Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,562 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1743 Commits

Author SHA1 Message Date
Marcus Da Coregio a763382c3e Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-12 17:26:25 -03:00
Marcus Da Coregio ba810e468f Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:01:57 -03:00
Rob Winch e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00
Josh Cummings 97dfabe92e Polish SecurityNamespaceHandler Tests 
Issue gh-8974
 2021-10-13 11:37:06 -06:00
Emil Sierżęga 944463e19a SecurityNamespaceHandler: update schema version to 5.5 
Closes gh-8974
 2021-10-13 11:35:25 -06:00
Marcus Da Coregio 816e847af2 Allow SAML 2.0 loginProcessingURL without registrationId 
Closes gh-10176
 2021-10-05 12:54:39 -03:00
Derek Van Blerkom c55f1f8bea Fix return type to allow further security config 
Issue gh-10245
 2021-09-13 15:41:04 -03:00
Abdul Al-Faraj ba16d91971
Improve OpenSAML Version Check 
Closes gh-10077
 2021-07-26 10:51:31 -06:00
/usr/local/ΕΨΗΕΛΩΝ 61284ce22d Improve AuthenticationManagerBeanDefinitionParser XML parsing 
Closes gh-7282
 2021-06-28 11:55:05 +02:00
Eleftheria Stein fdd017d935 Apply DefaultLoginPageConfigurer before logout 
If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
 2021-06-24 10:28:19 +02:00
Eleftheria Stein cb4bb463da Disable default logout page when logout disabled 
Closes gh-9475
 2021-06-17 17:09:34 +02:00
Marcus Hert da Coregio 53870ab3de Fix Adding Filter Relative to Custom Filter 
Closes gh-9787
 2021-06-14 15:51:27 -03:00
Eleftheria Stein 34b55242fe Ensure Kotlin 1.3 compatibility 
Closes gh-9765
 2021-05-19 10:15:24 +02:00
Rob Winch 4d251157b2 opensaml4MainCompile 2021-05-17 23:21:17 -05:00
Rob Winch eda38b8f88 opensaml fixes 2021-05-17 15:51:55 -05:00
Rob Winch e5a652e749 Update to Kotlin 1.5.0 
Closes gh-9763
 2021-05-17 10:30:26 -05:00
Joe Grandja e51ca79954 Document Jwt Client Authentication support 
Closes gh-9578
 2021-05-14 22:58:44 -04:00
Joe Grandja f874a12ddb Document jwt-bearer authorization grant 
Closes gh-9580
 2021-05-14 14:48:37 -04:00
Josh Cummings ca2bc4feb3
Bump Schema Version 
Closes gh-9694
 2021-04-29 16:52:29 -06:00
Josh Cummings 4d564ffb50
Update AuthorizationManager references 
Issue gh-9692
 2021-04-28 11:58:30 -06:00
Josh Cummings 17cfc6ade3
Inline ResourceKeyConverterAdapter 
Closes gh-9689
Closes gh-9626
 2021-04-28 09:39:12 -06:00
Eleftheria Stein de0cd11a72 Fix PreAuthorize when returning Kotlin Flow 
Closes gh-9676
 2021-04-28 12:33:18 +02:00
Joe Grandja 53e94bca45 Add oauth2Login() tests 
Issue gh-9548 gh-9660 gh-9266
 2021-04-20 08:37:19 -04:00
Joe Grandja 5afeaa3ce7 WebFlux httpBasic() matches on XHR requests 
Closes gh-9660
 2021-04-20 08:36:42 -04:00
Rob Winch a31a855146 Fix HttpSecurity.addFilter* Ordering 
Closes gh-9633
 2021-04-14 17:47:31 -05:00
Denis Washington 2b4b856b32 Limit oauth2Login() links to redirect-based flows 
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
 2021-04-14 05:02:30 -04:00
Josh Cummings 163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings 404a6c5674
Revert "Publish CsrfTokenRepository as shared object" 
This reverts commit d19ff12813.
 2021-04-12 14:43:37 -06:00
Josh Cummings 4e81bbe386
Revert "Add Saml2LogoutConfigurer" 
This reverts commit 6f52baba29.
 2021-04-12 14:43:19 -06:00
Josh Cummings 6f52baba29
Add Saml2LogoutConfigurer 
Closes gh-9497
 2021-04-10 00:25:34 -06:00
Josh Cummings d19ff12813
Publish CsrfTokenRepository as shared object 
Closes gh-9595
 2021-04-10 00:25:34 -06:00
Josh Cummings df8abcfae7
Use Interceptors instead of Advice 
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
 2021-04-09 18:45:31 -06:00
Josh Cummings 6828987b4b
Add AfterMethodAuthorizationManager 
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
 2021-04-09 18:43:56 -06:00
Josh Cummings 2b494ebc5f
Polish AOP Structure 
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings 62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler 
Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings 68cf74468c
Add check for custom advice 
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings 45376b359b
Adjust Packaging 
Issue gh-9289
 2021-04-09 17:46:32 -06:00
Evgeniy Cheban 20778f727b
Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-04-09 17:46:32 -06:00
Josh Cummings 7ded671858
Refactor AuthenticationDetailsSource support 
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
 2021-04-09 12:41:16 -06:00
Eleftheria Stein e03fe7f089 Add coroutine support to pre/post authorize 
Closes gh-8143
 2021-04-09 19:33:06 +02:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Eleftheria Stein 0f3df3e714 Consider Order on SecurityFilterChain bean definitions 
Closes gh-9154
 2021-03-24 11:02:29 +02:00
Eleftheria Stein f5fe64cd5b Fix typo 2021-03-24 11:00:37 +02:00
Josh Cummings d0d0a8d958 Add OpenSAML 4 Support 
Closes gh-9095
 2021-03-23 19:07:23 -06:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings b774e91734
Polish BearerTokenAuthenticationConverter 
Issue gh-8840
 2021-03-12 15:05:06 -07:00
Jeongjin Kim 31f310fd22
Add BearerTokenAuthenticationConverter 
BearerTokenAuthenticationConverter is introduced to solve the
problem of not being able to change AuthenticationDetailsSource.
BearerTokenAuthenticationFilter delegates to
BearerTokenAuthenticationConverter the task of creating
BearerTokenAuthenticationToken and setting AuthenticationDetailsSource.
BearerTokenAuthenticationConverter is customizable and the customized
converter can be used in BearerTokenAuthenticationFilter.

Closes gh-8840
 2021-03-12 15:05:06 -07:00
Eleftheria Stein 92b3a7b01b Clarify in .csrf() enables CSRF protection 
Closes gh-9489
 2021-03-05 16:11:12 +01:00