84d9629599
Add gitHubCheckMilestoneHasNoOpenIssues
...
Closes gh-9693
2021-04-29 16:15:02 -05:00
23eee9aa03
Remove unused ratelimit code
2021-04-29 15:43:57 -05:00
4d564ffb50
Update AuthorizationManager references
...
Issue gh-9692
2021-04-28 11:58:30 -06:00
df6ebc7051
Rename DelegatingAuthorizationManager
...
Closes gh-9692
2021-04-28 09:53:25 -06:00
17cfc6ade3
Inline ResourceKeyConverterAdapter
...
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
4d610ca80c
Update MockK to 1.11.0
...
Closes gh-9691
2021-04-28 13:25:06 +02:00
de0cd11a72
Fix PreAuthorize when returning Kotlin Flow
...
Closes gh-9676
2021-04-28 12:33:18 +02:00
e2993d93e1
Make Csrf cookie secure flag configurable (WebFlux)
...
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.
Closes gh-9678
2021-04-27 09:34:12 +02:00
006b9b9607
master->main
...
Closes gh-9683
2021-04-26 16:55:43 -05:00
32ac31c101
Release ByteBuf
...
Closes gh-9661
2021-04-26 13:16:41 -06:00
cb6e4f4a11
Add NPE Guards
...
- Like values, names are only validated if they are not null
Closes gh-9598
2021-04-22 11:22:19 -06:00
b0011893d2
Update Copyright
...
Issue gh-9651
2021-04-20 10:43:20 -06:00
5da472f3be
Fix ClassCastException
...
Closes gh-9651
2021-04-20 10:42:52 -06:00
53e94bca45
Add oauth2Login() tests
...
Issue gh-9548 gh-9660 gh-9266
2021-04-20 08:37:19 -04:00
5afeaa3ce7
WebFlux httpBasic() matches on XHR requests
...
Closes gh-9660
2021-04-20 08:36:42 -04:00
7dc4de05b1
Add guard around logger.debug statement
...
The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled
2021-04-16 10:32:58 -06:00
a31a855146
Fix HttpSecurity.addFilter* Ordering
...
Closes gh-9633
2021-04-14 17:47:31 -05:00
2b4b856b32
Limit oauth2Login() links to redirect-based flows
...
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
2021-04-14 05:02:30 -04:00
a325216f19
Add RELEASE.adoc
...
Closes gh-9627
2021-04-12 21:52:34 -05:00
82e47e8ae0
Next Development Version
2021-04-12 21:50:56 -05:00
c562b7d439
Release 5.5.0-RC1
2021-04-12 21:04:11 -05:00
501d5ff497
Removed Method Security AuthorizationManager from What's New
...
Issue gh-9596
2021-04-12 15:53:44 -06:00
163b5943ca
Revert AuthorizationManager Method Security
2021-04-12 15:53:22 -06:00
b352c8f1da
Removed SAML SLO from What's New
...
Issue gh-9596
2021-04-12 14:49:33 -06:00
8c92eddbe5
Revert "Add Registration to Saml2Authentication"
...
This reverts commit efe42b93ce
2021-04-12 14:44:36 -06:00
55047fd996
Revert "Add RelyingPartyRegistrationResolver"
...
This reverts commit 2f734a0975
2021-04-12 14:44:19 -06:00
37b40476e7
Revert "Add Single Logout Support"
...
This reverts commit e807fae869
2021-04-12 14:44:04 -06:00
404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
...
This reverts commit d19ff12813
2021-04-12 14:43:37 -06:00
4e81bbe386
Revert "Add Saml2LogoutConfigurer"
...
This reverts commit 6f52baba29
2021-04-12 14:43:19 -06:00
44763345d3
Update htmlunit-driver to 2.49.1
...
Closes gh-9624
2021-04-12 14:55:59 -05:00
57d77c0cfb
Update htmlunit to 2.49.1
...
Closes gh-9623
2021-04-12 14:55:57 -05:00
8a13278c6d
Update io.spring.nohttp to 0.0.6.RELEASE
...
Closes gh-9622
2021-04-12 14:55:54 -05:00
f30ee19ccc
Update io.projectreactor to 2020.0.6
...
Closes gh-9620
2021-04-12 14:55:50 -05:00
ac288b8dc9
Update com.nimbusds to 9.3.3
...
Closes gh-9619
2021-04-12 14:55:48 -05:00
7c4abdb4db
Update jackson-bom to 2.12.3
...
Closes gh-9616
2021-04-12 14:55:41 -05:00
7da6077727
Update to commons-codec:1.15
...
Closes gh-9575
2021-04-10 10:11:32 -06:00
9b07b6a991
Added Sections to What's New
...
Closes gh-9596
2021-04-10 01:03:56 -06:00
6f52baba29
Add Saml2LogoutConfigurer
...
Closes gh-9497
2021-04-10 00:25:34 -06:00
d19ff12813
Publish CsrfTokenRepository as shared object
...
Closes gh-9595
2021-04-10 00:25:34 -06:00
e807fae869
Add Single Logout Support
...
Closes gh-8731
2021-04-10 00:25:34 -06:00
2f734a0975
Add RelyingPartyRegistrationResolver
...
Closes gh-9486
2021-04-10 00:12:38 -06:00
efe42b93ce
Add Registration to Saml2Authentication
...
Closes gh-9487
2021-04-10 00:12:38 -06:00
88c1475a3b
Polish OpenSAML 4 support
...
Issue gh-9095
2021-04-10 00:12:15 -06:00
4f7d529c5d
Polish Csrf Tests
...
Issue gh-9561
2021-04-09 22:47:31 -06:00
87ed527023
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
2021-04-09 21:43:19 -06:00
df8abcfae7
Use Interceptors instead of Advice
...
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization
Issue gh-9289
2021-04-09 18:45:31 -06:00
122346bd27
Document AuthorizationManager for Method Security
...
Issue gh-9289
2021-04-09 18:45:10 -06:00
6bcf479659
Polish Javadoc
...
Issue gh-9289
2021-04-09 18:44:25 -06:00
6828987b4b
Add AfterMethodAuthorizationManager
...
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability
Closes gh-9591
2021-04-09 18:43:56 -06:00
2b494ebc5f
Polish AOP Structure
...
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes
Issue gh-9289
2021-04-09 17:46:33 -06:00
Rob Winch
Josh Cummings
Eleftheria Stein
Thomas Vitale
kevin
Tibor Koch
Joe Grandja
Craig Andrews
Denis Washington
佚名