Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,312 Commits 38 Branches 345 Tags
Commit Graph

9312 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
9b07b6a991
Added Sections to What's New 
Closes gh-9596
 2021-04-10 01:03:56 -06:00
Josh Cummings
6f52baba29
Add Saml2LogoutConfigurer 
Closes gh-9497
 2021-04-10 00:25:34 -06:00
Josh Cummings
d19ff12813
Publish CsrfTokenRepository as shared object 
Closes gh-9595
 2021-04-10 00:25:34 -06:00
Josh Cummings
e807fae869
Add Single Logout Support 
Closes gh-8731
 2021-04-10 00:25:34 -06:00
Josh Cummings
2f734a0975
Add RelyingPartyRegistrationResolver 
Closes gh-9486
 2021-04-10 00:12:38 -06:00
Josh Cummings
efe42b93ce
Add Registration to Saml2Authentication 
Closes gh-9487
 2021-04-10 00:12:38 -06:00
Josh Cummings
88c1475a3b
Polish OpenSAML 4 support 
Issue gh-9095
 2021-04-10 00:12:15 -06:00
Josh Cummings
4f7d529c5d
Polish Csrf Tests 
Issue gh-9561
 2021-04-09 22:47:31 -06:00
佚名
87ed527023
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
 2021-04-09 21:43:19 -06:00
Josh Cummings
df8abcfae7
Use Interceptors instead of Advice 
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
 2021-04-09 18:45:31 -06:00
Josh Cummings
122346bd27
Document AuthorizationManager for Method Security 
Issue gh-9289
 2021-04-09 18:45:10 -06:00
Josh Cummings
6bcf479659
Polish Javadoc 
Issue gh-9289
 2021-04-09 18:44:25 -06:00
Josh Cummings
6828987b4b
Add AfterMethodAuthorizationManager 
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
 2021-04-09 18:43:56 -06:00
Josh Cummings
2b494ebc5f
Polish AOP Structure 
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings
62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler 
Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings
68cf74468c
Add check for custom advice 
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings
45376b359b
Adjust Packaging 
Issue gh-9289
 2021-04-09 17:46:32 -06:00
Evgeniy Cheban
20778f727b
Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-04-09 17:46:32 -06:00
Josh Cummings
a8a7ab4ffa
Restore spring-security-web Dependency 
Issue gh-9095
 2021-04-09 12:42:04 -06:00
Josh Cummings
7ded671858
Refactor AuthenticationDetailsSource support 
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
 2021-04-09 12:41:16 -06:00
Eleftheria Stein
21f9876d87 Add WebFlux section to What's New 
Closes gh-9590
 2021-04-09 19:36:43 +02:00
Eleftheria Stein
e03fe7f089 Add coroutine support to pre/post authorize 
Closes gh-8143
 2021-04-09 19:33:06 +02:00
Josh Cummings
3641756692 Add package-list 
Closes gh-9528
 2021-04-09 08:41:59 -06:00
Eleftheria Stein
65b3f6769c Add Kotlin DSL section to What's New 
Closes gh-9589
 2021-04-09 16:36:47 +02:00
Eleftheria Stein
c3739ff799 Add Configuration section to What's New 
Closes gh-9588
 2021-04-09 16:35:41 +02:00
Joe Grandja
b225ab3bbe Add OAuth 2.0 Client section to What's New 
Closes gh-9587
 2021-04-09 10:15:14 -04:00
Joe Grandja
b556655290 Make OAuth2AuthorizationResponseType constructor public 
Closes gh-9584
 2021-04-09 08:01:08 -04:00
Joe Grandja
dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN 
Closes gh-9582
 2021-04-09 07:46:21 -04:00
Joe Grandja
eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi
7694aa27cf Add jwt-bearer authorization grant 
Closes gh-6053
 2021-04-09 06:22:29 -04:00
Rob Winch
1a082357d3 Add sagan(Create|Delete)Release 
Closes gh-9577
 2021-04-08 17:56:21 -05:00
Rob Winch
eb47aa79e2 Groovy Plugin compile buildSrc java files 
This is necessary for java plugins to use the Groovy source code.

Issue gh-9577
 2021-04-08 17:55:50 -05:00
Joe Grandja
9c97970e26 Add Jwt Client Authentication support 
Closes gh-8175
 2021-04-08 15:44:33 -04:00
Rob Winch
224160f1ee Update spring-data-bom to 2020.0.7 
Closes gh-9574
 2021-04-08 12:29:06 -05:00
Rob Winch
57f463dcf0 Update mockito-core to 3.9.0 
Closes gh-9573
 2021-04-08 12:16:31 -05:00
Rob Winch
43f30a37a8 Update hsqldb to 2.6.0 
Closes gh-9572
 2021-04-08 12:16:29 -05:00
Rob Winch
0b2540c8b0 Update blockhound to 1.0.6.RELEASE 
Closes gh-9571
 2021-04-08 12:16:27 -05:00
Rob Winch
1038732ebc Update aspectj-plugin to 5.3.3.3 
Closes gh-9570
 2021-04-08 12:16:24 -05:00
Rob Winch
7c37745a41 Update com.nimbusds to 9.3.1 
Closes gh-9569
 2021-04-08 12:16:22 -05:00
Josh Cummings
6f79921750
Default to OpenSAML 3 
- To make upgrade passive

Issue gh-9095
 2021-04-06 17:11:33 -06:00
Josh Cummings
951202e797
Polish SAML 2.0 Artifacts 
- Produce sources jar
- Produce Javadoc jar

Issue gh-9095
 2021-04-06 17:10:53 -06:00
Rob Winch
ba5de76fb3 Update org.jetbrains.kotlin to 1.4.32 
Closes gh-9555
 2021-04-05 22:23:59 -05:00
Rob Winch
49498b7e7d Update nohttp-checkstyle to 0.0.5.RELEASE 
Closes gh-9554
 2021-04-05 22:23:59 -05:00
Rob Winch
f3f1106624 Update io.spring.javaformat to 0.0.27 
Closes gh-9553
 2021-04-05 22:23:59 -05:00
Rob Winch
7cc8dac37d Update spring-doc-resources to 0.2.5 
Closes gh-9552
 2021-04-05 22:23:59 -05:00
Rob Winch
8323590b6c Update r2dbc-spi-test to 0.8.4.RELEASE 
Closes gh-9551
 2021-04-05 22:23:59 -05:00
Rob Winch
2bad807471 Update aspectj-plugin to 5.3.0 
Closes gh-9550
 2021-04-05 22:23:59 -05:00
Rob Winch
df710e44ea updateDependencies creates issues at spring-projects 
Issue gh-9542
 2021-04-05 22:23:59 -05:00
Rob Winch
38a230e5f3 Reject org.opensaml updates 
There are two versions of org.opensaml that are supported, so we need
to manually update opensaml dependencies.

Issue gh-9542
 2021-04-05 22:23:59 -05:00
Rob Winch
9b94e616c8 updateDepencencies support for nimbus-jose-jwt 
Keep nimbus-jose-jwt aligned with the version in nimbus-oauth2-sdk

Issue gh-9542
 2021-04-05 21:27:40 -05:00