Josh Cummings
8a03d1fcec
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 12:20:48 -06:00
Evgeniy Cheban
495028eb85
Some Security Expressions cause NPE when used within Query annotation
...
Added trustResolver, roleHierarchy, permissionEvaluator, defaultRolePrefix
fields to SecurityEvaluationContextExtension along with setter methods to override defaults.
Closes gh-11196
2022-05-26 14:35:40 -05:00
Juny Tse
16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:43:50 -06:00
Josh Cummings
53e509f0c6
Remove duplicate check
...
Closes gh-11192
2022-05-23 16:00:15 -06:00
Josh Cummings
b51c71c3b3
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 13:56:28 -06:00
Josh Cummings
5adb6e25a3
Correctly encode query parameters
...
Issue gh-11235
2022-05-20 17:46:40 -06:00
Evgeniy Cheban
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
Rob Winch
7d97839235
StrictHttpFirewall allows CJKV characters
...
Closes gh-11264
2022-05-18 09:53:29 -05:00
Ulrich Grave
9b874bcde2
Add relyingPartyRegistrationId to AbstractSaml2AuthenticationRequest
...
Closes gh-11195
2022-05-17 16:21:54 -06:00
Rob Winch
538252cf07
AntRegexRequestMatcher Optimization
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
Rob Winch
04ca7ef91b
Extract rejectNonPrintableAsciiCharactersInFieldName
...
Closes gh-11234
2022-05-16 10:22:30 -05:00
Josh Cummings
ffaf5b4e61
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 13:53:38 -06:00
Evgeniy Cheban
07b0be3f42
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 13:52:49 -06:00
Evgeniy Cheban
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
Marcus Da Coregio
032fdcefdf
Point to samples branch 5.8.x
...
Closes gh-11203
2022-05-12 11:16:23 -03:00
Marcus Da Coregio
b544159226
Use properties in the checkSamples job
...
Issue gh-10344
2022-05-11 16:12:36 -03:00
Marcus Da Coregio
723648af00
Add initScripts and projectProperties to IncludeCheckRemotePlugin
...
Issue gh-10344
2022-05-11 16:12:36 -03:00
Evgeniy Cheban
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
Marcus Da Coregio
18c220c870
Update copyright headers
...
Issue gh-10956
2022-05-06 14:26:29 -03:00
Marcus Da Coregio
18345feeed
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:26:29 -03:00
Marcus Da Coregio
ce86f4e4b5
Polish ServerWebExchangeDelegatingServerHttpHeadersWriter
...
Issue gh-11073
2022-05-06 09:51:28 -03:00
David Herberth
57cededd49
Add DelegatingServerHttpHeadersWriter
...
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.
Closes gh-11073
2022-05-06 09:51:28 -03:00
Josh Cummings
13795cdec1
Polish Relay State Resolver
...
Issue gh-11065
2022-05-05 17:28:30 -06:00
sebastiano
4dfc349914
Allow custom relay state
...
Closes gh-11065
2022-05-05 17:26:39 -06:00
Rob Winch
768267c131
Fix WebSessionReactiveSecurityRepository Supports Cache
...
Fix the checkstyle for this feature
Closes gh-8422
2022-05-03 21:09:41 -05:00
Rob Winch
dbe7e37f2b
WebSessionReactiveSecurityRepository Supports Cache
2022-05-03 16:40:51 -05:00
Rob Winch
6420cf28a9
Multiple <authentication-manager> Do Not Duplicate Alias
...
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.
This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.
Closes gh-8767
2022-05-03 14:52:22 -05:00
Evgeniy Cheban
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
Ulrich Grave
3cbb60750d
Add Jackson Support for Saml2AuthenticationException
...
Closes gh-11169
2022-05-02 17:41:52 -05:00
Josh Cummings
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
Eleftheria Stein
5ac5edc2e6
Detect UserDetailsService bean in X509 configuration
...
Closes gh-11174
2022-04-28 14:47:18 +02:00
Eleftheria Stein
d40c15e09e
Update remember me Javadocs
...
Describe the new behaviour for retrieving the UserDetailsService
Issue gh-11170
2022-04-28 14:13:52 +02:00
Marcus Da Coregio
e94adedb94
Add shouldFilterAllDispatcherTypes to Kotlin DSL
...
Closes gh-11153
2022-04-28 08:19:20 -03:00
Eleftheria Stein
8e34cedcfe
Detect UserDetailsService bean in remember me
...
Closes gh-11170
2022-04-28 12:43:13 +02:00
nor-ek
a3e7e54b70
Security Context Dsl
...
Closes gh-11039
2022-04-26 17:34:44 +02:00
Marcus Da Coregio
23594b3d01
Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Issue gh-10908
2022-04-25 09:42:00 -03:00
Marcus Da Coregio
97acbcc2d0
Exclude duplicate issues from changelog
...
Closes gh-11154
2022-04-20 09:02:55 -03:00
Rob Winch
6c8f64d2bd
Next Development Version
2022-04-18 14:55:35 -05:00
Rob Winch
e80b3cc5a2
Release 5.7.0-RC1
2022-04-18 14:50:15 -05:00
Rob Winch
8a54cea6f0
Revert to aspectj-plugin-6.4.1
...
There appears to be an issue with publication of aspectj plugin, so
this commit reverts to a previous working version.
See https://github.com/freefair/gradle-plugins/issues/511
2022-04-18 14:03:14 -05:00
Rob Winch
2b858f9371
Use gradlePluginPortal()
2022-04-18 14:02:21 -05:00
Rob Winch
f52bf98350
Update org.springframework to 5.3.19
...
Closes gh-11152
2022-04-18 13:38:21 -05:00
Rob Winch
e223d23e84
Update org.jetbrains.kotlinx to 1.6.1
...
Closes gh-11151
2022-04-18 13:38:19 -05:00
Rob Winch
6e5b2f23a9
Update org.jetbrains.kotlin to 1.6.20
...
Closes gh-11150
2022-04-18 13:38:17 -05:00
Rob Winch
0803a9e09d
Update hibernate-entitymanager to 5.6.8.Final
...
Closes gh-11149
2022-04-18 13:38:14 -05:00
Rob Winch
359137dfae
Update org.eclipse.jetty to 9.4.46.v20220331
...
Closes gh-11148
2022-04-18 13:38:12 -05:00
Rob Winch
a62bdd15b4
Update org.aspectj to 1.9.9.1
...
Closes gh-11147
2022-04-18 13:38:10 -05:00
Rob Winch
694ceb3fb1
Update io.rsocket to 1.1.2
...
Closes gh-11146
2022-04-18 13:38:08 -05:00
Rob Winch
0989652a33
Update io.projectreactor to 2020.0.18
...
Closes gh-11144
2022-04-18 13:38:03 -05:00
Rob Winch
70aa33b914
Update aspectj-plugin to 6.4.2
...
Closes gh-11143
2022-04-18 13:38:01 -05:00