2954 Commits

Author SHA1 Message Date
Josh Cummings
0cab7c8f15
Defer Sorting AuthorizationAdvisors
Invoking AnnotationAwareOrderComparator#sort while the
AuthorizationAdvisors are still being computed causes those
advisors to be eagerly instantiated, making components
like ObservationRegistry ineligible for post processing.

This commit defers the sorting of the advisors until
after they are all fully instantiated and available in
the application context.

Closes gh-15658
2024-08-20 16:47:29 -06:00
Josh Cummings
f398be793d
Simplify AuthorizationAdvisorProxyFactory Configuration
Closes gh-15497
2024-08-19 12:34:38 -06:00
Marcus Hert Da Coregio
912062d307 Merge branch '6.2.x' into 6.3.x 2024-08-19 09:11:10 -03:00
Daniel Garnier-Moiroux
79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
Daniel Garnier-Moiroux
2caf1fb6b4 Bump io-spring-javaformat from 0.0.42 to 0.0.43
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
Rob Winch
13125d0745 Add AuthorizationDeniedException(String)
Closes gh-15607
2024-08-14 13:57:07 -05:00
Josh Cummings
59ec1f6480
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.

Issue gh-15497
2024-08-12 10:12:14 -06:00
Josh Cummings
08b8b09066
Update Copyright
Issue gh-15286
2024-08-10 11:48:14 -06:00
Josh Cummings
e40c98e6d7 Deprecate PrePostTemplateDefaults
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.

If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.

Issue gh-15286
2024-08-10 11:46:51 -06:00
MrJovanovic13
6d657ea3da InMemoryUserDetailsManager preserve user type
Closes gh-3192
2024-08-09 10:09:41 -06:00
MrJovanovic13
503d653cea Add InMemoryUserDetailsManager tests
Tests added:
createUserWhenUserAlreadyExistsThenException
updateUserWhenUserDoesNotExistThenException
loadUserByUsernameWhenUserNullThenException

Issue gh-3192
2024-08-09 10:09:41 -06:00
Josh Cummings
34d964eb08
Default Handler Resolution to Reflection-Based
Closes gh-15496
2024-08-07 14:50:33 -06:00
Josh Cummings
de77e054fd
Default Handler Resolution to Reflection-Based
Closes gh-15496
2024-08-07 14:34:40 -06:00
Josh Cummings
02cca6f737
Polish AuthorizationAdvisorProxyFactory advisor configuration
Closes gh-15497
2024-08-07 10:09:51 -06:00
Josh Cummings
37a2812d1a
Mimic Annotation Fallback Logic
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.

This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.

Issue gh-15352
2024-07-31 16:17:42 -06:00
Josh Cummings
77bce14462
Polish Annotation Test
This new arrangement of the test better matches the class
hierarchy described by the original ticket.

Issue gh-13234
2024-07-31 16:17:42 -06:00
Josh Cummings
90335bd0a6
Polish Annotation Test
This test was made more effective by having it focus on the real
scenario of resolving annotations from the standpoint of a bean
2024-07-31 16:17:42 -06:00
Josh Cummings
f20ae1a71c
Revert gh-13783
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.

Closes gh-15352
2024-07-31 16:16:34 -06:00
KyeongHoon Lee
4036e910c7 Add @FunctionalInterface to AuthenticationManager 2024-07-18 17:25:44 -07:00
Josh Cummings
c736e075c1
Add AnnotationSythesizer API
Closes gh-13234
Closes gh-13490
Closes gh-15097
2024-07-18 09:55:17 -06:00
Josh Cummings
e3438aa36a
Support AliasFor
Closes gh-15436
2024-07-18 09:46:39 -06:00
Josh Cummings
03bcc6776a
Correct Authorization Tests
Issue gh-9289
2024-07-18 09:46:38 -06:00
Josh Cummings
56c93afc66
Correct Tests About Conflicting Annotations
Issue gh-9289
2024-07-18 09:46:38 -06:00
Juliana Hachmann
9a714424d5 Adds missing translated messages for PT-BR
Partially fix #spring-projectsgh-9315

Adds Brazilian Portuguese translation missing for following messages in messages_pt_BR.properties;
- ExceptionTranslationFilter.insufficientAuthentication 
- LdapAuthenticationProvider.badLdapConnection
- PersistentTokenBasedRememberMeServices.cookieStolen
2024-05-31 12:36:52 -06:00
Josh Cummings
aa9bf83c6d
Polish Exception Handling
Issue gh-15093
2024-05-31 12:34:33 -06:00
Blagoja Stamatovski
63f48167bd Add Kotlin support to PreFilter and PostFilter annotations
Closes gh-15093
2024-05-31 12:32:28 -06:00
Hyeon Sung
742c95b1fc Use instanceof Pattern Matching 2024-05-15 08:32:25 -03:00
MrJovanovic13
e932387714 fix docs error
Closes gh-14978
2024-05-13 09:28:27 -03:00
Marcus Hert Da Coregio
08f11f06ab Revert unnecessary commits from main
Issue gh-15016
2024-05-08 13:49:18 -03:00
Marcus Hert Da Coregio
b3c7f3ff19 Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
Issue gh-7395
2024-04-30 08:38:03 -03:00
DingHao
2a6f0cac5a Fix not exist class in java doc
Closes gh-14954
2024-04-25 11:37:23 -06:00
Marcus Hert Da Coregio
2fbbcc4bd0 Polish Method Authorization Denied Handling
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method

Issue gh-14601
2024-04-12 15:55:25 -03:00
Josh Cummings
933ef67637
Polish AuthorizationDeniedException Handling
Issue gh-14600
2024-04-11 14:30:00 -06:00
Josh Cummings
50b85aea0d Handle SpEL AuthorizationDeniedExceptions
Closes gh-14600
2024-04-10 15:36:23 -07:00
Marcus Hert Da Coregio
61eba00654 Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.

Issue gh-7395
2024-04-10 14:58:01 -03:00
Marcus Hert Da Coregio
8d914ef145 Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
Issue gh-14601
2024-04-08 14:42:13 -03:00
Josh Cummings
c8e5fbf21b
Fix Package Tangle
Issue gh-14598
2024-04-05 16:48:52 -06:00
YunByungil
e5f7453690 fix: variable naming convention
Changed the variable name from MAX_INTITEM_LENGTH to MAX_INT_ITEM_LENGTH to adhere to naming conventions
2024-04-05 15:05:32 -07:00
Josh Cummings
3f7355abc6
Synthesize all annotation attributes
Issue gh-14601
2024-04-04 13:30:29 -06:00
Josh Cummings
6f07d63938
Support SpEL Returning AuthorizationDecision
Closes gh-14598
2024-04-04 11:32:00 -06:00
Josh Cummings
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
This reverts commit 77f2977c55842a717f8cb5c0344a7dd14b39c794.
2024-04-04 11:31:45 -06:00
Josh Cummings
77f2977c55 Support SpEL Returning AuthorizationDecision
Closes gh-14599
2024-04-04 09:52:15 -07:00
Marcus Hert Da Coregio
d85857f905 Add Authorization Denied Handlers for Method Security
Closes gh-14601
2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio
19d66c0b8a Introduce AuthorizationResult 2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio
7d66525e23 Add Compromised Password Checker
Closes gh-7395
2024-04-01 09:48:07 -03:00
Josh Cummings
148776309f
Merge branch '6.2.x' 2024-03-22 14:33:57 -06:00
Josh Cummings
afcce0c277
Merge branch '6.1.x' into 6.2.x
Closes gh-14795
2024-03-22 14:33:44 -06:00
Josh Cummings
7162046144
Remove Reference to MethodInvocationResult
Closes gh-14794
2024-03-22 14:33:23 -06:00
Ali-Hassan
04799c5aac Update AuthenticationProvider JavaDoc
Authentication is an interface, not a class. So, it's not correct
to say "instance of the Authentication class".
2024-03-22 11:27:58 -06:00
Josh Cummings
e1c5dc0e66 Polish JavaDoc
Issue gh-14597
2024-03-22 11:00:39 -06:00