Robbie Martinus
e60ae4984a
Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec
...
Fixes gh-6306
2018-12-19 09:55:47 -06:00
finke-ba
9c7cab835f
Add conditionally servlet based support for spring security web jackson module.
2018-12-18 14:21:31 -06:00
Richard Valdivieso
cb0ea0241b
Spring Security provides a DelegatingSecurityContextRunnable
...
abstraction for Runnable that can be used for async and
scheduled tasks. The primary contract for task scheduling is
TaskScheduler and there's no such wrapper available at the moment.
The new DelegatingSecurityContextTaskScheduler class implements
TaskScheduler interface.
Fixes gh-6043
2018-12-17 14:30:55 -06:00
mibo
60e3bf4093
Add Anonymous Support to AuthenticatedReactiveAuthorizationManager
...
Fixes: gh-6235
2018-12-12 15:48:17 -06:00
ir73
9a357f8cb6
Moved CachingUserDetailsService to spring-core
...
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService
Fixes gh-4139
2018-12-11 13:22:08 -06:00
Eric Deandrea
4178c92741
Add Reactive Support for UserDetailsChecker
...
Integrate UserDetailsChecker into ReactiveAuthenticationManager and
OAuth2 resource server authentication converters.
Fixes gh-6219
2018-12-11 13:07:40 -06:00
Zhanwei Wang
12ab2cca31
Improve error message for Chinese.
2018-12-06 11:57:21 -06:00
Robbie Martinus
090000c3d2
SessionRegistryImpl uses computeIfAbsent
...
Fixes: gh-5834
2018-12-05 10:26:07 -06:00
dperezcabrera
898d005a53
InMemoryUserDetailsManager.updatePassword case-insenstive
...
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.
This commit updates updatePassword to be case insensitive.
Fixes: gh-6039
2018-11-09 11:39:58 -06:00
Josh Cummings
7d3302f52b
Polish Test Name
...
So that it adheres to methodNameWhenConditionThenVerification naming
convention.
Issue: gh-3743
2018-10-30 10:20:37 -06:00
Karl Goffin
50d26c9d28
Polish Logging and Tests
...
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.
Issue: gh-3743
2018-10-30 10:18:16 -06:00
Karl Goffin
92e68a589a
PostFilter Support for Streams
...
Users can return a Stream from a @PostFilter-annotated method.
Fixes: gh-3743
2018-10-30 10:17:16 -06:00
Joe Grandja
8ef65ce5c5
Set AuthenticationEventPublisher on each AuthenticationManagerBuilder
...
Fixes gh-6009
2018-10-23 14:08:23 -04:00
Joe Grandja
7a94931514
Polish javadoc
2018-10-23 08:45:06 -04:00
Drummond Dawson
818a3506fe
Remove unnecessary concatenation of sql in JdbcUserDetailsManager
2018-10-19 15:30:03 -05:00
Joe Grandja
0b3aa2ce24
Update Security version to 5.2
2018-10-17 14:52:06 -04:00
Johnny Lim
68ffa0fece
Add a missing space in Secured.value() signature
2018-10-03 14:47:48 -04:00
John Lin
69b71ee0ed
Remove unused variables in ConsensusBased and UnanimousBased
2018-09-21 08:12:40 -05:00
John Lin
f5e2ca1b6e
Fix truncated javadoc for Secured
...
Fixes: gh-5861
2018-09-18 21:34:02 -05:00
Vedran Pavic
cb0ba58b58
Fix WhitespaceAfterCheck Checkstyle check
2018-08-27 10:45:35 -05:00
Johnny Lim
68878a1675
Replace isEqualTo(null) with isNull()
2018-08-09 18:04:48 -06:00
Rob Winch
d595098823
Rename @TransientAuthentication to @Transient
...
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.
Issue: gh-5481
2018-07-16 11:31:10 -05:00
Rob Winch
ed3ed5e64c
Rename @TransientAuthentication to @Transient
...
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.
Issue: gh-5481
2018-07-16 11:17:08 -05:00
Josh Cummings
3c46727be1
Transient Authentication Tokens
...
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.
To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.
Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.
Fixes: gh-5481
2018-07-16 10:40:45 -05:00
Rob Winch
a66b945ab7
Configuration for ReactiveUserDetailsPasswordService
...
Issue: gh-2778
2018-07-15 15:08:06 -05:00
Rob Winch
72a267a311
UserDetailsRepositoryReactiveAuthenticationManager uses ReactiveUserDetailsPasswordService
...
Issue: gh-2778
2018-07-15 15:08:01 -05:00
Rob Winch
ed8218a2b0
ReactiveUserDetailsPasswordService
...
Issue: gh-2778
2018-07-15 15:07:53 -05:00
Rob Winch
7aaf70d582
DaoAuthenticationProvider supports password upgrades
...
Issue: gh-2778
2018-07-15 14:56:45 -05:00
Rob Winch
cabd0a5579
UserDetailsPasswordService
...
Issue: gh-2778
2018-07-15 14:54:20 -05:00
Rob Winch
86b5150d88
Spring Version null for NullPointerException
2018-07-14 22:21:10 -05:00
Rob Winch
d9d9879909
Add JdbcUserDetailsManager(DataSource) constructor
...
Fixes: gh-5512
2018-07-13 15:59:13 -05:00
Rob Winch
4d1c8f26c5
Add DelegatingReactiveAuthenticationManager
...
Fixes: gh-5448
2018-06-18 16:03:41 -05:00
Rob Winch
bb11a81857
Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler
...
Fixes: gh-5417
2018-06-11 14:30:29 -05:00
Rob Winch
8fa6dd0f5b
Revert "Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677"
...
This reverts commit d4e459874a
.
2018-05-11 04:19:50 -05:00
이경욱
26bc6be850
Support whitespace characters using RoleHierarchyImpl
2018-05-07 16:51:41 -05:00
이경욱
6adbe8dae0
Support whitespace characters using RoleHierarchyImpl
2018-05-07 16:51:41 -05:00
Kazuki Shimizu
8d716f75a4
Fix incorrect explanation for customizing query on JdbcDaoImpl
2018-05-04 10:49:25 -05:00
Rob Winch
0a5da93640
Improve PasswordEncoder deprecated notices
...
Fixes: gh-5296
2018-05-03 15:13:06 -05:00
Joe Grandja
d4e459874a
Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677
2018-04-03 11:38:37 -04:00
Rob Winch
fb7394c1de
Polish Javadoc
...
Fixes: gh-5186
2018-03-29 15:33:57 -05:00
Christoph Dreis
d07cfe655d
Use Supplier variants of Assert methods
2018-03-27 10:58:55 -05:00
Rob Winch
b1d013e8f0
Fix JDK 9
...
Issue: gh-5160
2018-03-27 09:30:56 -05:00
Alter Ego
0e37c0912e
Update User.java
...
fixed a typo; replaced "User.witUsername("user")" with "User.withUsername("user")"
2018-03-22 08:19:44 -05:00
Rob Winch
67d793ae5f
Delay lookup of managedVersions
...
Fixes: gh-5127
2018-03-16 13:55:17 -05:00
Rob Winch
efaf2b080f
Make MIN_SPRING_VERSION Dynamic
...
Fixes: gh-5065
2018-03-16 13:53:40 -05:00
Josh Cummings
776b378a1d
Authorities authenticate TestingAuthenticationToken
...
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.
This change brings `TestingAuthenticationToken` in line with that
convention.
Note that this was done once already to one of the constructors
(ee13be4
) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.
Fixes: gh-5073
2018-03-09 13:21:47 -06:00
ylombardi
1d0e97880d
Add the BadCredentialsExceptionMixin to help Jackson serialization of BadCredentialsException
2018-03-08 16:55:57 -06:00
Joe Grandja
5b023d0abc
Fix Security version tests -> 5.1
2018-03-02 16:29:22 -05:00
Johnny Lim
d316803596
Polish DaoAuthenticationProviderTests
2018-03-02 08:55:37 -06:00
Rob Winch
8d75554b6b
Lazily Create Throwables
...
Fixes: gh-5040
2018-02-26 16:24:40 -06:00
Rob Winch
831399be16
Update to Spring Framework 5.0.4
...
Fixes: gh-5027
2018-02-19 22:00:33 -06:00
Rob Winch
7063a9e111
Issue: gh-5018
2018-02-16 16:50:14 -06:00
Rob Winch
964a14b224
Document Reactive Method security requires Publisher return types
...
Fixes: gh-4988
2018-02-07 16:43:18 -06:00
Lóránt Pintér
f7beb537f0
Add included build to JAR
...
Instead of copying classes to the compile output, we now add them directly to the JAR.
This allows JavaCompile to be cached, since there are no overlapping outputs anymore.
2018-02-02 11:50:00 -06:00
Rob Winch
8b7f772761
Update to Jackson 2.9.4
...
Fixes: gh-4985
2018-02-01 13:45:06 -06:00
Rob Winch
994abb0d00
Document User.withDefaultPasswordEncoder unsafe for production
...
Fixes: gh-4793
2018-01-31 16:26:26 -06:00
Rob Winch
f7e49ace9f
Add TestAuthentication
2018-01-26 15:13:09 -06:00
Rob Winch
c5e6ee4563
Update Dependencies
...
Fixes: gh-4973
2018-01-24 13:48:14 -06:00
Rob Winch
6ba225b62d
Polish userNotFoundEncodedPassword
...
Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.
Issue: gh-4915
2018-01-24 11:06:08 -06:00
Phillip Webb
fd78d055aa
Lazily initialize userNotFoundEncodedPassword
...
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.
Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.
Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.
First Call:
Found = encode(userNotFound) + decode(supplied)
Not-Found = encode(userNotFound) + decode(userNotFound)
Subsequent Call:
Found = decode(supplied)
Not-Found = decode(userNotFound)
Fixes gh-4915
2018-01-24 11:06:08 -06:00
Johnny Lim
f3830eec7d
Rename userDetailsRepository to userDetailsService
2018-01-10 16:04:48 -06:00
Rob Winch
803cdcf01e
Test Jackson HashMap in Whitelist
...
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Chris Burrell
cf97e16379
Add HashMap to Jackson whitelist
...
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Rob Winch
b9152701a6
Javadoc Polish
2017-12-21 16:43:11 -06:00
Johnny Lim
921157cdcd
Remove explicit super() calls
2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5
Use diamond type
2017-12-21 15:09:00 -06:00
Rob Winch
c856c376df
Fix UTF-8 in JdbcDaoImplTests
2017-12-20 15:50:23 -06:00
Joe Grandja
e19fdb6cc1
Remove AuthenticatedPrincipal from UserDetails
...
Issue gh-4877
2017-11-30 10:52:24 -05:00
Joe Grandja
50d1a81458
AbstractAuthenticationToken.getName() uses UserDetails.getUsername()
...
Fixes gh-4877
2017-11-30 09:17:42 -05:00
Rob Winch
ee1745b681
Update to Spring Framework 5.0.2.RELEASE
2017-11-27 11:57:03 -06:00
Rob Winch
691bf2e11d
PasswordEncoder Bean for AuthenticationManagerBuilder
...
Issue: gh-4873
2017-11-27 11:42:56 -06:00
Johnny Lim
701933c7f7
Fix copyright start years
...
See gh-4655
See gh-4725
2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5
Apply Checkstyle EmptyStatementCheck module
...
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
2017-11-16 20:18:21 -06:00
Oleg Zhuravlev
563139c469
Fix keys in messages bundle
2017-11-16 11:28:57 -06:00
Benedikt Ritter
fffd781b03
Add localization to error messages from ExceptionTranslationFilter
...
Fixes gh-4504
2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
Rob Winch
6d4b4bf2c7
Align Dependencies with Spring IO Cairo
...
Fixes gh-4821
2017-11-14 13:45:24 -06:00
Johnny Lim
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
Rob Winch
d9abd2e443
User.UserBuilder only encodes once
...
Fixes gh-4794
2017-11-06 09:47:37 -06:00
Greg Turnquist
881cd0befb
Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details
...
Resolves #4698
2017-10-31 16:34:07 -05:00
Rob Winch
e95430fa36
Polish Reactive Method Security reference
...
Issue gh-4757
2017-10-30 16:27:50 -05:00
Gajendra kumar
ec723952d5
principals and sessionIds should be set using constructor so that can be shared across node in cluster
...
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
2017-10-30 01:08:15 -05:00
Frank Pavageau
35706ad60a
Deserialize the principal in a neutral way
...
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b
Map values directly from the JSON nodes
...
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
Antoine
0771778b81
Polish more AssertJ assertions
2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Rob Winch
44320447fe
Update to Spring 5.0.1.RELEASE
...
Issue gh-4739
2017-10-29 14:31:45 -05:00
Rob Winch
747473257f
Use ReactorSecurityContextHolder
...
Issue gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
9ea4df5b5d
ReactiveSecurityContextHolder
...
Fixes gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
399da1ecad
SecurityContextImpl constructor
...
Fixes gh-4712
2017-10-26 20:11:42 -05:00
Rob Winch
38a8189a62
DelegatingApplicationListener uses CopyOnWriteArrayList
...
Fixes gh-4416
2017-10-24 15:35:04 -05:00
Rob Winch
8291f20796
DaoAuthenticationProvider uses DelegatingPasswordEncoder
...
This means that passwords will be encoded with BCrypt by default
Fixes: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch
d19b222b55
UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder
...
This means passwords will be encoded with BCrypt by default
Issue: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch
cdc992b132
Remove SaltSource
...
Fixes gh-4681
2017-10-24 07:56:28 -05:00
Rob Winch
4529e09339
Remove PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch
6c69333df6
Remove PasswordEncoderUtils from core
...
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch
3a4a32e654
Remove LdapShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:20 -05:00
Rob Winch
6a3e981c80
Remove BaseDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:40 -05:00
Rob Winch
a8aa65b828
Remove Md4PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:32 -05:00
Rob Winch
2dc4e326be
Remove MessageDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
12dbf2e961
Remove PlainTextPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
40fd8d7aa7
Remove ShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
e98fc3556e
Remove Md5PasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
52560b560d
PasswordEncodedUser
...
Fixes gh-4680
2017-10-23 22:27:16 -05:00
Rob Winch
1ea10a1e89
Add User.withDefaultPasswordEncoder()
...
Fixes gh-4678
2017-10-23 22:27:16 -05:00
Rob Winch
a0fb324e1d
Add passwordEncoder to UserBuilder
...
Fixes gh-4677
2017-10-23 22:27:16 -05:00
Rob Winch
7fd1cff3ce
Fix PrePostAdviceReactiveMethodInterceptor tangle
...
Issue: gh-4636
2017-10-16 16:36:43 -05:00
Rob Winch
1dc49276f8
Fix P tangle
...
Issue: gh-4636
2017-10-16 16:36:15 -05:00
Rob Winch
96f6368214
Update to Spring Framework 5.0.1.BUILD-SNAPSHOT
...
Fixes gh-4633
2017-10-16 16:30:59 -05:00
Rob Winch
57d26ffa10
Polish
2017-10-11 13:57:59 -05:00
Rob Winch
e99e2a9f09
PrePostAdviceMethodInterceptor->PrePostAdviceReactiveMethodInterceptor
...
Issue gh-4615
2017-10-11 13:57:54 -05:00
Rob Winch
5502856095
UserDetailsRepositoryAuthenticationManager->UserDetailsRepositoryReactiveAuthenticationManager
...
Issue gh-4615
2017-10-11 13:57:35 -05:00
Rob Winch
4681697581
UserDetailsRepository->ReactiveUserDetailsService
...
Issue gh-4615
2017-10-11 13:57:30 -05:00
Rob Winch
f1bc82dcef
AuthenticatedAuthorizationManager->AuthenticatedReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:26 -05:00
Rob Winch
866ce5eaec
AuthorityAuthorizationManager->AuthorityReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:08 -05:00
Rob Winch
fc84d31010
Fix Javadoc Encoding
2017-10-09 16:48:50 -05:00
Rob Winch
23f56f568c
Update MockitJunitRunner import
...
Issue: gh-4608
2017-10-09 16:13:33 -05:00
Rob Winch
445834784a
Update to Mockito 2.10.0
...
Issue: gh-4608
2017-10-09 16:13:11 -05:00
Rob Winch
f3828924ff
Fix equals and hashCode alignment
...
Fixes gh-4588
2017-09-28 17:25:00 -05:00
Rob Winch
1c9b627267
Update to Spring Framework 5.0.0.RELEASE
...
Fixes gh-4585
2017-09-28 17:24:38 -05:00
Rob Winch
b59265c641
Add InMemoryUserDetailsManager(UserDetails... users)
2017-09-22 19:56:32 -05:00
Stephan Schroevers
9e719bc313
Drop the `aopalliance:aopalliance` dependency
...
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.
This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)
The documentation is updated accordingly.
[1] https://jira.spring.io/browse/SPR-13984
2017-09-22 11:11:04 -05:00
Rob Winch
8854414101
Polish for Gradle 5.0
2017-09-18 16:53:19 -05:00
Rob Winch
8a66d0c78d
Polish PermissionEvaluator Autowired into Web Security
...
Issue gh-4077
2017-09-18 16:53:19 -05:00
Craig Andrews
3bf6bf10de
Configure permissionEvaluator and roleHierarchy by default
...
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).
Issue gh-4077
2017-09-18 16:35:16 -05:00
Rob Winch
1f4082e754
Fix copyright lines
2017-09-18 11:11:25 -05:00
Rob Winch
3ecf3ea034
Fix double * in Copyright headers
2017-09-18 10:47:26 -05:00
Rob Winch
ae342dfcce
Update to the lastest SNAPSHOTs
2017-09-18 10:17:21 -05:00
Rob Winch
7bb4367cf1
Prepare Versions for Release
2017-09-13 08:24:14 -05:00
Rob Winch
72f139a824
Mono.currentContext()->subscriberContext()
...
Fixing refactoring by Reactor
2017-09-01 16:14:42 -05:00
ladislav-bozek
b3ad174ee2
Small typo in Javadoc
2017-08-30 15:27:53 -05:00
Rob Winch
895f0d108c
Run PasswordEncoder on Schedulers.parallel()
2017-08-29 22:26:56 -05:00
Rob Winch
a563689e6c
Add PasswordEncoder for UserDetailsRepositoryAuthenticationManager
2017-08-29 21:19:42 -05:00
Rob Winch
416ff3c77a
Add EnableReactiveMethodSecurity
...
Issue gh-4496
2017-08-17 16:42:01 -05:00
Rob Winch
e16b8e7976
Fix logback-test.xml
2017-08-17 16:42:01 -05:00
Rob Winch
0f0563cd6f
MethodSecurityMetadataSourceAdvisor supports MethodInterceptor
...
Fixes gh-4480
2017-07-31 16:46:51 -05:00
Joe Grandja
a176a8c4ae
Update to next development version
2017-07-24 11:54:43 -04:00
Joe Grandja
abf34e0e67
Release 5.0.0.M3
2017-07-24 11:12:32 -04:00
Rob Winch
0b481cf4b6
Make UserBuilder.username public
...
This allows for reusing a UserBuilder to create multiple UserDetails with
similar attributes but different usernames.
Fixes gh-4453
2017-07-12 13:54:52 -05:00
Rob Winch
37011720c9
Update to latest Spring IO Cairo SNAPSHOT
...
Fixes gh-4407
2017-06-20 16:42:09 -05:00
Rob Winch
fb85ad6bd7
Revert "Work Around SPR-15651"
...
This reverts commit 6c286696b4
.
2017-06-15 15:25:36 -05:00
Rob Winch
dcef3d6ebb
Remove springIoVersion for release preparations
2017-06-15 13:34:51 -05:00
Rob Winch
6c286696b4
Work Around SPR-15651
...
Issue gh-4386
2017-06-09 22:26:02 -05:00
Rob Winch
d09fb5b500
Move UserDetailsRepository to core.userdetails
...
Fixes gh-4383
2017-06-09 16:07:09 -05:00
Joe Grandja
eb6bd9bea9
Update groupId io.projectreactor.addons -> io.projectreactor
...
Fixes gh-4377
2017-06-08 14:06:51 -04:00
Rob Winch
5dee8534cd
Update SecurityJackson2Modules
...
Fixes gh-4370
2017-06-07 23:05:13 -05:00
Rob Winch
a79a81cd24
Simplify webflux samples
...
Remove the custom user from the hellowebflux and hellowebfluxfn samples.
2017-05-23 15:59:16 -05:00
Rob Winch
07234f6255
Switch back to Spring Framework 5.0.0.BUILD-SNAPSHOT
2017-05-16 15:12:09 -05:00
Rob Winch
22c1685d70
Use AssertionsForClassType
2017-05-15 13:48:12 -05:00
Rob Winch
d81b436e5d
Remove pom.xml from build
...
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.
This commit removes the pom.xml files from the build.
Fixes gh-4283
2017-05-11 14:32:36 -05:00
Vedran Pavic
e9427e421b
Update Spring version
2017-05-10 00:27:36 -05:00
Vedran Pavic
85719fcd64
Use Base64 implementation provided by Java 8
2017-05-10 00:27:36 -05:00
Rob Winch
b4f2777755
Add WebFlux
...
Fixes gh-4128
2017-05-10 00:13:02 -05:00
Rob Winch
051e3fb079
Add UserBuilders.withUserDetails
2017-05-10 00:12:12 -05:00
Rob Winch
5c7ff5c24a
Update to spring 5.0.0.RC1
2017-05-09 02:35:46 -05:00
Rob Winch
e1ef0477fb
Build Leverages tests-configuration plugin
2017-05-01 17:10:20 -05:00
Rob Winch
d108bf58bf
Remove commons-logging
...
Issue: gh-4308
2017-04-24 19:40:22 -05:00
Rob Winch
dd6fc48dd8
Standardize Build
...
The build now uses spring build conventions to simplify the build
Fixes gh-4284
2017-04-21 10:55:05 -05:00
Joe Grandja
71e491fcf0
Provide abstraction for an Authenticated Principal
2017-04-10 16:18:40 -04:00
Joe Grandja
2ce174dbf0
Update poms to 5.0.0.BUILD-SNAPSHOT
2017-04-07 16:49:50 -04:00
Joe Grandja
2b81983f7c
Update to Java 8 compatibility
...
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
2017-04-07 16:49:38 -04:00
Rob Winch
3ca78df15f
Fix Security version Test
2017-03-08 19:12:39 -06:00
Rob Winch
d2524eadfc
Update poms to new to SNAPSHOT version
2017-03-02 09:20:34 -06:00
Spring Buildmaster
081f0c4d94
Release version 4.2.2.RELEASE
2017-03-02 07:29:42 +00:00
pkovacs
f99fe36e02
Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl
...
GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.
Fixes gh-4163.
2017-03-02 00:09:14 -06:00
stonio
901a4e183a
Update SecurityContextHolder.java
...
Use StringUtils.hasText
2017-03-01 23:54:04 -06:00
Rob Winch
b64cdb5765
Fix RoleHiearchyUtilsTests on Windows
...
Fixes gh-4228
2017-03-01 23:27:11 -06:00
Rob Winch
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
Spring Buildmaster
7a7ce11ebb
Release version 4.2.1.RELEASE
2016-12-21 17:23:28 +00:00
Rob Winch
6bec625e68
Update to Spring 4.3.5.RELEASE
...
Fixes gh-4167
2016-12-21 09:04:16 -06:00
Spring Buildmaster
24fcb6c45a
Release version 4.2.0.RELEASE
2016-11-09 23:42:11 +00:00
Rob Winch
a9024de734
Polish Spring Version Update
...
Fix related tests.
Issue gh-4123
2016-11-09 17:05:25 -06:00
Rob Winch
f97f38fd57
jacksonDatavindVersion->jacksonDatabindVersion
...
Issue gh-4122
2016-11-09 16:46:38 -06:00
Rob Winch
f0a9421aa4
SecurityJacksonModules->SecurityJackson2Modules
...
Fixes gh-4121
2016-11-09 16:42:41 -06:00
Spring Buildmaster
97b4cb0b73
Release version 4.2.0.RC1
2016-10-26 02:49:23 +00:00
Rob Winch
e62596f36d
Polish PasswordEncoderUtils do not leak length
...
Fix possible / 0 if expected is empty String.
Issue gh-255
2016-10-24 12:50:46 -05:00
Rob Winch
d3685d89c5
Polish PasswordEncoderUtils do not leak length
...
Issue gh-255
2016-10-24 11:26:43 -05:00
avri-schneider
a98389fa98
PasswordEncoderUtils do not leak length
...
Enforce constant time even when expectedLength != actualLength.
Fixes gh-255
2016-10-24 11:26:34 -05:00
Rob Winch
dc9f9b140f
Polish PasswordEncoderUtilsTests
...
* Add more tests
* Smaller tests
* Follow new naming convention
2016-10-24 11:24:24 -05:00
Rob Winch
f432c04111
Create UserBuilder
...
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
2016-10-21 16:42:03 -05:00
Rob Winch
08c1f500a7
Version bumps for Spring 5
...
Issue gh-4080
2016-10-17 17:00:17 -05:00
Jitendra Singh
48ff518a41
Fix Jackson 2.7+
...
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+
Fixes gh-4073
2016-10-13 07:42:07 -05:00
Spring Buildmaster
c1b8150439
Release version 4.2.0.M1
2016-09-23 19:39:33 +00:00
Rob Winch
b443baef04
Polish GrantedAuthorityDefaults
...
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
ApplicationContextAware
Issue gh-3701
2016-09-22 15:13:05 -05:00
Eddú Meléndez
eabeaf35d6
Make single definition of `defaultRolePrefix` and `rolePrefix`
...
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.
Fixes gh-3701
2016-09-21 14:55:41 -05:00
Joe Grandja
c75a5b7279
Polish RoleHierarchyUtils and add tests
2016-09-19 14:07:34 -04:00
Thomas Darimont
06c67070a6
Add convenience method for constructing RoleHierarchy from Map.
...
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.
Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4
Fixes #3990 .
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-09-19 14:07:34 -04:00
Rob Winch
92a59e0df7
Fix checkstyle
...
Issue gh-3736
2016-09-02 12:02:39 -05:00
Rob Winch
8ad0003456
Polish Whitespace
...
Issue gh-3736
2016-09-02 11:37:21 -05:00
Rob Winch
3531cc93c2
JSON tests ObjectMapper Cleanup
...
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
bd925313af
Improve Readablility of JSON test strings
...
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
d4c48dd3e1
Remove MockitoJUnitRunner from JSON tests
...
Previously the JSON tests unnecessarily had MockitoJUnitRunner.
This commit removes MockitoJUnitRunner from the JSON tests.
Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch
df613ed4cc
JSON UserDetails deserializes null
...
JSON UserDetails null use to be treated as "".
This changes null to be treated as a null
Issue gh-3736
2016-09-02 11:37:16 -05:00
Rob Winch
3fb77f3b59
Polish SecurityJacksonModules
...
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
2016-09-02 11:37:13 -05:00
Rob Winch
c2d8ea92d0
SimpleGrantedAuthorityMixin role->authority
...
Issue gh-3736
2016-09-02 11:36:33 -05:00
Rob Winch
6f2b24a62b
Polish JSON warnings / javadoc
...
Issue gh-3736
2016-09-02 11:36:23 -05:00
Rob Winch
6d2003722e
Polish JSON class scope
...
Use package scope when possible
Issue gh-3736
2016-09-02 11:36:06 -05:00
Rob Winch
03d8904a03
Polish constructor assertions
...
Previously the JSON modules didn't use Spring's Assert.
This commit changes the assertions to use Spring's Assert and does
some minor restructuring.
Issue gh-3736
2016-09-02 11:34:57 -05:00
Jitendra Singh Bisht
d77ca17e95
Add JSON Serialization
...
Fixes gh-3812
2016-09-02 11:29:53 -05:00
Rob Winch
4d02a5c0a0
Update pom.xml dependencies
2016-08-30 11:27:29 -05:00
Rob Winch
53352e336d
Polish gh-4048
2016-08-30 09:42:28 -05:00
vitalii-dmytruk
422bc37115
Suppurt custom messages
...
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.
Issue gh-4048
2016-08-30 09:41:37 -05:00
Rob Winch
c266930483
Update Dependency Versions ( #4035 ) ( #4036 )
2016-08-19 16:10:46 -05:00
Kevin Conaway
d2a37cb1d6
Improve field visibility in DefaultMethodSecurityExpressionHandler
...
Fixes gh-210
2016-07-26 09:56:00 -04:00
Eddú Meléndez
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
Rob Winch
b4ab0483b1
Update version to 4.2.0.BUILD-SNAPSHOT
2016-07-07 12:56:20 -05:00
Spring Buildmaster
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
Johnny Lim
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
Rob Winch
5f6312c5be
Update to Spring 4.3.1
...
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch
843ed3e437
Update to Spring 4.3.1.BUILD-SNAPSHOT
2016-07-01 22:04:55 -05:00
Eddú Meléndez
a2ead4cf7a
Polish
...
Fixes gh-3892
2016-06-20 12:35:43 -05:00
Rob Winch
d2b909e7c5
Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent
...
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.
Fixes gh-3857
2016-06-17 17:16:54 -05:00
Rob Winch
2d6051625f
Update pom.xml
2016-06-17 14:30:11 -05:00
Spring Buildmaster
001b05569a
Release version 4.1.0.RELEASE
2016-05-05 04:25:46 +00:00
Rob Winch
9745de9510
Add @AuthenticationPrincipal expression
...
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
2016-05-03 18:08:52 -04:00
Spring Buildmaster
24d0069668
Release version 4.1.0.RC2
2016-04-21 01:47:25 +00:00
Johnny Lim
933a7e8363
Remove duplicate words
...
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Joe Grandja
2ef3da1b47
Documents the new @AuthenticationPrincipal in more detail.
...
Fixes gh-3771
2016-04-13 12:27:23 -04:00
Joe Grandja
b90242f2fa
Updates all POM versions to 4.1.0 snapshot build.
...
Fixes gh-3804
2016-04-12 10:35:43 -04:00
Spring Buildmaster
044acf7e27
Release version 4.1.0.RC1
2016-03-23 07:15:15 -07:00
Rob Winch
36c381a06a
Update to Java 1.6
...
Fixes gh-3756
2016-03-15 08:37:00 -05:00
Rob Winch
ec4e6c7453
Update pom.xml to 4.1.0.BUILD-SNAPSHOT
2016-03-14 00:51:35 -05:00
Rob Winch
f221920a19
Clean up code to conform to basic checkstyle
...
Issue gh-3746
2016-03-14 00:15:12 -05:00
Billy Korando
71d4ce96ad
Convert to assertj
...
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch
bb600a473e
Start AssertJ Migration
...
Issue gh-3175
2016-03-09 14:26:30 -06:00
Karol Lewandowski
a1df8e5379
Fix keys in messages bundle
...
Fixes gh-2971
2016-03-09 10:43:37 -06:00
hmolsen
b248eae416
Javadoc on ProviderManager.authenticate clarification
...
Fixes gh-3722
2016-03-03 15:32:03 -06:00
Rob Winch
65a00751a7
Update to Spring 4.2.5
...
Fixes gh-3715
2016-02-25 11:35:17 -06:00
petaure
cf76e3c65e
SEC-3150: Escape ' character in messages_fr.properties
...
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
Rob Winch
be303b15d1
SEC-3128: RoleVoter supports null Authentication
2015-10-29 14:03:18 -05:00
Rob Winch
bd221739c7
SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
...
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.
This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
zhanhb
29f2cc0ab1
snasphot -> snapshot
2015-09-25 15:28:39 -05:00
/usr/local/ΕΨΗΕΛΩΝ
e6ed4441c4
Update messages_it.properties
2015-09-17 17:31:32 +02:00
David Avenante
a9a5377e4a
Unused import
...
An import unsued
2015-09-02 00:21:39 -05:00
David Avenante
5edfeb4091
Unused import
...
And import is unused
2015-09-02 00:21:39 -05:00
Rob Winch
adfeb96e2f
Update to Spring 4.2.1
2015-09-01 09:53:26 -05:00
Rob Winch
c79bceab03
SEC-2956: Improve AnnotationParameterNameDiscoverer Performance
2015-08-19 16:07:03 -05:00
Rob Winch
55dd247660
SEC-3078: Update Spring 4.2
2015-08-19 16:05:40 -05:00
Rob Winch
26ab012b57
Start 4.1.0
2015-08-18 13:58:01 -05:00
Rob Winch
969f3a7d1b
Update pom.xml to latest snapshots
2015-08-03 09:46:01 -05:00
Thomas Darimont
ad1d858e2b
SEC-3056 - Fix JavaDoc errors.
...
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
Rob Winch
117f892c91
SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
...
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.
This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
Rob Winch
e8c9f75f9c
Update pom.xml to latest versions
2015-07-22 12:51:04 -05:00
Rob Winch
821333434d
SEC-3013: Add messages_en.properties
2015-07-13 23:18:45 -05:00
Rob Winch
197ddb3cd1
SEC-3029: Fix Compatibility with Spring 4.2.x
2015-07-07 22:46:31 -05:00
Alex Panchenko
0a118336d4
SEC-2955: Convert to "static" for inner classes
2015-04-30 12:54:52 -05:00
Rob Winch
b433cdda7e
SEC-2930: Update SecurityExpressionOperations javadoc
2015-04-21 09:21:29 -05:00
Rob Winch
d5dfeeca49
SEC-2927: Update chat-jc pom so Maven Builds
...
Previously there were some incorrect dependency versions. This commit fixes
that.
We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
Rob Winch
4fdfb8caba
SEC-2915: More Tabs -> Spaces
2015-04-17 11:34:34 -05:00