90b37d6d07
Merge branch '5.8.x' into 6.0.x
2023-05-24 14:38:23 -06:00
73cb9862ad
Update Symlink for 5.8
...
Issue gh-13131
2023-05-24 14:37:18 -06:00
be409ada10
Merge branch '6.0.x'
...
Closes gh-13209
2023-05-22 15:43:43 -06:00
7c54c0e4fa
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13208
2023-05-22 15:43:27 -06:00
62ede47d86
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13207
2023-05-22 15:42:36 -06:00
1eefd433b6
Add spring-security.xsd symlink
...
Closes gh-13131
2023-05-22 15:42:02 -06:00
31f1604f66
Merge branch '6.0.x'
...
Closes gh-13199
2023-05-19 16:44:18 -06:00
7efa275abc
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13198
2023-05-19 16:43:57 -06:00
35ad1f857e
Only Register as Advisor in Proxy Mode
...
Closes gh-13160
2023-05-19 16:33:46 -06:00
49366907e2
Merge branch '6.0.x'
...
Closes gh-13183
2023-05-15 17:31:48 -06:00
b438bc5384
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13182
2023-05-15 17:30:14 -06:00
f4915890cc
Use Spec Order for Verifying Signatures
...
Closes gh-12346
2023-05-15 17:24:22 -06:00
5814f614c7
Merge branch '6.0.x'
...
Closes gh-13128
2023-05-02 16:56:37 -06:00
46ad9c122e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13127
2023-05-02 16:56:06 -06:00
e9a02bc6e9
RememberMeConfigurer Picks Up SecurityContextRepository
...
Closes gh-13104
2023-05-02 16:46:35 -06:00
45efd48b93
Merge branch '6.0.x'
...
Closes gh-13122
2023-05-02 10:13:24 -03:00
69338ecdfa
Only Observe AuthenticationManager if it is not null
...
Closes gh-13084
2023-05-02 10:12:46 -03:00
a44e91d044
fix javadoc typo
2023-04-24 16:41:17 -06:00
f261242db1
Merge branch '5.7.x' into 5.8.x
2023-04-24 16:33:29 -06:00
caa4093619
Fix javadoc for migration from WebSecurityConfigurerAdapter
2023-04-24 16:32:16 -06:00
dd14bbb365
Merge branch '6.0.x'
2023-04-18 12:42:55 -06:00
1e25756ee6
Fix Import Order
2023-04-18 12:42:25 -06:00
68b198f091
Merge branch '6.0.x'
2023-04-18 12:20:44 -06:00
64542b4059
Polish X509 SecurityContextRepository
...
Like Basic and Bearer authentication, X509 is
stateless by default. As such, it is better to not
pick up the global SecurityContextRepository bean.
The better fix is to change the default from
HttpSessionSecurityContextRepository to
RequestAttributeSecurityContextRepository.
Issue gh-13008
2023-04-18 12:18:20 -06:00
c79f04cd11
Merge branch '6.0.x'
...
Closes gh-13063
2023-04-17 17:07:32 -06:00
c3479ddb45
Pick Up SecurityContextRepository
...
Closes gh-13008
2023-04-17 17:06:06 -06:00
04b3d07319
Merge branch '6.0.x'
2023-04-17 07:30:54 -03:00
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
82a149207d
Deprecate .and() and non lambda DSL methods
...
Closes gh-12629
2023-04-14 15:50:58 -03:00
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
01d1e20dc3
Deprecate shouldFilterAllDispatcherTypes
...
Closes gh-12138
2023-04-13 15:05:10 -03:00
57e134cc5f
Merge branch '6.0.x'
2023-03-22 10:12:28 -03:00
67645b32f4
Merge branch '5.8.x' into 6.0.x
2023-03-22 10:12:11 -03:00
fd65dc6756
Merge branch '5.7.x' into 5.8.x
2023-03-22 10:08:17 -03:00
5eefe9dcff
Fix typo in SessionManagementConfigurer javadoc
2023-03-22 10:07:44 -03:00
ca9139b68f
Merge branch '6.0.x'
2023-03-20 17:02:15 -06:00
cbb4e40166
fix typo in RequestCacheResultMatcher
2023-03-20 17:02:00 -06:00
a4bc0a6f3c
Polish
...
- Add POST /login assertion
- Rearrange test and config class
Issue gh-12552
2023-03-20 14:31:13 -06:00
e2332d9620
Add disable to FormLoginDsl
...
Closes gh-12552
2023-03-20 14:31:13 -06:00
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
3ad6c6ce06
Use EntityId-lookup Components
...
Closes gh-12880
2023-03-17 18:00:02 -06:00
46452c0cae
Add saml2Metadata
...
Closes gh-11828
2023-03-17 18:00:02 -06:00
e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
f5a4b520d1
Merge branch '6.0.x'
...
Closes gh-12781
2023-02-24 11:04:03 -07:00
bbd31f0e33
Defer ObservationRegistry Lookup
...
Closes gh-12780
2023-02-24 11:03:32 -07:00
963a18a27f
Merge branch '6.0.x'
...
Closes gh-12778
2023-02-23 15:17:47 -03:00
7d22e02593
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12777
2023-02-23 15:17:25 -03:00
97ba596ca3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12776
2023-02-23 15:17:04 -03:00
1c3ce1e401
Fix entity-id ignored in RelyingPartyRegistration XML config
...
Closes gh-11898
2023-02-23 15:16:40 -03:00
afb5a4ae2c
Merge branch '6.0.x'
...
Closes gh-12688
2023-02-16 14:56:55 -07:00
cedb9fd199
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12687
2023-02-16 14:56:32 -07:00
0baf650f38
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12686
2023-02-16 14:55:22 -07:00
000b4bc495
Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
...
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
2023-02-16 14:54:44 -07:00
cef13a6a16
Fix Javadoc Type Parameter
2023-02-15 15:31:09 -07:00
c79dac49ca
Fix Typo
2023-02-15 15:31:09 -07:00
d91837eadc
Merge branch '6.0.x'
...
Closes gh-12641
2023-02-07 12:46:42 -07:00
7dd5cc6082
Pick Up Custom SecurityContextRespository
...
Closes gh-12579
2023-02-07 12:46:12 -07:00
c66370c092
Update javadoc in EnableWebSecurity
2023-02-07 12:45:23 -07:00
eb35d3055f
Merge branch '6.0.x'
...
Closes gh-12640
2023-02-07 09:25:33 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
da28a426f2
Merge branch '6.0.x'
...
Closes gh-12625
2023-02-03 14:35:08 -03:00
3572111cf5
Add JwtDecoder hint for oauth2Login
...
Closes gh-12615
2023-02-03 14:34:32 -03:00
59829321a8
Allow configuring SecurityContextRepository for BasicAuthenticationFilter
...
Closes gh-12031
2023-02-03 10:09:16 -06:00
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
13487be268
Default to XorCsrfChannelInterceptor in 6.0.x
...
Closes gh-12378
2023-01-26 15:45:04 -06:00
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
1243d1327e
Merge branch '6.0.x'
...
Closes gh-12593
2023-01-26 14:09:19 -07:00
c3563df25a
Include HttpStatusRequestRequestedHandler
...
Closes gh-12548
2023-01-26 14:07:22 -07:00
66711f2365
Add RequestRejectedHandler Test
...
Issue gh-12548
2023-01-26 13:07:16 -07:00
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
d84b8d2d12
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context
...
Closes gh-12473
2023-01-10 10:54:37 -07:00
e61b17fe13
Merge branch '6.0.x'
...
Closes gh-12514
2023-01-10 10:21:38 -07:00
5b6b3d585f
Change EnableReactiveMethodSecurity Defaults
...
Closes gh-12506
2023-01-10 08:30:52 -07:00
e139f1c2ba
Polish gh-12438
2022-12-22 11:16:19 -05:00
919280b3e4
Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration
...
Closes gh-12430
2022-12-22 10:12:18 -05:00
ca333203aa
Merge branch '6.0.x'
...
Closes gh-12372
2022-12-14 10:30:55 -03:00
7080ea652f
Add hints for ProxyFactoryBean AuthenticationManager
...
Closes gh-12367
2022-12-14 10:16:04 -03:00
03438ffc03
Merge branch '6.0.x'
2022-12-05 14:57:43 -08:00
f1698ec188
Fix removed code by merge
2022-12-05 14:57:28 -08:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
f39f215140
Replace javadoc with SecurityFilterChain bean definition
2022-12-05 14:40:05 -08:00
a5464ed819
Fix typo in DefaultLoginPageConfigurer Javadoc
...
'isLogoutRequest' seems to have nothing to do here.
2022-12-05 14:31:15 -08:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
e774bd480b
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12261
2022-11-21 10:25:43 -03:00
f561d3784e
Improve deprecation notice in WebSecurityConfigurerAdapter
...
Closes gh-12260
2022-11-21 10:05:08 -03:00
dd9f954ace
Fix tests in CsrfConfigurerTests
...
Closes gh-12241
2022-11-18 14:58:41 -06:00
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository
...
Issue gh-12236
2022-11-18 13:12:59 -06:00
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
222f8ae1a5
Merge branch '5.8.x'
2022-11-16 16:54:32 -06:00
2301e8ca77
Fix Javadoc in EnableWebSocketSecurity
...
Add missing method name in EnableWebSocketSecurity JavaDoc code example.
2022-11-16 16:51:42 -06:00
c45cd6ec9f
Defer ObservationRegistry Resolution
...
- If Method Security asks for too early, it is no longer
eligible for post-processing. As such, this commit defers loading it until
the first authorization request.
Issue gh-11990
2022-11-09 22:07:57 -07:00
Josh Cummings
lukasz.migdalek
Marcus Da Coregio
SeasonPan
Ruslan Stelmachenko
Martin Tarjányi
twosom
Clayton Walker
hdeadman
Leonid Rozenblyum
Tobias Meurer
Evgeniy Cheban
Steve Riesenberg
Joe Grandja
Spas Poptchev
Mitja Kotnik
Guillaume Husta
Jan Marten