Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,313 Commits 33 Branches 333 Tags 109 MiB
Commit Graph

2099 Commits

Author SHA1 Message Date
Josh Cummings 397ccbc1c8
Add 5.7 Schema 2022-05-03 09:03:50 -06:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Eleftheria Stein 48ac100a92 Remove WebSecurityConfigurerAdapter from Kotlin tests 
Issue gh-10902
 2022-04-28 16:13:35 +02:00
Eleftheria Stein 736f439bb5 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:48:40 +02:00
Eleftheria Stein 9dd393cb9c Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:48:29 +02:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:13:52 +02:00
Marcus Da Coregio a0232ed135 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:34:48 -03:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Eleftheria Stein ac06057cf6 Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:44:27 +02:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:43:13 +02:00
Eleftheria Stein 7dc4364f43 Fix Kotlin mockk test compatibility 
Issue gh-11039
 2022-04-26 18:13:29 +02:00
nor-ek 558bb161c5 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:38:00 +02:00
nor-ek a3e7e54b70 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:34:44 +02:00
Marcus Da Coregio 9a57b42786 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator 
Issue gh-10908
 2022-04-25 09:53:20 -03:00
Marcus Da Coregio 23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator 
Issue gh-10908
 2022-04-25 09:42:00 -03:00
Rob Winch e79b6b3ac8 Default SecurityContextHolderFilter 
Closes gh-11110
 2022-04-15 14:59:38 -05:00
Rob Winch 9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio 5367524030 Change the default of shouldFilterAllDispatchTypes to true 
Closes gh-11107
 2022-04-14 16:30:42 -03:00
Marcus Da Coregio 84b5c76a7b Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 16:10:36 -03:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Josh Cummings c6ad72004e
Revert "Pick up AuthorizationManager Bean" 
This reverts commit 4ca5346871.

Issue gh-11067
 2022-04-12 09:58:30 -06:00
Josh Cummings 147ab42440
Revert "Pick up AuthorizationManager Bean" 
This reverts commit 32b83aae63.

Issue gh-11067
 2022-04-12 09:32:09 -06:00
Marcus Da Coregio 50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Rob Winch 7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Josh Cummings 4ca5346871
Pick up AuthorizationManager Bean 
Closes gh-11067
Closes gh-11068
 2022-04-08 11:42:37 -06:00
Josh Cummings 32b83aae63
Pick up AuthorizationManager Bean 
Closes gh-11067
Closes gh-11068
 2022-04-08 10:08:33 -06:00
Josh Cummings b39f213e64
Revert "Add AuthorizationManager to Messaging" 
This reverts commit 77a6e014a9.
 2022-04-07 17:39:34 -06:00
Josh Cummings 77a6e014a9
Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-04-07 17:39:10 -06:00
Josh Cummings be434e1540
Add Default Test to HttpBasicConfigurerTests 
Issue gh-10973
 2022-04-05 17:32:13 -06:00
Josh Cummings f09652d447
Polish Saml2LoginConfigurerTests 
Issue gh-10973
 2022-04-05 17:32:13 -06:00
Josh Cummings 66213e5b2e
Add Default Test to HttpBasicConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:39 -06:00
Josh Cummings 47c8676be7
Polish Saml2LoginConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:38 -06:00
Josh Cummings 1edfa07d27
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:40:06 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Josh Cummings fa574c8785
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 16:22:42 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Josh Cummings a43677d36a
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 15:44:16 -06:00
Rob Winch e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Yuriy Savchenko 446ab5047c
Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 09:39:06 -06:00
Yuriy Savchenko 3016ed0067
Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:27:29 -06:00
Yuriy Savchenko ca00b1415b Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 08:26:41 -06:00
Yuriy Savchenko 932ff4f5c4 Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:26:41 -06:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Rob Winch 972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Rob Winch f9619cef68 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-12 13:23:47 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-11 17:21:49 -06:00
Norbert Nowak abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Marcus Da Coregio 1762a4ce70 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 10:48:34 -03:00
Marcus Da Coregio 1cbe7a75d3 Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 10:40:26 -03:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Josh Cummings 5b9a45de01 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:30:21 -07:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00
m0k045e 8cc18fa9dc OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager 
Closes gh-10846
 2022-02-28 15:31:22 -07:00
m0k045e 3aa7a65cb4 OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager 
Closes gh-10846
 2022-02-28 15:30:19 -07:00
Marcus Da Coregio eca32b4812 Upgrade to Kotlin 1.6.20-M1 
Closes gh-10687
 2022-02-22 08:51:27 -03:00
Eleftheria Stein 606bd120fb Deprecate WebSecurityConfigurerAdapter 
Closes gh-10822
 2022-02-17 12:25:14 +01:00
Eleftheria Stein e97c643870 Deprecate WebSecurityConfigurerAdapter 
Closes gh-10822
 2022-02-17 12:13:50 +01:00
Eleftheria Stein 9f9fbb395f Apply configurers from spring.factories to HttpSecurity bean 
Closes gh-10814
 2022-02-09 14:42:04 +01:00
Eleftheria Stein c2635ba6bf Apply configurers from spring.factories to HttpSecurity bean 
Closes gh-10814
 2022-02-09 14:40:57 +01:00
Josh Cummings 84616543a3 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:58:20 -07:00
Manuel Jordan 6ae651bd67 Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:58:20 -07:00
Josh Cummings cbd87fac89 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:50:28 -07:00
Manuel Jordan 01ed617d5f Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:50:19 -07:00
Josh Cummings 5a2556879a Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 16:18:33 -07:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 15:09:45 -07:00
Rob Winch f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Rob Winch 11df19406b Remove javax.inject 
Issue gh-10501
 2022-01-19 14:49:47 -06:00
Rob Winch 44bc953a39 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:40:56 -06:00
Rob Winch 95b4a3742b Remove commons-logging 
Closes gh-10499
 2022-01-19 14:40:54 -06:00
Rob Winch ba922dcdf0 Exclude javax from hibernate dependency 
Issue gh-10501
 2022-01-19 14:35:25 -06:00
Rob Winch 27e1a2ca69 Remove javax.transaction 
Issue gh-10501
 2022-01-19 14:35:05 -06:00
Rob Winch 9d4ecc9c37 Additional removal of javax.inject 
Issue gh-10501
 2022-01-19 14:34:45 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Rob Winch 3c641dee75 Remove commons-logging 
Closes gh-10499
 2022-01-19 14:33:44 -06:00
Eleftheria Stein 6b56071c08 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:21:15 +01:00
Eleftheria Stein a537b636c1 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:11:30 +01:00
Josh Cummings feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík 27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Josh Cummings 75f25bff82 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 16:49:38 -07:00
Adam Ostrožlík 4ea57f3e3f Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 16:46:15 -07:00
Marcus Da Coregio 4a976faea3 Fix remaining failing tests 
Issue gh-10702
 2022-01-13 13:53:04 -03:00
Marcus Da Coregio 7fd0530009 Change Kotlin tests that are using mockkObject with a lambda interface implementation 
Closes gh-10702
 2022-01-13 11:38:44 -03:00
Marcus Da Coregio 9cfafdaa43 Upgrade to Kotlin 1.6.10 
Closes gh-10350
 2022-01-13 08:44:57 -03:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
heowc 6c5fd38a3f Fix typo 2022-01-10 16:24:53 +01:00
heowc 1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio 18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Josh Cummings 81a9302045 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:16:01 -07:00
James Howe c1b0e5930a Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:16:01 -07:00
Josh Cummings cd8983d4e5 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:14:40 -07:00
James Howe 5598688fa6 Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:06:30 -07:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Marcus Da Coregio 263665ad55 Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:54:28 -03:00
Marcus Da Coregio ed3b0fbaad Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:47:49 -03:00
Steve Riesenberg df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi 925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg 074e38d565 Add missing since 
Issue gh-7765
 2021-12-02 12:09:57 -06:00
Steve Riesenberg 3af619d565 Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 12:01:11 -06:00
Steve Riesenberg be802f57ba Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 18:13:01 +01:00
Steve Riesenberg 176f7b2b04 Add missing since 
Issue gh-7765
 2021-12-02 18:13:01 +01:00
Josh Cummings a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Igor Pelesic a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Igor Pelesic 72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Josh Cummings 78857c62f4 Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 14:29:18 -07:00
Hiroshi Shirosaki 809ff883b0 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 14:29:18 -07:00
Guirong Hu 43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Josh Cummings ba5a68ec63 Polish LdapAuthenticationPopulator Support 
PR gh-9276
 2021-11-19 12:19:43 -07:00
Filip Hanik ae08608011 LdapAuthoritiesPopulator should be postProcessed 
To enable customizations through withObjectPostProcessor
 2021-11-19 12:03:44 -07:00
Norbert Nowak 4bc55769a3 Import cleanup 
Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak 4f186f2c1f Move Dsl files to annotation Package 
Closes gh-10333
 2021-11-19 11:46:08 -07:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
« Christophe e85958f65c Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:25:03 -06:00
« Christophe 4318a51971 Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:22:35 -06:00
Rob Winch 0aa75e04b7 Fix imports for ChannelSecurityConfigurerTests 
gh-7997
 2021-11-16 14:07:53 -06:00
Stephane Nicoll 2e4c6c3bf1 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:29 -06:00
Stephane Nicoll 61ee4e5a76 Avoid using SpEL to change the meaning of the injection point 
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
 2021-11-16 13:53:00 -06:00
Onur Kagan Ozcan ef25304a30 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:34 -06:00
Onur Kagan Ozcan aa0f788f59 Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes 2021-11-16 13:44:18 -06:00
Josh Cummings 7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Josh Cummings 76ebbb84f7 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Josh Cummings 869e379099 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-01 17:49:15 -06:00
Marcus Da Coregio caf4c47105 Remove CAS module 
Closes gh-10441
 2021-11-01 09:02:43 -03:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio b2e6c60d94 Remove remoting technologies support 
Closes gh-10366
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio 010f719344 Upgrade to JDK 17 
Closes gh-10343
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio 12f3e908b0 Update to Spring Security 6.0 2021-11-01 09:02:41 -03:00
Marcus Da Coregio 2f1638ec57 Fix javadoc 
Closes gh-10382
 2021-10-22 11:20:37 -03:00
Emil Sierżęga cb70b6a39b Fixed invalid usage of & tag in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Emil Sierżęga 6b26032ce7 Fixed invalid usege of > tag in Javadocs 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Philipp Neuschwander 6db58cbf8a Conditionally resolve bearer token from request parameters 
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
 2021-10-13 17:10:50 -05:00
Gaurav Tiwari 33708e61fb Add postProcess support to Saml2LogoutConfigurer 
Closes gh-10311
 2021-10-13 12:05:48 -06:00
Josh Cummings fbb7691be4 Polish SecurityNamespaceHandler Tests 
Issue gh-8974
 2021-10-13 11:50:14 -06:00
Emil Sierżęga 8daa6ec1fd SecurityNamespaceHandler: update schema version to 5.6 
Closes gh-8974
 2021-10-13 11:49:57 -06:00
Eleftheria Stein ba8844a67e Deprecate Kotlin methods that don't use reified types 
Closes gh-10365
 2021-10-13 10:16:37 +02:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Marcus Da Coregio 7112ee3eaa Allow SAML 2.0 loginProcessingURL without registrationId 
Closes gh-10176
 2021-10-04 09:54:40 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package 
Moving to solve package tangles

Issue gh-9185
 2021-09-29 14:10:39 -03:00
Rob Winch 3b64cdfc03 Fix XsdDocumentedTests 
Issue gh-5835
 2021-09-24 10:25:26 -05:00
Josh Cummings c3ba2332da Wire BeanResolver into DefaultMethodSecurityExpressionHandler 
Closes gh-10305
 2021-09-22 14:14:29 -06:00
Josh Cummings 7b599d4770 Share JWKSource Instances 
Closes gh-10312
 2021-09-22 13:28:08 -06:00
Marcus Da Coregio 0364518b69 Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean 
Closes gh-10268
 2021-09-17 08:13:19 -03:00
Eleftheria Stein 1e76b11b3c Remove duplicate entry from test LDIF file 
Closes gh-10274
 2021-09-16 10:26:06 +02:00
Josh Cummings 4f06fc6ed1 Add Saml2LogoutConfigurer 
Closes gh-9497
 2021-09-13 16:39:48 -06:00
Josh Cummings 6488295cad Add RelyingPartyRegistrationResolver 
Closes gh-9486
 2021-09-13 16:39:48 -06:00
Derek Van Blerkom 58d50888df Fix return type to allow further security config 2021-09-13 15:31:02 -03:00
Yanming Zhou f2b2e6002f Replace static "ROLE_" with customized role prefix 
Fix gh-4134
 2021-09-09 11:48:25 -06:00
Eleftheria Stein 3ab6bee856 Make method static to prevent circular dependency error 
Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport.

Closes gh-10076
 2021-08-11 13:46:45 +02:00
Marcus Da Coregio 662ab10416 Fix test getting stuck 
The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class

Issue gh-6025
 2021-07-27 14:55:53 -06:00
Marcus Da Coregio 16e17d242e Add Saml2AuthenticationRequestRepository 
Closes gh-9185
 2021-07-27 14:55:53 -06:00
Josh Cummings 6b68a6d62b
Apply rnc2Xsd 
Issue gh-8657
 2021-07-27 13:22:42 -06:00
Josh Cummings 6370906ead
Add SpringOpaqueTokenIntrospector 
Closes gh-9354
 2021-07-26 10:50:50 -06:00
Abdul Al-Faraj d1dfb2b9ee Improve OpenSAML Version Check 
Closes gh-10077
 2021-07-26 10:42:40 -06:00
Nick McKinney 5c8fb254c2 Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL 
Closes gh-9838
 2021-07-16 15:42:00 +02:00
Nick McKinney b1612b1283 Add AuthenticationDetailsSource to Form Login Kotlin DSL 
Closes gh-9837
 2021-07-16 15:42:00 +02:00
Rob Winch f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch 342884e851 kotlin uses @ExtendWith(SpringTestContextExtension::class) 
cd config/src/test/kotlin
rg 'SpringTestContext' -l | xargs sed -i '/^import org.junit.jupiter.api.Test/a import org.junit.jupiter.api.extension.ExtendWith'
rg 'SpringTestContext' -l | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext/a import org.springframework.security.config.test.SpringTestContextExtension'
rg 'SpringTestContext' -l | xargs sed -i '/^class .*/i @ExtendWith(SpringTestContextExtension::class)'
 2021-07-09 15:57:21 -05:00
Rob Winch cc732bda3b Use @ExtendWith(SpringExtension::class) 2021-07-09 15:57:21 -05:00
Rob Winch 3b3ccb962d Fix @Test(expected = 2021-07-09 15:57:21 -05:00
Rob Winch 2bd55f0f62 @Test to JUnit 5 for kotlin 
rg -g "*.kt" "import org.junit.Test" -l | xargs sed -i 's/import org.junit.Test/import org.junit.jupiter.api.Test/'
 2021-07-09 15:57:21 -05:00
Rob Winch e251abb1ae more import cleanup 2021-07-09 14:49:47 -05:00
Rob Winch 3c4e15264c Add @ExtendWith(SpringTestContextExtension.class) 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'
 2021-07-09 14:49:46 -05:00
Rob Winch 7dfd169ece Add import ExtendWith 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'
 2021-07-09 14:49:45 -05:00
Rob Winch e4b09f62f0 Add SpringTestContextExtension to existing ExtendWith 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' -l | xargs sed -E -i 's/@ExtendWith\((.*)\)/@ExtendWith({ \1, SpringTestContextExtension.class })/'
 2021-07-09 14:49:42 -05:00
Rob Winch 5133340bf8 Add import SpringTestContextExtension 
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext;/a import org.springframework.security.config.test.SpringTestContextExtension;'
 2021-07-09 14:47:54 -05:00
Rob Winch 60078df62a remove @Rule 
rg '@Rule' -g '!buildSrc/**' -l | xargs sed -i '/@Rule/d'
rg 'import org.junit.Rule' -g '!buildSrc/**' -l | xargs sed -i '/import org.junit.Rule/d'
 2021-07-09 14:46:51 -05:00
Rob Winch 671040bb27 SpringTestRule to SpringTestContext 
rg 'new SpringTestRule()' -l | xargs sed -i 's/new SpringTestRule()/new SpringTestContext(this)/'
rg 'val spring = SpringTestRule()' -l | xargs sed -i 's/val spring = SpringTestRule()/val spring = SpringTestContext(this)/'
 2021-07-09 14:41:51 -05:00
Rob Winch e8c44e6390 Add SpringTestContextExtension 2021-07-09 14:35:10 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 2a62c4d976 Fix NamespaceHttpInterceptUrlTests 2021-07-09 14:32:52 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Eleftheria Stein 79054093c9 Add AuthenticationManager to Kotlin ServerHttpSecurityDsl 
Closes gh-10053
 2021-07-09 10:34:57 +02:00
Rob Winch 14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Eleftheria Stein 6a09ffe113 Add AuthenticationManager to Kotlin JwtDsl 
Closes gh-10045
 2021-07-08 13:50:09 +02:00
Eleftheria Stein 5c8e409d98 Add AuthenticationManager to Kotlin OpaqueTokenDsl 
Closes gh-10044
 2021-07-08 12:46:50 +02:00
Eleftheria Stein b4f76b2314 Fix typo in Saml2Dsl 2021-07-08 12:03:29 +02:00
Eleftheria Stein 585788ad0a Add AuthenticationManager to HttpSecurity 
Closes gh-10040
 2021-07-07 15:44:42 +02:00
Evgeniy Cheban d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Josh Cummings e91cacfdaf
Polish no-parameter authorizeHttpRequests 
- Cleaned up JavaDoc
- Updated implementation to align with no-parameter authorizeRequests
- Updated test names and content for clarity, specifically identified
tests that target no-parameter authorizeHttpRequests with noParameter in
the name
- Switched order of methods to match others in HttpSecurity
- Updated copyright year

Issue gh-9498
 2021-06-28 15:45:24 -06:00
sdratler1 3820f0f3a3
Add no-parameter authorizeHttpRequests method 
Closes gh-9498
 2021-06-28 15:34:49 -06:00