:04 -06:00
ca1252be94
Replace whitelist with allowlist
...
Issue gh-8676
2020-06-10 11:49:21 -05:00
bb05603b3c
AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic()
...
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs
Closes gh-7522
2020-05-12 13:07:24 -05:00
9dcdae3269
Update Traditional Chinese translation.
...
Align with commit f7b33da577
2020-05-06 17:07:57 -05:00
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
2020-05-06 17:27:35 -04:00
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
f7b33da577
ActiveDirectoryLdapAuthenticationProvider uses InternalAuthenticationServiceException
...
Closes gh-2884
2020-04-24 10:15:48 -05:00
eacd212a5a
Adding Map support to DefaultMethodSecurityExpressionHandler
2020-04-04 15:46:07 -04:00
7ad303f0ce
Replace VersionsResourceTasks with WriteProperties
...
VersionsResourceTasks wrote a date comment which prevented this from
producing the same result and caused misses in the cache.
Closes gh-8114
2020-03-13 13:26:54 -05:00
d81321bc29
Fix typo 'properites' in documentation
...
Fixes gh-8095
2020-03-11 10:54:14 -06:00
5850a4cd73
Fix security version test
2020-03-06 18:46:00 -05:00
b2ea0ba775
Polish SessionIdChangedEvent
...
Add AbstractSessionEvent; clean up license headers and Javadocs
Fixes: gh-5438
2020-03-06 12:04:49 -05:00
5fc6414377
SessionRegistryImpl is now aware of SessionIdChangedEvent
2020-03-06 12:04:01 -05:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
1b68cdb650
Polish DefaultAuthenticationEventPublisherTests
...
Fixed checkstyle violation
Issue gh-7824
2020-02-21 12:59:44 -07:00
bfc2832c6c
Authentication Event Publisher Mappings
...
Fixes gh-7824
2020-02-21 12:49:04 -07:00
653400edfa
Polish DefaultAuthenticationEventPublisher
...
Simplified the constructor selection logic.
Issue gh-7825
2020-02-06 14:13:05 -07:00
51b9b2f693
DefaultAuthenticationEventPublisher Default Event
...
Fixes gh-7825
2020-02-06 14:13:04 -07:00
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
2020-02-05 15:53:04 +01:00
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
fbdecdafb8
Add Mapping to Invalid Bearer Token
...
Fixes gh-7793
2020-02-04 17:33:08 -07:00
04f3fe8af9
Add Jackson support for oauth2-client session related classes
...
Fixes gh-4886
2020-02-04 09:01:12 -05:00
d22b476983
Polish ProviderManager
...
Updated copyright date range and adjusted constructor order to better
match DelegatingReactiveAuthenticationManager
Fixes gh-7713
2020-01-30 16:08:01 -07:00
Josh Cummings
Emil Sierżęga
Marcus Da Coregio
Evgeniy Cheban
Rob Winch
Joe Grandja
James
Parikshit Dutta
Steve Riesenberg
Norbert Nowak
Ulrich Grave
Eleftheria Stein
Guirong Hu
Hiroshi Shirosaki
Markus Heiden
Emil Sierżęga
Alexander Furer
heowc
OllisGit
shazin
Ruben Suarez Alvarez
YBCoding
pxzxj
Giacomo Baso
Craig Andrews
Eleftheria Stein
Angel Aguilera
Arnaud Mergey
Malyshau Stanislau
Phillip Webb
Hurelhuyag
wangsong
yukihane
Pei-Tang Huang
Joe Grandja
Dávid Kovács
Maksim Mednik
Markus Engelbrecht
Venkata Jaswanth
Attoumane AHAMADI
Zeeshan Adnan