a325216f19
Add RELEASE.adoc
...
Closes gh-9627
2021-04-12 21:52:34 -05:00
82e47e8ae0
Next Development Version
2021-04-12 21:50:56 -05:00
c562b7d439
Release 5.5.0-RC1
2021-04-12 21:04:11 -05:00
501d5ff497
Removed Method Security AuthorizationManager from What's New
...
Issue gh-9596
2021-04-12 15:53:44 -06:00
163b5943ca
Revert AuthorizationManager Method Security
2021-04-12 15:53:22 -06:00
b352c8f1da
Removed SAML SLO from What's New
...
Issue gh-9596
2021-04-12 14:49:33 -06:00
8c92eddbe5
Revert "Add Registration to Saml2Authentication"
...
This reverts commit efe42b93ce
2021-04-12 14:44:36 -06:00
55047fd996
Revert "Add RelyingPartyRegistrationResolver"
...
This reverts commit 2f734a0975
2021-04-12 14:44:19 -06:00
37b40476e7
Revert "Add Single Logout Support"
...
This reverts commit e807fae869
2021-04-12 14:44:04 -06:00
404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
...
This reverts commit d19ff12813
2021-04-12 14:43:37 -06:00
4e81bbe386
Revert "Add Saml2LogoutConfigurer"
...
This reverts commit 6f52baba29
2021-04-12 14:43:19 -06:00
44763345d3
Update htmlunit-driver to 2.49.1
...
Closes gh-9624
2021-04-12 14:55:59 -05:00
57d77c0cfb
Update htmlunit to 2.49.1
...
Closes gh-9623
2021-04-12 14:55:57 -05:00
8a13278c6d
Update io.spring.nohttp to 0.0.6.RELEASE
...
Closes gh-9622
2021-04-12 14:55:54 -05:00
f30ee19ccc
Update io.projectreactor to 2020.0.6
...
Closes gh-9620
2021-04-12 14:55:50 -05:00
ac288b8dc9
Update com.nimbusds to 9.3.3
...
Closes gh-9619
2021-04-12 14:55:48 -05:00
7c4abdb4db
Update jackson-bom to 2.12.3
...
Closes gh-9616
2021-04-12 14:55:41 -05:00
7da6077727
Update to commons-codec:1.15
...
Closes gh-9575
2021-04-10 10:11:32 -06:00
9b07b6a991
Added Sections to What's New
...
Closes gh-9596
2021-04-10 01:03:56 -06:00
6f52baba29
Add Saml2LogoutConfigurer
...
Closes gh-9497
2021-04-10 00:25:34 -06:00
d19ff12813
Publish CsrfTokenRepository as shared object
...
Closes gh-9595
2021-04-10 00:25:34 -06:00
e807fae869
Add Single Logout Support
...
Closes gh-8731
2021-04-10 00:25:34 -06:00
2f734a0975
Add RelyingPartyRegistrationResolver
...
Closes gh-9486
2021-04-10 00:12:38 -06:00
efe42b93ce
Add Registration to Saml2Authentication
...
Closes gh-9487
2021-04-10 00:12:38 -06:00
88c1475a3b
Polish OpenSAML 4 support
...
Issue gh-9095
2021-04-10 00:12:15 -06:00
4f7d529c5d
Polish Csrf Tests
...
Issue gh-9561
2021-04-09 22:47:31 -06:00
87ed527023
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
2021-04-09 21:43:19 -06:00
df8abcfae7
Use Interceptors instead of Advice
...
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization
Issue gh-9289
2021-04-09 18:45:31 -06:00
122346bd27
Document AuthorizationManager for Method Security
...
Issue gh-9289
2021-04-09 18:45:10 -06:00
6bcf479659
Polish Javadoc
...
Issue gh-9289
2021-04-09 18:44:25 -06:00
6828987b4b
Add AfterMethodAuthorizationManager
...
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability
Closes gh-9591
2021-04-09 18:43:56 -06:00
2b494ebc5f
Polish AOP Structure
...
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes
Issue gh-9289
2021-04-09 17:46:33 -06:00
62d77ec97e
Add GrantedAuthorityDefaults to Expression Handler
...
Issue gh-9289
2021-04-09 17:46:33 -06:00
68cf74468c
Add check for custom advice
...
- Because publishing an advice bean replaces Spring Security
defaults, the code should error if both a custom bean and
either secureEnabled or prePostEnabled are specified
Issue gh-9289
2021-04-09 17:46:33 -06:00
45376b359b
Adjust Packaging
...
Issue gh-9289
2021-04-09 17:46:32 -06:00
20778f727b
Consider AuthorizationManager for Method Security
...
Closes gh-9289
2021-04-09 17:46:32 -06:00
a8a7ab4ffa
Restore spring-security-web Dependency
...
Issue gh-9095
2021-04-09 12:42:04 -06:00
7ded671858
Refactor AuthenticationDetailsSource support
...
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle
Closes gh-9576
2021-04-09 12:41:16 -06:00
21f9876d87
Add WebFlux section to What's New
...
Closes gh-9590
2021-04-09 19:36:43 +02:00
e03fe7f089
Add coroutine support to pre/post authorize
...
Closes gh-8143
2021-04-09 19:33:06 +02:00
3641756692
Add package-list
...
Closes gh-9528
2021-04-09 08:41:59 -06:00
65b3f6769c
Add Kotlin DSL section to What's New
...
Closes gh-9589
2021-04-09 16:36:47 +02:00
c3739ff799
Add Configuration section to What's New
...
Closes gh-9588
2021-04-09 16:35:41 +02:00
b225ab3bbe
Add OAuth 2.0 Client section to What's New
...
Closes gh-9587
2021-04-09 10:15:14 -04:00
b556655290
Make OAuth2AuthorizationResponseType constructor public
...
Closes gh-9584
2021-04-09 08:01:08 -04:00
dca7e03b91
Deprecate OAuth2AuthorizationResponseType.TOKEN
...
Closes gh-9582
2021-04-09 07:46:21 -04:00
eff4cdc924
Polish gh-9505
2021-04-09 06:22:29 -04:00
7694aa27cf
Add jwt-bearer authorization grant
...
Closes gh-6053
2021-04-09 06:22:29 -04:00
1a082357d3
Add sagan(Create|Delete)Release
...
Closes gh-9577
2021-04-08 17:56:21 -05:00
eb47aa79e2
Groovy Plugin compile buildSrc java files
...
This is necessary for java plugins to use the Groovy source code.
Issue gh-9577
2021-04-08 17:55:50 -05:00
Rob Winch
Josh Cummings
佚名
Evgeniy Cheban
Eleftheria Stein
Joe Grandja
Hassene Laaribi