Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,281 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2795 Commits

Author SHA1 Message Date
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support 
Issue gh-10905
 2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module 
Closes gh-10905
 2022-03-01 12:07:55 -07:00
Eleftheria Stein c6b185465d Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant 
Closes gh-10837
 2022-02-15 11:24:23 +01:00
Rob Winch 70fa8b1fdb Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-03 09:45:51 -06:00
Rob Winch 58090c37ea jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch 5902b46e9b Remove jcl-over-slf4j 
Issue gh-10499

# Conflicts:
#	dependencies/spring-security-dependencies.gradle
 2022-01-19 15:32:01 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Marcus Da Coregio e1cb375fbf Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-12 16:39:50 -03:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
Guirong Hu 86ed937a47 Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:51:54 -03:00
Guirong Hu 22379e79e7 Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:50:36 -03:00
Josh Cummings a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Eleftheria Stein bbeca7cd65 Polish LDAP serialization 
Closes gh-9263
 2021-11-29 18:03:15 +01:00
Markus Heiden 3c18278123 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 18:03:03 +01:00
Josh Cummings 7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Emil Sierżęga e0821f2a99 DaoAuthenticationProviderTests#avg returns fraction 2021-10-28 09:35:52 -06:00
Steve Riesenberg 5e091b94a9 Deprecate RemoteAuthentication* for 5.6 
Closes gh-10430
 2021-10-21 11:39:11 -05:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Marcus Da Coregio 7fa39c8807 Deprecate EhCache2 support 
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations

Closes gh-10362
 2021-10-14 14:51:27 -03:00
Marcus Da Coregio 86c24da38b Improve Method Security logging 
Closes gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio ef01124eb9 Add reasons to AuthorizationDecisions 
Closes gh-9287
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio 570092c467 Remove trace logs for PrePostAnnotationSecurityMetadataSource 
Those logs were producing too much noise on the console without adding much value.

Issue gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Alexander Furer 8c74d6cea5 Fix isAssignable order 
Closes gh-10236
 2021-09-30 13:56:37 -06:00
heowc 84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
OllisGit 658aff501c Assert Error-Messages already includes dashes 
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.

I took the output message via copy and paste, but it was still not valid ;-(

Only the output is affected, the checks itself is correct.
 2021-09-27 09:53:55 -03:00
heowc 7b73b94198 Fix typo 2021-09-22 16:29:50 -06:00
Josh Cummings 5da55448f9 Polish SecurityContextChangedEvent 
- Changed methods to getOldContext and getNewContext

Closes gh-10249
 2021-09-13 16:04:36 -06:00
Josh Cummings 3e87ef84ae Replace SecurityContextHolder#addListener 
Closes gh-10226
 2021-09-13 15:57:06 -06:00
Hiroshi Shirosaki 6f3e346b76 Add SecurityContextHolder#addListener 
Closes gh-10032
 2021-08-11 17:12:13 -06:00
Josh Cummings b8d51725c7 Immutable SecurityContext 
Issue gh-10032
 2021-08-11 17:12:13 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Josh Cummings 01af7877ea
Polish RsaKeyConverters 
- Remove potential for returning null
- Remove potential for parsing more than one header

Issue gh-9736
 2021-07-12 14:21:23 -06:00
shazin 5f7d871258 Add X.509 Certificate Support 
Closes gh-9736
 2021-07-12 14:21:08 -06:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Josh Cummings 81ded2a0e5
Polish Assertion 
By using the supplier version of Assert.notNull, the
string concatenation is delayed.

Issue gh-3403
 2021-06-30 10:12:27 -06:00
Marcus Da Coregio 19aa44af41 Improve Error Message for Invalid Properties 
Closes gh-3403
 2021-06-30 10:07:21 -06:00
Ruben Suarez Alvarez 7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
YBCoding 25fa187406 Add insufficient authentication message for French 
Partially fix gh-9315
 2021-06-15 09:08:59 -05:00
pxzxj 20577c39c1 Add insufficient authentication message for Simplified Chinese and Traditional Chinese 
Partially fix gh-9315
 2021-06-14 16:00:29 -05:00
Josh Cummings 7ed38f1a26
Adjust Test Names 
Issue gh-9514
 2021-06-07 14:31:05 -06:00
Josh Cummings e1e31939a3
Add @since 
Issue gh-9514
 2021-06-07 14:26:29 -06:00
Giacomo Baso 80743a267c
Add SecurityContext to delegating TaskScheduler 
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.

- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler

Closes gh-9514
 2021-06-07 13:54:24 -06:00
Josh Cummings 67e5c05a47 Polish AuthorizationManager Method Security 
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
 2021-05-18 17:34:04 -06:00
Evgeniy Cheban 84e2e80915 Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-05-18 17:34:04 -06:00
Rob Winch 1898446f68 core depends on crypto 
Issue gh-9767
 2021-05-18 16:03:38 -05:00
Rob Winch 56b7c662e4 Remove spring-security-crypto from spring-core pom 
Instead of having api extend included configuration, we should use the
*Classpath configurations.

Closes gh-9767
 2021-05-18 15:30:44 -05:00
Josh Cummings d203235567
Update to Spring Security 5.6 
Closes gh-9695
 2021-05-18 10:45:17 -06:00
Rob Winch 304636520d buildSrc to publish 2021-05-17 14:00:56 -05:00
Josh Cummings 17cfc6ade3
Inline ResourceKeyConverterAdapter 
Closes gh-9689
Closes gh-9626
 2021-04-28 09:39:12 -06:00
Eleftheria Stein de0cd11a72 Fix PreAuthorize when returning Kotlin Flow 
Closes gh-9676
 2021-04-28 12:33:18 +02:00
Josh Cummings 163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings df8abcfae7
Use Interceptors instead of Advice 
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
 2021-04-09 18:45:31 -06:00
Josh Cummings 6bcf479659
Polish Javadoc 
Issue gh-9289
 2021-04-09 18:44:25 -06:00
Josh Cummings 6828987b4b
Add AfterMethodAuthorizationManager 
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
 2021-04-09 18:43:56 -06:00
Josh Cummings 2b494ebc5f
Polish AOP Structure 
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
 2021-04-09 17:46:33 -06:00
Josh Cummings 45376b359b
Adjust Packaging 
Issue gh-9289
 2021-04-09 17:46:32 -06:00
Evgeniy Cheban 20778f727b
Consider AuthorizationManager for Method Security 
Closes gh-9289
 2021-04-09 17:46:32 -06:00
Eleftheria Stein e03fe7f089 Add coroutine support to pre/post authorize 
Closes gh-8143
 2021-04-09 19:33:06 +02:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch e4c03e9e5a Update plugins to support api/implementation 
Issue gh-9540
 2021-04-05 10:36:35 -05:00
Craig Andrews 8d82ebaa2f Update ComparableVersion to version from Maven 3.6.3 2021-03-26 11:39:26 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings 65d3b0d71c
Add ResourceKeyConverterAdapter 
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding

Issue gh-9316
 2021-01-15 22:15:56 -07:00
Josh Cummings c066e23a86
Add @since attributes 
Issue gh-8900
 2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager 
Closes gh-8900
 2020-12-16 15:58:36 -07:00
Eleftheria Stein d3ef340b26 Fix typos 2020-12-03 11:05:22 +01:00
Angel Aguilera d7612e346e
Fix typo in Javadoc 2020-11-11 06:48:22 -05:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing 
Closes gh-8951
 2020-11-05 10:57:33 -07:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Josh Cummings ce68431037
Bump Schema, Serialization, and Taglib to 5.5 2020-10-07 17:17:58 -06:00
Malyshau Stanislau 6d14482378 Add try-with-resources to close stream 
Closes gh-9041
 2020-09-29 08:25:45 -06:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ 
Replace manual try/catch/fail blocks with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Eleftheria Stein a5b97bb569 Prevent NullPointerException when session ID changes 
The old session ID may not exist in the session registry if the user is not authenticated.

Closes gh-9011
 2020-09-18 10:51:12 +02:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Josh Cummings fa7baf551d
Restructure Logs 
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
 2020-09-02 07:37:59 -06:00
Rob Winch 4fd67b48e0 Polish core format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 1e840cc854 Move @Mock annotations 
Update a couple of tests to use the more traditional `@Mock` annotation
placement.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 2f8e835b11 Use assertThatObject to save casting 
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 0a3eeb9c80 Remove incorrect AssertJ imports 
Fix a few tests that were accidentally importing incorrect AssertJ
classes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 771ef0dadc Polish spring-security-core main code 
Manually polish `spring-security-core` following the formatting
and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ee661f7b71 Fix whitespace issues in format-off code 
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style 
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible 
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
 2020-08-24 17:33:08 -05:00