Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.
Closes gh-9579
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337
Closes gh-10337
Providing the possibility to change, how ObjectIdentitys are created inside the BasicLookupStrategy,JdbcAclService
There was a problem with hard coded object identity creation inside the BasicLookupStrategy and the JdbcAclService. It was overkill to overwrite
these classes only for changing this, so introducing an ObjectIdentityGenerator seems the be the better solution here. At default, the standard
ObjectIdentityRetrievalStrategyImpl is used, but can be customized due to setters.
Closes gh-10079
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.
This commit always prevents @Transient Authentication from being saved.
Closes gh-9992
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.
This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation
Fixes: gh-6511
Steve Riesenberg
Karl Tinawi
Arnaud Mergey
Josh Cummings
Igor Pelesic
Hiroshi Shirosaki
Guirong Hu
Jonas Erbe
Eleftheria Stein
Markus Heiden
Jonas Dittrich
Henning Poettker
Lars Grefer
Filip Hanik
Norbert Nowak
Jerome Prinet
Marcus Da Coregio
Dávid Kováč
Jeff Maxwell
Khaled Hamlaoui
Rob Winch
« Christophe
Stephane Nicoll
Onur Kagan Ozcan
heowc
Joe Grandja