Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,830 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

3017 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux 79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43 
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 09:11:05 -03:00
Marcus Hert Da Coregio 08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Marcus Hert Da Coregio 2fbbcc4bd0 Polish Method Authorization Denied Handling 
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method

Issue gh-14601
 2024-04-12 15:55:25 -03:00
Josh Cummings 933ef67637
Polish AuthorizationDeniedException Handling 
Issue gh-14600
 2024-04-11 14:30:00 -06:00
Josh Cummings 50b85aea0d Handle SpEL AuthorizationDeniedExceptions 
Closes gh-14600
 2024-04-10 15:36:23 -07:00
Marcus Hert Da Coregio 61eba00654 Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web 
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.

Issue gh-7395
 2024-04-10 14:58:01 -03:00
Marcus Hert Da Coregio 8d914ef145 Add @AuthorizationDeniedHandler for Method Authorization Denied Handling 
Issue gh-14601
 2024-04-08 14:42:13 -03:00
Josh Cummings c8e5fbf21b
Fix Package Tangle 
Issue gh-14598
 2024-04-05 16:48:52 -06:00
YunByungil e5f7453690 fix: variable naming convention 
Changed the variable name from MAX_INTITEM_LENGTH to MAX_INT_ITEM_LENGTH to adhere to naming conventions
 2024-04-05 15:05:32 -07:00
Josh Cummings 3f7355abc6
Synthesize all annotation attributes 
Issue gh-14601
 2024-04-04 13:30:29 -06:00
Josh Cummings 6f07d63938
Support SpEL Returning AuthorizationDecision 
Closes gh-14598
 2024-04-04 11:32:00 -06:00
Josh Cummings 0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision" 
This reverts commit 77f2977c55.
 2024-04-04 11:31:45 -06:00
Josh Cummings 77f2977c55 Support SpEL Returning AuthorizationDecision 
Closes gh-14599
 2024-04-04 09:52:15 -07:00
Marcus Hert Da Coregio d85857f905 Add Authorization Denied Handlers for Method Security 
Closes gh-14601
 2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio 19d66c0b8a Introduce AuthorizationResult 2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio 7d66525e23 Add Compromised Password Checker 
Closes gh-7395
 2024-04-01 09:48:07 -03:00
Josh Cummings 148776309f
Merge branch '6.2.x' 2024-03-22 14:33:57 -06:00
Josh Cummings afcce0c277
Merge branch '6.1.x' into 6.2.x 
Closes gh-14795
 2024-03-22 14:33:44 -06:00
Josh Cummings 7162046144
Remove Reference to MethodInvocationResult 
Closes gh-14794
 2024-03-22 14:33:23 -06:00
Ali-Hassan 04799c5aac Update AuthenticationProvider JavaDoc 
Authentication is an interface, not a class. So, it's not correct
to say "instance of the Authentication class".
 2024-03-22 11:27:58 -06:00
Josh Cummings e1c5dc0e66 Polish JavaDoc 
Issue gh-14597
 2024-03-22 11:00:39 -06:00
Josh Cummings 9898e0e993 Move AuthorizationAdvisorProxyFactory 
To prevent package tangles

Issue gh-14596
 2024-03-22 11:00:39 -06:00
Josh Cummings 12ea8a5738 Add Supplier Support 
Issue gh-14597
 2024-03-22 11:00:39 -06:00
Josh Cummings 795e44d11f Add Value-Type Ignore Support 
Issue gh-14597
 2024-03-22 11:00:39 -06:00
Josh Cummings ce54a6db18 Add TestAuthentication convenience method 
Issue gh-14597
 2024-03-19 10:27:03 -06:00
Josh Cummings d169d5a835 Add AuthorizeReturnObject 
Closes gh-14597
 2024-03-19 10:27:03 -06:00
Marcus Hert Da Coregio a8a9341f2e Merge branch '6.2.x' 
Closes gh-14667
 2024-03-18 06:43:37 -03:00
Marcus Hert Da Coregio a972338e1d Merge branch '6.1.x' into 6.2.x 
Closes gh-14666
 2024-03-18 06:43:09 -03:00
Marcus Hert Da Coregio f84c4ea583 Merge branch '5.8.x' into 6.1.x 
Closes gh-14665
 2024-03-18 06:42:43 -03:00
Marcus Hert Da Coregio 2c9dc08e43 Merge branch '5.7.x' into 5.8.x 
Closes gh-14664
 2024-03-18 06:40:34 -03:00
Marcus Hert Da Coregio 5a7f12f1a9 Check for null Authentication 
Closes gh-14715
 2024-03-18 06:39:08 -03:00
Josh Cummings c611b7e33b
Add AuthorizationProxyFactory Reactive Support 
Issue gh-14596
 2024-03-15 11:44:30 -06:00
Josh Cummings f541bce492
Polish AuthorizationAdvisorProxyFactory 
- Ensure Reasonable Defaults
- Simplify Construction

Issue gh-14596
 2024-03-15 11:44:30 -06:00
Josh Cummings 52dfbfb5b3 Add Authorization Proxy Support 
Closes gh-14596
 2024-03-13 14:35:07 -06:00
Marcus Hert Da Coregio d17cbf4342 Merge branch '6.2.x' 
Closes gh-14724
 2024-03-12 10:19:05 -03:00
Marcus Hert Da Coregio 940efe76fc Merge branch '6.1.x' into 6.2.x 
Closes gh-14723
 2024-03-12 10:18:51 -03:00
Marcus Hert Da Coregio 8fe0303bad Merge branch '5.8.x' into 6.1.x 
Closes gh-14722
 2024-03-12 10:18:33 -03:00
Marcus Hert Da Coregio 8f42c86a57 Use AuthorizationInterceptorsOrder for Post Authorize Method Interceptors 
Closes gh-14720
 2024-03-12 10:17:45 -03:00
Josh Cummings c5a4405c54 Polish JavaDoc 
Issue gh-14521
 2024-02-26 10:59:54 -07:00
ruabtmh 09010f3f51 Add ContinueOnError Support For Failed Authentications 
Closes gh-14521
 2024-02-26 10:59:54 -07:00
Josh Cummings 4d383023cb Add meta-annotation parameter support 
Closes gh-14480
 2024-02-26 10:50:35 -07:00
Marcus Hert Da Coregio 21580fd27d Merge branch '6.2.x' 2024-02-16 13:31:20 -03:00
Marcus Hert Da Coregio 15306c1007 Merge branch '6.1.x' into 6.2.x 2024-02-16 13:21:15 -03:00
Rob Winch 750cb30ce4 Add AuthenticationTrustResolver.isAuthenticated 2024-02-16 13:08:29 -03:00
Marcus Hert Da Coregio 915d68e216 Remove includeExpiredSessions parameter 
The reactive implementation of max sessions does not keep track of expired sessions, therefore we do not need such parameter

Issue gh-6192
 2024-02-06 10:43:00 -03:00
DingHao b0da37d4fa Have Method Security Start at Target Class 
Closes gh-13783
 2024-02-01 09:33:25 -07:00
Sam Brannen 2b7d296994 Revise AuthorizationAnnotationUtils 
This commit revises AuthorizationAnnotationUtils as follows.

- Removes code duplication by treating both Class and Method as
  AnnotatedElement.

- Avoids duplicated annotation searches by processing merged
  annotations in a single Stream instead of first using the
  MergedAnnotations API to find possible duplicates and then again
  searching for a single annotation via AnnotationUtils (which
  effectively performs the same search using the MergedAnnotations API
  internally).

- Uses `.distinct()` within the Stream to avoid the need for the
  workaround introduced in gh-13625. Note that the semantics here
  result in duplicate "equivalent" annotations being ignored. In other
  words, if @⁠PreAuthorize("hasRole('someRole')") is present multiple
  times as a meta-annotation, no exception will be thrown and the first
  such annotation found will be used.

- Improves the error message when competing annotations are found by
  including the competing annotations in the error message.

- Updates AuthorizationAnnotationUtilsTests to cover all known,
  supported use cases.

- Configures correct role in @⁠RequireUserRole.

Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.

See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
 2024-01-18 07:42:58 -07:00
Marcus Hert Da Coregio 85177c0178 Merge branch '6.2.x' 
Closes gh-14408
 2024-01-05 14:22:49 -03:00
Steve Riesenberg a32cd66179
Polish gh-14263 2023-12-26 11:56:42 -06:00
Federico Herrera 10e0f98d5e
Add doc and javadoc for CachingUserDetailsService 
Close gh-10914
 2023-12-26 10:57:58 -06:00