e932387714
fix docs error
...
Closes gh-14978
2024-05-13 09:28:27 -03:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
b3c7f3ff19
Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
...
Issue gh-7395
2024-04-30 08:38:03 -03:00
2a6f0cac5a
Fix not exist class in java doc
...
Closes gh-14954
2024-04-25 11:37:23 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
933ef67637
Polish AuthorizationDeniedException Handling
...
Issue gh-14600
2024-04-11 14:30:00 -06:00
50b85aea0d
Handle SpEL AuthorizationDeniedExceptions
...
Closes gh-14600
2024-04-10 15:36:23 -07:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
c8e5fbf21b
Fix Package Tangle
...
Issue gh-14598
2024-04-05 16:48:52 -06:00
e5f7453690
fix: variable naming convention
...
Changed the variable name from MAX_INTITEM_LENGTH to MAX_INT_ITEM_LENGTH to adhere to naming conventions
2024-04-05 15:05:32 -07:00
3f7355abc6
Synthesize all annotation attributes
...
Issue gh-14601
2024-04-04 13:30:29 -06:00
6f07d63938
Support SpEL Returning AuthorizationDecision
...
Closes gh-14598
2024-04-04 11:32:00 -06:00
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
...
This reverts commit 77f2977c55
2024-04-04 11:31:45 -06:00
77f2977c55
Support SpEL Returning AuthorizationDecision
...
Closes gh-14599
2024-04-04 09:52:15 -07:00
d85857f905
Add Authorization Denied Handlers for Method Security
...
Closes gh-14601
2024-04-03 09:25:12 -03:00
19d66c0b8a
Introduce AuthorizationResult
2024-04-03 09:25:12 -03:00
7d66525e23
Add Compromised Password Checker
...
Closes gh-7395
2024-04-01 09:48:07 -03:00
148776309f
Merge branch '6.2.x'
2024-03-22 14:33:57 -06:00
afcce0c277
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14795
2024-03-22 14:33:44 -06:00
7162046144
Remove Reference to MethodInvocationResult
...
Closes gh-14794
2024-03-22 14:33:23 -06:00
04799c5aac
Update AuthenticationProvider JavaDoc
...
Authentication is an interface, not a class. So, it's not correct
to say "instance of the Authentication class".
2024-03-22 11:27:58 -06:00
e1c5dc0e66
Polish JavaDoc
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
9898e0e993
Move AuthorizationAdvisorProxyFactory
...
To prevent package tangles
Issue gh-14596
2024-03-22 11:00:39 -06:00
12ea8a5738
Add Supplier Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
795e44d11f
Add Value-Type Ignore Support
...
Issue gh-14597
2024-03-22 11:00:39 -06:00
ce54a6db18
Add TestAuthentication convenience method
...
Issue gh-14597
2024-03-19 10:27:03 -06:00
d169d5a835
Add AuthorizeReturnObject
...
Closes gh-14597
2024-03-19 10:27:03 -06:00
a8a9341f2e
Merge branch '6.2.x'
...
Closes gh-14667
2024-03-18 06:43:37 -03:00
a972338e1d
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14666
2024-03-18 06:43:09 -03:00
f84c4ea583
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14665
2024-03-18 06:42:43 -03:00
2c9dc08e43
Merge branch '5.7.x' into 5.8.x
...
Closes gh-14664
2024-03-18 06:40:34 -03:00
5a7f12f1a9
Check for null Authentication
...
Closes gh-14715
2024-03-18 06:39:08 -03:00
c611b7e33b
Add AuthorizationProxyFactory Reactive Support
...
Issue gh-14596
2024-03-15 11:44:30 -06:00
f541bce492
Polish AuthorizationAdvisorProxyFactory
...
- Ensure Reasonable Defaults
- Simplify Construction
Issue gh-14596
2024-03-15 11:44:30 -06:00
52dfbfb5b3
Add Authorization Proxy Support
...
Closes gh-14596
2024-03-13 14:35:07 -06:00
d17cbf4342
Merge branch '6.2.x'
...
Closes gh-14724
2024-03-12 10:19:05 -03:00
940efe76fc
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14723
2024-03-12 10:18:51 -03:00
8fe0303bad
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14722
2024-03-12 10:18:33 -03:00
8f42c86a57
Use AuthorizationInterceptorsOrder for Post Authorize Method Interceptors
...
Closes gh-14720
2024-03-12 10:17:45 -03:00
c5a4405c54
Polish JavaDoc
...
Issue gh-14521
2024-02-26 10:59:54 -07:00
09010f3f51
Add ContinueOnError Support For Failed Authentications
...
Closes gh-14521
2024-02-26 10:59:54 -07:00
4d383023cb
Add meta-annotation parameter support
...
Closes gh-14480
2024-02-26 10:50:35 -07:00
21580fd27d
Merge branch '6.2.x'
2024-02-16 13:31:20 -03:00
15306c1007
Merge branch '6.1.x' into 6.2.x
2024-02-16 13:21:15 -03:00
750cb30ce4
Add AuthenticationTrustResolver.isAuthenticated
2024-02-16 13:08:29 -03:00
915d68e216
Remove includeExpiredSessions parameter
...
The reactive implementation of max sessions does not keep track of expired sessions, therefore we do not need such parameter
Issue gh-6192
2024-02-06 10:43:00 -03:00
b0da37d4fa
Have Method Security Start at Target Class
...
Closes gh-13783
2024-02-01 09:33:25 -07:00
2b7d296994
Revise AuthorizationAnnotationUtils
...
This commit revises AuthorizationAnnotationUtils as follows.
- Removes code duplication by treating both Class and Method as
AnnotatedElement.
- Avoids duplicated annotation searches by processing merged
annotations in a single Stream instead of first using the
MergedAnnotations API to find possible duplicates and then again
searching for a single annotation via AnnotationUtils (which
effectively performs the same search using the MergedAnnotations API
internally).
- Uses `.distinct()` within the Stream to avoid the need for the
workaround introduced in gh-13625. Note that the semantics here
result in duplicate "equivalent" annotations being ignored. In other
words, if @PreAuthorize("hasRole('someRole')") is present multiple
times as a meta-annotation, no exception will be thrown and the first
such annotation found will be used.
- Improves the error message when competing annotations are found by
including the competing annotations in the error message.
- Updates AuthorizationAnnotationUtilsTests to cover all known,
supported use cases.
- Configures correct role in @RequireUserRole.
Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.
See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
2024-01-18 07:42:58 -07:00
85177c0178
Merge branch '6.2.x'
...
Closes gh-14408
2024-01-05 14:22:49 -03:00
a32cd66179
Polish gh-14263
2023-12-26 11:56:42 -06:00
10e0f98d5e
Add doc and javadoc for CachingUserDetailsService
...
Close gh-10914
2023-12-26 10:57:58 -06:00
ec02c22459
Add Request Path Extraction Support
...
Closes gh-13256
2023-12-19 18:15:49 -07:00
13ad66807e
Update messages_es_ES.properties
...
Uncomment and translate message property.
2023-12-14 10:24:19 -06:00
db7c5d128b
Fix Typos
...
Closes gh-14268
2023-12-11 11:34:52 -07:00
dfef781e33
Add default implementation in UserDetails
...
Closes gh-14275
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
2023-12-11 11:00:57 -07:00
57ab15127a
Add Max Sessions on WebFlux
...
Closes gh-6192
2023-12-11 09:48:34 -03:00
4a50d5aab3
Merge branch '6.2.x'
2023-12-09 11:52:31 -07:00
6e636e6abb
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14267
2023-12-09 11:50:58 -07:00
9f90661b6f
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14266
2023-12-09 11:43:04 -07:00
be11812fe4
Account for Super-super-interface Inheritance
...
Closes gh-13625
2023-12-09 11:41:02 -07:00
92be497d24
Polish RoleHierachyImpl#of
...
- Change to #fromHierarchy to match naming convention
- Keep existing test methods the same
- Deprecate setHierarchy and default constructor
- Add private Map constructor
- Change Adjust RoleHierarchyBuilder to use Map constructor
Issue gh-13788
2023-12-08 11:49:50 -07:00
c1b3351569
Add RoleHierarchyImpl#of
...
Closes gh-13788
2023-12-08 11:49:50 -07:00
bb6b55aca3
Add Not Support
...
Closes gh-14058
2023-12-07 16:24:19 -07:00
e49ae096e6
Add AuthorizationManager factory methods
...
Factory methods to create AuthorizationManager with a configurable default AuthorizationDecision.
Closes gh-13085
2023-12-07 15:20:08 -07:00
ee8bc78cbc
Polish RoleHierarchyImpl#Builder
...
- Added documentation
- Removed withNoRolePrefix for now; let's see how folks
use the minimal API first
- Adjusted class hierarchy to match AuthorizeHttpRequests more
closely
- Adjusted to match Spring Security style guide
- Added needed @since attributes
Issue gh-13300
2023-12-07 15:18:13 -07:00
7d366242ce
Add RoleHierarchyImpl.Builder
...
Closes gh-13300
2023-12-07 15:18:13 -07:00
1ce1ff92de
Update messages_ca.properties
...
Add translation for new message properties
2023-12-07 15:28:06 -06:00
d50698a269
Prepare for Spring Security 6.3
...
Closes gh-14210
2023-12-05 15:49:42 -07:00
3f6b6aa523
Update Javadoc for getAuthorizationDecision method
...
Added missing description for `@return` tag.
2023-11-21 10:07:42 -03:00
e3ab1c94d7
Use assertj assertions
2023-11-17 09:04:50 -03:00
a7da9491d9
Use assertj assertions
2023-11-17 09:03:36 -03:00
97516727a4
Add Coroutine Support
...
Closes gh-12080
2023-11-15 11:48:37 -07:00
24abf45128
Merge remote-tracking branch 'origin/6.1.x'
2023-11-07 13:13:29 -07:00
f295e9d28f
Merge branch '6.0.x' into 6.1.x
...
Closes gh-14111
2023-11-07 13:09:20 -07:00
bb354f1895
Merge branch '5.8.x' into 6.0.x
...
Closes gh-14110
2023-11-07 13:07:25 -07:00
11a21896dd
Defer SecurityContextHolderStrategy Lookup
...
Due to how early method interceptors are loaded during startup
it's reasonable to consider scenarios where applications are
changing the global security context holder strategy during
startup.
Closes gh-12877
2023-11-07 12:36:16 -07:00
6e0fb2fc96
Merge branch '6.1.x'
2023-11-06 15:03:06 -03:00
99c84aa935
Merge branch '6.0.x' into 6.1.x
2023-11-06 15:02:09 -03:00
3893136084
Remove Gradle deprecations
...
Stop using JavaPluginConvention type and replace outputFile with destinationFile
Issue gh-13864
2023-11-06 15:01:38 -03:00
d0a5ada2da
Fix formatting
2023-10-31 15:38:44 -05:00
447f40949c
Revert unnecessary merges on 6.1.x
...
This commit removes unnecessary main-branch merges starting from
9f8db22b774d6ff49b9ded6ff670d1c823b0079444fad21363
2023-10-31 15:22:15 -05:00
9db33f33c7
Revert unnecessary merges on 6.0.x
...
This commit removes unnecessary main-branch merges starting from
8750608b5b5dce82c48b
2023-10-31 15:11:45 -05:00
1589d19c8b
Fix typos in spring-security core module
2023-10-31 09:48:43 -03:00
cc86afe658
Use same case for all fields in toString
2023-10-16 14:42:53 -06:00
07b6c451fd
Merge branch '6.1.x'
...
Closes gh-13884
2023-09-29 11:47:38 -03:00
8adfc9b463
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13883
2023-09-29 11:46:48 -03:00
92c82191c9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13882
2023-09-29 11:46:00 -03:00
64e2a2ff8b
Apply updated Code Style
...
Closes gh-13881
2023-09-29 11:44:32 -03:00
7f61d40415
Fix code style
2023-09-27 10:51:08 -05:00
33fb37e134
Fix Tests on JDK 21
...
Issue gh-13811
2023-09-27 11:59:09 -03:00
ff374935fb
Verify ReactorContext when using Virtual Threads
...
Closes gh-12791
2023-09-25 12:01:31 -05:00
247ce5dcab
Add integration tests for virtual threads
...
Closes gh-12790
2023-09-19 10:39:05 -05:00
ecf8467cac
Fix tests on JDK 21
...
Issue gh-12790
Issue gh-13811
2023-09-19 10:39:04 -05:00
d6ff58bb7f
Update Mockito to 5.5.0
...
Closes gh-13810
2023-09-19 10:39:03 -05:00
9df9cb5aed
refactor: AssertJ best practices
...
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D
Co-authored-by: Moderne <team@moderne.io>
2023-09-12 16:18:14 -06:00
92256f0522
Support nested suspend calls for Kotlin coroutines
...
Closes gh-13764
2023-09-05 00:23:30 -05:00
75e0068925
Merge branch '6.1.x'
2023-08-07 16:03:55 -06:00
bcd4dcc15c
Refactor equals method
...
Using the accessor method for fields instead of directly access
2023-08-07 16:00:18 -06:00
8df8d4022e
Fix documentation typo
...
changed "user name" to "username"
2023-08-07 16:00:18 -06:00
MrJovanovic13
Marcus Hert Da Coregio
DingHao
Josh Cummings
YunByungil
Ali-Hassan
ruabtmh
Rob Winch
Sam Brannen
Steve Riesenberg
Federico Herrera
Taehong Kim
Angel Aguilera
ahmd-nabil
Toshiaki Maki
Yuriy Savchenko
Angel Aguilera
YangSiJun528
Steve Riesenberg
Martin Lukas
valery1707
Tim te Beek
Seongguk Jeong