Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-17 22:40:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,475 Commits 49 Branches 376 Tags
Commit Graph

940 Commits

Author SHA1 Message Date
Rob Winch
a5069d7e35 Fix Add @Configuration to @Enable*Security Usage 
Issue gh-6613
 2022-08-09 17:00:16 -05:00
Joshua Sattler
040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
Josh Cummings
d27322c9e0
Polish HttpSecurity Formatting 
Issue gh-11360
 2022-07-14 13:00:08 -06:00
Evgeniy Cheban
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 13:00:07 -06:00
Josh Cummings
35fc437559
Add AuthorizationManager for protect-pointcut 
Closes gh-11323
 2022-07-14 09:25:49 -06:00
Marcus Da Coregio
7abea4a964 Add RuntimeHints suffix for RuntimeHintsRegistrar 
Closes gh-11497
 2022-07-13 10:14:43 -03:00
Joe Grandja
177baba8c9 RuntimeHintsPredicates moved to predicate package 2022-07-12 16:00:50 -04:00
Marcus Da Coregio
6455e98745 FilterSecurityInterceptor applies to every request by default 
Closes gh-11466
 2022-07-12 10:53:03 -03:00
Rob Winch
d2d5313bba Fix Formatting 
Issue gh-11327
 2022-07-08 09:21:53 -05:00
Josh Cummings
e8a7b654b4
Add Configuration Test 
Issue gh-11327
 2022-07-07 14:42:07 -06:00
Josh Cummings
01ffc93062
Add AuthorizationFilter to filter chain validator 
Closes gh-11327
 2022-07-07 14:40:53 -06:00
Josh Cummings
ec8c13392c
Clarify variable names 
Issue gh-11327
 2022-07-07 14:26:40 -06:00
Josh Cummings
148c926de0
Support AuthorizationManager for intercept-methods Element 
Closes gh-11328
 2022-07-06 13:01:57 -06:00
Igor Bolic
d96b4a0463 Set the useTrailingSlashMatch to true for tests 
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552.
This causes failures in Spring Security's tests.

Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.

Closes gh-11451
 2022-07-05 11:29:36 -06:00
Josh Cummings
d24a89ad53
Pick up SecurityContextHolderStrategy for WebClient integration 
Issue gh-11061
 2022-06-28 15:07:16 -06:00
Josh Cummings
a218d3e140
Use SecurityContextHolderStrategy for Async Requests 
Issue gh-11060
Issue gh-11061
 2022-06-28 14:56:55 -06:00
Josh Cummings
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios 
Issue gh-11060
Issue gh-11061
 2022-06-28 12:10:07 -06:00
Josh Cummings
944f565c16
Use SecurityContextHolderStrategy for Remember-me 
Issue gh-11060
Isuse gh-11061
 2022-06-28 11:09:38 -06:00
Josh Cummings
bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:24:27 -06:00
Josh Cummings
484f35ca39
Add SecurityContextHolderStrategy Java Configuration for Messaging 
Issue gh-11061
 2022-06-27 16:17:29 -06:00
Josh Cummings
5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:40:55 -06:00
Josh Cummings
74d646f569
Add SecurityContextHolderStrategy Java Configuration for Method Security 
Issue gh-11061
 2022-06-27 13:17:46 -06:00
Josh Cummings
ef29d3944e
Polish SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-27 13:17:44 -06:00
Marcus Da Coregio
a8c30f79e6 Add Core, MVC and MethodSecurity runtime hints 
Closes gh-11431
 2022-06-27 09:25:49 -03:00
Josh Cummings
150b81d008
Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 12:21:10 -06:00
Josh Cummings
ce218c78f9
Add SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:58:38 -06:00
Steve Riesenberg
a061191bd2 Allow form login when single OAuth2 Provider is configured 
Closes gh-6802
 2022-06-15 13:42:06 -05:00
Steve Riesenberg
d18291676f
Update copyright year 
Issue gh-11372
 2022-06-15 13:14:07 -05:00
Steve Riesenberg
c7df39a3e6
Fix tests using root cause for exception messages 
Closes gh-11372
 2022-06-14 17:12:15 -05:00
Houssem BELHADJ AHMED
f4049c18b1 add SAML authentication request support to login configurer 
Closes gh-8873
 2022-06-06 08:05:33 -06:00
Josh Cummings
9683856956
Polish InterceptUrlConfigTests 
Issue gh-11305
 2022-05-31 16:05:17 -06:00
Josh Cummings
2afa9313eb
Use AuthorizationManager in <http> 
Closes gh-11305
 2022-05-31 16:01:41 -06:00
Josh Cummings
f4c0fcb5ef
Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-05-27 13:35:19 -06:00
Juny Tse
f2d6ead398 Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:42:54 -06:00
Josh Cummings
5cbc1a47da
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 15:30:07 -06:00
Josh Cummings
88f9529329
Correctly encode query parameters 
Issue gh-11235
 2022-05-23 15:30:01 -06:00
Josh Cummings
0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Rob Winch
f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio
806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio
dc2bd2b4f8 Update copyright headers 
Issue gh-10956
 2022-05-06 14:33:59 -03:00
Marcus Da Coregio
de9b7b4fb8 Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:33:59 -03:00
Marcus Da Coregio
995b2918bb Remove SAML Deprecations 
Closes gh-11077
 2022-05-06 10:15:42 -03:00
Rob Winch
dec0d97ef0 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:50:56 -05:00
Josh Cummings
4ebd37ae77
Add 5.8 Support 2022-05-03 09:04:34 -06:00
Josh Cummings
397ccbc1c8
Add 5.7 Schema 2022-05-03 09:03:50 -06:00
Eleftheria Stein
736f439bb5 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:48:40 +02:00
Eleftheria Stein
ac06057cf6 Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:44:27 +02:00
Rob Winch
e79b6b3ac8 Default SecurityContextHolderFilter 
Closes gh-11110
 2022-04-15 14:59:38 -05:00
Rob Winch
9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00