Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-19 04:45:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,351 Commits 33 Branches 337 Tags
Commit Graph

1914 Commits

Author SHA1 Message Date
Josh Cummings
bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Josh Cummings
fa574c8785
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 16:22:42 -06:00
Rob Winch
e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Yuriy Savchenko
ca00b1415b Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 08:26:41 -06:00
Yuriy Savchenko
932ff4f5c4 Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:26:41 -06:00
Steve Riesenberg
8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Rob Winch
972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Rob Winch
f9619cef68 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-12 13:23:47 -06:00
Norbert Nowak
abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Marcus Da Coregio
1762a4ce70 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 10:48:34 -03:00
Marcus Da Coregio
1cbe7a75d3 Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 10:40:26 -03:00
Josh Cummings
5b9a45de01 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:30:21 -07:00
m0k045e
8cc18fa9dc OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager 
Closes gh-10846
 2022-02-28 15:31:22 -07:00
Marcus Da Coregio
eca32b4812 Upgrade to Kotlin 1.6.20-M1 
Closes gh-10687
 2022-02-22 08:51:27 -03:00
Eleftheria Stein
606bd120fb Deprecate WebSecurityConfigurerAdapter 
Closes gh-10822
 2022-02-17 12:25:14 +01:00
Eleftheria Stein
9f9fbb395f Apply configurers from spring.factories to HttpSecurity bean 
Closes gh-10814
 2022-02-09 14:42:04 +01:00
Josh Cummings
84616543a3 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:58:20 -07:00
Manuel Jordan
6ae651bd67 Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:58:20 -07:00
Josh Cummings
5a2556879a Add Saml2AuthenticationRequestResolver 
Closes gh-10355
 2022-01-24 16:18:33 -07:00
Rob Winch
f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Rob Winch
11df19406b Remove javax.inject 
Issue gh-10501
 2022-01-19 14:49:47 -06:00
Rob Winch
44bc953a39 Remove jcl-over-slf4j 
Issue gh-10499
 2022-01-19 14:40:56 -06:00
Rob Winch
95b4a3742b Remove commons-logging 
Closes gh-10499
 2022-01-19 14:40:54 -06:00
Eleftheria Stein
6b56071c08 Add LDAP factory beans 
Issue gh-10138
 2022-01-18 15:21:15 +01:00
Josh Cummings
feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík
27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Marcus Da Coregio
4a976faea3 Fix remaining failing tests 
Issue gh-10702
 2022-01-13 13:53:04 -03:00
Marcus Da Coregio
7fd0530009 Change Kotlin tests that are using mockkObject with a lambda interface implementation 
Closes gh-10702
 2022-01-13 11:38:44 -03:00
Marcus Da Coregio
9cfafdaa43 Upgrade to Kotlin 1.6.10 
Closes gh-10350
 2022-01-13 08:44:57 -03:00
heowc
6c5fd38a3f Fix typo 2022-01-10 16:24:53 +01:00
Marcus Da Coregio
d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Josh Cummings
81a9302045 Polish enableSessionUrlRewriting Clarification 
Closes gh-7644
 2021-12-09 12:16:01 -07:00
James Howe
c1b0e5930a Clarify behaviour of enableSessionUrlRewriting 
See #3087
 2021-12-09 12:16:01 -07:00
Marcus Da Coregio
0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio
263665ad55 Prevent using both authorizeRequests and authorizeHttpRequests 
Closes gh-10573
 2021-12-06 15:54:28 -03:00
Steve Riesenberg
d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi
c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg
be802f57ba Add hasIpAddress to Reactive Kotlin DSL 
Closes gh-10571
 2021-12-02 18:13:01 +01:00
Steve Riesenberg
176f7b2b04 Add missing since 
Issue gh-7765
 2021-12-02 18:13:01 +01:00
Igor Pelesic
72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Josh Cummings
78857c62f4 Polish Memory Leak Mitigation 
Issue gh-9841
 2021-11-30 14:29:18 -07:00
Hiroshi Shirosaki
809ff883b0 Address SecurityContextHolder memory leak 
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
 2021-11-30 14:29:18 -07:00
Guirong Hu
9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Josh Cummings
ba5a68ec63 Polish LdapAuthenticationPopulator Support 
PR gh-9276
 2021-11-19 12:19:43 -07:00
Filip Hanik
ae08608011 LdapAuthoritiesPopulator should be postProcessed 
To enable customizations through withObjectPostProcessor
 2021-11-19 12:03:44 -07:00
Norbert Nowak
4bc55769a3 Import cleanup 
Issue gh-10333
 2021-11-19 11:46:08 -07:00
Norbert Nowak
4f186f2c1f Move Dsl files to annotation Package 
Closes gh-10333
 2021-11-19 11:46:08 -07:00
Marcus Da Coregio
25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
« Christophe
e85958f65c Fix CsrfConfigurer default AccessDeniedHandler consistency 
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.

This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation

Fixes: gh-6511
 2021-11-16 14:25:03 -06:00
Rob Winch
0aa75e04b7 Fix imports for ChannelSecurityConfigurerTests 
gh-7997
 2021-11-16 14:07:53 -06:00