4ba8f8bfe0
Update What's New
...
Closes gh-12024
2022-10-13 20:08:31 -06:00
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
...
Closes gh-9429
2022-10-13 20:03:03 -06:00
5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x'
2022-10-13 19:48:05 -06:00
099aaa33ff
Remove Deprecation Markers
...
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
2022-10-13 19:47:22 -06:00
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
...
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
9090f62d9b
Merge branch '5.8.x'
2022-10-13 16:46:53 -05:00
56b9badcfe
AnonymousAuthenticationFilter should cache its Supplier<SecurityContext>
...
Closes gh-11900
2022-10-13 16:44:48 -05:00
d6356415f9
Polish whats-new.adoc
2022-10-13 13:42:04 -05:00
74e0616451
Update What's New for 6.0
2022-10-13 13:42:04 -05:00
46538ff33d
Merge branch '5.8.x'
...
Merged using the ours strategy.
2022-10-13 12:53:22 -05:00
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
45a963a011
Remove CsrfWebFilter.setTokenFromMultipartDataEnabled
...
Closes gh-12019
2022-10-13 11:29:16 -05:00
819529f5ea
Remove CsrfSpec.tokenFromMultipartDataEnabled
...
Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled
Closes gh-12020
2022-10-13 11:29:15 -05:00
db7732dd4a
Merge remote-tracking branch 'origin/5.8.x'
2022-10-13 10:19:54 -06:00
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
753e113a13
RequestMatcherDelegatingAuthorizationManager defaults to deny
...
Closes gh-11958
2022-10-13 11:12:00 -04:00
d0653afec3
Remove Duplicate Property
2022-10-13 09:02:35 -06:00
2407d07890
Default to Xor CSRF tokens in CsrfWebFilter
...
Closes gh-11960
2022-10-13 09:39:57 -05:00
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter
...
Issue gh-11960
2022-10-13 09:39:55 -05:00
60aa799498
Merge branch '5.8.x'
2022-10-13 09:37:58 -03:00
445833295b
Merge branch '5.7.x' into 5.8.x
2022-10-13 09:37:33 -03:00
0c239813e5
Merge branch '5.6.x' into 5.7.x
2022-10-13 09:36:09 -03:00
717320a9ba
Update org.springframework.data to 2021.2.4
...
Closes gh-12018
2022-10-13 09:30:50 -03:00
601fafd3de
Update org.springframework to 5.3.23
...
Closes gh-12017
2022-10-13 09:30:47 -03:00
0f5c23ab17
Update hibernate-entitymanager to 5.6.12.Final
...
Closes gh-12016
2022-10-13 09:30:43 -03:00
a73b8de0f4
Update org.eclipse.jetty to 9.4.49.v20220914
...
Closes gh-12015
2022-10-13 09:30:40 -03:00
2d7813be6e
Update io.rsocket to 1.1.3
...
Closes gh-12014
2022-10-13 09:30:37 -03:00
655a1e345e
Update io.projectreactor to 2020.0.24
...
Closes gh-12012
2022-10-13 09:30:31 -03:00
4fc00b74a9
Update mockk to 1.12.8
...
Closes gh-12011
2022-10-13 09:30:28 -03:00
0521bb1af5
Update jackson-bom to 2.13.4.20221012
...
Closes gh-12008
2022-10-13 09:30:17 -03:00
4992e8ce62
Update org.springframework.data to 2021.1.8
...
Closes gh-12007
2022-10-13 09:24:21 -03:00
c772daab92
Update org.springframework to 5.3.23
...
Closes gh-12006
2022-10-13 09:24:20 -03:00
45a4a89960
Update hibernate-entitymanager to 5.6.12.Final
...
Closes gh-12005
2022-10-13 09:24:20 -03:00
b43c7e927f
Update org.eclipse.jetty to 9.4.49.v20220914
...
Closes gh-12004
2022-10-13 09:24:20 -03:00
50d23622d0
Update io.rsocket to 1.1.3
...
Closes gh-12003
2022-10-13 09:24:20 -03:00
2c2603ba0f
Update io.projectreactor to 2020.0.24
...
Closes gh-12001
2022-10-13 09:24:20 -03:00
f7f53ea2b7
Update jackson-bom to 2.13.4.20221012
...
Closes gh-11997
2022-10-13 09:22:28 -03:00
db7f52db4e
Add hints to invoke SecurityContextImpl#getAuthentication
...
Closes gh-11987
2022-10-13 09:06:16 -03:00
6026f9f70f
Merge branch '5.8.x'
2022-10-13 06:31:37 -04:00
185991a606
Revert "Add default AuthorizationManager"
...
This reverts commit 4ddec07d0e
2022-10-13 06:18:00 -04:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
2713075d08
Mark Observations with Firewall Failures
...
Closes gh-11994
2022-10-12 20:32:24 -06:00
46ab84684b
Mark Observations with CSRF Failures
...
Closes gh-11993
2022-10-12 20:32:23 -06:00
d3d8f7d60f
Mark Observations with Security Context Events
...
Closes gh-11992
2022-10-12 20:32:23 -06:00
99a87179dd
Instrument Filter Chain
...
Closes gh-11911
2022-10-12 20:32:22 -06:00
8c610684f3
Instrument Authentication and Authorization
...
Closes gh-11989
Closes gh-11990
2022-10-12 20:32:21 -06:00
827384e386
Add Micrometer Dependency
2022-10-12 19:26:21 -06:00
7c872cf7fd
Merge branch '5.8.x'
2022-10-12 15:02:40 -05:00
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
9b43950e13
Merge branch '5.8.x'
2022-10-12 13:14:20 -05:00
Josh Cummings
Daniel Garnier-Moiroux
Steve Riesenberg
Evgeniy Cheban
Joe Grandja
Marcus Da Coregio