Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,948 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2631 Commits

Author SHA1 Message Date
Marcus Hert Da Coregio 7d66525e23 Add Compromised Password Checker 
Closes gh-7395
 2024-04-01 09:48:07 -03:00
Steve Riesenberg abf9dc165a
Merge branch '6.2.x' 2024-03-26 10:55:48 -05:00
Steve Riesenberg 614123e6f9
Update tests that fail on Windows 
Issue gh-14609
 2024-03-26 10:49:47 -05:00
Josh Cummings 44033cd8b9
Make Internal Logout URI Configurable 
Closes gh-14609
 2024-03-22 16:31:44 -06:00
Josh Cummings e18ec48134
Fix Test 
Issue gh-14553
 2024-03-22 16:31:42 -06:00
Josh Cummings 662cfed349
Make Internal Logout URI Configurable 
Closes gh-14609
 2024-03-22 16:28:21 -06:00
Josh Cummings c95f009b23
Fix Test 
Issue gh-14553
 2024-03-22 16:27:16 -06:00
Josh Cummings 9898e0e993 Move AuthorizationAdvisorProxyFactory 
To prevent package tangles

Issue gh-14596
 2024-03-22 11:00:39 -06:00
Josh Cummings 795e44d11f Add Value-Type Ignore Support 
Issue gh-14597
 2024-03-22 11:00:39 -06:00
Josh Cummings ce54a6db18 Add TestAuthentication convenience method 
Issue gh-14597
 2024-03-19 10:27:03 -06:00
Josh Cummings d169d5a835 Add AuthorizeReturnObject 
Closes gh-14597
 2024-03-19 10:27:03 -06:00
Josh Cummings c611b7e33b
Add AuthorizationProxyFactory Reactive Support 
Issue gh-14596
 2024-03-15 11:44:30 -06:00
Josh Cummings f541bce492
Polish AuthorizationAdvisorProxyFactory 
- Ensure Reasonable Defaults
- Simplify Construction

Issue gh-14596
 2024-03-15 11:44:30 -06:00
Steve Riesenberg 77c30c431e
Polish tests 
Issue gh-11783
Issue gh-13763
 2024-03-14 15:40:43 -05:00
Steve Riesenberg 80a8d3831a
Simplify reactive OAuth2 Client configuration 
Closes gh-13763
 2024-03-14 15:40:43 -05:00
Josh Cummings 52dfbfb5b3 Add Authorization Proxy Support 
Closes gh-14596
 2024-03-13 14:35:07 -06:00
Steve Riesenberg d6382b83dc
Configure token-exchange via a bean 
Issue gh-5199
Issue gh-11783
Closes gh-14701
 2024-03-07 11:03:10 -06:00
Josh Cummings bade66e588
Fix Circular Dependency 
Closes gh-14674
 2024-03-01 14:21:13 -07:00
Marcus Hert Da Coregio f8ff056eb6 Update Max Sessions on WebFlux 
Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler

Issue gh-6192
 2024-02-28 10:06:45 -03:00
Marcus Hert Da Coregio a5ce8ae87f Polish Max Sessions on WebFlux 
This commit changes the PreventLoginServerMaximumSessionsExceededHandler to invalidate the WebSession in addition to throwing the error, this is needed otherwise the session would still be saved with the security context. It also changes the SessionRegistryWebSession to first perform the operation on the delegate and then invoke the needed method on the ReactiveSessionRegistry

Issue gh-6192
 2024-02-27 11:12:50 -03:00
Josh Cummings c639d0a514
Add AOP Integration Test 
Closes gh-14637
 2024-02-26 13:56:56 -07:00
Josh Cummings 4d383023cb Add meta-annotation parameter support 
Closes gh-14480
 2024-02-26 10:50:35 -07:00
Josh Cummings 347eeb17d5
Merge branch '6.2.x' 2024-02-26 10:17:18 -07:00
Josh Cummings 2471df4d36
Merge branch '6.1.x' into 6.2.x 2024-02-26 10:17:04 -07:00
Josh Cummings 27cd9fa86c
Don't Use Deprecated Class 
Issue gh-14628
 2024-02-26 10:06:59 -07:00
Josh Cummings 093b5572af
Merge branch '6.2.x' 2024-02-22 12:15:42 -07:00
Josh Cummings bb6045ebea
Merge branch '6.1.x' into 6.2.x 
Closes gh-14648
 2024-02-22 12:15:17 -07:00
Josh Cummings 2fdd541ea5
Merge branch '5.8.x' into 6.1.x 
Closes gh-14647
 2024-02-22 12:15:00 -07:00
DingHao 45c37c4454 Remove duplicate setSecurityContextHolderStrategy 
Closes gh-14592
 2024-02-22 12:14:35 -07:00
Marcus Hert Da Coregio 21580fd27d Merge branch '6.2.x' 2024-02-16 13:31:20 -03:00
Marcus Hert Da Coregio 15306c1007 Merge branch '6.1.x' into 6.2.x 2024-02-16 13:21:15 -03:00
Rob Winch 750cb30ce4 Add AuthenticationTrustResolver.isAuthenticated 2024-02-16 13:08:29 -03:00
Josh Cummings 7f0433c805
Merge branch '6.2.x' 2024-02-12 17:01:38 -07:00
Josh Cummings 2702a64be7
Use Localhost for Internal Logout Endpoint 
Closes gh-14553
 2024-02-12 17:00:58 -07:00
Josh Cummings 34526c3e01
Merge branch '6.2.x' 2024-02-12 12:54:29 -07:00
Josh Cummings 3ab323663a
Do Not Wire Default OidcSessionStrategy without OidcLogoutConfigurer 
Closes gh-14558
 2024-02-12 12:53:48 -07:00
Marcus Hert Da Coregio ccb2f06d0d Partially revert fc658d10 
OpenIDAuthenticationFilter exists in versions < 6.0

Issue gh-14531
 2024-02-07 10:13:34 -03:00
Marcus Hert Da Coregio dea6d6b49c Merge branch '6.2.x' 
Closes gh-14566
 2024-02-07 09:38:10 -03:00
Marcus Hert Da Coregio ad96837e59 Merge branch '6.1.x' into 6.2.x 
Closes gh-14565
 2024-02-07 09:38:02 -03:00
Marcus Hert Da Coregio ba1068e368 Merge branch '5.8.x' into 6.1.x 
Closes gh-14564
 2024-02-07 09:37:52 -03:00
DingHao fc658d10d3 fix security filter sort in javadoc 
Closes gh-14531
 2024-02-07 09:37:01 -03:00
Marcus Hert Da Coregio 915d68e216 Remove includeExpiredSessions parameter 
The reactive implementation of max sessions does not keep track of expired sessions, therefore we do not need such parameter

Issue gh-6192
 2024-02-06 10:43:00 -03:00
Josh Cummings a282887906
Merge branch '6.2.x' 2024-02-05 15:42:09 -07:00
Josh Cummings b43b3b144e
Merge branch '6.1.x' into 6.2.x 2024-02-05 15:41:58 -07:00
Josh Cummings ffe9577487
Merge branch '5.8.x' into 6.1.x 2024-02-05 15:41:35 -07:00
Josh Cummings 7c3a6a567e Fix Compilation Errors 
Issue gh-14525
 2024-02-05 15:18:31 -07:00
Andreas Asplund 07e0b1dc37 Saml2 LogoutFilter Is Placed Before Common LogoutFilter 
Closes gh-14525
 2024-02-05 15:18:31 -07:00
Josh Cummings 3a53422478
Fix Failing Test 
Closes gh-14467
 2024-01-29 17:14:30 -07:00
Josh Cummings 27ebeefb14
Fix Failing Test 
Closes gh-14467
 2024-01-26 11:24:00 -07:00
y-tomida bdc0bd6b78 Add usernameParameter and passwordParameter to FormLoginDsl 
Closes gh-14474
 2024-01-24 09:56:38 -03:00
DingHao 3f65f600de Use AuthorizationEventPublisher Bean 
- For Jsr250MethodInterceptor and SecuredMethodInterceptor

Closes gh-14401
 2024-01-17 17:40:38 -07:00
Marcus Hert Da Coregio 1daa9e27e2 Merge branch '6.2.x' 2024-01-05 15:17:01 -03:00
Marcus Hert Da Coregio e2bab7b7ef Add .serialized suffix and consider them as binary in Git 
Issue gh-3737
 2024-01-05 15:14:22 -03:00
Marcus Hert Da Coregio 85177c0178 Merge branch '6.2.x' 
Closes gh-14408
 2024-01-05 14:22:49 -03:00
Marcus Hert Da Coregio 4fb6a33d36 Verify Serializable Objects Are Deserializable Between Minor Versions 
This commit introduces a test that verifies that Spring Security domain classes that implements Serializable and have the same serialVersionUID as SpringSecurityCoreVersion#SERIAL_VERSION_UID can be deserialized between minor versions.

This commit also introduces another test that should be used to generate the files containing the serialized content of the objects.

Closes gh-3737
 2024-01-05 12:00:02 -03:00
Steve Riesenberg eeb2f5d108
Merge branch '6.2.x' 2023-12-28 12:56:52 -06:00
Steve Riesenberg 428a3a2703
Merge branch '6.1.x' into 6.2.x 2023-12-28 12:56:36 -06:00
Steve Riesenberg 3beb583207
Merge branch '5.8.x' into 6.1.x 2023-12-28 12:56:25 -06:00
Steve Riesenberg 16dc6be3c8
Update copyright year 
Issue gh-14329
 2023-12-28 12:54:29 -06:00
Geir Hedemark c88aaedb48
Updated broken documentation link in javadocs 2023-12-28 12:54:29 -06:00
Marcus Hert Da Coregio 707588f870 Merge branch '6.2.x' 2023-12-26 15:58:51 -03:00
Marcus Hert Da Coregio d385b53e3c Merge branch '6.1.x' into 6.2.x 2023-12-26 15:58:39 -03:00
Marcus Hert Da Coregio 92af758f1f Make springSecurityHandlerMappingIntrospectorBeanDefinitionRegistryPostProcessor passive 
Instead of excluding the bean from AOT processing, we avoid redefining the beans if they are present or in the expected state.

Issue gh-14362
 2023-12-26 15:58:16 -03:00
Marcus Hert Da Coregio 778a63a763 Revert "Exclude SpringSecurityHandlerMappingIntrospectorBeanDefinitionRegistryPostProcessor from AOT processing" 
This reverts commit 8a93178da7.
 2023-12-26 15:10:15 -03:00
Marcus Hert Da Coregio 5ad34d1f92 Merge branch '6.2.x' 
Closes gh-14381
 2023-12-26 11:20:51 -03:00
Marcus Hert Da Coregio dd20f0694d Merge branch '6.1.x' into 6.2.x 
Closes gh-14380
 2023-12-26 11:20:41 -03:00
DingHao 7cd626fe25 Fix FilterChainProxy cannot be found when @EnableWebSecurity(debug = true) 
Closes gh-14370
 2023-12-26 11:20:09 -03:00
Marcus Hert Da Coregio 08d764dc84 Merge branch '6.2.x' 
Closes gh-14378
 2023-12-26 10:42:45 -03:00
Marcus Hert Da Coregio f95cda6be7 Merge branch '6.1.x' into 6.2.x 
Closes gh-14377
 2023-12-26 10:42:37 -03:00
Marcus Hert Da Coregio 364bc10e78 Add hints for CompositeFilterChainProxy 
Closes gh-14359
 2023-12-26 10:41:56 -03:00
Marcus Hert Da Coregio a628384d20 Merge branch '6.2.x' 
Closes gh-14368
 2023-12-22 08:40:24 -03:00
Marcus Hert Da Coregio 737678c66e Merge branch '6.1.x' into 6.2.x 
Closes gh-14367
 2023-12-22 08:40:15 -03:00
Marcus Hert Da Coregio 8a93178da7 Exclude SpringSecurityHandlerMappingIntrospectorBeanDefinitionRegistryPostProcessor from AOT processing 
Closes gh-14362
 2023-12-22 08:40:07 -03:00
Taehong Kim ec02c22459 Add Request Path Extraction Support 
Closes gh-13256
 2023-12-19 18:15:49 -07:00
Yan Kardziyaka 99218db84a Add order offset to @EnableMethodSecurity 
Closes gh-13214
 2023-12-19 17:57:24 -07:00
Josh Cummings c19f3d9d06
Merge branch '6.2.x' 2023-12-18 15:19:54 -07:00
Josh Cummings 74860c4aff
Merge branch '6.1.x' into 6.2.x 2023-12-18 15:19:48 -07:00
Josh Cummings fbafe41991
Merge branch '5.8.x' into 6.1.x 2023-12-18 15:19:40 -07:00
Josh Cummings b7f10cd50a
Merge branch '6.2.x' 2023-12-18 15:19:07 -07:00
Josh Cummings b031a4c0f6
Merge branch '6.1.x' into 6.2.x 
Closes gh-14350
 2023-12-18 15:18:48 -07:00
Josh Cummings e058b559b8
Polish Method Security Eager-Loading 
Issue gh-11596
 2023-12-18 15:18:09 -07:00
Josh Cummings 9a5d991383
Address eager-loading of infrastructure beans 
Closes gh-11596
 2023-12-18 15:16:00 -07:00
Josh Cummings 33800c0124
Address eager-loading of infrastructure beans 
Closes gh-11596
 2023-12-18 14:25:48 -07:00
Josh Cummings fc007aa373
Check OpenSAML Version in XML Support 
Closes gh-12483
 2023-12-18 11:51:15 -07:00
Josh Cummings d7a9a19161
Merge branch '6.2.x' 2023-12-18 11:47:39 -07:00
Josh Cummings 03e48905c7
Merge branch '6.1.x' into 6.2.x 
Closes gh-14346
 2023-12-18 11:47:23 -07:00
Josh Cummings b855ccdb09
Merge branch '5.8.x' into 6.1.x 
Closes gh-14345
 2023-12-18 11:46:04 -07:00
Josh Cummings eaaa813ede
Fix header value typo 
Closes gh-11948
 2023-12-18 10:42:50 -07:00
Josh Cummings 8a34e32a24 Polish IpAddressAuthorizationManager 
Closes gh-10577
 2023-12-15 16:54:58 -07:00
brunodmartins ea7c720ce7 Add hasIpAddress to Kotlin DSL 
Closes gh-10577
 2023-12-15 16:54:58 -07:00
Rob Winch 9f33d43097 Merge branch '6.2.x' 
Use CompositeFilterChainProxy
 2023-12-15 01:17:14 -06:00
Rob Winch c7047add5d Merge branch '6.1.x' into 6.2.x 
Use CompositeFilterChainProxy
 2023-12-15 01:16:21 -06:00
Rob Winch 142b268a21 Use CompositeFilterChainProxy 
By extending FilterChainProxy CompositeFilterChainProxy is more passive since
users often depend on the type of the springSecurityFilterChain Bean being
FilterChainProxy (even though it can already be other types - when debug is
enabled).

Issue gh-14128
 2023-12-15 01:15:38 -06:00
Rob Winch 465642828a Merge branch '6.2.x' 
Add HandlerMappingIntrospector Caching

Closes gh-14333
 2023-12-14 16:11:08 -06:00
Rob Winch 6dd29520b0 Merge branch '6.1.x' into 6.2.x 
Add HandlerMappingIntrospector Caching

Closes gh-14332
 2023-12-14 16:10:50 -06:00
Rob Winch 70dfb3d391 Add HandlerMappingIntrospector Caching 
Closes gh-14128
 2023-12-14 16:08:36 -06:00
Marcus Da Coregio 57ab15127a Add Max Sessions on WebFlux 
Closes gh-6192
 2023-12-11 09:48:34 -03:00
DerChris173 e6bea1cfa1 Polish RoleHierarchy Bean Usage 
Issue gh-12783
 2023-12-07 16:27:14 -07:00
kandaguru17 b76f7c029d Use available RoleHierachy Bean for MethodSecurity Config 
Closes gh-12783
 2023-12-07 16:27:14 -07:00
Josh Cummings bb6b55aca3 Add Not Support 
Closes gh-14058
 2023-12-07 16:24:19 -07:00