Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,952 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

9952 Commits

Author SHA1 Message Date
Rob Winch 9b6c7af526 Add CheckAntoraVersionPlugin 2022-01-04 15:33:24 -06:00
Josh Cummings 45b7fed884 Remove SAML 2.0 Logout Default 
Closes gh-10607
 2022-01-03 13:14:12 -07:00
Josh Cummings cb008fa062 Support No SingleLogoutServiceLocation 
Closes gh-10674
 2022-01-03 13:14:06 -07:00
Marcus Da Coregio d79543b2ac Upgrade to AspectJ 1.9.8.RC3 
Issue gh-10349
 2022-01-03 10:10:22 -03:00
Marcus Da Coregio d41ec2bcff Upgrade to Spring Framework 6.0.0-M1 2022-01-03 10:04:08 -03:00
Steve Riesenberg ad907457ee Fix inconsistency in hasProperty check 2021-12-22 10:24:18 -06:00
Steve Riesenberg 80e39e9343 Add GitHubReleasePlugin with createGitHubRelease task 
Closes gh-10456
Closes gh-10457
 2021-12-22 10:24:18 -06:00
Josh Cummings cbf0e1da68 Remove commons-logging from saml2 
Issue gh-10499
 2021-12-16 10:15:58 -07:00
Rob Winch 2471e3296d Fix xsd tests 2021-12-13 17:38:22 -06:00
Rob Winch 2fb056b5c1 Merge Clean up Reference Documentation 
Closes gh-9668
 2021-12-13 16:57:36 -06:00
Marcus Da Coregio d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio 51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Josh Cummings 81a9302045 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:16:01 -07:00
James Howe c1b0e5930a Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:16:01 -07:00
Guirong Hu 3935f4bffe Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:53:00 -03:00
Eleftheria Stein c68a75bcde Correct imports to jakarta 
Issue gh-9385, gh-10118
 2021-12-08 11:43:13 +01:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio 263665ad55 Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:54:28 -03:00
Steve Riesenberg 1896a5e669 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-06 13:05:50 +01:00
Steve Riesenberg aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg be802f57ba Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 18:13:01 +01:00
Steve Riesenberg 176f7b2b04 Add missing since 
Issue gh-7765
 2021-12-02 18:13:01 +01:00
Steve Riesenberg 5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg 41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Arnaud Mergey a17dfb8456 Add SP NameIDFormat Support 
closes gh-9115
 2021-12-01 13:02:20 -07:00
Josh Cummings 7e55c84cfc Add Missing Since 
Issue gh-10482
 2021-11-30 15:15:35 -07:00
Igor Pelesic 72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Josh Cummings 78857c62f4 Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 14:29:18 -07:00
Hiroshi Shirosaki 809ff883b0 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 14:29:18 -07:00
Steve Riesenberg 898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg 9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Jonas Erbe 82426e20e1 Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:02:02 -07:00
Eleftheria Stein 4f8c1b34af Polish LDAP serialization 
Closes gh-9263
 2021-11-29 17:59:24 +01:00
Markus Heiden 7cfd415cb5 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 17:49:57 +01:00
Steve Riesenberg 74e3abc992 Polish gh-10081 2021-11-23 15:52:45 -06:00
Jonas Dittrich 86193b9540 Add ObjectIdentityGenerator customization to JdbcAclService 
Providing the possibility to change, how ObjectIdentitys are created inside the BasicLookupStrategy,JdbcAclService

There was a problem with hard coded object identity creation inside the BasicLookupStrategy and the JdbcAclService. It was overkill to overwrite
these classes only for changing this, so introducing an ObjectIdentityGenerator seems the be the better solution here. At default, the standard
ObjectIdentityRetrievalStrategyImpl is used, but can be customized due to setters.

Closes gh-10079
 2021-11-23 15:52:45 -06:00
Henning Poettker 04161b9288 Fix return type for NoOpPasswordEncoder bean in documentation 2021-11-23 10:38:04 -03:00
Lars Grefer 0541341201 Remove usages of Gradle's jcenter() repository 
Closes gh-10253
 2021-11-22 08:42:40 -03:00
Lars Grefer 5c012dc7eb Fix Gradle Deprecation Warnings 2021-11-22 08:42:40 -03:00
Josh Cummings ba5a68ec63 Polish LdapAuthenticationPopulator Support 
PR gh-9276
 2021-11-19 12:19:43 -07:00
Filip Hanik ae08608011 LdapAuthoritiesPopulator should be postProcessed 
To enable customizations through withObjectPostProcessor
 2021-11-19 12:03:44 -07:00
Josh Cummings 4374905801 Establish new Package Tangle Baseline 
Ran ./gradlew check && ./gradlew s101 -Ps101.label=baseline

Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak 4bc55769a3 Import cleanup 
Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak 4f186f2c1f Move Dsl files to annotation Package 
Closes gh-10333
 2021-11-19 11:46:08 -07:00
Jerome Prinet 0d8450a725 Bump up Gradle enterprise plugin to 3.7.2 2021-11-19 14:05:34 -03:00