2954 Commits

Author SHA1 Message Date
Joe Grandja
71e491fcf0 Provide abstraction for an Authenticated Principal 2017-04-10 16:18:40 -04:00
Joe Grandja
2b81983f7c Update to Java 8 compatibility
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
2017-04-07 16:49:38 -04:00
Rob Winch
3ca78df15f Fix Security version Test 2017-03-08 19:12:39 -06:00
pkovacs
f99fe36e02 Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl
GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.

Fixes gh-4163.
2017-03-02 00:09:14 -06:00
stonio
901a4e183a Update SecurityContextHolder.java
Use StringUtils.hasText
2017-03-01 23:54:04 -06:00
Rob Winch
b64cdb5765 Fix RoleHiearchyUtilsTests on Windows
Fixes gh-4228
2017-03-01 23:27:11 -06:00
Rob Winch
9c03571bbb Use message in all Assert
This ensures compatibility with Spring 5.

Fixes gh-4193
2017-01-30 19:58:24 -06:00
Rob Winch
6bec625e68 Update to Spring 4.3.5.RELEASE
Fixes gh-4167
2016-12-21 09:04:16 -06:00
Rob Winch
a9024de734 Polish Spring Version Update
Fix related tests.

Issue gh-4123
2016-11-09 17:05:25 -06:00
Rob Winch
f0a9421aa4 SecurityJacksonModules->SecurityJackson2Modules
Fixes gh-4121
2016-11-09 16:42:41 -06:00
Rob Winch
e62596f36d Polish PasswordEncoderUtils do not leak length
Fix possible / 0 if expected is empty String.

Issue gh-255
2016-10-24 12:50:46 -05:00
Rob Winch
d3685d89c5 Polish PasswordEncoderUtils do not leak length
Issue gh-255
2016-10-24 11:26:43 -05:00
avri-schneider
a98389fa98 PasswordEncoderUtils do not leak length
Enforce constant time even when expectedLength != actualLength.

Fixes gh-255
2016-10-24 11:26:34 -05:00
Rob Winch
dc9f9b140f Polish PasswordEncoderUtilsTests
* Add more tests
* Smaller tests
* Follow new naming convention
2016-10-24 11:24:24 -05:00
Rob Winch
f432c04111 Create UserBuilder
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder

Fixes gh-4095
2016-10-21 16:42:03 -05:00
Rob Winch
08c1f500a7 Version bumps for Spring 5
Issue gh-4080
2016-10-17 17:00:17 -05:00
Jitendra Singh
48ff518a41 Fix Jackson 2.7+
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+

Fixes gh-4073
2016-10-13 07:42:07 -05:00
Rob Winch
b443baef04 Polish GrantedAuthorityDefaults
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
  ApplicationContextAware

Issue gh-3701
2016-09-22 15:13:05 -05:00
Eddú Meléndez
eabeaf35d6 Make single definition of defaultRolePrefix and rolePrefix
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.

Fixes gh-3701
2016-09-21 14:55:41 -05:00
Joe Grandja
c75a5b7279 Polish RoleHierarchyUtils and add tests 2016-09-19 14:07:34 -04:00
Thomas Darimont
06c67070a6 Add convenience method for constructing RoleHierarchy from Map.
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.

Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4

Fixes #3990.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-09-19 14:07:34 -04:00
Rob Winch
92a59e0df7 Fix checkstyle
Issue gh-3736
2016-09-02 12:02:39 -05:00
Rob Winch
8ad0003456 Polish Whitespace
Issue gh-3736
2016-09-02 11:37:21 -05:00
Rob Winch
3531cc93c2 JSON tests ObjectMapper Cleanup
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
bd925313af Improve Readablility of JSON test strings
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
d4c48dd3e1 Remove MockitoJUnitRunner from JSON tests
Previously the JSON tests unnecessarily had MockitoJUnitRunner.

This commit removes MockitoJUnitRunner from the JSON tests.

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
df613ed4cc JSON UserDetails deserializes null
JSON UserDetails null use to be treated as "".

This changes null to be treated as a null

Issue gh-3736
2016-09-02 11:37:16 -05:00
Rob Winch
3fb77f3b59 Polish SecurityJacksonModules
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
2016-09-02 11:37:13 -05:00
Rob Winch
c2d8ea92d0 SimpleGrantedAuthorityMixin role->authority
Issue gh-3736
2016-09-02 11:36:33 -05:00
Rob Winch
6f2b24a62b Polish JSON warnings / javadoc
Issue gh-3736
2016-09-02 11:36:23 -05:00
Rob Winch
6d2003722e Polish JSON class scope
Use package scope when possible

Issue gh-3736
2016-09-02 11:36:06 -05:00
Rob Winch
03d8904a03 Polish constructor assertions
Previously the JSON modules didn't use Spring's Assert.

This commit changes the assertions to use Spring's Assert and does
some minor restructuring.

Issue gh-3736
2016-09-02 11:34:57 -05:00
Jitendra Singh Bisht
d77ca17e95 Add JSON Serialization
Fixes gh-3812
2016-09-02 11:29:53 -05:00
Rob Winch
53352e336d Polish gh-4048 2016-08-30 09:42:28 -05:00
vitalii-dmytruk
422bc37115 Suppurt custom messages
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.

Issue gh-4048
2016-08-30 09:41:37 -05:00
Rob Winch
c266930483 Update Dependency Versions (#4035) (#4036) 2016-08-19 16:10:46 -05:00
Kevin Conaway
d2a37cb1d6 Improve field visibility in DefaultMethodSecurityExpressionHandler
Fixes gh-210
2016-07-26 09:56:00 -04:00
Eddú Meléndez
13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Rob Winch
b4ab0483b1 Update version to 4.2.0.BUILD-SNAPSHOT 2016-07-07 12:56:20 -05:00
Johnny Lim
310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch
5f6312c5be Update to Spring 4.3.1
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch
843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Eddú Meléndez
a2ead4cf7a Polish
Fixes gh-3892
2016-06-20 12:35:43 -05:00
Rob Winch
d2b909e7c5 Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.

Fixes gh-3857
2016-06-17 17:16:54 -05:00
Rob Winch
9745de9510 Add @AuthenticationPrincipal expression
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
2016-05-03 18:08:52 -04:00
Johnny Lim
933a7e8363 Remove duplicate words
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Joe Grandja
2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail.
Fixes gh-3771
2016-04-13 12:27:23 -04:00
Rob Winch
36c381a06a Update to Java 1.6
Fixes gh-3756
2016-03-15 08:37:00 -05:00
Rob Winch
f221920a19 Clean up code to conform to basic checkstyle
Issue gh-3746
2016-03-14 00:15:12 -05:00
Billy Korando
71d4ce96ad Convert to assertj
Fixes gh-3175
2016-03-09 14:30:17 -06:00