9330 Commits

Author SHA1 Message Date
Rob Winch
a325216f19 Add RELEASE.adoc
Closes gh-9627
2021-04-12 21:52:34 -05:00
Rob Winch
82e47e8ae0 Next Development Version 2021-04-12 21:50:56 -05:00
Rob Winch
c562b7d439 Release 5.5.0-RC1 5.5.0-RC1 2021-04-12 21:04:11 -05:00
Josh Cummings
501d5ff497
Removed Method Security AuthorizationManager from What's New
Issue gh-9596
2021-04-12 15:53:44 -06:00
Josh Cummings
163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings
b352c8f1da
Removed SAML SLO from What's New
Issue gh-9596
2021-04-12 14:49:33 -06:00
Josh Cummings
8c92eddbe5
Revert "Add Registration to Saml2Authentication"
This reverts commit efe42b93cec4816743d8e7c976856399ca754e44.
2021-04-12 14:44:36 -06:00
Josh Cummings
55047fd996
Revert "Add RelyingPartyRegistrationResolver"
This reverts commit 2f734a09751eb9468e0c0c45a30e1c543202df02.
2021-04-12 14:44:19 -06:00
Josh Cummings
37b40476e7
Revert "Add Single Logout Support"
This reverts commit e807fae8692cc36c928a40fd6c5fa3ecd0abe932.
2021-04-12 14:44:04 -06:00
Josh Cummings
404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
This reverts commit d19ff12813f0e5086eadc60386fcfdc6a655826b.
2021-04-12 14:43:37 -06:00
Josh Cummings
4e81bbe386
Revert "Add Saml2LogoutConfigurer"
This reverts commit 6f52baba29fa31c79bbe1b058f1cffe44fb5fab1.
2021-04-12 14:43:19 -06:00
Rob Winch
44763345d3 Update htmlunit-driver to 2.49.1
Closes gh-9624
2021-04-12 14:55:59 -05:00
Rob Winch
57d77c0cfb Update htmlunit to 2.49.1
Closes gh-9623
2021-04-12 14:55:57 -05:00
Rob Winch
8a13278c6d Update io.spring.nohttp to 0.0.6.RELEASE
Closes gh-9622
2021-04-12 14:55:54 -05:00
Rob Winch
f30ee19ccc Update io.projectreactor to 2020.0.6
Closes gh-9620
2021-04-12 14:55:50 -05:00
Rob Winch
ac288b8dc9 Update com.nimbusds to 9.3.3
Closes gh-9619
2021-04-12 14:55:48 -05:00
Rob Winch
7c4abdb4db Update jackson-bom to 2.12.3
Closes gh-9616
2021-04-12 14:55:41 -05:00
Josh Cummings
7da6077727
Update to commons-codec:1.15
Closes gh-9575
2021-04-10 10:11:32 -06:00
Josh Cummings
9b07b6a991
Added Sections to What's New
Closes gh-9596
2021-04-10 01:03:56 -06:00
Josh Cummings
6f52baba29
Add Saml2LogoutConfigurer
Closes gh-9497
2021-04-10 00:25:34 -06:00
Josh Cummings
d19ff12813
Publish CsrfTokenRepository as shared object
Closes gh-9595
2021-04-10 00:25:34 -06:00
Josh Cummings
e807fae869
Add Single Logout Support
Closes gh-8731
2021-04-10 00:25:34 -06:00
Josh Cummings
2f734a0975
Add RelyingPartyRegistrationResolver
Closes gh-9486
2021-04-10 00:12:38 -06:00
Josh Cummings
efe42b93ce
Add Registration to Saml2Authentication
Closes gh-9487
2021-04-10 00:12:38 -06:00
Josh Cummings
88c1475a3b
Polish OpenSAML 4 support
Issue gh-9095
2021-04-10 00:12:15 -06:00
Josh Cummings
4f7d529c5d
Polish Csrf Tests
Issue gh-9561
2021-04-09 22:47:31 -06:00
佚名
87ed527023
Add null check in CsrfFilter and CsrfWebFilter
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
2021-04-09 21:43:19 -06:00
Josh Cummings
df8abcfae7
Use Interceptors instead of Advice
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
2021-04-09 18:45:31 -06:00
Josh Cummings
122346bd27
Document AuthorizationManager for Method Security
Issue gh-9289
2021-04-09 18:45:10 -06:00
Josh Cummings
6bcf479659
Polish Javadoc
Issue gh-9289
2021-04-09 18:44:25 -06:00
Josh Cummings
6828987b4b
Add AfterMethodAuthorizationManager
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
2021-04-09 18:43:56 -06:00
Josh Cummings
2b494ebc5f
Polish AOP Structure
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler
Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
68cf74468c
Add check for custom advice
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified

Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
45376b359b
Adjust Packaging
Issue gh-9289
2021-04-09 17:46:32 -06:00
Evgeniy Cheban
20778f727b
Consider AuthorizationManager for Method Security
Closes gh-9289
2021-04-09 17:46:32 -06:00
Josh Cummings
a8a7ab4ffa
Restore spring-security-web Dependency
Issue gh-9095
2021-04-09 12:42:04 -06:00
Josh Cummings
7ded671858
Refactor AuthenticationDetailsSource support
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
2021-04-09 12:41:16 -06:00
Eleftheria Stein
21f9876d87 Add WebFlux section to What's New
Closes gh-9590
2021-04-09 19:36:43 +02:00
Eleftheria Stein
e03fe7f089 Add coroutine support to pre/post authorize
Closes gh-8143
2021-04-09 19:33:06 +02:00
Josh Cummings
3641756692 Add package-list
Closes gh-9528
2021-04-09 08:41:59 -06:00
Eleftheria Stein
65b3f6769c Add Kotlin DSL section to What's New
Closes gh-9589
2021-04-09 16:36:47 +02:00
Eleftheria Stein
c3739ff799 Add Configuration section to What's New
Closes gh-9588
2021-04-09 16:35:41 +02:00
Joe Grandja
b225ab3bbe Add OAuth 2.0 Client section to What's New
Closes gh-9587
2021-04-09 10:15:14 -04:00
Joe Grandja
b556655290 Make OAuth2AuthorizationResponseType constructor public
Closes gh-9584
2021-04-09 08:01:08 -04:00
Joe Grandja
dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN
Closes gh-9582
2021-04-09 07:46:21 -04:00
Joe Grandja
eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi
7694aa27cf Add jwt-bearer authorization grant
Closes gh-6053
2021-04-09 06:22:29 -04:00
Rob Winch
1a082357d3 Add sagan(Create|Delete)Release
Closes gh-9577
2021-04-08 17:56:21 -05:00
Rob Winch
eb47aa79e2 Groovy Plugin compile buildSrc java files
This is necessary for java plugins to use the Groovy source code.

Issue gh-9577
2021-04-08 17:55:50 -05:00