7e41785dfc
Remove trailing spaces in default UIs
...
- Default UIs had blank lines with only spaces. These get deleted by the
spring-javaformat plugin. In order to avoid this behavior, an extra \s
had been inserted in the tests. The reason for those \s is not obvious.
- This commit cleans up the \s but changing the HTML templates.
2024-09-11 10:44:45 -07:00
85693b2806
Add DefaultResourcesFitler to XML configuration
2024-09-11 10:21:12 -07:00
63f018eb18
Update tests using deprecated classes
...
Issue gh-15737
2024-09-10 15:10:42 -05:00
c1b9035544
Use static CSS in OneTimeToken default UI
2024-09-10 12:46:13 -07:00
45d53973ab
Serve static content (css, js) for reactive default UIs from DefaultResourcesWebFilter
2024-09-10 12:46:13 -07:00
11616a1d78
Use static CSS in servlet default UI
2024-09-10 12:46:13 -07:00
c5c5cd5ed0
Serve static content (css, js) for default UIs from DefaultResourcesFilter
2024-09-10 12:46:13 -07:00
be6dc1d2bf
Polish MethodSecurityExpressionHandler Test
...
- Rename to follow convention
- Use a mock object to verify usage
Issue gh-15715
2024-09-10 13:12:47 -06:00
ef8b0addbb
Support custom MethodSecurityExpressionHandler
...
Closes gh-15715
2024-09-10 12:01:29 -07:00
e29058c7e4
Add AuthorizeReturnObject Spring Data Hints
...
Issue gh-15709
2024-09-10 11:57:31 -07:00
fd5d03d384
Add AuthorizeReturnObject Hints
...
Closes gh-15709
2024-09-10 11:57:31 -07:00
6428bf2bd8
Add test for rendering "request token" form in OneTimeTokenLoginConfigurerTests
2024-09-06 09:13:30 -03:00
803c32eb4e
Remove unused logger in OneTimeTokenLoginConfigurer
2024-09-06 09:13:30 -03:00
8d47906191
Render default UIs using lightweight templates
2024-09-05 15:02:42 -07:00
a953a3d162
Remove log message
2024-09-05 16:40:26 -03:00
c0a10b90ba
Merge remote-tracking branch 'origin/6.3.x'
2024-09-04 14:48:23 -06:00
5c20505b0e
Support Class Attributes in Annotation Template Processing
...
Closes gh-15721
2024-09-04 13:41:46 -07:00
81e4c7273a
Add One-Time Token Login support to Kotlin DSL
...
Closes gh-15698
2024-09-04 09:13:38 -03:00
db04b5a248
Merge branch '6.3.x'
2024-09-03 16:34:09 -06:00
ff41521e1e
Merge branch '6.2.x' into 6.3.x
2024-09-03 16:33:46 -06:00
b22061d0b6
Merge branch '5.8.x' into 6.2.x
2024-09-03 16:33:22 -06:00
97cefa6830
Update Formatting
...
Issue gh-15714
2024-09-03 15:32:59 -07:00
f836efb912
Address unnecessary method invocation
...
Closes gh-15714
2024-09-03 15:32:59 -07:00
00e4a8fb54
Add support for One-Time Token Login
...
Closes gh-15114
2024-09-03 10:07:56 -03:00
f0f47b54ec
Improve warning message
2024-08-31 16:48:59 -07:00
d2e8c19789
Merge branch '6.3.x'
2024-08-26 16:33:04 -06:00
279cb89eac
Merge branch '6.2.x' into 6.3.x
2024-08-26 16:32:58 -06:00
f372f5cf52
Replace OidcSessionStrategy References with OidcSessionRegistry
2024-08-26 15:32:35 -07:00
dff3780c5e
Merge branch '6.3.x'
2024-08-22 12:38:17 -06:00
4c0d969f1f
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15676
2024-08-22 12:37:45 -06:00
3ee5a96e53
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15675
2024-08-22 12:24:56 -06:00
5c604b95fb
Correct PostFilterAuthorizationMethodInterceptor Target Type
...
Previously, `postFilterAuthorizationMethodInterceptor` mistakenly
was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar`
re-publishes each pre/post annotation interceptor also as an `Advisor`,
this resulted in a duplicate advisor for `@PostFilter`.
Closes gh-15651
2024-08-22 12:10:25 -06:00
f398be793d
Simplify AuthorizationAdvisorProxyFactory Configuration
...
Closes gh-15497
2024-08-19 12:34:38 -06:00
6352877bc4
Merge branch '6.3.x'
2024-08-19 12:34:32 -06:00
ae8e4d148e
Produce Exactly One AuthorizationAdvisor Per Annotation
...
Closes gh-15592
2024-08-19 12:30:03 -06:00
27af1df87d
Simplify Method Interceptor Configuration
...
Simplifies to use only one ObjectProvider for easier
future maintenance
Issue gh-15592
2024-08-19 12:27:56 -06:00
b731623b3a
Fix checkstyle errors with @Deprecated
2024-08-19 10:55:58 -03:00
b92ed92548
Fix checkstyle errors with @Deprecated
2024-08-19 10:55:28 -03:00
912062d307
Merge branch '6.2.x' into 6.3.x
2024-08-19 09:11:10 -03:00
79fb0113c8
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
2caf1fb6b4
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
ed16c86115
Improve @CurrentSecurityContext meta-annotations
...
Closes gh-15551
2024-08-13 13:18:15 -06:00
59ec1f6480
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
...
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.
Issue gh-15497
2024-08-12 10:12:14 -06:00
08b8b09066
Update Copyright
...
Issue gh-15286
2024-08-10 11:48:14 -06:00
2b33f6f04a
Add Config Tests for AuthenticationPrincipal Templates
...
Issue gh-15286
2024-08-10 11:46:51 -06:00
e40c98e6d7
Deprecate PrePostTemplateDefaults
...
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.
If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.
Issue gh-15286
2024-08-10 11:46:51 -06:00
2c02d8aec7
Update Copyright
2024-08-10 11:46:51 -06:00
895978c818
Auto config AuthenticationPrincipalArgumentResolver When AnnotationTemplateExpressionDefaults bean is Present
2024-08-10 11:46:51 -06:00
71f40f2bc4
Merge branch '6.3.x'
...
Use explicit types instead of var
Closes gh-155537
2024-08-08 15:30:16 -05:00
3b8cdc323f
Remove unused method
2024-08-08 15:29:41 -05:00
109da2719f
Use explicit types everywhere instead of var
2024-08-08 15:29:41 -05:00
02cca6f737
Polish AuthorizationAdvisorProxyFactory advisor configuration
...
Closes gh-15497
2024-08-07 10:09:51 -06:00
816ebe38b5
Add OpenSAML to Config Build
...
Issue gh-11658
2024-08-06 18:14:12 -06:00
1da383b360
Add OpenSAML 5 Support
...
Issue gh-11658
2024-08-06 18:14:11 -06:00
78a0173cc1
Use OpenSAML API for web
...
Issue gh-11658
2024-08-06 18:14:11 -06:00
51fc05630d
Use OpenSAML API for web.authentication.logout
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
ff9a925e88
Use OpenSAML API for metadata
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
416859e70e
Use OpenSAML API in authentication.logout
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
bc8ba7f3b7
Inline CSS for default login and logout page
...
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
in air-gapped or offline scenarios, and no dependency on an external CDN that may
go away some day.
2024-08-05 09:27:18 -05:00
37a2812d1a
Mimic Annotation Fallback Logic
...
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.
This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.
Issue gh-15352
2024-07-31 16:17:42 -06:00
f20ae1a71c
Revert gh-13783
...
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.
Closes gh-15352
2024-07-31 16:16:34 -06:00
304685521c
Fix tags order
2024-07-29 15:35:48 -03:00
8231b8a03b
Merge branch '6.3.x'
2024-07-29 14:56:16 -03:00
c1b3b329af
Merge branch '6.2.x' into 6.3.x
2024-07-29 14:56:09 -03:00
3d4bcf1b44
fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource
...
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
2024-07-29 14:55:55 -03:00
98af8d1123
Add permissionsPolicyHeader
...
This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`.
Closes gh-14803
2024-07-29 09:26:42 -03:00
9d8888c5f0
Use AssertingPartyMetadata
...
Issue gh-15394
2024-07-19 18:48:23 -07:00
fdcf3c6df9
Merge branch '6.3.x'
2024-07-18 15:51:21 -06:00
ba714d78ab
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15440
2024-07-18 15:51:10 -06:00
3daeeb8789
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15439
2024-07-18 15:50:58 -06:00
dab48d25b0
Improve Error Message When Registration Missing
...
Closes gh-15363
2024-07-18 15:50:41 -06:00
796e4d6b6c
Add query parameter support for authn requests
...
Closes gh-15017
2024-07-13 23:57:57 -06:00
8ee497f4c5
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15410
2024-07-12 11:04:08 -06:00
7422a1134a
Allow logout+jwt JWT type
...
Closes gh-15003
2024-07-12 10:03:40 -07:00
773e86701e
Add ParameterRequestMatcher
...
Closes gh-15342
2024-07-02 15:17:54 -06:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
0e7566ede3
Adjust any-request check
...
Storing the request matcher outside of the for loop means that
if one of the SecurityFilterChain instances is not of type
DefaultSecurityFilterChain, then the error may print out an
earlier request matcher instead of the current one.
Instead, this commit changes to print out the entire filter chain
so that it can be inside of the for loop, regardless of type.
Issue gh-15220
2024-06-17 14:34:03 -06:00
4c780bf8d4
Add support checking AnyRequestMatcher securityFilterChains
...
Closes gh-15220
2024-06-17 13:05:36 -06:00
7eaab95639
Polish gh-15237
2024-06-13 16:05:15 -05:00
4e52eda0f5
Add support configuring OAuth2AuthorizationRequestResolver as bean
...
Closes gh-15236
2024-06-13 16:05:15 -05:00
b4c8fdf91d
Add missing @Test annotation
2024-06-10 15:43:52 -03:00
7c43fc111f
Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL
...
Closes gh-15136
2024-06-10 15:41:28 -03:00
4ca0de9c2d
Sync XSD with RncToXsd Task
2024-06-06 15:17:56 -06:00
a7f9ccb6d6
Use GrantedAuthorityDefaults Bean in Kotlin DSL
...
Closes gh-15171
2024-06-06 15:16:32 -06:00
87ee464dce
Merge branch '6.3.x'
2024-06-06 13:36:39 -06:00
22c7b8760a
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15211
2024-06-06 13:36:20 -06:00
f231ea277d
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15210
2024-06-06 13:35:56 -06:00
6aabd768a8
Pick MvcRequestMatcher for MockMvc requests
...
Closes gh-13849
2024-06-06 13:17:43 -06:00
81abc453fe
Merge branch '6.3.x'
2024-06-03 17:43:12 -06:00
0aed8df549
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15197
2024-06-03 17:42:58 -06:00
d6228e0882
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15196
2024-06-03 17:42:25 -06:00
cdd626644e
Use Request-Level Servlet Context
...
Spring Security cannot use the ServletContext attached
to the ApplicationContext since there may be child
ApplicationContext's with their own ServletContext.
Because of that, it is necessary to always use the
ServletContext attached to the request.
Closes gh-14418
2024-06-03 17:41:51 -06:00
5a798e93f1
Polish MVC Tests
...
Issue gh-14418
2024-06-03 17:41:51 -06:00
9101bf1f7d
Allow logout+jwt JWT type
...
Closes gh-15003
2024-05-31 14:41:05 -06:00
f104d1aeea
Update Copyright
...
PR gh-15013
2024-05-31 12:39:17 -06:00
3b7f714f00
Add SecurityContextRepository to Kotlin Reactive DSL
2024-05-31 12:38:17 -06:00
c89647a56e
Deprecate shouldFilterAllDispatcherTypes from Kotlin DSL
...
Issue gh-12138
2024-05-27 09:00:54 -03:00
9f44f3b79a
Deprecate authorizeRequests from Kotlin DSL
...
Closes gh-15173
2024-05-27 08:51:32 -03:00
f6ea99d8a3
Prepare for Spring Security 6.4
...
Closes gh-15155
2024-05-24 11:41:28 -03:00
ddcaeb5c20
Serialize objects from 6.3.x
...
Issue gh-3737
2024-05-24 09:47:29 -03:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
b3c7f3ff19
Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
...
Issue gh-7395
2024-04-30 08:38:03 -03:00
47775f5167
Merge branch '6.2.x'
2024-04-26 17:09:29 -06:00
29d3b438b9
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:09:17 -06:00
1ecb036fba
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:09:05 -06:00
0e211382ee
Remove useBase64 parameter
2024-04-26 17:05:49 -06:00
11421c6385
Merge branch '6.2.x'
2024-04-25 14:03:27 -06:00
664dfd9b45
Defer Anonymous Filter Construction
...
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.
This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.
Closes gh-14941
2024-04-25 14:03:10 -06:00
7ddc00521e
Improve logging for Global Authentication
...
Closes gh-14663
2024-04-25 11:35:59 -06:00
2bcbef1695
Add Saml2Logout DSL Support
...
Closes gh-14935
2024-04-22 11:12:45 -06:00
a4dbf458ab
Add relying-party-registrations#id
...
Closes gh-14487
2024-04-18 12:56:56 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
fd891d8fe3
Add proxyBeanMethods=false
...
Addresses too early creation warning of a configuration imported by
ReactiveOAuth2ClientConfiguration.
Closes gh-14900
2024-04-12 11:17:41 -05:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
75197ca531
inject PasswordEncoder into DaoAuthenticationProvider constructor
...
Closes gh-14691
2024-04-08 09:39:25 -05:00
d6ae058ee1
Merge branch '6.2.x'
...
Closes gh-14866
2024-04-08 11:16:30 -03:00
697d0c9af4
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14865
2024-04-08 11:16:15 -03:00
472c9f8275
Avoid initializing raw bean during runtime in native-images
...
Closes gh-14825
2024-04-08 11:11:23 -03:00
61e93ee68b
Merge branch '6.2.x'
2024-04-04 14:56:32 -05:00
16e2bdc9bc
Merge branch '6.1.x' into 6.2.x
2024-04-04 14:55:45 -05:00
c2447ec257
Merge branch '5.8.x' into 6.1.x
2024-04-04 14:55:03 -05:00
39dbd24dcb
Polish gh-14742
2024-04-04 14:51:19 -05:00
bb43174752
Fix Bean Name
...
Issue gh-14480
2024-04-04 13:30:30 -06:00
3f7355abc6
Synthesize all annotation attributes
...
Issue gh-14601
2024-04-04 13:30:29 -06:00
33ebd5405a
Removed dataSource null validation
...
Fixed data source validation
2024-04-04 14:21:18 -05:00
6f07d63938
Support SpEL Returning AuthorizationDecision
...
Closes gh-14598
2024-04-04 11:32:00 -06:00
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
...
This reverts commit 77f2977c55
2024-04-04 11:31:45 -06:00
77f2977c55
Support SpEL Returning AuthorizationDecision
...
Closes gh-14599
2024-04-04 09:52:15 -07:00
d85857f905
Add Authorization Denied Handlers for Method Security
...
Closes gh-14601
2024-04-03 09:25:12 -03:00
ff19f04fca
Add JwtValidators append to default
...
Implemented simplified creation of default OAuth2TokenValidator with additional validators.
Closes gh-14831
2024-04-02 14:41:35 -07:00
7d66525e23
Add Compromised Password Checker
...
Closes gh-7395
2024-04-01 09:48:07 -03:00
abf9dc165a
Merge branch '6.2.x'
2024-03-26 10:55:48 -05:00
614123e6f9
Update tests that fail on Windows
...
Issue gh-14609
2024-03-26 10:49:47 -05:00
44033cd8b9
Make Internal Logout URI Configurable
...
Closes gh-14609
2024-03-22 16:31:44 -06:00
e18ec48134
Fix Test
...
Issue gh-14553
2024-03-22 16:31:42 -06:00
662cfed349
Make Internal Logout URI Configurable
...
Closes gh-14609
2024-03-22 16:28:21 -06:00
c95f009b23
Fix Test
...
Issue gh-14553
2024-03-22 16:27:16 -06:00
9898e0e993
Move AuthorizationAdvisorProxyFactory
...
To prevent package tangles
Issue gh-14596
2024-03-22 11:00:39 -06:00
795e44d11f
Add Value-Type Ignore Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
ce54a6db18
Add TestAuthentication convenience method
...
Issue gh-14597
2024-03-19 10:27:03 -06:00
d169d5a835
Add AuthorizeReturnObject
...
Closes gh-14597
2024-03-19 10:27:03 -06:00
c611b7e33b
Add AuthorizationProxyFactory Reactive Support
...
Issue gh-14596
2024-03-15 11:44:30 -06:00
f541bce492
Polish AuthorizationAdvisorProxyFactory
...
- Ensure Reasonable Defaults
- Simplify Construction
Issue gh-14596
2024-03-15 11:44:30 -06:00
77c30c431e
Polish tests
...
Issue gh-11783
Issue gh-13763
2024-03-14 15:40:43 -05:00
80a8d3831a
Simplify reactive OAuth2 Client configuration
...
Closes gh-13763
2024-03-14 15:40:43 -05:00
52dfbfb5b3
Add Authorization Proxy Support
...
Closes gh-14596
2024-03-13 14:35:07 -06:00
d6382b83dc
Configure token-exchange via a bean
...
Issue gh-5199
Issue gh-11783
Closes gh-14701
2024-03-07 11:03:10 -06:00
bade66e588
Fix Circular Dependency
...
Closes gh-14674
2024-03-01 14:21:13 -07:00
f8ff056eb6
Update Max Sessions on WebFlux
...
Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler
Issue gh-6192
2024-02-28 10:06:45 -03:00
Daniel Garnier-Moiroux
Steve Riesenberg
Josh Cummings
DingHao
Marcus Hert Da Coregio
Max Batischev
tugjg
Yanming Zhou
Hero Wanders
Rob Winch
baezzys
earlgrey02
sheheryarumair