89f8310d6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:00:47 -05:00
ba50c50b4b
Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11509
2022-08-16 15:14:08 -06:00
5b64526ba9
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-15 17:07:02 -05:00
002a770f13
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:12 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
c2d79fcbd6
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:34:31 -06:00
aa225943d2
Polish Tests
...
Issue gh-11657
2022-08-03 17:34:26 -06:00
07ea139ebf
Polish HttpSecurity
2022-07-29 17:42:39 -05:00
67544f36f9
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:39 -05:00
05725af4d8
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:39 -05:00
e5ae35ab71
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:39:33 -03:00
5dff157755
Polish HttpSecurity Formatting
...
Issue gh-11360
2022-07-14 12:50:40 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
624fdfa731
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
d3b8bacc3c
Polish InterceptMethodsBeanDefinitionDecorator
2022-07-13 11:38:50 -05:00
7560a32460
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-11 16:39:41 -06:00
c9a3d21b9b
Add Configuration Test
...
Issue gh-11327
2022-07-07 14:46:37 -06:00
d27d431bbc
Add AuthorizationFilter to filter chain validator
...
Closes gh-11327
2022-07-07 13:52:36 -06:00
cdafa4ee21
Clarify variable names
...
Issue gh-11327
2022-07-07 13:38:42 -06:00
0c48b6bc7f
Use relative schema location for tests
...
Issue gh-11328
Issue gh-11353
Issue gh-11365
2022-07-07 13:03:20 -05:00
74a007dc91
Support AuthorizationManager for intercept-methods Element
...
Closes gh-11328
2022-07-06 12:54:05 -06:00
03a5c3b08a
Use SecurityContextHolderStrategy for Concurrency Filter
...
Issue gh-11060
Issue gh-11061
2022-06-28 15:32:05 -06:00
e8723f1f43
Pick up SecurityContextHolderStrategy for WebClient integration
...
Issue gh-11061
2022-06-28 14:58:53 -06:00
27de315e5e
Use SecurityContextHolderStrategy for Async Requests
...
Issue gh-11060
Issue gh-11061
2022-06-28 14:46:52 -06:00
98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
...
Issue gh-11060
Issue gh-11061
2022-06-28 12:04:37 -06:00
b3be35da31
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-28 12:04:37 -06:00
4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me
...
Issue gh-11060
Isuse gh-11061
2022-06-28 11:08:57 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging
...
Issue gh-11061
2022-06-27 15:55:28 -06:00
9292a13146
Add SecurityContextHolderStrategy Java Configuration for Messaging
...
Issue gh-11061
2022-06-27 15:55:28 -06:00
652c35db2f
Add SecurityContextHolderStrategy XML Configuration for OAuth2
...
Issue gh-11061
2022-06-27 13:05:13 -06:00
1d22316574
Add SecurityContextHolderStrategy Java Configuration for OAuth2
...
Issue gh-11061
2022-06-27 13:05:13 -06:00
6c16ac101a
Add SecurityContextHolderStrategy XML Configuration for Saml2
...
Issue gh-11061
2022-06-27 13:05:12 -06:00
97253c9293
Add SecurityContextHolderStrategy Java Configuration for Saml2
...
Issue gh-11061
2022-06-27 13:05:11 -06:00
9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:05:07 -06:00
da57bac061
Add SecurityContextHolderStrategy Java Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:03:11 -06:00
fa0086d3b0
Polish SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:01:22 -06:00
8d681b3b80
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:00:20 -06:00
2a70707c35
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:28:10 -06:00
2c09a300b6
Add SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:28:10 -06:00
79c2b8709b
Allow form login when single OAuth2 Provider is configured
...
Closes gh-6802
2022-06-15 14:05:55 -05:00
3ca4b06612
Support multiple SingleLogoutService bindings.
...
Closes gh-11286
2022-06-09 12:56:16 -06:00
4d65d96b8a
Fix saml2Tests always running after a single test
...
This commit makes the check task depend on the saml2Tests task.
The test task was also configured to run after saml2Tests, to make sure that the
compileTestJava runs after the compileSaml2TestJava
Issue gh-10816
2022-06-03 11:22:46 -03:00
3dd54bcda7
Run SAML 2.0 tests in an exclusive task
...
Issue gh-10816
2022-06-02 19:24:42 +02:00
23903b5f18
Use Reflection to instantiate OpenSAML4 classes
...
Because the OpenSAML4 classes are compiled using Java 11, we have to rely on reflection to instante those classes since the config module should be compatible with Java 8
Issue gh-10816
2022-06-02 19:24:42 +02:00
ccb1f68bfe
Fix member variable using Java 9+ feature
...
This causes compile errors when trying to build using JDK 8
Issue gh-10695
2022-06-02 19:24:42 +02:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
38d481eba6
Make Internal Class Package-Private
...
Issue gh-11305
2022-05-31 16:04:26 -06:00
d994ddc9b8
Polish InterceptUrlConfigTests
...
Issue gh-11305
2022-05-31 16:04:02 -06:00
Rob Winch
Evgeniy Cheban
Igor Bolic
Josh Cummings
Steve Riesenberg
Marcus Da Coregio
Jared Rufer