Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,271 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2761 Commits

Author SHA1 Message Date
Evgeniy Cheban 400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
 2022-07-14 12:48:39 -06:00
Josh Cummings db25a37320
Consolidate ExpressionAuthorizationDecision 
Issue gh-11493
 2022-07-13 17:58:16 -06:00
Josh Cummings 281814a955
Add MethodExpressionAuthorizationManager 
Closes gh-11493
 2022-07-13 17:58:16 -06:00
Josh Cummings 51475e2583
Polish InterceptMethodsBeanDefinitionDecorator 
Issue gh-11328
 2022-07-13 17:57:38 -06:00
Josh Cummings 38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation 
Issue gh-11060
 2022-06-30 11:18:07 -06:00
Josh Cummings ee66850aed
Add SecurityContextHolderStrategy for Jaas 
Issue gh-11060
Issue gh-11061
 2022-06-28 09:26:05 -06:00
Josh Cummings 52d8e10ace
Use SecurityContextHolderStrategy for Database Support 
Issue gh-11060
 2022-06-28 09:08:42 -06:00
Josh Cummings 25c74896d1
Add SecurityContextHolderStrategy to Method Security 
Issue gh-11060
 2022-06-27 13:02:59 -06:00
Rob Winch d32f74d19d SecurityContextHolder Deferred SecurityContext 
Closes gh-10913
 2022-06-17 17:03:19 -05:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
Marcus Da Coregio 4c2401a576 Revert "Make source code compatible with JDK 8" 
This reverts commit 60ed3602f6.
 2022-06-02 19:24:42 +02:00
Evgeniy Cheban d557d2d0eb Add RoleHierarchy to AuthorityAuthorizationManager 
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.

Closes gh-11304
 2022-06-01 08:28:16 -06:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Evgeniy Cheban 3f861f7f20
Polish gh-11188 2022-05-12 16:20:43 -05:00
Evgeniy Cheban 9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager 
Closes gh-11188
 2022-05-09 16:05:04 -06:00
Evgeniy Cheban 66bbfc7a50 @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy 
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
 2022-05-03 13:17:23 -05:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Josh Cummings 057f4a86d5
Add default strategy constructor 
Closes gh-11059
 2022-04-05 17:29:47 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support 
Issue gh-10905
 2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module 
Closes gh-10905
 2022-03-01 12:07:55 -07:00
Eleftheria Stein c6b185465d Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant 
Closes gh-10837
 2022-02-15 11:24:23 +01:00
Rob Winch 70fa8b1fdb Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-03 09:45:51 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api 
Issue gh-10501
 2022-01-19 14:34:32 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:33:46 -06:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8 
Closes gh-10695
 2022-01-11 09:19:41 -03:00
Guirong Hu 22379e79e7 Fix the bug that the custom GrantedAuthority comparison fails 
Closes gh-10566
 2021-12-08 08:50:36 -03:00
Josh Cummings a68411566e Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 15:33:39 -07:00
Eleftheria Stein bbeca7cd65 Polish LDAP serialization 
Closes gh-9263
 2021-11-29 18:03:15 +01:00
Markus Heiden 3c18278123 Start with LDAP Jackson2 mixins 
Issue gh-9263
 2021-11-29 18:03:03 +01:00
Josh Cummings 7b15098570 Update Spring Security to 5.7 
Closes gh-10509
 2021-11-15 17:10:00 -07:00
Emil Sierżęga e0821f2a99 DaoAuthenticationProviderTests#avg returns fraction 2021-10-28 09:35:52 -06:00
Steve Riesenberg 5e091b94a9 Deprecate RemoteAuthentication* for 5.6 
Closes gh-10430
 2021-10-21 11:39:11 -05:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Marcus Da Coregio 7fa39c8807 Deprecate EhCache2 support 
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations

Closes gh-10362
 2021-10-14 14:51:27 -03:00
Marcus Da Coregio 86c24da38b Improve Method Security logging 
Closes gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio ef01124eb9 Add reasons to AuthorizationDecisions 
Closes gh-9287
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio 570092c467 Remove trace logs for PrePostAnnotationSecurityMetadataSource 
Those logs were producing too much noise on the console without adding much value.

Issue gh-10247
 2021-10-08 14:22:09 -03:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Alexander Furer 8c74d6cea5 Fix isAssignable order 
Closes gh-10236
 2021-09-30 13:56:37 -06:00
heowc 84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
OllisGit 658aff501c Assert Error-Messages already includes dashes 
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.

I took the output message via copy and paste, but it was still not valid ;-(

Only the output is affected, the checks itself is correct.
 2021-09-27 09:53:55 -03:00
heowc 7b73b94198 Fix typo 2021-09-22 16:29:50 -06:00
Josh Cummings 5da55448f9 Polish SecurityContextChangedEvent 
- Changed methods to getOldContext and getNewContext

Closes gh-10249
 2021-09-13 16:04:36 -06:00
Josh Cummings 3e87ef84ae Replace SecurityContextHolder#addListener 
Closes gh-10226
 2021-09-13 15:57:06 -06:00