Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,842 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2619 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux b92ed92548 Fix checkstyle errors with @Deprecated 2024-08-19 10:55:28 -03:00
Daniel Garnier-Moiroux 79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43 
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 09:11:05 -03:00
baezzys 3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource 
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
 2024-07-29 14:55:55 -03:00
Josh Cummings 3daeeb8789
Merge branch '5.8.x' into 6.2.x 
Closes gh-15439
 2024-07-18 15:50:58 -06:00
Josh Cummings dab48d25b0
Improve Error Message When Registration Missing 
Closes gh-15363
 2024-07-18 15:50:41 -06:00
Josh Cummings 7422a1134a Allow logout+jwt JWT type 
Closes gh-15003
 2024-07-12 10:03:40 -07:00
Josh Cummings f231ea277d
Merge branch '5.8.x' into 6.2.x 
Closes gh-15210
 2024-06-06 13:35:56 -06:00
Josh Cummings 6aabd768a8
Pick MvcRequestMatcher for MockMvc requests 
Closes gh-13849
 2024-06-06 13:17:43 -06:00
Josh Cummings d6228e0882
Merge branch '5.8.x' into 6.2.x 
Closes gh-15196
 2024-06-03 17:42:25 -06:00
Josh Cummings cdd626644e Use Request-Level Servlet Context 
Spring Security cannot use the ServletContext attached
to the ApplicationContext since there may be child
ApplicationContext's with their own ServletContext.

Because of that, it is necessary to always use the
ServletContext attached to the request.

Closes gh-14418
 2024-06-03 17:41:51 -06:00
Josh Cummings 5a798e93f1 Polish MVC Tests 
Issue gh-14418
 2024-06-03 17:41:51 -06:00
Marcus Hert Da Coregio 08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Josh Cummings 29d3b438b9
Merge branch '6.1.x' into 6.2.x 2024-04-26 17:09:17 -06:00
Josh Cummings 1ecb036fba
Merge branch '5.8.x' into 6.1.x 2024-04-26 17:09:05 -06:00
sheheryarumair 0e211382ee Remove useBase64 parameter 2024-04-26 17:05:49 -06:00
Josh Cummings 664dfd9b45
Defer Anonymous Filter Construction 
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.

This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.

Closes gh-14941
 2024-04-25 14:03:10 -06:00
Josh Cummings 2bcbef1695
Add Saml2Logout DSL Support 
Closes gh-14935
 2024-04-22 11:12:45 -06:00
Josh Cummings a4dbf458ab
Add relying-party-registrations#id 
Closes gh-14487
 2024-04-18 12:56:56 -06:00
Marcus Hert Da Coregio 2fbbcc4bd0 Polish Method Authorization Denied Handling 
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method

Issue gh-14601
 2024-04-12 15:55:25 -03:00
Steve Riesenberg fd891d8fe3
Add proxyBeanMethods=false 
Addresses too early creation warning of a configuration imported by
ReactiveOAuth2ClientConfiguration.

Closes gh-14900
 2024-04-12 11:17:41 -05:00
Marcus Hert Da Coregio 61eba00654 Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web 
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.

Issue gh-7395
 2024-04-10 14:58:01 -03:00
Marcus Hert Da Coregio 8d914ef145 Add @AuthorizationDeniedHandler for Method Authorization Denied Handling 
Issue gh-14601
 2024-04-08 14:42:13 -03:00
DingHao 75197ca531 inject PasswordEncoder into DaoAuthenticationProvider constructor 
Closes gh-14691
 2024-04-08 09:39:25 -05:00
Marcus Hert Da Coregio d6ae058ee1 Merge branch '6.2.x' 
Closes gh-14866
 2024-04-08 11:16:30 -03:00
Marcus Hert Da Coregio 697d0c9af4 Merge branch '6.1.x' into 6.2.x 
Closes gh-14865
 2024-04-08 11:16:15 -03:00
Marcus Hert Da Coregio 472c9f8275 Avoid initializing raw bean during runtime in native-images 
Closes gh-14825
 2024-04-08 11:11:23 -03:00
Steve Riesenberg 61e93ee68b
Merge branch '6.2.x' 2024-04-04 14:56:32 -05:00
Steve Riesenberg 16e2bdc9bc
Merge branch '6.1.x' into 6.2.x 2024-04-04 14:55:45 -05:00
Steve Riesenberg c2447ec257
Merge branch '5.8.x' into 6.1.x 2024-04-04 14:55:03 -05:00
Steve Riesenberg 39dbd24dcb
Polish gh-14742 2024-04-04 14:51:19 -05:00
Josh Cummings bb43174752
Fix Bean Name 
Issue gh-14480
 2024-04-04 13:30:30 -06:00
Josh Cummings 3f7355abc6
Synthesize all annotation attributes 
Issue gh-14601
 2024-04-04 13:30:29 -06:00
sheheryarumair 33ebd5405a
Removed dataSource null validation 
Fixed data source validation
 2024-04-04 14:21:18 -05:00
Josh Cummings 6f07d63938
Support SpEL Returning AuthorizationDecision 
Closes gh-14598
 2024-04-04 11:32:00 -06:00
Josh Cummings 0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision" 
This reverts commit 77f2977c55.
 2024-04-04 11:31:45 -06:00
Josh Cummings 77f2977c55 Support SpEL Returning AuthorizationDecision 
Closes gh-14599
 2024-04-04 09:52:15 -07:00
Marcus Hert Da Coregio d85857f905 Add Authorization Denied Handlers for Method Security 
Closes gh-14601
 2024-04-03 09:25:12 -03:00
Max Batischev ff19f04fca Add JwtValidators append to default 
Implemented simplified creation of default OAuth2TokenValidator with additional validators.

Closes gh-14831
 2024-04-02 14:41:35 -07:00
Marcus Hert Da Coregio 7d66525e23 Add Compromised Password Checker 
Closes gh-7395
 2024-04-01 09:48:07 -03:00
Steve Riesenberg abf9dc165a
Merge branch '6.2.x' 2024-03-26 10:55:48 -05:00
Steve Riesenberg 614123e6f9
Update tests that fail on Windows 
Issue gh-14609
 2024-03-26 10:49:47 -05:00
Josh Cummings 44033cd8b9
Make Internal Logout URI Configurable 
Closes gh-14609
 2024-03-22 16:31:44 -06:00
Josh Cummings e18ec48134
Fix Test 
Issue gh-14553
 2024-03-22 16:31:42 -06:00
Josh Cummings 662cfed349
Make Internal Logout URI Configurable 
Closes gh-14609
 2024-03-22 16:28:21 -06:00
Josh Cummings c95f009b23
Fix Test 
Issue gh-14553
 2024-03-22 16:27:16 -06:00
Josh Cummings 9898e0e993 Move AuthorizationAdvisorProxyFactory 
To prevent package tangles

Issue gh-14596
 2024-03-22 11:00:39 -06:00
Josh Cummings 795e44d11f Add Value-Type Ignore Support 
Issue gh-14597
 2024-03-22 11:00:39 -06:00
Josh Cummings ce54a6db18 Add TestAuthentication convenience method 
Issue gh-14597
 2024-03-19 10:27:03 -06:00
Josh Cummings d169d5a835 Add AuthorizeReturnObject 
Closes gh-14597
 2024-03-19 10:27:03 -06:00
Josh Cummings c611b7e33b
Add AuthorizationProxyFactory Reactive Support 
Issue gh-14596
 2024-03-15 11:44:30 -06:00