Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,533 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

2703 Commits

Author SHA1 Message Date
Josh Cummings 81ded2a0e5
Polish Assertion 
By using the supplier version of Assert.notNull, the
string concatenation is delayed.

Issue gh-3403
 2021-06-30 10:12:27 -06:00
Marcus Da Coregio 19aa44af41 Improve Error Message for Invalid Properties 
Closes gh-3403
 2021-06-30 10:07:21 -06:00
Ruben Suarez Alvarez 7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
YBCoding 25fa187406 Add insufficient authentication message for French 
Partially fix gh-9315
 2021-06-15 09:08:59 -05:00
pxzxj 20577c39c1 Add insufficient authentication message for Simplified Chinese and Traditional Chinese 
Partially fix gh-9315
 2021-06-14 16:00:29 -05:00
Josh Cummings 7ed38f1a26
Adjust Test Names 
Issue gh-9514
 2021-06-07 14:31:05 -06:00
Josh Cummings e1e31939a3
Add @since 
Issue gh-9514
 2021-06-07 14:26:29 -06:00
Giacomo Baso 80743a267c
Add SecurityContext to delegating TaskScheduler 
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.

- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler

Closes gh-9514
 2021-06-07 13:54:24 -06:00
Josh Cummings 67e5c05a47 Polish AuthorizationManager Method Security 
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
 2021-05-18 17:34:04 -06:00
Evgeniy Cheban 84e2e80915 Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-05-18 17:34:04 -06:00
Rob Winch 1898446f68 core depends on crypto 
Issue gh-9767
 2021-05-18 16:03:38 -05:00
Rob Winch 56b7c662e4 Remove spring-security-crypto from spring-core pom 
Instead of having api extend included configuration, we should use the
*Classpath configurations.

Closes gh-9767
 2021-05-18 15:30:44 -05:00
Josh Cummings d203235567
Update to Spring Security 5.6 
Closes gh-9695
 2021-05-18 10:45:17 -06:00
Rob Winch 304636520d buildSrc to publish 2021-05-17 14:00:56 -05:00
Josh Cummings 17cfc6ade3
Inline ResourceKeyConverterAdapter 
Closes gh-9689
Closes gh-9626
 2021-04-28 09:39:12 -06:00
Eleftheria Stein de0cd11a72 Fix PreAuthorize when returning Kotlin Flow 
Closes gh-9676
 2021-04-28 12:33:18 +02:00
Josh Cummings 163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings df8abcfae7
Use Interceptors instead of Advice 
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
 2021-04-09 18:45:31 -06:00
Josh Cummings 6bcf479659
Polish Javadoc 
Issue gh-9289
 2021-04-09 18:44:25 -06:00
Josh Cummings 6828987b4b
Add AfterMethodAuthorizationManager 
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
 2021-04-09 18:43:56 -06:00
Josh Cummings 2b494ebc5f
Polish AOP Structure 
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings 45376b359b
Adjust Packaging 
Issue gh-9289
 2021-04-09 17:46:32 -06:00
Evgeniy Cheban 20778f727b
Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-04-09 17:46:32 -06:00
Eleftheria Stein e03fe7f089 Add coroutine support to pre/post authorize 
Closes gh-8143
 2021-04-09 19:33:06 +02:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch e4c03e9e5a Update plugins to support api/implementation 
Issue gh-9540
 2021-04-05 10:36:35 -05:00
Craig Andrews 8d82ebaa2f Update ComparableVersion to version from Maven 3.6.3 2021-03-26 11:39:26 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings 65d3b0d71c
Add ResourceKeyConverterAdapter 
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding

Issue gh-9316
 2021-01-15 22:15:56 -07:00
Josh Cummings c066e23a86
Add @since attributes 
Issue gh-8900
 2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager 
Closes gh-8900
 2020-12-16 15:58:36 -07:00
Eleftheria Stein d3ef340b26 Fix typos 2020-12-03 11:05:22 +01:00
Angel Aguilera d7612e346e
Fix typo in Javadoc 2020-11-11 06:48:22 -05:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing 
Closes gh-8951
 2020-11-05 10:57:33 -07:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Josh Cummings ce68431037
Bump Schema, Serialization, and Taglib to 5.5 2020-10-07 17:17:58 -06:00
Malyshau Stanislau 6d14482378 Add try-with-resources to close stream 
Closes gh-9041
 2020-09-29 08:25:45 -06:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ 
Replace manual try/catch/fail blocks with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Eleftheria Stein a5b97bb569 Prevent NullPointerException when session ID changes 
The old session ID may not exist in the session registry if the user is not authenticated.

Closes gh-9011
 2020-09-18 10:51:12 +02:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Josh Cummings fa7baf551d
Restructure Logs 
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
 2020-09-02 07:37:59 -06:00
Rob Winch 4fd67b48e0 Polish core format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00