spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	7b15098570	Update Spring Security to 5.7 Closes gh-10509	2021-11-15 17:10:00 -07:00
Josh Cummings	76ebbb84f7	Separate Namespace Servlet Docs Issue gh-10367	2021-11-05 12:45:46 -06:00
Marcus Da Coregio	2f1638ec57	Fix javadoc Closes gh-10382	2021-10-22 11:20:37 -03:00
Emil Sierżęga	cb70b6a39b	Fixed invalid usage of & tag in Javadocs	2021-10-21 11:47:04 +02:00
Emil Sierżęga	04b47c5928	Fixed various broken links in Javadocs	2021-10-21 11:47:04 +02:00
Emil Sierżęga	a188138715	Javadocs author tag doesn't work in methods	2021-10-21 11:47:04 +02:00
Emil Sierżęga	6b26032ce7	Fixed invalid usege of > tag in Javadocs	2021-10-21 11:47:04 +02:00
Rob Winch	f836897190	Checkstyle Fixes - Javadoc tag ordering - Private constructors before inner classes Issue gh-10394	2021-10-18 21:03:35 -05:00
Philipp Neuschwander	6db58cbf8a	Conditionally resolve bearer token from request parameters Before this commit, the DefaultBearerTokenResolver unconditionally resolved the request parameters to check whether multiple tokens are present in the request and reject those requests as invalid. This commit changes this behaviour to resolve the request parameters only if parameter token is supported for the specific request according to spec (RFC 6750). Closes gh-10326	2021-10-13 17:10:50 -05:00
Gaurav Tiwari	33708e61fb	Add postProcess support to Saml2LogoutConfigurer Closes gh-10311	2021-10-13 12:05:48 -06:00
Josh Cummings	fbb7691be4	Polish SecurityNamespaceHandler Tests Issue gh-8974	2021-10-13 11:50:14 -06:00
Emil Sierżęga	8daa6ec1fd	SecurityNamespaceHandler: update schema version to 5.6 Closes gh-8974	2021-10-13 11:49:57 -06:00
Eleftheria Stein	ba8844a67e	Deprecate Kotlin methods that don't use reified types Closes gh-10365	2021-10-13 10:16:37 +02:00
Marcus Da Coregio	02b2fcc6f0	Restore ManagementConfigurationPlugin Issue gh-9615	2021-10-05 11:23:29 -03:00
Marcus Da Coregio	d2e5f2ae0d	Update Gradle to 7.2 Closes gh-9615	2021-10-04 15:19:40 -03:00
Marcus Da Coregio	7112ee3eaa	Allow SAML 2.0 loginProcessingURL without registrationId Closes gh-10176	2021-10-04 09:54:40 -03:00
Marcus Da Coregio	e36e2b2a97	Move Saml2AuthnRequestRepository to web package Moving to solve package tangles Issue gh-9185	2021-09-29 14:10:39 -03:00
Rob Winch	3b64cdfc03	Fix XsdDocumentedTests Issue gh-5835	2021-09-24 10:25:26 -05:00
Josh Cummings	c3ba2332da	Wire BeanResolver into DefaultMethodSecurityExpressionHandler Closes gh-10305	2021-09-22 14:14:29 -06:00
Josh Cummings	7b599d4770	Share JWKSource Instances Closes gh-10312	2021-09-22 13:28:08 -06:00
Marcus Da Coregio	0364518b69	Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean Closes gh-10268	2021-09-17 08:13:19 -03:00
Eleftheria Stein	1e76b11b3c	Remove duplicate entry from test LDIF file Closes gh-10274	2021-09-16 10:26:06 +02:00
Josh Cummings	4f06fc6ed1	Add Saml2LogoutConfigurer Closes gh-9497	2021-09-13 16:39:48 -06:00
Josh Cummings	6488295cad	Add RelyingPartyRegistrationResolver Closes gh-9486	2021-09-13 16:39:48 -06:00
Derek Van Blerkom	58d50888df	Fix return type to allow further security config	2021-09-13 15:31:02 -03:00
Yanming Zhou	f2b2e6002f	Replace static "ROLE_" with customized role prefix Fix gh-4134	2021-09-09 11:48:25 -06:00
Eleftheria Stein	3ab6bee856	Make method static to prevent circular dependency error Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport. Closes gh-10076	2021-08-11 13:46:45 +02:00
Marcus Da Coregio	662ab10416	Fix test getting stuck The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class Issue gh-6025	2021-07-27 14:55:53 -06:00
Marcus Da Coregio	16e17d242e	Add Saml2AuthenticationRequestRepository Closes gh-9185	2021-07-27 14:55:53 -06:00
Josh Cummings	6b68a6d62b	Apply rnc2Xsd Issue gh-8657	2021-07-27 13:22:42 -06:00
Josh Cummings	6370906ead	Add SpringOpaqueTokenIntrospector Closes gh-9354	2021-07-26 10:50:50 -06:00
Abdul Al-Faraj	d1dfb2b9ee	Improve OpenSAML Version Check Closes gh-10077	2021-07-26 10:42:40 -06:00
Nick McKinney	5c8fb254c2	Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL Closes gh-9838	2021-07-16 15:42:00 +02:00
Nick McKinney	b1612b1283	Add AuthenticationDetailsSource to Form Login Kotlin DSL Closes gh-9837	2021-07-16 15:42:00 +02:00
Rob Winch	f73f213f50	Remove DependencySetPlugin Closes gh-10070	2021-07-12 15:31:38 -05:00
Rob Winch	342884e851	kotlin uses @ExtendWith(SpringTestContextExtension::class) cd config/src/test/kotlin rg 'SpringTestContext' -l \| xargs sed -i '/^import org.junit.jupiter.api.Test/a import org.junit.jupiter.api.extension.ExtendWith' rg 'SpringTestContext' -l \| xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext/a import org.springframework.security.config.test.SpringTestContextExtension' rg 'SpringTestContext' -l \| xargs sed -i '/^class .*/i @ExtendWith(SpringTestContextExtension::class)'	2021-07-09 15:57:21 -05:00
Rob Winch	cc732bda3b	Use @ExtendWith(SpringExtension::class)	2021-07-09 15:57:21 -05:00
Rob Winch	3b3ccb962d	Fix @Test(expected =	2021-07-09 15:57:21 -05:00
Rob Winch	2bd55f0f62	@Test to JUnit 5 for kotlin rg -g "*.kt" "import org.junit.Test" -l \| xargs sed -i 's/import org.junit.Test/import org.junit.jupiter.api.Test/'	2021-07-09 15:57:21 -05:00
Rob Winch	e251abb1ae	more import cleanup	2021-07-09 14:49:47 -05:00
Rob Winch	3c4e15264c	Add @ExtendWith(SpringTestContextExtension.class) rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" \| xargs rg '@ExtendWith' --files-without-match \| xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'	2021-07-09 14:49:46 -05:00
Rob Winch	7dfd169ece	Add import ExtendWith rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" \| xargs rg '@ExtendWith' --files-without-match \| xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'	2021-07-09 14:49:45 -05:00
Rob Winch	e4b09f62f0	Add SpringTestContextExtension to existing ExtendWith rg 'import org.springframework.security.config.test.SpringTestContext' -l -g ".java" \| xargs rg '@ExtendWith' -l \| xargs sed -E -i 's/@ExtendWith$(.)$/@ExtendWith({ \1, SpringTestContextExtension.class })/'	2021-07-09 14:49:42 -05:00
Rob Winch	5133340bf8	Add import SpringTestContextExtension rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" \| xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext;/a import org.springframework.security.config.test.SpringTestContextExtension;'	2021-07-09 14:47:54 -05:00
Rob Winch	60078df62a	remove @Rule rg '@Rule' -g '!buildSrc/' -l \| xargs sed -i '/@Rule/d' rg 'import org.junit.Rule' -g '!buildSrc/' -l \| xargs sed -i '/import org.junit.Rule/d'	2021-07-09 14:46:51 -05:00
Rob Winch	671040bb27	SpringTestRule to SpringTestContext rg 'new SpringTestRule()' -l \| xargs sed -i 's/new SpringTestRule()/new SpringTestContext(this)/' rg 'val spring = SpringTestRule()' -l \| xargs sed -i 's/val spring = SpringTestRule()/val spring = SpringTestContext(this)/'	2021-07-09 14:41:51 -05:00
Rob Winch	e8c44e6390	Add SpringTestContextExtension	2021-07-09 14:35:10 -05:00
Rob Winch	b6ff4d3674	Fix mockito UnnecessaryStubbingException	2021-07-09 14:35:10 -05:00
Rob Winch	2a62c4d976	Fix NamespaceHttpInterceptUrlTests	2021-07-09 14:32:52 -05:00
Rob Winch	3e93b024d6	openrewrite Junit Migration	2021-07-09 14:32:52 -05:00
Eleftheria Stein	79054093c9	Add AuthenticationManager to Kotlin ServerHttpSecurityDsl Closes gh-10053	2021-07-09 10:34:57 +02:00
Rob Winch	14240b2559	Remove Powermock Powermock does not support JUnit5 yet, so we need to remove it to support JUnit 5. Additionally, maintaining additional libraries adds extra work for the team. Mockito now supports final classes and static method mocking. This commit replaces Powermock with mockito-inline. Closes gh-6025	2021-07-08 12:35:32 -05:00
Eleftheria Stein	6a09ffe113	Add AuthenticationManager to Kotlin JwtDsl Closes gh-10045	2021-07-08 13:50:09 +02:00
Eleftheria Stein	5c8e409d98	Add AuthenticationManager to Kotlin OpaqueTokenDsl Closes gh-10044	2021-07-08 12:46:50 +02:00
Eleftheria Stein	b4f76b2314	Fix typo in Saml2Dsl	2021-07-08 12:03:29 +02:00
Eleftheria Stein	585788ad0a	Add AuthenticationManager to HttpSecurity Closes gh-10040	2021-07-07 15:44:42 +02:00
Evgeniy Cheban	d121ab9565	Support A Well-Known URL for Changing Passwords Closes gh-8657	2021-07-01 16:57:53 -06:00
Josh Cummings	e91cacfdaf	Polish no-parameter authorizeHttpRequests - Cleaned up JavaDoc - Updated implementation to align with no-parameter authorizeRequests - Updated test names and content for clarity, specifically identified tests that target no-parameter authorizeHttpRequests with noParameter in the name - Switched order of methods to match others in HttpSecurity - Updated copyright year Issue gh-9498	2021-06-28 15:45:24 -06:00
sdratler1	3820f0f3a3	Add no-parameter authorizeHttpRequests method Closes gh-9498	2021-06-28 15:34:49 -06:00
/usr/local/ΕΨΗΕΛΩΝ	fe99c3b83b	https://stackoverflow.com/questions/67520600/redirect-to-different-page-after-login-based-on-user-role-with-spring-security/67531436#67531436 Closes gh-7282	2021-06-28 11:48:07 +02:00
Eleftheria Stein	94a3adb928	Apply DefaultLoginPageConfigurer before logout If they are not applied in this order, then the LogoutConfigurer cannot set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter does not exist yet. This impacts users that inject the default HttpSecurity bean. Closes gh-9973	2021-06-24 10:26:13 +02:00
Eleftheria Stein	dfd0047f0b	Disable default logout page when logout disabled Closes gh-9475	2021-06-17 16:38:23 +02:00
Thomas Vitale	b44d0fb319	Load ReactiveJwtAuthenticationConverter bean in OAuth2 Resource Server config When a bean of type ReactiveJwtAuthenticationConverter is defined, the OAuth2 Resource Server configuration will use it automatically when no other converter is defined through the DSL. Closes gh-9698	2021-06-15 14:22:15 -06:00
Eleftheria Stein	aeed286e8a	Add AuthenticationManager to saml2Login Kotlin DSL Closes gh-9905	2021-06-15 09:53:53 +02:00
Marcus Hert da Coregio	9d2db89838	Fix Adding Filter Relative to Custom Filter Closes gh-9787	2021-06-14 14:37:21 -03:00
Josh Cummings	65239e93f9	Update Copyright Header Issue gh-9845	2021-06-09 11:33:48 -06:00
Josh Cummings	5b49433ed1	Add GlobalMethodSecurityConfiguration Test Issue gh-9845	2021-06-09 09:29:52 -06:00
Kay-Uwe Janssen	7a233c41f0	Some infrastructure beans are not marked properly Added missing infrastructure role to methodSecurityMetadataSource bean and move the post processing of the defaultMethodExpressionHandler to the end of afterSingletonsInstantiated. Closes gh-9845	2021-06-09 09:28:55 -06:00
theexiile1305	3074ad4136	Migrate Kotlin tests from java Mockito to Mockk Closes gh-9785	2021-06-07 13:13:31 +02:00
Eleftheria Stein	204a32aba8	Replace < and > with &lt and &gt in Javadoc Closes gh-9847	2021-06-04 12:26:07 +03:00
Rob Winch	68f91edbb8	Make XsdDocumentedTests Parsing More Lenient Closes gh-9830	2021-05-27 18:37:14 -05:00
Rob Winch	8400b841e9	Improve XsdDocumentedTests Error Message This makes it easier to compare the expected and actual values. Closes gh-9829	2021-05-27 18:37:02 -05:00
Eleftheria Stein	fa77f4c8ff	Deprecate feature-policy where not already deprecated Issue gh-9262	2021-05-19 10:04:09 +02:00
Eleftheria Stein	be903b8e25	Cleanup unused import	2021-05-19 10:04:09 +02:00
Eleftheria Stein	1728b06b30	Ensure Kotlin 1.3 compatibility Closes gh-9765	2021-05-19 10:04:08 +02:00
Josh Cummings	67e5c05a47	Polish AuthorizationManager Method Security - Removed consolidated pointcut advisor in favor of each interceptor being an advisor. This allows Spring AOP to do more of the heavy lifting of selecting the set of interceptors that applies - Created new method context for after interceptors instead of modifying existing one - Added documentation - Added XML support - Added AuthorizationInterceptorsOrder to simplify interceptor ordering - Adjusted annotation lookup to comply with JSR-250 spec - Adjusted annotation lookup to exhaustively search for duplicate annotations - Separated into three @Configuration classes, one for each set of authorization annotations Issue gh-9289	2021-05-18 17:34:04 -06:00
Evgeniy Cheban	84e2e80915	Consider AuthorizationManager for Method Security Closes gh-9289	2021-05-18 17:34:04 -06:00
Josh Cummings	d203235567	Update to Spring Security 5.6 Closes gh-9695	2021-05-18 10:45:17 -06:00
Rob Winch	4d251157b2	opensaml4MainCompile	2021-05-17 23:21:17 -05:00
Rob Winch	eda38b8f88	opensaml fixes	2021-05-17 15:51:55 -05:00
Rob Winch	e5a652e749	Update to Kotlin 1.5.0 Closes gh-9763	2021-05-17 10:30:26 -05:00
Joe Grandja	e51ca79954	Document Jwt Client Authentication support Closes gh-9578	2021-05-14 22:58:44 -04:00
Joe Grandja	f874a12ddb	Document jwt-bearer authorization grant Closes gh-9580	2021-05-14 14:48:37 -04:00
Josh Cummings	ca2bc4feb3	Bump Schema Version Closes gh-9694	2021-04-29 16:52:29 -06:00
Josh Cummings	4d564ffb50	Update AuthorizationManager references Issue gh-9692	2021-04-28 11:58:30 -06:00
Josh Cummings	17cfc6ade3	Inline ResourceKeyConverterAdapter Closes gh-9689 Closes gh-9626	2021-04-28 09:39:12 -06:00
Eleftheria Stein	de0cd11a72	Fix PreAuthorize when returning Kotlin Flow Closes gh-9676	2021-04-28 12:33:18 +02:00
Joe Grandja	53e94bca45	Add oauth2Login() tests Issue gh-9548 gh-9660 gh-9266	2021-04-20 08:37:19 -04:00
Joe Grandja	5afeaa3ce7	WebFlux httpBasic() matches on XHR requests Closes gh-9660	2021-04-20 08:36:42 -04:00
Rob Winch	a31a855146	Fix HttpSecurity.addFilter* Ordering Closes gh-9633	2021-04-14 17:47:31 -05:00
Denis Washington	2b4b856b32	Limit oauth2Login() links to redirect-based flows This prevents the generated login page from showing links for authorization grant types like "client_credentials" which are not redirect-based, and thus not meant for interactive use in the browser. Closes gh-9457	2021-04-14 05:02:30 -04:00
Josh Cummings	163b5943ca	Revert AuthorizationManager Method Security	2021-04-12 15:53:22 -06:00
Josh Cummings	404a6c5674	Revert "Publish CsrfTokenRepository as shared object" This reverts commit `d19ff12813`.	2021-04-12 14:43:37 -06:00
Josh Cummings	4e81bbe386	Revert "Add Saml2LogoutConfigurer" This reverts commit `6f52baba29`.	2021-04-12 14:43:19 -06:00
Josh Cummings	6f52baba29	Add Saml2LogoutConfigurer Closes gh-9497	2021-04-10 00:25:34 -06:00
Josh Cummings	d19ff12813	Publish CsrfTokenRepository as shared object Closes gh-9595	2021-04-10 00:25:34 -06:00
Josh Cummings	df8abcfae7	Use Interceptors instead of Advice - Interceptor is a more descriptive term for what method security is doing - This also allows the code to follow a delegate pattern that unifies both before-method and after- method authorization Issue gh-9289	2021-04-09 18:45:31 -06:00
Josh Cummings	6828987b4b	Add AfterMethodAuthorizationManager - Removes the need to keep MethodAuthorizationContext#returnObject in sync with other method parameters - Restores MethodAuthorizationContext's immutability Closes gh-9591	2021-04-09 18:43:56 -06:00
Josh Cummings	2b494ebc5f	Polish AOP Structure - Changed from MethodMatcher to Pointcut since authorization annotations also can be attached to classes - Adjusted advice to extend Before or AfterAdvice - Adjusted advice to extend PointcutAdvisor so that it can share its Pointcut - Adjusted advice to extend AopInfrastructureBean to align with old advice classes Issue gh-9289	2021-04-09 17:46:33 -06:00
Josh Cummings	62d77ec97e	Add GrantedAuthorityDefaults to Expression Handler Issue gh-9289	2021-04-09 17:46:33 -06:00
Josh Cummings	68cf74468c	Add check for custom advice - Because publishing an advice bean replaces Spring Security defaults, the code should error if both a custom bean and either secureEnabled or prePostEnabled are specified Issue gh-9289	2021-04-09 17:46:33 -06:00
Josh Cummings	45376b359b	Adjust Packaging Issue gh-9289	2021-04-09 17:46:32 -06:00
Evgeniy Cheban	20778f727b	Consider AuthorizationManager for Method Security Closes gh-9289	2021-04-09 17:46:32 -06:00
Josh Cummings	7ded671858	Refactor AuthenticationDetailsSource support - BearerTokenAuthenticationFilter exposes this directly, simplifying configuration and removing a package tangle Closes gh-9576	2021-04-09 12:41:16 -06:00
Eleftheria Stein	e03fe7f089	Add coroutine support to pre/post authorize Closes gh-8143	2021-04-09 19:33:06 +02:00
Rob Winch	60d3db5798	add management platform(project(":spring-security-dependencies")) Closes gh-9540	2021-04-05 10:36:36 -05:00
Rob Winch	1a76ee7442	Update Gradle configuration names Closes gh-9540	2021-04-05 10:36:36 -05:00
Eleftheria Stein	0f3df3e714	Consider Order on SecurityFilterChain bean definitions Closes gh-9154	2021-03-24 11:02:29 +02:00
Eleftheria Stein	f5fe64cd5b	Fix typo	2021-03-24 11:00:37 +02:00
Josh Cummings	d0d0a8d958	Add OpenSAML 4 Support Closes gh-9095	2021-03-23 19:07:23 -06:00
Eleftheria Stein	4a492846f1	Revert "Lock dependencies for 2.5.0-M3" This reverts commit `f05cc6269c`.	2021-03-15 23:18:45 +01:00
Eleftheria Stein	f05cc6269c	Lock dependencies for 2.5.0-M3	2021-03-15 11:00:19 +01:00
Josh Cummings	b774e91734	Polish BearerTokenAuthenticationConverter Issue gh-8840	2021-03-12 15:05:06 -07:00
Jeongjin Kim	31f310fd22	Add BearerTokenAuthenticationConverter BearerTokenAuthenticationConverter is introduced to solve the problem of not being able to change AuthenticationDetailsSource. BearerTokenAuthenticationFilter delegates to BearerTokenAuthenticationConverter the task of creating BearerTokenAuthenticationToken and setting AuthenticationDetailsSource. BearerTokenAuthenticationConverter is customizable and the customized converter can be used in BearerTokenAuthenticationFilter. Closes gh-8840	2021-03-12 15:05:06 -07:00
Eleftheria Stein	92b3a7b01b	Clarify in .csrf() enables CSRF protection Closes gh-9489	2021-03-05 16:11:12 +01:00
wonwoo	cf2bb62442	Fix typo in doc	2021-03-05 14:09:30 +01:00
Han YanJing	f3fa8e8800	Polish Issue gh-9310	2021-03-02 12:04:22 -07:00
Han YanJing	6e41246a2b	Throw Saml2AuthenticationException Closes gh-9310	2021-03-02 12:04:22 -07:00
Ivan Pavlov	857830f695	Add RememberMeDsl Issue: gh-9319	2021-02-22 09:15:40 +01:00
Josh Cummings	f129410ff9	Add Java 8 Polyfill for Apache DS tests Closes gh-9416	2021-02-17 11:53:51 -07:00
Josh Cummings	c4be1c6a56	Revert "Lock Dependencies" This reverts commit `a85caa4098`.	2021-02-11 15:49:59 -07:00
Josh Cummings	a85caa4098	Lock Dependencies	2021-02-11 15:00:38 -07:00
Josh Cummings	ccb3b02888	Bearer Token Server-side Errors Return 500 Closes gh-9395	2021-02-10 12:35:34 -07:00
Josh Cummings	ca5e303308	Fix Test Configuration - Typo in PlaceholderConfig was causing Windows builds to resolve the CLASSPATH environment variable Closes gh-9421	2021-02-10 11:31:30 -07:00
Josh Cummings	3e1616c311	Remove BearerTokenAuthenticationWebFilter Closes gh-9377	2021-01-26 10:23:17 -07:00
Josh Cummings	76229cfab7	Migrate SAML 2.0 Tests and Docs to PCFOne Issue gh-9362	2021-01-22 15:14:03 -07:00
Ihor Ilkevych	43a071a89e	Add WebFlux oauth2Login with formLogin test Closes gh-9326	2021-01-20 15:04:06 -05:00
Josh Cummings	65d3b0d71c	Add ResourceKeyConverterAdapter Simplifies publishing RsaKeyConverters with @ConfigurationPropertiesBinding Issue gh-9316	2021-01-15 22:15:56 -07:00
Ivan Pavlov	f4d78d00ef	Extend CorsDsl with CorsConfigurationSource property Issue: gh-9314	2021-01-13 10:22:07 +01:00
Evgeniy Cheban	8449df9fd2	Consider Aligning MvcRequestMatcher's matching methods Closes gh-9284	2021-01-09 21:42:16 +03:00
Eleftheria Stein	8cefc8a792	Fix bug with multiple AuthenticationManager beans Closes gh-9256	2021-01-06 16:26:26 +01:00
Josh Cummings	337d24e6db	Update Copyright Messages Issue gh-9202	2021-01-05 15:30:51 -07:00
Mazen Aissa	c907838440	Make max-session configurable Closes gh-9202	2021-01-05 15:30:51 -07:00
Josh Cummings	c066e23a86	Add @since attributes Issue gh-8900	2020-12-16 15:58:53 -07:00
Evgeniy Cheban	34b4b1054f	Add AuthorizationManager Closes gh-8900	2020-12-16 15:58:36 -07:00
Nick McKinney	5306d4c4d5	Minor cleanup on Ant / Regex Request Matchers - Removed duplicative code for transforming String into HttpMethod - Removed an unnecessary array initialization	2020-12-14 14:19:23 +01:00
Nick McKinney	6be25df1db	Introduced DispatcherType request matcher Created a DispatcherTypeRequestMatcher and corresponding methods for configuring an HttpSecurity object. This enables filtering of security rules based on the dispatcher type of the incoming servlet request. Closes gh-9205	2020-12-14 14:19:23 +01:00
Christophe Gilles	54d3839f63	Add permissionsPolicy http header	2020-12-11 12:32:18 +01:00
Eleftheria Stein	d3ef340b26	Fix typos	2020-12-03 11:05:22 +01:00
Joe Grandja	58e3235093	Deprecate ClientAuthenticationMethod BASIC and POST Closes gh-9220	2020-11-25 15:13:28 -05:00
Josh Cummings	4602e9a661	Use HttpBasicConfigurer's Conneg Strategy Closes gh-9100	2020-11-12 16:26:10 -07:00
Eleftheria Stein	5661e06e9c	Fix typo UserDetailService -> UserDetailsService	2020-11-09 13:13:32 +01:00
Joe Grandja	b95e1aa209	Revert "Lock dependencies for 5.5.0-M1" This reverts commit `25a7482c8c`.	2020-11-03 19:53:28 -05:00
Eleftheria Stein	5c8972b7d5	Add test for ordered WebSecurityCustomizers Issue gh-9154	2020-11-02 14:19:14 +01:00
Rob Winch	25a7482c8c	Lock dependencies for 5.5.0-M1	2020-10-30 17:52:03 -05:00
Eleftheria Stein	aac6d2f56b	Kotlin MockMvc result matchers use parentheses Closes gh-9155	2020-10-27 10:57:49 +01:00
Josh Cummings	b1a3aef4f8	Update Test Controllers Closes gh-9121	2020-10-12 17:41:16 -06:00
Josh Cummings	366146ff80	Polish JWT Signature Algorithm Discovery - Moved support to JwtDecoders and ReactiveJwtDecoders since there is already the expectation that those classes make an outbound connection to complete configuration. Since there's no outbound connection when configuring a NimbusJwtDecoder or NimbusReactiveJwtDecoder, it would be more intrusive to change that. Closes gh-7160	2020-10-09 14:17:30 -06:00
Nick Hitchan	290786438c	Add Support for JWK Signature Algorithm Discovery Issue gh-7160	2020-10-09 13:09:38 -06:00
Josh Cummings	ce68431037	Bump Schema, Serialization, and Taglib to 5.5	2020-10-07 17:17:58 -06:00
Artem Grankin	dc5f2444ae	Replace expired msdn link with latest web archive copy Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016	2020-09-28 17:04:59 -06:00
Geonu Jeon	fd615535b3	fix comment of authenticationFailureHandler	2020-09-24 05:18:22 -04:00
Phillip Webb	c502312719	Replace expected @Test attributes with AssertJ Replace JUnit expected @Test attributes with AssertJ calls.	2020-09-22 16:13:51 -06:00
Phillip Webb	20baa7d409	Replace ExpectedException @Rules with AssertJ Replace JUnit ExpectedException @Rules with AssertJ calls.	2020-09-22 16:13:51 -06:00
Phillip Webb	910b81928f	Replace try/catch with AssertJ Replace manual try/catch/fail blocks with AssertJ calls.	2020-09-22 16:13:51 -06:00
Josh Cummings	b667cbbb86	Align Raw Types Closes gh-9026	2020-09-18 16:21:53 -06:00
Joe Grandja	7b1f574769	Revert "Lock Dependency Versions for 5.4.0" This reverts commit `3d0e459182`.	2020-09-09 18:14:12 -04:00
Joe Grandja	3d0e459182	Lock Dependency Versions for 5.4.0	2020-09-09 13:45:03 -04:00
Eleftheria Stein	4e2a050c14	Customizer for WebSecurity Closes gh-8978	2020-09-09 09:34:52 -04:00
Josh Cummings	fa7baf551d	Restructure Logs Followed common use cases based off of HelloWorld sample: - Public endpoint - Unauthorized endpoint - Undefined endpoint - Successful form login - Failed form login - Post-login redirect Issue gh-6311	2020-09-02 07:37:59 -06:00
Evgeniy Cheban	17f1540280	Resolve oauth2 client placeholders Closes gh-8453	2020-09-01 08:26:44 -04:00
Eleftheria Stein	902fca65a4	Add authenticationManagerResolver to Kotlin DSL Closes gh-8981	2020-08-28 11:48:55 +02:00
Rob Winch	2abf59b695	Merge Formatting Changes Issue gh-8945	2020-08-24 17:33:23 -05:00
Rob Winch	254f2e2aec	Polish config format Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	319d3364aa	Migrate to assertThatExceptionOfType Consistently use `assertThatExceptionOfType(...).isThrownBy(...)` rather than `assertThatCode` or `assertThatThrownBy`. This aligns with Spring Boot and Spring Cloud. It also allows the convenience `assertThatIllegalArgument` and `assertThatIllegalState` methods to be used. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	2f8e835b11	Use assertThatObject to save casting Update tests that use `assertThat((Object) ...)` to use the convenience `assertThatObject(...)` method instead. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	0a3eeb9c80	Remove incorrect AssertJ imports Fix a few tests that were accidentally importing incorrect AssertJ classes. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	a5aa6b3d7f	Remove blank lines from all tests Remove all blank lines from test code so that test methods are visually grouped together. This generally helps to make the test classes easer to scan, however, the "given" / "when" / "then" blocks used by some tests are now not as easy to discern. Issue gh-8945	2020-08-24 17:33:09 -05:00
Phillip Webb	7bf6008efe	Polish spring-security-config main code Manually polish `spring-security-config` following the formatting and checkstyle fixes. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	ee661f7b71	Fix whitespace issues in format-off code Fix a few whitespace issues in format-off code that would otherwise fail checkstyle. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	834dcf5bcf	Use consistent ternary expression style Update all ternary expressions so that the condition is always in parentheses and "not equals" is used in the test. This helps to bring consistency across the codebase which makes ternary expression easier to scan. For example: `a = (a != null) ? a : b` Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	8d3f039f76	Reduce method visibility when possible Reduce method visibility for package private classes when possible. In the case of abstract classes that will eventually be made public, the class has been made public and a package-private constructor has been added. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	612fb22a7f	Remove unnecessary lambda blocks Remove lambda blocks that aren't needed and replace instead with a simple expression. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	52f20b5281	Use parenthesis with single-arg lambdas Use regular expression search/replace to ensure all single-arg lambdas have parenthesis. This aligns with the style used in Spring Boot and ensure that single-arg and multi-arg lambdas are consistent. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	01d90c9881	Hide utility class constructors Update all utility classes so that they have a private constructor. This prevents users from accidentally creating an instance, when they should just use the static methods directly. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	ff94944313	Add whitespace after copyright header Add an additional lines after the copyright header and before the `package` declaration. This aligns with the style used by Spring Framework. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	31ec450d05	Remove superfluous comments Remove a few comments that previously add noise but don't offer a great deal of value. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	8d80166aaf	Update exception variable names Consistently use `ex` for caught exception and `cause` for Exception constructor arguments. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	e9130489a6	Remove restricted static imports Replace static imports with class referenced methods. With the exception of a few well known static imports, checkstyle restricts the static imports that a class can use. For example, `asList(...)` would be replaced with `Arrays.asList(...)`. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	b69825d925	Simplify boolean expression Simplify boolean expression of the form `if (b == true)` to instead just use the form `if (b)`. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	db55ef4b3b	Migrate to BDD Mockito Migrate Mockito imports to use the BDD variant. This aligns better with the "given" / "when" / "then" style used in most tests since the "given" block now uses Mockito `given(...)` calls. The commit also updates a few tests that were accidentally using Power Mockito when regular Mockito could be used. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	f1cee9500f	Ensure classes are defined in their own files Ensure that all classes are defined in their own files. Mostly classes have been changed to inner-types. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	053af720a4	Ensure no whitespace before lines Fix a few issues cause by the automatic formatting that meant additional leading whitespace was present. Issue gh-8945	2020-08-24 17:33:08 -05:00
Phillip Webb	4d487e8dc3	Ensure all files end with a new line Update all files to ensure that they always end with a new-line character. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	218480fb7c	Reduce the number of nested if statements Refactor `HeadersBeanDefinitionParser` and `AclImpl` to reduce the number of nested if statements. A few extracted methods are now used to hopefully improve readability. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	a0b9442265	Use consistent modifier order Update code to use a consistent modifier order that aligns with that used in the "Java Language specification". Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	3e700e7571	Remove (non-Javadoc) comments Search and replace using '(?s)/\\s\* $non-Javadoc$.?\/' to remove all "(non-Javadoc)" comments. These comments used to be added automatically by Eclipse, but are not really necessary. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	a2f2e9ac8d	Move inner-types so that they are always last Move all inner-types so that they are consistently the last item defined. This aligns with the style used by Spring Framework and the consistency generally makes it easier to scan the source. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	9e08b51ed3	Apply code cleanup rules to projects Apply automated cleanup rules to add `@Override` and `@Deprecated` annotations and to fix class references used with static methods. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	8866fa6fb0	Always use 'this.' when accessing fields Apply an Eclipse cleanup rules to ensure that fields are always accessed using `this.`. This aligns with the style used by Spring Framework and helps users quickly see the difference between a local and member variable. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	6894ff5d12	Make classes final where possible Update classes that have private constructors so that they are also declared final. In a few cases, inner-classes used private constructors but were subclassed. These have now been changed to have package-private constructors. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	b5d499e2eb	Remove empty block Refactor a few classes so that empty blocks are not longer used. For example, rather than: if(x) { } else { i++; } use: if(!x) { i++; } Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	37fa94fafc	Organize imports Use "organize imports" from Eclipse to cleanup import statements so that they appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	5f64f53c3f	Use consistent "@" tag order in Javadoc Ensure that Javadoc "@" tags appear in a consistent and well defined order. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	8142e4046f	Use compact annotation style Always use compact annotations when possible. For example, replace `@Target(value = ElementType.TYPE)` with `@Target(ElementType.TYPE)`. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	71bc145ae4	Remove superfluous comments Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression searches to remove superfluous comments. Prior to this commit, many classes would have comments to indicate blocks of code (such as constructors/methods/instance fields). These added a lot of noise and weren't all that helpful, especially given the outline views available in most modern IDEs. Issue gh-8945	2020-08-24 17:33:07 -05:00
Phillip Webb	b7fc18262d	Reformat code using spring-javaformat Run `./gradlew format` to reformat all java files. Issue gh-8945	2020-08-24 17:32:56 -05:00
Martin Vietz	0486d5add9	scopes_supported metadata not used as default in ClientRegistrations Closes gh-8514	2020-08-20 08:09:54 -04:00
Josh Cummings	af5c55c380	Polish AuthnRequest Customization Support Having the application generate the AuthnRequest fresh allows Spring Security to back away more gracefully. Using a Consumer implies that the application will need to undo any values that Spring Security set that the application doesn't want. Also, if this does become a configuration burden, it can be simplified in a separate ticket by exposing the default Converter. Issue gh-8776	2020-08-19 14:27:31 -06:00
Josh Cummings	1069e91645	RSocket Deprecations Stop using deprecated RSocket APIs in integration tests Issue gh-8948	2020-08-13 17:51:59 -06:00
koishikawa11	be6d2f117e	Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL Closes gh-8892	2020-08-11 07:59:22 -04:00
Phillip Webb	9caa39e370	Fix malformed formatter-on/off javadoc Remove the formatter-on/formatter-off comments from Javadoc examples so that they don't confuse checkstyle. The comments are not necessary in the Javadoc since `pre` blocks are not formatted in the same way as code. Issue gh-8945	2020-08-10 16:24:44 -05:00
Phillip Webb	8e092f8d2c	Add noformat blocks around withDefaultPasswordEncoder Find `withDefaultPasswordEncoder` calls and protect them against formatting. Issue gh-8945	2020-08-10 16:24:44 -05:00
Phillip Webb	6979125ccf	Add noformat blocks around User.withUsername Find `User.withUsername` calls and protect them against formatting. Issue gh-8945	2020-08-10 16:24:44 -05:00
Phillip Webb	63b5998fad	Add noformat blocks around auth config Find `auth` config using a regex search of `^\sauths$` and protect them against formatting. Issue gh-8945	2020-08-10 16:24:44 -05:00
Phillip Webb	103d822e46	Add noformat blocks around http config Find `http` config using a regex search of `^\shttps$` and protect them against formatting. Issue gh-8945	2020-08-10 16:24:44 -05:00
Phillip Webb	27ac046d8a	Rename Test.java -> Tests.java Rename a few test classes that accidentally ended in `Test` instead of `Tests`. Issue gh-8945	2020-08-10 16:24:44 -05:00
Joe Grandja	1d74d556c2	Revert "Lock Dependency Versions for 5.4.0-RC1" This reverts commit `f3a1e5d40c`.	2020-08-05 14:59:11 -04:00
Rob Winch	74b42ba956	Move RSocket integration tests to integration tests Closes gh-8944	2020-08-05 13:23:20 -05:00
Joe Grandja	f3a1e5d40c	Lock Dependency Versions for 5.4.0-RC1	2020-08-05 13:46:11 -04:00
Josh Cummings	b999faa5a0	Complete SAML 2.0 SP Metadata Endpoint Closes gh-8693	2020-08-05 10:08:47 -06:00
Jakub Kubrynski	8a355240bc	SAML 2.0 SP Metadata Endpoint Support Issue gh-8693	2020-08-05 10:08:47 -06:00
Eleftheria Stein	aeafe04260	Remove need for WebSecurityConfigurerAdapter Closes gh-8804	2020-08-05 10:10:12 -04:00
Josh Cummings	5061ae9e79	Add Saml2AuthenticationTokenConverter Closes gh-8768	2020-08-04 18:41:43 -06:00
Josh Cummings	a10c2c6cf8	Polish DefaultSaml2AuthenticationRequestContextResolver Issue gh-8360 Issue gh-8887	2020-08-04 17:29:13 -06:00
Joe Grandja	3bc0b8c144	Revert "Fix snapshot build failure related to reactor-netty" This reverts commit `f37714a26f`.	2020-08-04 14:24:32 -04:00
Joe Grandja	f37714a26f	Fix snapshot build failure related to reactor-netty Closes gh-8909	2020-08-04 14:17:03 -04:00
Joe Grandja	8146b1fdda	Deprecate CustomUserTypesOAuth2UserService Closes gh-8908	2020-08-04 13:23:44 -04:00
Joe Grandja	0ed919f072	Deprecate ClientRegistration.redirectUriTemplate Closes gh-8906	2020-08-04 11:03:29 -04:00
Joe Grandja	11cc94afd8	Deprecate ImplicitGrantConfigurer Closes gh-8902	2020-08-04 07:26:58 -04:00
Evgeniy Cheban	0a2006ebec	Support custom filter in Server Kotlin DSL Closes gh-8783	2020-07-22 05:32:16 -04:00
Dávid Kováč	37aa5f9b7c	Introduce AuthenticationConverterServerWebExchangeMatcher AuthenticationConverterServerWebExchangeMatcher is ServerWebExchangeMatcher implementation based on AuthenticationConverter which matches if ServerWebExchange can be converted to Authentication. It can be used as a matcher where SecurityFilterChain should be matched based on used authentication method. BearerTokenServerWebExchangeMatcher was replaced by this matcher. Closes gh-8824	2020-07-21 10:11:57 -06:00
Josh Cummings	cc44a93333	Polish WebSecurityConfigurerAdapter JavaDoc Issue gh-8784	2020-07-20 15:21:18 -06:00
Romil Patel	956a6ee00c	WebSecurityConfigurerAdapter JavaDoc Closes gh-8784	2020-07-20 15:21:18 -06:00
Josh Cummings	2c960d2ad1	Add AuthnRequestConsumerResolver Closes gh-8141	2020-07-16 14:53:22 -06:00
Joe Grandja	7cc6509200	Polish gh-8669	2020-07-15 11:52:42 -04:00
Eleftheria Stein	78ed6c4de6	Add custom HeaderWriter in Kotlin DSL Closes gh-8823	2020-07-10 14:18:48 +02:00
Eleftheria Stein	815ceae45c	Allow disabling headers in Kotlin DSL Closes gh-8816	2020-07-08 10:55:01 +02:00
Josh Cummings	146d0b6358	Revert "Lock Dependency Versions for 5.4.0-M2" This reverts commit `68538897c8`.	2020-07-01 13:11:50 -06:00
Josh Cummings	68538897c8	Lock Dependency Versions for 5.4.0-M2	2020-07-01 12:40:29 -06:00
Joe Grandja	0b5a14a900	Register OAuth2AuthorizedClientArgumentResolver as custom resolver for XML config Issue gh-8669	2020-07-01 11:07:33 -04:00
Peer Schönhusen	3e25714dc6	Add reified function variants to security DSL Closes gh-8697	2020-07-01 07:22:16 -04:00
Joe Grandja	edf06a3461	OAuth2AuthorizedClientArgumentResolver uses OAuth2AuthorizedClientManager @Bean Closes gh-8700	2020-06-30 11:25:39 -04:00
Joe Grandja	951e64185b	Register OAuth2AuthorizedClientArgumentResolver for XML Config Closes gh-8669	2020-06-25 16:10:29 -04:00
Eleftheria Stein	224361cb4a	Fix typo in Javadoc	2020-06-16 09:38:09 -04:00
Evgeniy Cheban	4e7be2078f	DefaultWebSecurityExpressionHandler uses RoleHierarchy bean Fixes gh-7059	2020-06-10 16:43:01 -04:00
Rob Winch	a907026eae	Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive Closes gh-8677	2020-06-10 11:48:56 -05:00
Joe Grandja	da4b626bf1	OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException Issue gh-8609	2020-06-09 17:28:21 -04:00
Parikshit Dutta	28d2cfa14a	Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter Fixes gh-8536	2020-06-02 21:54:09 -04:00
Rob Winch	748538d19f	Delay AuthenticationPrincipalArgumentResolver Creation Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its lookup. Closes gh-8613	2020-05-29 16:49:01 -05:00
Eleftheria Stein	61060b3a4f	Add multipart configuration to CSRF Kotlin DSL Fixes gh-8602	2020-05-27 17:01:12 -04:00
Eleftheria Stein	6f5947cab7	Fix test warnings	2020-05-27 17:00:48 -04:00
Eleftheria Stein	fa11ae3c33	Remove unused import	2020-05-27 14:27:29 -04:00
Eleftheria Stein	67d2efde1c	Resolve package tangles with security marker annotation	2020-05-27 07:33:24 -05:00
Eleftheria Stein	bc272ddf73	Resolve package tangles in Kotlin server package	2020-05-27 07:33:24 -05:00
Craig Andrews	f1db7167cb	Polish Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation. This change does not alter behavior.	2020-05-22 20:33:32 -05:00
Craig Andrews	dbdeec4216	Check for an existing SessionRegistry bean If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.	2020-05-22 20:33:32 -05:00
Evgeniy Cheban	0fa339f75b	Allow port=0 for ApacheDSContainer Fixes gh-8144	2020-05-21 16:14:01 -05:00
Josh Cummings	51a0cffd36	Post-process AuthenticationRequestFilter Fixes gh-8552	2020-05-18 21:08:23 -06:00
Josh Cummings	9241cd2892	Move TestRelyingPartyRegistrations Fixes gh-8551	2020-05-18 16:38:40 -06:00

... 3 4 5 6 7 ...

2008 Commits