Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-17 22:40:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,908 Commits 49 Branches 376 Tags
Commit Graph

860 Commits

Author SHA1 Message Date
Marcus Da Coregio
65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Marcus Da Coregio
ed3b0fbaad Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:47:49 -03:00
Steve Riesenberg
df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi
925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Igor Pelesic
a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
« Christophe
4318a51971 Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:22:35 -06:00
Onur Kagan Ozcan
aa0f788f59 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:18 -06:00
Josh Cummings
7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Josh Cummings
76ebbb84f7 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Philipp Neuschwander
6db58cbf8a Conditionally resolve bearer token from request parameters 
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
 2021-10-13 17:10:50 -05:00
Gaurav Tiwari
33708e61fb Add postProcess support to Saml2LogoutConfigurer 
Closes gh-10311
 2021-10-13 12:05:48 -06:00
Josh Cummings
fbb7691be4 Polish SecurityNamespaceHandler Tests 
Issue gh-8974
 2021-10-13 11:50:14 -06:00
Emil Sierżęga
8daa6ec1fd SecurityNamespaceHandler: update schema version to 5.6 
Closes gh-8974
 2021-10-13 11:49:57 -06:00
Marcus Da Coregio
7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId 
Closes gh-10176
 2021-10-04 09:54:40 -03:00
Marcus Da Coregio
e36e2b2a97 Move Saml2AuthnRequestRepository to web package 
Moving to solve package tangles

Issue gh-9185
 2021-09-29 14:10:39 -03:00
Rob Winch
3b64cdfc03 Fix XsdDocumentedTests 
Issue gh-5835
 2021-09-24 10:25:26 -05:00
Josh Cummings
c3ba2332da Wire BeanResolver into DefaultMethodSecurityExpressionHandler 
Closes gh-10305
 2021-09-22 14:14:29 -06:00
Josh Cummings
7b599d4770 Share JWKSource Instances 
Closes gh-10312
 2021-09-22 13:28:08 -06:00
Marcus Da Coregio
0364518b69 Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean 
Closes gh-10268
 2021-09-17 08:13:19 -03:00
Josh Cummings
4f06fc6ed1 Add Saml2LogoutConfigurer 
Closes gh-9497
 2021-09-13 16:39:48 -06:00
Yanming Zhou
f2b2e6002f Replace static "ROLE_" with customized role prefix 
Fix gh-4134
 2021-09-09 11:48:25 -06:00
Eleftheria Stein
3ab6bee856 Make method static to prevent circular dependency error 
Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport.

Closes gh-10076
 2021-08-11 13:46:45 +02:00
Marcus Da Coregio
662ab10416 Fix test getting stuck 
The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class

Issue gh-6025
 2021-07-27 14:55:53 -06:00
Marcus Da Coregio
16e17d242e Add Saml2AuthenticationRequestRepository 
Closes gh-9185
 2021-07-27 14:55:53 -06:00
Josh Cummings
6370906ead
Add SpringOpaqueTokenIntrospector 
Closes gh-9354
 2021-07-26 10:50:50 -06:00
Rob Winch
e251abb1ae more import cleanup 2021-07-09 14:49:47 -05:00
Rob Winch
3c4e15264c Add @ExtendWith(SpringTestContextExtension.class) 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'
 2021-07-09 14:49:46 -05:00
Rob Winch
7dfd169ece Add import ExtendWith 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'
 2021-07-09 14:49:45 -05:00
Rob Winch
e4b09f62f0 Add SpringTestContextExtension to existing ExtendWith 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' -l | xargs sed -E -i 's/@ExtendWith\((.*)\)/@ExtendWith({ \1, SpringTestContextExtension.class })/'
 2021-07-09 14:49:42 -05:00
Rob Winch
5133340bf8 Add import SpringTestContextExtension 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext;/a import org.springframework.security.config.test.SpringTestContextExtension;'
 2021-07-09 14:47:54 -05:00
Rob Winch
60078df62a remove @Rule 
rg '@Rule' -g '!buildSrc/**' -l | xargs sed -i '/@Rule/d'
rg 'import org.junit.Rule' -g '!buildSrc/**' -l | xargs sed -i '/import org.junit.Rule/d'
 2021-07-09 14:46:51 -05:00
Rob Winch
671040bb27 SpringTestRule to SpringTestContext 
rg 'new SpringTestRule()' -l | xargs sed -i 's/new SpringTestRule()/new SpringTestContext(this)/'
rg 'val spring = SpringTestRule()' -l | xargs sed -i 's/val spring = SpringTestRule()/val spring = SpringTestContext(this)/'
 2021-07-09 14:41:51 -05:00
Rob Winch
e8c44e6390 Add SpringTestContextExtension 2021-07-09 14:35:10 -05:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
2a62c4d976 Fix NamespaceHttpInterceptUrlTests 2021-07-09 14:32:52 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Eleftheria Stein
585788ad0a Add AuthenticationManager to HttpSecurity 
Closes gh-10040
 2021-07-07 15:44:42 +02:00
Evgeniy Cheban
d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Josh Cummings
e91cacfdaf
Polish no-parameter authorizeHttpRequests 
- Cleaned up JavaDoc
- Updated implementation to align with no-parameter authorizeRequests
- Updated test names and content for clarity, specifically identified
tests that target no-parameter authorizeHttpRequests with noParameter in
the name
- Switched order of methods to match others in HttpSecurity
- Updated copyright year

Issue gh-9498
 2021-06-28 15:45:24 -06:00
sdratler1
3820f0f3a3
Add no-parameter authorizeHttpRequests method 
Closes gh-9498
 2021-06-28 15:34:49 -06:00
/usr/local/ΕΨΗΕΛΩΝ
fe99c3b83b
https://stackoverflow.com/questions/67520600/redirect-to-different-page-after-login-based-on-user-role-with-spring-security/67531436#67531436 
Closes gh-7282
 2021-06-28 11:48:07 +02:00
Eleftheria Stein
94a3adb928 Apply DefaultLoginPageConfigurer before logout 
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
 2021-06-24 10:26:13 +02:00
Eleftheria Stein
dfd0047f0b Disable default logout page when logout disabled 
Closes gh-9475
 2021-06-17 16:38:23 +02:00
Thomas Vitale
b44d0fb319 Load ReactiveJwtAuthenticationConverter bean in OAuth2 Resource Server config 
When a bean of type ReactiveJwtAuthenticationConverter is defined,
the OAuth2 Resource Server configuration will use it automatically
when no other converter is defined through the DSL.

Closes gh-9698
 2021-06-15 14:22:15 -06:00
Marcus Hert da Coregio
9d2db89838 Fix Adding Filter Relative to Custom Filter 
Closes gh-9787
 2021-06-14 14:37:21 -03:00
Josh Cummings
65239e93f9
Update Copyright Header 
Issue gh-9845
 2021-06-09 11:33:48 -06:00
Josh Cummings
5b49433ed1
Add GlobalMethodSecurityConfiguration Test 
Issue gh-9845
 2021-06-09 09:29:52 -06:00
Rob Winch
68f91edbb8 Make XsdDocumentedTests Parsing More Lenient 
Closes gh-9830
 2021-05-27 18:37:14 -05:00
Rob Winch
8400b841e9 Improve XsdDocumentedTests Error Message 
This makes it easier to compare the expected and actual values.

Closes gh-9829
 2021-05-27 18:37:02 -05:00