3199 Commits

Author SHA1 Message Date
ir73
9a357f8cb6 Moved CachingUserDetailsService to spring-core
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService

Fixes gh-4139
2018-12-11 13:22:08 -06:00
Eric Deandrea
4178c92741 Add Reactive Support for UserDetailsChecker
Integrate UserDetailsChecker into ReactiveAuthenticationManager and
OAuth2 resource server authentication converters.

Fixes gh-6219
2018-12-11 13:07:40 -06:00
Zhanwei Wang
12ab2cca31 Improve error message for Chinese. 2018-12-06 11:57:21 -06:00
Robbie Martinus
090000c3d2 SessionRegistryImpl uses computeIfAbsent
Fixes: gh-5834
2018-12-05 10:26:07 -06:00
dperezcabrera
898d005a53 InMemoryUserDetailsManager.updatePassword case-insenstive
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
2018-11-09 11:39:58 -06:00
Josh Cummings
7d3302f52b
Polish Test Name
So that it adheres to methodNameWhenConditionThenVerification naming
convention.

Issue: gh-3743
2018-10-30 10:20:37 -06:00
Karl Goffin
50d26c9d28
Polish Logging and Tests
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.

Issue: gh-3743
2018-10-30 10:18:16 -06:00
Karl Goffin
92e68a589a
PostFilter Support for Streams
Users can return a Stream from a @PostFilter-annotated method.

Fixes: gh-3743
2018-10-30 10:17:16 -06:00
Joe Grandja
8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder
Fixes gh-6009
2018-10-23 14:08:23 -04:00
Joe Grandja
7a94931514 Polish javadoc 2018-10-23 08:45:06 -04:00
Drummond Dawson
818a3506fe Remove unnecessary concatenation of sql in JdbcUserDetailsManager 2018-10-19 15:30:03 -05:00
Joe Grandja
0b3aa2ce24 Update Security version to 5.2 2018-10-17 14:52:06 -04:00
Johnny Lim
68ffa0fece Add a missing space in Secured.value() signature 2018-10-03 14:47:48 -04:00
John Lin
69b71ee0ed Remove unused variables in ConsensusBased and UnanimousBased 2018-09-21 08:12:40 -05:00
John Lin
f5e2ca1b6e Fix truncated javadoc for Secured
Fixes: gh-5861
2018-09-18 21:34:02 -05:00
Vedran Pavic
cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Johnny Lim
68878a1675 Replace isEqualTo(null) with isNull() 2018-08-09 18:04:48 -06:00
Rob Winch
d595098823 Rename @TransientAuthentication to @Transient
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
2018-07-16 11:31:10 -05:00
Rob Winch
ed3ed5e64c Rename @TransientAuthentication to @Transient
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
2018-07-16 11:17:08 -05:00
Josh Cummings
3c46727be1 Transient Authentication Tokens
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
2018-07-16 10:40:45 -05:00
Rob Winch
a66b945ab7 Configuration for ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:08:06 -05:00
Rob Winch
72a267a311 UserDetailsRepositoryReactiveAuthenticationManager uses ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:08:01 -05:00
Rob Winch
ed8218a2b0 ReactiveUserDetailsPasswordService
Issue: gh-2778
2018-07-15 15:07:53 -05:00
Rob Winch
7aaf70d582 DaoAuthenticationProvider supports password upgrades
Issue: gh-2778
2018-07-15 14:56:45 -05:00
Rob Winch
cabd0a5579 UserDetailsPasswordService
Issue: gh-2778
2018-07-15 14:54:20 -05:00
Rob Winch
86b5150d88 Spring Version null for NullPointerException 2018-07-14 22:21:10 -05:00
Rob Winch
d9d9879909 Add JdbcUserDetailsManager(DataSource) constructor
Fixes: gh-5512
2018-07-13 15:59:13 -05:00
Rob Winch
4d1c8f26c5 Add DelegatingReactiveAuthenticationManager
Fixes: gh-5448
2018-06-18 16:03:41 -05:00
Rob Winch
bb11a81857 Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler
Fixes: gh-5417
2018-06-11 14:30:29 -05:00
Rob Winch
8fa6dd0f5b Revert "Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677"
This reverts commit d4e459874a2d6c58f822dd8d907870954167641e.
2018-05-11 04:19:50 -05:00
이경욱
26bc6be850 Support whitespace characters using RoleHierarchyImpl 2018-05-07 16:51:41 -05:00
이경욱
6adbe8dae0 Support whitespace characters using RoleHierarchyImpl 2018-05-07 16:51:41 -05:00
Kazuki Shimizu
8d716f75a4 Fix incorrect explanation for customizing query on JdbcDaoImpl 2018-05-04 10:49:25 -05:00
Rob Winch
0a5da93640 Improve PasswordEncoder deprecated notices
Fixes: gh-5296
2018-05-03 15:13:06 -05:00
Joe Grandja
d4e459874a Fix SecuredAnnotationSecurityMetadataSourceTests -> Related SPR-16677 2018-04-03 11:38:37 -04:00
Rob Winch
fb7394c1de Polish Javadoc
Fixes: gh-5186
2018-03-29 15:33:57 -05:00
Christoph Dreis
d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch
b1d013e8f0 Fix JDK 9
Issue: gh-5160
2018-03-27 09:30:56 -05:00
Alter Ego
0e37c0912e Update User.java
fixed a typo; replaced "User.witUsername("user")" with "User.withUsername("user")"
2018-03-22 08:19:44 -05:00
Rob Winch
67d793ae5f Delay lookup of managedVersions
Fixes: gh-5127
2018-03-16 13:55:17 -05:00
Rob Winch
efaf2b080f Make MIN_SPRING_VERSION Dynamic
Fixes: gh-5065
2018-03-16 13:53:40 -05:00
Josh Cummings
776b378a1d Authorities authenticate TestingAuthenticationToken
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5073
2018-03-09 13:21:47 -06:00
ylombardi
1d0e97880d Add the BadCredentialsExceptionMixin to help Jackson serialization of BadCredentialsException 2018-03-08 16:55:57 -06:00
Joe Grandja
5b023d0abc Fix Security version tests -> 5.1 2018-03-02 16:29:22 -05:00
Johnny Lim
d316803596 Polish DaoAuthenticationProviderTests 2018-03-02 08:55:37 -06:00
Rob Winch
8d75554b6b Lazily Create Throwables
Fixes: gh-5040
2018-02-26 16:24:40 -06:00
Rob Winch
831399be16 Update to Spring Framework 5.0.4
Fixes: gh-5027
2018-02-19 22:00:33 -06:00
Rob Winch
7063a9e111 Issue: gh-5018 2018-02-16 16:50:14 -06:00
Rob Winch
964a14b224 Document Reactive Method security requires Publisher return types
Fixes: gh-4988
2018-02-07 16:43:18 -06:00
Lóránt Pintér
f7beb537f0 Add included build to JAR
Instead of copying classes to the compile output, we now add them directly to the JAR.
This allows JavaCompile to be cached, since there are no overlapping outputs anymore.
2018-02-02 11:50:00 -06:00