bcd4dcc15c
Refactor equals method
...
Using the accessor method for fields instead of directly access
2023-08-07 16:00:18 -06:00
8df8d4022e
Fix documentation typo
...
changed "user name" to "username"
2023-08-07 16:00:18 -06:00
de1357cbd1
Refactor equals method
...
To use the accessor method for username instead of directly accessing the attribute.
2023-08-07 16:00:18 -06:00
ea19f82b8a
Using pattern matching for instanceof
2023-08-07 16:00:18 -06:00
7b2cb59dab
Localize AccessDeniedException message
...
Closes gh-13419
2023-07-27 16:50:41 -05:00
cf79af2386
Update Kotlin Test Usage
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
a08036aee5
Change from AwaitKt to MonoKt
...
Issue gh-13539
2023-07-14 18:38:58 -06:00
6c3636d780
Update Removed Usages
...
Issue gh-13544
2023-07-14 18:38:58 -06:00
a99dff7de3
Remove Reference to LocalVariableTableParameterNameDiscoverer
...
Issue gh-2572
2023-07-14 18:38:58 -06:00
b62dd851a2
Merge branch '6.1.x'
...
Closes gh-13489
2023-07-11 17:03:53 -06:00
0579be0d25
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13488
2023-07-11 17:02:59 -06:00
6393702e70
Fix allOf/anyOf Abstain Logic
...
Closes gh-13487
2023-07-11 17:02:07 -06:00
52e12ad64b
Replace deprecated methods
2023-06-22 13:19:55 -06:00
0cefb27928
Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration
...
Closes gh-11624
2023-06-22 16:07:30 -03:00
339185998a
Update JavaDoc
...
Issue gh-12782
2023-06-22 11:26:45 -06:00
fa2bc745f7
Use AuthoritiesAuthorizationManager in Jsr250AuthorizationManager
...
Closes gh-12782
2023-06-22 11:25:54 -06:00
9b603b99ab
Using modern Java features
2023-06-22 11:24:25 -06:00
97cff7c715
Polish TestingAuthenticationToken
...
Restore List constructor to retain binary compatibility.
2023-06-22 11:22:15 -06:00
f25d76c48f
TestingAuthenticationToken takes broader collection type
...
So that callers do not have to cast.
Closes gh-12953
2023-06-22 11:22:15 -06:00
fb910e2997
Prepare for Spring Security 6.2
...
Closes gh-14316
2023-06-22 11:03:28 -06:00
1f04baa4a3
Polish gh-13290
...
Issue gh-12533
2023-06-13 14:17:40 -05:00
4def405067
Allow authorities to be overridden in UserBuilder
...
Issue gh-12533
2023-06-13 14:12:47 -05:00
613165b86c
Merge branch '6.0.x'
2023-05-11 11:46:10 -06:00
c6c091b12e
Merge branch '5.8.x' into 6.0.x
2023-05-11 11:43:37 -06:00
05ef215b88
Align Formatting
...
Issue gh-13132
2023-05-11 11:42:51 -06:00
9669747245
Ignore synthetic methods when checking for duplicate annotations
...
Closes gh-13132
2023-05-11 11:42:51 -06:00
a44e91d044
fix javadoc typo
2023-04-24 16:41:17 -06:00
9244989b2e
Fix allOf/anyOf Abstain Logic
...
Closes gh-13069
2023-04-24 15:36:17 -06:00
072feb2fb8
Merge branch '6.0.x'
2023-04-24 12:52:36 -06:00
599ed3e96b
Polish Format
...
Issue gh-13079
2023-04-24 12:52:26 -06:00
57294be795
Merge branch '6.0.x'
...
Closes gh-13083
2023-04-24 12:49:56 -06:00
73a543d318
Handle Empty Role
...
Closes gh-13079
2023-04-24 12:49:30 -06:00
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
20b0156d5a
Merge branch '6.0.x'
...
Closes gh-12984
2023-04-10 11:26:01 -05:00
9c3f91a2d3
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12983
2023-04-10 11:25:32 -05:00
16dcfd1cfe
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12982
2023-04-10 11:25:01 -05:00
c69df9fba0
Fix javadoc typo in ReactiveAuthorizationManager
...
Closes gh-12978
2023-04-10 11:24:49 -05:00
25ff3d69bd
Polish WebFlux Observation contextualName
...
Issue gh-12156
2023-04-04 13:15:44 -06:00
5e2dd0351d
Merge branch '6.0.x'
...
Closes gh-12964
2023-04-04 10:21:52 -03:00
44c4a4ae86
Add new DaoAuthenticationProvider constructor
...
Add a new constructor to the DaoAuthenticationProvider, which allows
providing a custom PasswordEncoder to prevent instantiation of the
default delegating PasswordEncoder in the default constructor.
This provides a way to instantiate the DaoAuthenticationProvider on JDKs
where the default delegating PasswordEncoder cannot be instantiated due
to limited JCE providers for compliance reasons (e.g., FIPS).
Closes gh-12874
2023-04-04 10:21:22 -03:00
607e40d366
Polish ObservationConvention Configuration
...
Change to setObservationConvention so that it reads more clearly
when used, for example `authenticationManager.setObservationConvention`
is clearer than `authenticationManager.setConvention`.
Change unit test names to follow team conventions.
Issue gh-12534
2023-03-28 15:01:26 -06:00
f1b14de3ba
Format ObservationConvention Configuration
...
Issue gh-12534
2023-03-28 15:01:26 -06:00
8d933fcb03
Support Customizing Observation Conventions
...
Closes gh-12534
2023-03-28 15:01:26 -06:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
f588f9fa9a
Merge branch '6.0.x'
2023-03-03 15:02:51 -07:00
acf48721cd
Merge branch '5.8.x' into 6.0.x
2023-03-03 15:02:34 -07:00
ebabcaa51a
Merge branch '5.7.x' into 5.8.x
2023-03-03 15:02:07 -07:00
094bf1b527
Validate hasRole Input
...
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.
Closes #12581
2023-03-03 15:00:34 -07:00
659b65a666
Fix javadox typo
2023-02-15 15:20:48 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
3229bfa40f
Add empty authorities by default
...
Closes gh-12533
2023-01-30 15:37:10 -06:00
f9d674cb10
Merge branch '6.0.x'
...
Closes gh-12525
2023-01-11 10:14:01 -07:00
4d2dab9b6b
Lookup Parent Observation
...
Closes gh-12524
2023-01-11 10:13:33 -07:00
782b792e7b
SecuredAuthorizationManager should allow customizing underlying authorization manager
...
Closes gh-12233
2023-01-10 17:48:48 -07:00
3369cf5fe9
Consider replacing SecurityExpressionRoot.AuthenticationSupplier with SingletonSupplier
...
Closes gh-12487
2023-01-06 11:21:33 -07:00
1bbbd046c3
Polish gh-12231
...
- Update copyright header
- Use Set.of instead of HashSet in AuthorityAuthorizationManager
- Align roleHierarchy test name with other tests in AuthoritiesAuthorizationManagerTests
2023-01-05 10:50:52 -07:00
e0d676c03f
SecuredAuthorizationManager should cache annotation's value
...
Closes gh-12232
2023-01-05 10:50:52 -07:00
25133a97f9
Merge branch '6.0.x'
...
Closes gh-12436
2022-12-19 10:45:49 -03:00
f1824f8a5d
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12435
2022-12-19 10:45:25 -03:00
36d83f863a
Fix Javadoc since tag for class ExpressionAuthorizationDecision
...
Closes gh-12411
2022-12-19 10:44:36 -03:00
855282ac3b
Add Authority String AuthorizationManager
...
Closes gh-12231
2022-12-02 14:12:02 -07:00
6cbbf06456
Merge branch '6.0.x'
2022-11-30 14:20:01 -07:00
a76b1f7a51
Merge branch '5.8.x' into 6.0.x
2022-11-30 14:19:38 -07:00
68a344d238
Merge branch '5.7.x' into 5.8.x
2022-11-30 14:18:59 -07:00
e23c1cf7a7
Merge branch '5.6.x' into 5.7.x
2022-11-30 14:18:12 -07:00
14a48ea939
Fix formatting
...
Issue gh-12143
2022-11-29 20:15:13 -07:00
709de43e89
Fix typo in JavaDoc
...
Closes gh-12143
2022-11-29 20:15:12 -07:00
9bf2d3cd86
Polish JavaDoc
...
- Replace ampersand
- Correct since version
Issue gh-11510
2022-11-29 16:46:55 -07:00
5fcbb9f4ed
Add AuthenticationTrustResolver#isFullyAuthenticated
...
Closes gh-11510
2022-11-29 16:46:54 -07:00
4de92145e2
Update version on tag library and global serialization value
2022-11-23 13:12:48 -03:00
9d876fce82
Polish ExpressionAuthorizationDecision
...
Issue gh-11493
2022-11-17 15:09:52 -07:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
88e64bac0c
Polish Tests
...
Issue gh-11992
2022-11-17 15:09:52 -07:00
08948f2c37
Add Polish localization to error messages from ExceptionTranslationFilter
...
Issue gh-9315
2022-11-14 18:10:36 -07:00
a3d278380e
Add Polish localization to error messages from ExceptionTranslationFilter
2022-11-14 18:06:02 -07:00
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
db7f52db4e
Add hints to invoke SecurityContextImpl#getAuthentication
...
Closes gh-11987
2022-10-13 09:06:16 -03:00
d3d8f7d60f
Mark Observations with Security Context Events
...
Closes gh-11992
2022-10-12 20:32:23 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
827384e386
Add Micrometer Dependency
2022-10-12 19:26:21 -06:00
a453a71bed
Merge remote-tracking branch 'origin/5.8.x'
2022-10-10 12:37:15 -06:00
8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
8f10deb602
Merge remote-tracking branch 'origin/5.8.x'
2022-09-30 17:01:22 -06:00
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
Seongguk Jeong
maimate-dev
Josh Cummings
Claudio Nave
Evgeniy Cheban
kandaguru17
Krzysztof Krason
Laurent Martelli
Steve Riesenberg
Dmitry Korotych
Florian Cramer
SeasonPan
Marcus Da Coregio
Rob Winch
Yuanhang Guo
Petr Svoboda
Braunson
bist
Pascal Verdage
stillya
Guillaume Husta
Junsung Cho
Karthikeyan R
Kacper Piasta
Emil Sierżęga