Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 23:10:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,563 Commits 49 Branches 376 Tags
Commit Graph

1312 Commits

Author SHA1 Message Date
Marcus Da Coregio
92c82191c9 Merge branch '5.8.x' into 6.0.x 
Closes gh-13882
 2023-09-29 11:46:00 -03:00
Marcus Da Coregio
64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Josh Cummings
6393702e70
Fix allOf/anyOf Abstain Logic 
Closes gh-13487
 2023-07-11 17:02:07 -06:00
Josh Cummings
c6c091b12e
Merge branch '5.8.x' into 6.0.x 2023-05-11 11:43:37 -06:00
Josh Cummings
05ef215b88 Align Formatting 
Issue gh-13132
 2023-05-11 11:42:51 -06:00
Florian Cramer
9669747245 Ignore synthetic methods when checking for duplicate annotations 
Closes gh-13132
 2023-05-11 11:42:51 -06:00
Josh Cummings
9244989b2e
Fix allOf/anyOf Abstain Logic 
Closes gh-13069
 2023-04-24 15:36:17 -06:00
Josh Cummings
599ed3e96b
Polish Format 
Issue gh-13079
 2023-04-24 12:52:26 -06:00
Josh Cummings
73a543d318
Handle Empty Role 
Closes gh-13079
 2023-04-24 12:49:30 -06:00
Marcus Da Coregio
1a4a2a9055 Merge branch '5.8.x' into 6.0.x 2023-04-14 13:32:10 -03:00
Marcus Da Coregio
54117d7d27 Fix test suffix to align with checkstyle 2023-04-14 13:29:15 -03:00
Petr Svoboda
44c4a4ae86 Add new DaoAuthenticationProvider constructor 
Add a new constructor to the DaoAuthenticationProvider, which allows
providing a custom PasswordEncoder to prevent instantiation of the
default delegating PasswordEncoder in the default constructor.

This provides a way to instantiate the DaoAuthenticationProvider on JDKs
where the default delegating PasswordEncoder cannot be instantiated due
to limited JCE providers for compliance reasons (e.g., FIPS).

Closes gh-12874
 2023-04-04 10:21:22 -03:00
Josh Cummings
acf48721cd
Merge branch '5.8.x' into 6.0.x 2023-03-03 15:02:34 -07:00
Josh Cummings
ebabcaa51a
Merge branch '5.7.x' into 5.8.x 2023-03-03 15:02:07 -07:00
bist
094bf1b527 Validate hasRole Input 
There are no check for role prefix in AuthorizeHttpRequestsConfigurer#XXXrole
methods. This PR adds check for the same. Now the configuration
will fail if role/s start with prefix for hasRole and hasAnyRole methods.

Closes #12581
 2023-03-03 15:00:34 -07:00
Josh Cummings
88e64bac0c Polish Tests 
Issue gh-11992
 2022-11-17 15:09:52 -07:00
Marcus Da Coregio
db7f52db4e Add hints to invoke SecurityContextImpl#getAuthentication 
Closes gh-11987
 2022-10-13 09:06:16 -03:00
Josh Cummings
d3d8f7d60f
Mark Observations with Security Context Events 
Closes gh-11992
 2022-10-12 20:32:23 -06:00
Josh Cummings
8c610684f3
Instrument Authentication and Authorization 
Closes gh-11989
Closes gh-11990
 2022-10-12 20:32:21 -06:00
Josh Cummings
8f10deb602
Merge remote-tracking branch 'origin/5.8.x' 2022-09-30 17:01:22 -06:00
Josh Cummings
f054505d6d
Support Deferred Contexts 
Closes gh-11817
Issue gh-10913
 2022-09-30 16:49:47 -06:00
Emil Sierżęga
fc7f87feac Removed unused test classes SomeDomainObject/Manager 2022-09-30 10:55:36 -05:00
Marcus Da Coregio
ef879aadd6 Add native hint for the users JDBC schema 
Closes gh-11907
 2022-09-29 09:42:37 -03:00
Josh Cummings
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x' 2022-09-20 16:25:45 -06:00
Evgeniy Cheban
c1d27612af Simplify AuthorizationManager composition 
Closes gh-11625
 2022-09-20 16:24:45 -06:00
Josh Cummings
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 14:46:48 -06:00
Josh Cummings
e990174c89
Polish ReactiveMethodSecurity Support 
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
 2022-08-25 14:36:03 -06:00
Josh Cummings
6fd23d2567
Add MockMethodInvocation Constructor 
Issue gh-9401
 2022-08-25 14:36:02 -06:00
Evgeniy Cheban
cbb4f40f0c ReactiveAuthorizationManager + Reactive Method Security 
Closes gh-9401
 2022-08-25 14:35:04 -06:00
Rob Winch
670b71363d Merge branch '5.8.x' 
Closes gh-11749
 2022-08-23 16:03:50 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Marcus Da Coregio
38c05ad31c Add native hints for basic @PostAuthorize usage 
Closes gh-11737
 2022-08-23 15:17:14 -03:00
Evgeniy Cheban
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 13:00:07 -06:00
Evgeniy Cheban
400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 12:48:39 -06:00
Josh Cummings
8d0084842b
Add MethodExpressionAuthorizationManager 
Closes gh-11493
 2022-07-14 09:25:16 -06:00
Josh Cummings
281814a955
Add MethodExpressionAuthorizationManager 
Closes gh-11493
 2022-07-13 17:58:16 -06:00
Marcus Da Coregio
7abea4a964 Add RuntimeHints suffix for RuntimeHintsRegistrar 
Closes gh-11497
 2022-07-13 10:14:43 -03:00
Joe Grandja
177baba8c9 RuntimeHintsPredicates moved to predicate package 2022-07-12 16:00:50 -04:00
Rob Winch
4a5c0ac904 Fix Formatting 
Issue gh-11474
 2022-07-08 12:35:40 -05:00
Marcus Da Coregio
a87f7aa2e1 Polish CoreSecurityHintsTests 
Use ParameterizedTest to simplify repetitive test setup

Issue gh-11431
 2022-07-06 15:21:45 -03:00
Josh Cummings
459003e1b3
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:19:33 -06:00
Josh Cummings
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:18:07 -06:00
Josh Cummings
b316a3217b
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:35:54 -06:00
Josh Cummings
ee66850aed
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings
ec1bfa12f0
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:15:56 -06:00
Josh Cummings
52d8e10ace
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:08:42 -06:00
Josh Cummings
7a9c873d7d
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:17:45 -06:00
Josh Cummings
25c74896d1
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:02:59 -06:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Rob Winch
d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00