Commit Graph

2703 Commits

Author SHA1 Message Date
Robbie Martinus e60ae4984a Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec
Fixes gh-6306
2018-12-19 09:55:47 -06:00
finke-ba 9c7cab835f Add conditionally servlet based support for spring security web jackson module. 2018-12-18 14:21:31 -06:00
Richard Valdivieso cb0ea0241b Spring Security provides a DelegatingSecurityContextRunnable
abstraction for Runnable that can be used for async and
scheduled tasks. The primary contract for task scheduling is
TaskScheduler and there's no such wrapper available at the moment.

The new DelegatingSecurityContextTaskScheduler class implements
TaskScheduler interface.

Fixes gh-6043
2018-12-17 14:30:55 -06:00
mibo 60e3bf4093 Add Anonymous Support to AuthenticatedReactiveAuthorizationManager
Fixes: gh-6235
2018-12-12 15:48:17 -06:00
ir73 9a357f8cb6 Moved CachingUserDetailsService to spring-core
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService

Fixes gh-4139
2018-12-11 13:22:08 -06:00
Eric Deandrea 4178c92741 Add Reactive Support for UserDetailsChecker
Integrate UserDetailsChecker into ReactiveAuthenticationManager and
OAuth2 resource server authentication converters.

Fixes gh-6219
2018-12-11 13:07:40 -06:00
Zhanwei Wang 12ab2cca31 Improve error message for Chinese. 2018-12-06 11:57:21 -06:00
Robbie Martinus 090000c3d2 SessionRegistryImpl uses computeIfAbsent
Fixes: gh-5834
2018-12-05 10:26:07 -06:00
dperezcabrera 898d005a53 InMemoryUserDetailsManager.updatePassword case-insenstive
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
2018-11-09 11:39:58 -06:00
Josh Cummings 7d3302f52b
Polish Test Name
So that it adheres to methodNameWhenConditionThenVerification naming
convention.

Issue: gh-3743
2018-10-30 10:20:37 -06:00
Karl Goffin 50d26c9d28
Polish Logging and Tests
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.

Issue: gh-3743
2018-10-30 10:18:16 -06:00
Karl Goffin 92e68a589a
PostFilter Support for Streams
Users can return a Stream from a @PostFilter-annotated method.

Fixes: gh-3743
2018-10-30 10:17:16 -06:00
Joe Grandja 8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder
Fixes gh-6009
2018-10-23 14:08:23 -04:00
Joe Grandja 7a94931514 Polish javadoc 2018-10-23 08:45:06 -04:00
Drummond Dawson 818a3506fe Remove unnecessary concatenation of sql in JdbcUserDetailsManager 2018-10-19 15:30:03 -05:00
Joe Grandja 0b3aa2ce24 Update Security version to 5.2 2018-10-17 14:52:06 -04:00
Johnny Lim 68ffa0fece Add a missing space in Secured.value() signature 2018-10-03 14:47:48 -04:00
John Lin 69b71ee0ed Remove unused variables in ConsensusBased and UnanimousBased 2018-09-21 08:12:40 -05:00
John Lin f5e2ca1b6e Fix truncated javadoc for Secured
Fixes: gh-5861
2018-09-18 21:34:02 -05:00
Vedran Pavic cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Johnny Lim 68878a1675 Replace isEqualTo(null) with isNull() 2018-08-09 18:04:48 -06:00
Rob Winch d595098823 Rename @TransientAuthentication to @Transient
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
2018-07-16 11:31:10 -05:00
Rob Winch ed3ed5e64c Rename @TransientAuthentication to @Transient
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
2018-07-16 11:17:08 -05:00
Josh Cummings 3c46727be1 Transient Authentication Tokens
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
2018-07-16 10:40:45 -05:00
Rob Winch a66b945ab7 Configuration for ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:08:06 -05:00
Rob Winch 72a267a311 UserDetailsRepositoryReactiveAuthenticationManager uses ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:08:01 -05:00
Rob Winch ed8218a2b0 ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:07:53 -05:00
Rob Winch 7aaf70d582 DaoAuthenticationProvider supports password upgrades
Issue: gh-2778
2018-07-15 14:56:45 -05:00
Rob Winch cabd0a5579 UserDetailsPasswordService
Issue: gh-2778
2018-07-15 14:54:20 -05:00
Rob Winch 86b5150d88 Spring Version null for NullPointerException 2018-07-14 22:21:10 -05:00
Rob Winch d9d9879909 Add JdbcUserDetailsManager(DataSource) constructor
Fixes: gh-5512
2018-07-13 15:59:13 -05:00
Rob Winch 4d1c8f26c5 Add DelegatingReactiveAuthenticationManager
Fixes: gh-5448
2018-06-18 16:03:41 -05:00
Rob Winch bb11a81857 Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler
Fixes: gh-5417
2018-06-11 14:30:29 -05:00
Rob Winch 8fa6dd0f5b Revert "Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677"
This reverts commit d4e459874a.
2018-05-11 04:19:50 -05:00
이경욱 26bc6be850 Support whitespace characters using RoleHierarchyImpl 2018-05-07 16:51:41 -05:00
이경욱 6adbe8dae0 Support whitespace characters using RoleHierarchyImpl 2018-05-07 16:51:41 -05:00
Kazuki Shimizu 8d716f75a4 Fix incorrect explanation for customizing query on JdbcDaoImpl 2018-05-04 10:49:25 -05:00
Rob Winch 0a5da93640 Improve PasswordEncoder deprecated notices
Fixes: gh-5296
2018-05-03 15:13:06 -05:00
Joe Grandja d4e459874a Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677 2018-04-03 11:38:37 -04:00
Rob Winch fb7394c1de Polish Javadoc
Fixes: gh-5186
2018-03-29 15:33:57 -05:00
Christoph Dreis d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch b1d013e8f0 Fix JDK 9
Issue: gh-5160
2018-03-27 09:30:56 -05:00
Alter Ego 0e37c0912e Update User.java
fixed a typo; replaced "User.witUsername("user")" with "User.withUsername("user")"
2018-03-22 08:19:44 -05:00
Rob Winch 67d793ae5f Delay lookup of managedVersions
Fixes: gh-5127
2018-03-16 13:55:17 -05:00
Rob Winch efaf2b080f Make MIN_SPRING_VERSION Dynamic
Fixes: gh-5065
2018-03-16 13:53:40 -05:00
Josh Cummings 776b378a1d Authorities authenticate TestingAuthenticationToken
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5073
2018-03-09 13:21:47 -06:00
ylombardi 1d0e97880d Add the BadCredentialsExceptionMixin to help Jackson serialization of BadCredentialsException 2018-03-08 16:55:57 -06:00
Joe Grandja 5b023d0abc Fix Security version tests -> 5.1 2018-03-02 16:29:22 -05:00
Johnny Lim d316803596 Polish DaoAuthenticationProviderTests 2018-03-02 08:55:37 -06:00
Rob Winch 8d75554b6b Lazily Create Throwables
Fixes: gh-5040
2018-02-26 16:24:40 -06:00
Rob Winch 831399be16 Update to Spring Framework 5.0.4
Fixes: gh-5027
2018-02-19 22:00:33 -06:00
Rob Winch 7063a9e111 Issue: gh-5018 2018-02-16 16:50:14 -06:00
Rob Winch 964a14b224 Document Reactive Method security requires Publisher return types
Fixes: gh-4988
2018-02-07 16:43:18 -06:00
Lóránt Pintér f7beb537f0 Add included build to JAR
Instead of copying classes to the compile output, we now add them directly to the JAR.
This allows JavaCompile to be cached, since there are no overlapping outputs anymore.
2018-02-02 11:50:00 -06:00
Rob Winch 8b7f772761 Update to Jackson 2.9.4
Fixes: gh-4985
2018-02-01 13:45:06 -06:00
Rob Winch 994abb0d00 Document User.withDefaultPasswordEncoder unsafe for production
Fixes: gh-4793
2018-01-31 16:26:26 -06:00
Rob Winch f7e49ace9f Add TestAuthentication 2018-01-26 15:13:09 -06:00
Rob Winch c5e6ee4563 Update Dependencies
Fixes: gh-4973
2018-01-24 13:48:14 -06:00
Rob Winch 6ba225b62d Polish userNotFoundEncodedPassword
Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.

Issue: gh-4915
2018-01-24 11:06:08 -06:00
Phillip Webb fd78d055aa Lazily initialize userNotFoundEncodedPassword
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes gh-4915
2018-01-24 11:06:08 -06:00
Johnny Lim f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Rob Winch 803cdcf01e Test Jackson HashMap in Whitelist
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Chris Burrell cf97e16379 Add HashMap to Jackson whitelist
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Rob Winch b9152701a6 Javadoc Polish 2017-12-21 16:43:11 -06:00
Johnny Lim 921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Rob Winch c856c376df Fix UTF-8 in JdbcDaoImplTests 2017-12-20 15:50:23 -06:00
Joe Grandja e19fdb6cc1 Remove AuthenticatedPrincipal from UserDetails
Issue gh-4877
2017-11-30 10:52:24 -05:00
Joe Grandja 50d1a81458 AbstractAuthenticationToken.getName() uses UserDetails.getUsername()
Fixes gh-4877
2017-11-30 09:17:42 -05:00
Rob Winch ee1745b681 Update to Spring Framework 5.0.2.RELEASE 2017-11-27 11:57:03 -06:00
Rob Winch 691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder
Issue: gh-4873
2017-11-27 11:42:56 -06:00
Johnny Lim 701933c7f7 Fix copyright start years
See gh-4655
See gh-4725
2017-11-17 10:14:32 -06:00
Johnny Lim 5f518d00e5 Apply Checkstyle EmptyStatementCheck module
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
2017-11-16 20:18:21 -06:00
Oleg Zhuravlev 563139c469 Fix keys in messages bundle 2017-11-16 11:28:57 -06:00
Benedikt Ritter fffd781b03 Add localization to error messages from ExceptionTranslationFilter
Fixes gh-4504
2017-11-16 11:25:56 -06:00
Johnny Lim b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim d900f2a623 Remove unused imports
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
Rob Winch 6d4b4bf2c7 Align Dependencies with Spring IO Cairo
Fixes gh-4821
2017-11-14 13:45:24 -06:00
Johnny Lim 99df632f24 Add missing @Override annotations
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
Rob Winch d9abd2e443 User.UserBuilder only encodes once
Fixes gh-4794
2017-11-06 09:47:37 -06:00
Greg Turnquist 881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details
Resolves #4698
2017-10-31 16:34:07 -05:00
Rob Winch e95430fa36 Polish Reactive Method Security reference
Issue gh-4757
2017-10-30 16:27:50 -05:00
Gajendra kumar ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
2017-10-30 01:08:15 -05:00
Frank Pavageau 35706ad60a Deserialize the principal in a neutral way
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau 6fd9ff254b Map values directly from the JSON nodes
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
Antoine 0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine e0aca04a28 Polish AssertJ assertions
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Rob Winch 44320447fe Update to Spring 5.0.1.RELEASE
Issue gh-4739
2017-10-29 14:31:45 -05:00
Rob Winch 747473257f Use ReactorSecurityContextHolder
Issue gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch 9ea4df5b5d ReactiveSecurityContextHolder
Fixes gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch 399da1ecad SecurityContextImpl constructor
Fixes gh-4712
2017-10-26 20:11:42 -05:00
Rob Winch 38a8189a62 DelegatingApplicationListener uses CopyOnWriteArrayList
Fixes gh-4416
2017-10-24 15:35:04 -05:00
Rob Winch 8291f20796 DaoAuthenticationProvider uses DelegatingPasswordEncoder
This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch d19b222b55 UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder
This means passwords will be encoded with BCrypt by default

Issue: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch cdc992b132 Remove SaltSource
Fixes gh-4681
2017-10-24 07:56:28 -05:00
Rob Winch 4529e09339 Remove PasswordEncoder from core
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch 6c69333df6 Remove PasswordEncoderUtils from core
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch 3a4a32e654 Remove LdapShaPasswordEncoder from core
Issue: gh-4674
2017-10-24 07:56:20 -05:00
Rob Winch 6a3e981c80 Remove BaseDigestPasswordEncoder from core
Issue: gh-4674
2017-10-24 07:55:40 -05:00
Rob Winch a8aa65b828 Remove Md4PasswordEncoder from core
Issue: gh-4674
2017-10-24 07:55:32 -05:00
Rob Winch 2dc4e326be Remove MessageDigestPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch 12dbf2e961 Remove PlainTextPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch 40fd8d7aa7 Remove ShaPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch e98fc3556e Remove Md5PasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch 52560b560d PasswordEncodedUser
Fixes gh-4680
2017-10-23 22:27:16 -05:00
Rob Winch 1ea10a1e89 Add User.withDefaultPasswordEncoder()
Fixes gh-4678
2017-10-23 22:27:16 -05:00
Rob Winch a0fb324e1d Add passwordEncoder to UserBuilder
Fixes gh-4677
2017-10-23 22:27:16 -05:00
Rob Winch 7fd1cff3ce Fix PrePostAdviceReactiveMethodInterceptor tangle
Issue: gh-4636
2017-10-16 16:36:43 -05:00
Rob Winch 1dc49276f8 Fix P tangle
Issue: gh-4636
2017-10-16 16:36:15 -05:00
Rob Winch 96f6368214 Update to Spring Framework 5.0.1.BUILD-SNAPSHOT
Fixes gh-4633
2017-10-16 16:30:59 -05:00
Rob Winch 57d26ffa10 Polish 2017-10-11 13:57:59 -05:00
Rob Winch e99e2a9f09 PrePostAdviceMethodInterceptor->PrePostAdviceReactiveMethodInterceptor
Issue gh-4615
2017-10-11 13:57:54 -05:00
Rob Winch 5502856095 UserDetailsRepositoryAuthenticationManager->UserDetailsRepositoryReactiveAuthenticationManager
Issue gh-4615
2017-10-11 13:57:35 -05:00
Rob Winch 4681697581 UserDetailsRepository->ReactiveUserDetailsService
Issue gh-4615
2017-10-11 13:57:30 -05:00
Rob Winch f1bc82dcef AuthenticatedAuthorizationManager->AuthenticatedReactiveAuthorizationManager
Issue gh-4615
2017-10-11 13:57:26 -05:00
Rob Winch 866ce5eaec AuthorityAuthorizationManager->AuthorityReactiveAuthorizationManager
Issue gh-4615
2017-10-11 13:57:08 -05:00
Rob Winch fc84d31010 Fix Javadoc Encoding 2017-10-09 16:48:50 -05:00
Rob Winch 23f56f568c Update MockitJunitRunner import
Issue: gh-4608
2017-10-09 16:13:33 -05:00
Rob Winch 445834784a Update to Mockito 2.10.0
Issue: gh-4608
2017-10-09 16:13:11 -05:00
Rob Winch f3828924ff Fix equals and hashCode alignment
Fixes gh-4588
2017-09-28 17:25:00 -05:00
Rob Winch 1c9b627267 Update to Spring Framework 5.0.0.RELEASE
Fixes gh-4585
2017-09-28 17:24:38 -05:00
Rob Winch b59265c641 Add InMemoryUserDetailsManager(UserDetails... users) 2017-09-22 19:56:32 -05:00
Stephan Schroevers 9e719bc313 Drop the `aopalliance:aopalliance` dependency
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
2017-09-22 11:11:04 -05:00
Rob Winch 8854414101 Polish for Gradle 5.0 2017-09-18 16:53:19 -05:00
Rob Winch 8a66d0c78d Polish PermissionEvaluator Autowired into Web Security
Issue gh-4077
2017-09-18 16:53:19 -05:00
Craig Andrews 3bf6bf10de Configure permissionEvaluator and roleHierarchy by default
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue gh-4077
2017-09-18 16:35:16 -05:00
Rob Winch 1f4082e754 Fix copyright lines 2017-09-18 11:11:25 -05:00
Rob Winch 3ecf3ea034 Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00
Rob Winch ae342dfcce Update to the lastest SNAPSHOTs 2017-09-18 10:17:21 -05:00
Rob Winch 7bb4367cf1 Prepare Versions for Release 2017-09-13 08:24:14 -05:00
Rob Winch 72f139a824 Mono.currentContext()->subscriberContext()
Fixing refactoring by Reactor
2017-09-01 16:14:42 -05:00
ladislav-bozek b3ad174ee2 Small typo in Javadoc 2017-08-30 15:27:53 -05:00
Rob Winch 895f0d108c Run PasswordEncoder on Schedulers.parallel() 2017-08-29 22:26:56 -05:00
Rob Winch a563689e6c Add PasswordEncoder for UserDetailsRepositoryAuthenticationManager 2017-08-29 21:19:42 -05:00
Rob Winch 416ff3c77a Add EnableReactiveMethodSecurity
Issue gh-4496
2017-08-17 16:42:01 -05:00
Rob Winch e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Rob Winch 0f0563cd6f MethodSecurityMetadataSourceAdvisor supports MethodInterceptor
Fixes gh-4480
2017-07-31 16:46:51 -05:00
Joe Grandja a176a8c4ae Update to next development version 2017-07-24 11:54:43 -04:00
Joe Grandja abf34e0e67 Release 5.0.0.M3 2017-07-24 11:12:32 -04:00
Rob Winch 0b481cf4b6 Make UserBuilder.username public
This allows for reusing a UserBuilder to create multiple UserDetails with
similar attributes but different usernames.

Fixes gh-4453
2017-07-12 13:54:52 -05:00
Rob Winch 37011720c9 Update to latest Spring IO Cairo SNAPSHOT
Fixes gh-4407
2017-06-20 16:42:09 -05:00
Rob Winch fb85ad6bd7 Revert "Work Around SPR-15651"
This reverts commit 6c286696b4.
2017-06-15 15:25:36 -05:00
Rob Winch dcef3d6ebb Remove springIoVersion for release preparations 2017-06-15 13:34:51 -05:00
Rob Winch 6c286696b4 Work Around SPR-15651
Issue gh-4386
2017-06-09 22:26:02 -05:00
Rob Winch d09fb5b500 Move UserDetailsRepository to core.userdetails
Fixes gh-4383
2017-06-09 16:07:09 -05:00
Joe Grandja eb6bd9bea9 Update groupId io.projectreactor.addons -> io.projectreactor
Fixes gh-4377
2017-06-08 14:06:51 -04:00
Rob Winch 5dee8534cd Update SecurityJackson2Modules
Fixes gh-4370
2017-06-07 23:05:13 -05:00
Rob Winch a79a81cd24 Simplify webflux samples
Remove the custom user from the hellowebflux and hellowebfluxfn samples.
2017-05-23 15:59:16 -05:00
Rob Winch 07234f6255 Switch back to Spring Framework 5.0.0.BUILD-SNAPSHOT 2017-05-16 15:12:09 -05:00
Rob Winch 22c1685d70 Use AssertionsForClassType 2017-05-15 13:48:12 -05:00
Rob Winch d81b436e5d Remove pom.xml from build
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.

This commit removes the pom.xml files from the build.

Fixes gh-4283
2017-05-11 14:32:36 -05:00
Vedran Pavic e9427e421b Update Spring version 2017-05-10 00:27:36 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Rob Winch b4f2777755 Add WebFlux
Fixes gh-4128
2017-05-10 00:13:02 -05:00
Rob Winch 051e3fb079 Add UserBuilders.withUserDetails 2017-05-10 00:12:12 -05:00
Rob Winch 5c7ff5c24a Update to spring 5.0.0.RC1 2017-05-09 02:35:46 -05:00
Rob Winch e1ef0477fb Build Leverages tests-configuration plugin 2017-05-01 17:10:20 -05:00
Rob Winch d108bf58bf Remove commons-logging
Issue: gh-4308
2017-04-24 19:40:22 -05:00
Rob Winch dd6fc48dd8 Standardize Build
The build now uses spring build conventions to simplify the build

Fixes gh-4284
2017-04-21 10:55:05 -05:00
Joe Grandja 71e491fcf0 Provide abstraction for an Authenticated Principal 2017-04-10 16:18:40 -04:00
Joe Grandja 2ce174dbf0 Update poms to 5.0.0.BUILD-SNAPSHOT 2017-04-07 16:49:50 -04:00
Joe Grandja 2b81983f7c Update to Java 8 compatibility
* Spring IO Athens-BUILD-SNAPSHOT -> Cairo-BUILD-SNAPSHOT
* CGLib 3.1 -> 3.2.5 latest release Issue related to ASM https://github.com/cglib/cglib/issues/20
* AssertJ 2.2.0 -> 3.6.2 latest release
* PowerMock 1.6.2 -> 1.6.5 latest release is 1.6.6 but has regression Issue https://github.com/powermock/powermock/issues/717
* Update maven-compiler-plugin source/target to 1.8
2017-04-07 16:49:38 -04:00
Rob Winch 3ca78df15f Fix Security version Test 2017-03-08 19:12:39 -06:00
Rob Winch d2524eadfc Update poms to new to SNAPSHOT version 2017-03-02 09:20:34 -06:00
Spring Buildmaster 081f0c4d94 Release version 4.2.2.RELEASE 2017-03-02 07:29:42 +00:00
pkovacs f99fe36e02 Refer to SimpleGrantedAuthority instead of GrantedAuthorityImpl
GrantedAuthorityImpl has been replaced a couple of years ago with
SimpleGrantedAuthority and this commit fixes the documentation items
which weren’t updated to reflect this change.

Fixes gh-4163.
2017-03-02 00:09:14 -06:00
stonio 901a4e183a Update SecurityContextHolder.java
Use StringUtils.hasText
2017-03-01 23:54:04 -06:00
Rob Winch b64cdb5765 Fix RoleHiearchyUtilsTests on Windows
Fixes gh-4228
2017-03-01 23:27:11 -06:00
Rob Winch 9c03571bbb Use message in all Assert
This ensures compatibility with Spring 5.

Fixes gh-4193
2017-01-30 19:58:24 -06:00
Spring Buildmaster 7a7ce11ebb Release version 4.2.1.RELEASE 2016-12-21 17:23:28 +00:00
Rob Winch 6bec625e68 Update to Spring 4.3.5.RELEASE
Fixes gh-4167
2016-12-21 09:04:16 -06:00
Spring Buildmaster 24fcb6c45a Release version 4.2.0.RELEASE 2016-11-09 23:42:11 +00:00
Rob Winch a9024de734 Polish Spring Version Update
Fix related tests.

Issue gh-4123
2016-11-09 17:05:25 -06:00
Rob Winch f97f38fd57 jacksonDatavindVersion->jacksonDatabindVersion
Issue gh-4122
2016-11-09 16:46:38 -06:00
Rob Winch f0a9421aa4 SecurityJacksonModules->SecurityJackson2Modules
Fixes gh-4121
2016-11-09 16:42:41 -06:00
Spring Buildmaster 97b4cb0b73 Release version 4.2.0.RC1 2016-10-26 02:49:23 +00:00
Rob Winch e62596f36d Polish PasswordEncoderUtils do not leak length
Fix possible / 0 if expected is empty String.

Issue gh-255
2016-10-24 12:50:46 -05:00
Rob Winch d3685d89c5 Polish PasswordEncoderUtils do not leak length
Issue gh-255
2016-10-24 11:26:43 -05:00
avri-schneider a98389fa98 PasswordEncoderUtils do not leak length
Enforce constant time even when expectedLength != actualLength.

Fixes gh-255
2016-10-24 11:26:34 -05:00
Rob Winch dc9f9b140f Polish PasswordEncoderUtilsTests
* Add more tests
* Smaller tests
* Follow new naming convention
2016-10-24 11:24:24 -05:00
Rob Winch f432c04111 Create UserBuilder
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder

Fixes gh-4095
2016-10-21 16:42:03 -05:00
Rob Winch 08c1f500a7 Version bumps for Spring 5
Issue gh-4080
2016-10-17 17:00:17 -05:00
Jitendra Singh 48ff518a41 Fix Jackson 2.7+
UnmodifiableSetDeserializer added which will ensure
Collection$UnmodifiableSet deserialize properly with jackson-databind 2.7+

Fixes gh-4073
2016-10-13 07:42:07 -05:00
Spring Buildmaster c1b8150439 Release version 4.2.0.M1 2016-09-23 19:39:33 +00:00
Rob Winch b443baef04 Polish GrantedAuthorityDefaults
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
  ApplicationContextAware

Issue gh-3701
2016-09-22 15:13:05 -05:00
Eddú Meléndez eabeaf35d6 Make single definition of `defaultRolePrefix` and `rolePrefix`
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.

Fixes gh-3701
2016-09-21 14:55:41 -05:00
Joe Grandja c75a5b7279 Polish RoleHierarchyUtils and add tests 2016-09-19 14:07:34 -04:00
Thomas Darimont 06c67070a6 Add convenience method for constructing RoleHierarchy from Map.
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.

Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4

Fixes #3990.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-09-19 14:07:34 -04:00
Rob Winch 92a59e0df7 Fix checkstyle
Issue gh-3736
2016-09-02 12:02:39 -05:00
Rob Winch 8ad0003456 Polish Whitespace
Issue gh-3736
2016-09-02 11:37:21 -05:00
Rob Winch 3531cc93c2 JSON tests ObjectMapper Cleanup
* Move to @Setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch bd925313af Improve Readablility of JSON test strings
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch d4c48dd3e1 Remove MockitoJUnitRunner from JSON tests
Previously the JSON tests unnecessarily had MockitoJUnitRunner.

This commit removes MockitoJUnitRunner from the JSON tests.

Issue gh-3736
2016-09-02 11:37:20 -05:00
Rob Winch df613ed4cc JSON UserDetails deserializes null
JSON UserDetails null use to be treated as "".

This changes null to be treated as a null

Issue gh-3736
2016-09-02 11:37:16 -05:00
Rob Winch 3fb77f3b59 Polish SecurityJacksonModules
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
2016-09-02 11:37:13 -05:00
Rob Winch c2d8ea92d0 SimpleGrantedAuthorityMixin role->authority
Issue gh-3736
2016-09-02 11:36:33 -05:00
Rob Winch 6f2b24a62b Polish JSON warnings / javadoc
Issue gh-3736
2016-09-02 11:36:23 -05:00
Rob Winch 6d2003722e Polish JSON class scope
Use package scope when possible

Issue gh-3736
2016-09-02 11:36:06 -05:00
Rob Winch 03d8904a03 Polish constructor assertions
Previously the JSON modules didn't use Spring's Assert.

This commit changes the assertions to use Spring's Assert and does
some minor restructuring.

Issue gh-3736
2016-09-02 11:34:57 -05:00
Jitendra Singh Bisht d77ca17e95 Add JSON Serialization
Fixes gh-3812
2016-09-02 11:29:53 -05:00
Rob Winch 4d02a5c0a0 Update pom.xml dependencies 2016-08-30 11:27:29 -05:00
Rob Winch 53352e336d Polish gh-4048 2016-08-30 09:42:28 -05:00
vitalii-dmytruk 422bc37115 Suppurt custom messages
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.

Issue gh-4048
2016-08-30 09:41:37 -05:00
Rob Winch c266930483 Update Dependency Versions (#4035) (#4036) 2016-08-19 16:10:46 -05:00
Kevin Conaway d2a37cb1d6 Improve field visibility in DefaultMethodSecurityExpressionHandler
Fixes gh-210
2016-07-26 09:56:00 -04:00
Eddú Meléndez 13b0ddb7e6 Fix test assertions 2016-07-07 13:29:00 -05:00
Rob Winch b4ab0483b1 Update version to 4.2.0.BUILD-SNAPSHOT 2016-07-07 12:56:20 -05:00
Spring Buildmaster 919f000c80 Release version 4.1.1.RELEASE 2016-07-07 00:57:35 +00:00
Johnny Lim 310bb39a0d Fix typo 2016-07-06 16:22:33 -05:00
Rob Winch 5f6312c5be Update to Spring 4.3.1
Fixes gh-3963
2016-07-06 15:47:44 -05:00
Rob Winch 843ed3e437 Update to Spring 4.3.1.BUILD-SNAPSHOT 2016-07-01 22:04:55 -05:00
Eddú Meléndez a2ead4cf7a Polish
Fixes gh-3892
2016-06-20 12:35:43 -05:00
Rob Winch d2b909e7c5 Doc InteractiveAuthenticationEvent doesn't extend AuthentcationEvent
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.

Fixes gh-3857
2016-06-17 17:16:54 -05:00
Rob Winch 2d6051625f Update pom.xml 2016-06-17 14:30:11 -05:00
Spring Buildmaster 001b05569a Release version 4.1.0.RELEASE 2016-05-05 04:25:46 +00:00
Rob Winch 9745de9510 Add @AuthenticationPrincipal expression
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.

Fixes gh-3859
2016-05-03 18:08:52 -04:00
Spring Buildmaster 24d0069668 Release version 4.1.0.RC2 2016-04-21 01:47:25 +00:00
Johnny Lim 933a7e8363 Remove duplicate words
Fixes gh-3826
2016-04-18 23:21:20 -05:00
Joe Grandja 2ef3da1b47 Documents the new @AuthenticationPrincipal in more detail.
Fixes gh-3771
2016-04-13 12:27:23 -04:00
Joe Grandja b90242f2fa Updates all POM versions to 4.1.0 snapshot build.
Fixes gh-3804
2016-04-12 10:35:43 -04:00
Spring Buildmaster 044acf7e27 Release version 4.1.0.RC1 2016-03-23 07:15:15 -07:00
Rob Winch 36c381a06a Update to Java 1.6
Fixes gh-3756
2016-03-15 08:37:00 -05:00
Rob Winch ec4e6c7453 Update pom.xml to 4.1.0.BUILD-SNAPSHOT 2016-03-14 00:51:35 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle
Issue gh-3746
2016-03-14 00:15:12 -05:00
Billy Korando 71d4ce96ad Convert to assertj
Fixes gh-3175
2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration
Issue gh-3175
2016-03-09 14:26:30 -06:00
Karol Lewandowski a1df8e5379 Fix keys in messages bundle
Fixes gh-2971
2016-03-09 10:43:37 -06:00
hmolsen b248eae416 Javadoc on ProviderManager.authenticate clarification
Fixes gh-3722
2016-03-03 15:32:03 -06:00
Rob Winch 65a00751a7 Update to Spring 4.2.5
Fixes gh-3715
2016-02-25 11:35:17 -06:00
petaure cf76e3c65e SEC-3150: Escape ' character in messages_fr.properties
Escape ' character, if not format doesn't work fine.
2015-11-12 15:42:52 -06:00
Rob Winch be303b15d1 SEC-3128: RoleVoter supports null Authentication 2015-10-29 14:03:18 -05:00
Rob Winch bd221739c7 SEC-3109: DelegatingSecurityContextExecutor fails with same Thread
Previously DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable
would not setup the SecurityContext if it was on the same thread as it was created.
This was intended to fix SEC-3031 but simply caused more problems.

This commit changes the strategy to keep track of the previous SecurityContext
and restore it (or clear it out if it was originally empty).
2015-10-26 17:16:54 -05:00
zhanhb 29f2cc0ab1 snasphot -> snapshot 2015-09-25 15:28:39 -05:00
/usr/local/ΕΨΗΕΛΩΝ e6ed4441c4 Update messages_it.properties 2015-09-17 17:31:32 +02:00
David Avenante a9a5377e4a Unused import
An import unsued
2015-09-02 00:21:39 -05:00
David Avenante 5edfeb4091 Unused import
And import is unused
2015-09-02 00:21:39 -05:00
Rob Winch adfeb96e2f Update to Spring 4.2.1 2015-09-01 09:53:26 -05:00
Rob Winch c79bceab03 SEC-2956: Improve AnnotationParameterNameDiscoverer Performance 2015-08-19 16:07:03 -05:00
Rob Winch 55dd247660 SEC-3078: Update Spring 4.2 2015-08-19 16:05:40 -05:00
Rob Winch 26ab012b57 Start 4.1.0 2015-08-18 13:58:01 -05:00
Rob Winch 969f3a7d1b Update pom.xml to latest snapshots 2015-08-03 09:46:01 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors.
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
2015-08-03 08:02:24 -05:00
Rob Winch 117f892c91 SEC-3031: DelegatingSecurityContext(Runnable|Callable) only modify SecurityContext on new Thread
Modifying the SecurityContext on the same Thread can cause issues. For example, with a
RejectedExecutionHandler the SecurityContext may be cleared out on the original Thread.

This change modifies both the DelegatingSecurityContextRunnable and DelegatingSecurityContextCallable to,
by default, only modify the SecurityContext if they are invoked on a new Thread. The behavior can be changed
by setting the property enableOnOrigionalThread to true.
2015-07-22 16:07:21 -05:00
Rob Winch e8c9f75f9c Update pom.xml to latest versions 2015-07-22 12:51:04 -05:00
Rob Winch 821333434d SEC-3013: Add messages_en.properties 2015-07-13 23:18:45 -05:00
Rob Winch 197ddb3cd1 SEC-3029: Fix Compatibility with Spring 4.2.x 2015-07-07 22:46:31 -05:00
Alex Panchenko 0a118336d4 SEC-2955: Convert to "static" for inner classes 2015-04-30 12:54:52 -05:00
Rob Winch b433cdda7e SEC-2930: Update SecurityExpressionOperations javadoc 2015-04-21 09:21:29 -05:00
Rob Winch d5dfeeca49 SEC-2927: Update chat-jc pom so Maven Builds
Previously there were some incorrect dependency versions. This commit fixes
that.

We added dependencyManagement for Spring Framework and corrected
Thymeleaf and embedded redis versions.
2015-04-20 15:53:26 -05:00
Rob Winch 4fdfb8caba SEC-2915: More Tabs -> Spaces 2015-04-17 11:34:34 -05:00