0aac515737
Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
...
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService
Closes gh-11449
Closes gh-11726
2022-08-19 09:35:41 -03:00
3826fca567
Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
...
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService
Closes gh-11449
Closes gh-11726
2022-08-19 09:33:08 -03:00
888c65a936
Add DeferHttpSession*Tests
...
Closes gh-6125
2022-08-18 17:38:03 -05:00
81d6b6df6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:38:03 -05:00
1de810a565
Add DeferHttpSession*Tests
...
Closes gh-6125
2022-08-18 17:00:47 -05:00
89f8310d6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:00:47 -05:00
63d2f19e2a
Remove default value for access parameter
...
Closes gh-10957
2022-08-18 15:22:08 -03:00
af3d70f130
Remove GlobalMethodSecurityRuntimeHints
...
Closes gh-11714
2022-08-17 08:07:28 -03:00
ba50c50b4b
Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11509
2022-08-16 15:14:08 -06:00
5ecd513a57
Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11509
2022-08-16 15:12:47 -06:00
5cf42b1f2e
Defer CsrfFilter Session Access
...
Closes gh-11456
2022-08-16 13:48:20 -05:00
8ad20b1768
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-16 13:47:31 -05:00
5b64526ba9
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-15 17:07:02 -05:00
faf9fb7337
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:46 -05:00
9f00045638
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:30 -05:00
002a770f13
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:12 -05:00
ce778b0e20
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:25:15 -05:00
425b3501b7
Remove `@Configuration` from `@Enable*` Annotations
...
This removes `@Configuration` from all `@Enable` Annotations and explicitly
adds `@Configuration` to wherever the `@Enable*` Annotations are used.
Closes gh-11653
2022-08-09 17:00:24 -05:00
a5069d7e35
Fix Add @Configuration to @Enable*Security Usage
...
Issue gh-6613
2022-08-09 17:00:16 -05:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
ed58ac7d78
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:49:48 -06:00
9e8a04d414
Polish Tests
...
Issue gh-11657
2022-08-03 17:49:46 -06:00
c2d79fcbd6
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:34:31 -06:00
aa225943d2
Polish Tests
...
Issue gh-11657
2022-08-03 17:34:26 -06:00
f8971742f2
Remove FilterSecurityInterceptor from WebSecurity
...
Closes gh-11325
2022-08-02 15:34:02 -03:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
99f768bab9
Polish HttpSecurity
2022-07-29 17:43:00 -05:00
984355e637
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:43:00 -05:00
09173c95d6
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:43:00 -05:00
07ea139ebf
Polish HttpSecurity
2022-07-29 17:42:39 -05:00
67544f36f9
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:39 -05:00
05725af4d8
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:39 -05:00
15f525c614
Polish HttpSecurity
2022-07-29 17:42:20 -05:00
0c0c75ce22
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:20 -05:00
9861769b02
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:20 -05:00
7f2c797086
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:39:56 -03:00
e5ae35ab71
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:39:33 -03:00
a996dfc55b
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:38:50 -03:00
d66ad22652
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:32:44 -03:00
1f26f8c419
Update spring-data-jpa to 3.0.0-M5
...
Closes gh-11540
2022-07-15 14:37:24 -03:00
0c14a36ad6
Update Kotlin to 1.7.10
...
Closes gh-11374, gh-11534
2022-07-15 14:10:52 -03:00
d27322c9e0
Polish HttpSecurity Formatting
...
Issue gh-11360
2022-07-14 13:00:08 -06:00
c4b0e9bd74
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 13:00:07 -06:00
5dff157755
Polish HttpSecurity Formatting
...
Issue gh-11360
2022-07-14 12:50:40 -06:00
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
42683693c0
Remove deprecated CustomUserTypesOAuth2UserService
...
Closes gh-11511
2022-07-14 14:28:41 -04:00
35fc437559
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
2022-07-14 09:25:49 -06:00
9b43316f4d
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-14 09:25:16 -06:00
a3326fc0ee
Remove deprecated implicit authorization grant type
...
Closes gh-11506
2022-07-14 10:05:15 -04:00
624fdfa731
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
2022-07-13 17:58:16 -06:00
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
d3b8bacc3c
Polish InterceptMethodsBeanDefinitionDecorator
2022-07-13 11:38:50 -05:00
d85abc7bbb
Update javadoc in CommonOAuth2Provider
...
Closes gh-11490
2022-07-13 11:20:04 -04:00
7abea4a964
Add RuntimeHints suffix for RuntimeHintsRegistrar
...
Closes gh-11497
2022-07-13 10:14:43 -03:00
177baba8c9
RuntimeHintsPredicates moved to predicate package
2022-07-12 16:00:50 -04:00
6455e98745
FilterSecurityInterceptor applies to every request by default
...
Closes gh-11466
2022-07-12 10:53:03 -03:00
60652afb32
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-11 16:54:59 -06:00
7560a32460
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-11 16:39:41 -06:00
d2d5313bba
Fix Formatting
...
Issue gh-11327
2022-07-08 09:21:53 -05:00
c9a3d21b9b
Add Configuration Test
...
Issue gh-11327
2022-07-07 14:46:37 -06:00
e8a7b654b4
Add Configuration Test
...
Issue gh-11327
2022-07-07 14:42:07 -06:00
01ffc93062
Add AuthorizationFilter to filter chain validator
...
Closes gh-11327
2022-07-07 14:40:53 -06:00
ec8c13392c
Clarify variable names
...
Issue gh-11327
2022-07-07 14:26:40 -06:00
d27d431bbc
Add AuthorizationFilter to filter chain validator
...
Closes gh-11327
2022-07-07 13:52:36 -06:00
cdafa4ee21
Clarify variable names
...
Issue gh-11327
2022-07-07 13:38:42 -06:00
0c48b6bc7f
Use relative schema location for tests
...
Issue gh-11328
Issue gh-11353
Issue gh-11365
2022-07-07 13:03:20 -05:00
696da87478
Use relative schema location for tests
...
Issue gh-11328
Issue gh-11353
Issue gh-11365
2022-07-07 13:00:04 -05:00
148c926de0
Support AuthorizationManager for intercept-methods Element
...
Closes gh-11328
2022-07-06 13:01:57 -06:00
74a007dc91
Support AuthorizationManager for intercept-methods Element
...
Closes gh-11328
2022-07-06 12:54:05 -06:00
d96b4a0463
Set the useTrailingSlashMatch to true for tests
...
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552 .
This causes failures in Spring Security's tests.
Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.
Closes gh-11451
2022-07-05 11:29:36 -06:00
05b788d1ac
Use SecurityContextHolderStrategy for Concurrency Filter
...
Issue gh-11060
Issue gh-11061
2022-06-28 15:33:05 -06:00
03a5c3b08a
Use SecurityContextHolderStrategy for Concurrency Filter
...
Issue gh-11060
Issue gh-11061
2022-06-28 15:32:05 -06:00
d24a89ad53
Pick up SecurityContextHolderStrategy for WebClient integration
...
Issue gh-11061
2022-06-28 15:07:16 -06:00
e8723f1f43
Pick up SecurityContextHolderStrategy for WebClient integration
...
Issue gh-11061
2022-06-28 14:58:53 -06:00
a218d3e140
Use SecurityContextHolderStrategy for Async Requests
...
Issue gh-11060
Issue gh-11061
2022-06-28 14:56:55 -06:00
27de315e5e
Use SecurityContextHolderStrategy for Async Requests
...
Issue gh-11060
Issue gh-11061
2022-06-28 14:46:52 -06:00
83b3bb3209
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
...
Issue gh-11060
Issue gh-11061
2022-06-28 12:10:07 -06:00
97cb2a7d91
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-28 12:09:56 -06:00
98995f2225
Add SecurityContextHolderStrategy to Pre-authenticated scenarios
...
Issue gh-11060
Issue gh-11061
2022-06-28 12:04:37 -06:00
b3be35da31
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-28 12:04:37 -06:00
944f565c16
Use SecurityContextHolderStrategy for Remember-me
...
Issue gh-11060
Isuse gh-11061
2022-06-28 11:09:38 -06:00
4a2d77d3f2
Use SecurityContextHolderStrategy for Remember-me
...
Issue gh-11060
Isuse gh-11061
2022-06-28 11:08:57 -06:00
b316a3217b
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:35:54 -06:00
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging
...
Issue gh-11061
2022-06-27 16:24:27 -06:00
484f35ca39
Add SecurityContextHolderStrategy Java Configuration for Messaging
...
Issue gh-11061
2022-06-27 16:17:29 -06:00
74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging
...
Issue gh-11061
2022-06-27 15:55:28 -06:00
9292a13146
Add SecurityContextHolderStrategy Java Configuration for Messaging
...
Issue gh-11061
2022-06-27 15:55:28 -06:00
5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:40:55 -06:00
74d646f569
Add SecurityContextHolderStrategy Java Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:17:46 -06:00
ef29d3944e
Polish SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:17:44 -06:00
c29b91cec7
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:17:43 -06:00
652c35db2f
Add SecurityContextHolderStrategy XML Configuration for OAuth2
...
Issue gh-11061
2022-06-27 13:05:13 -06:00
1d22316574
Add SecurityContextHolderStrategy Java Configuration for OAuth2
...
Issue gh-11061
2022-06-27 13:05:13 -06:00
6c16ac101a
Add SecurityContextHolderStrategy XML Configuration for Saml2
...
Issue gh-11061
2022-06-27 13:05:12 -06:00
97253c9293
Add SecurityContextHolderStrategy Java Configuration for Saml2
...
Issue gh-11061
2022-06-27 13:05:11 -06:00
9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:05:07 -06:00
da57bac061
Add SecurityContextHolderStrategy Java Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:03:11 -06:00
fa0086d3b0
Polish SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:01:22 -06:00
8d681b3b80
Polish SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-27 13:00:20 -06:00
a8c30f79e6
Add Core, MVC and MethodSecurity runtime hints
...
Closes gh-11431
2022-06-27 09:25:49 -03:00
150b81d008
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 12:21:10 -06:00
ce218c78f9
Add SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:58:38 -06:00
2a70707c35
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:28:10 -06:00
2c09a300b6
Add SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:28:10 -06:00
79c2b8709b
Allow form login when single OAuth2 Provider is configured
...
Closes gh-6802
2022-06-15 14:05:55 -05:00
a061191bd2
Allow form login when single OAuth2 Provider is configured
...
Closes gh-6802
2022-06-15 13:42:06 -05:00
d18291676f
Update copyright year
...
Issue gh-11372
2022-06-15 13:14:07 -05:00
c7df39a3e6
Fix tests using root cause for exception messages
...
Closes gh-11372
2022-06-14 17:12:15 -05:00
3ca4b06612
Support multiple SingleLogoutService bindings.
...
Closes gh-11286
2022-06-09 12:56:16 -06:00
89989722d0
Support multiple SingleLogoutService bindings.
...
Closes gh-11286
2022-06-09 12:50:33 -06:00
f4049c18b1
add SAML authentication request support to login configurer
...
Closes gh-8873
2022-06-06 08:05:33 -06:00
4d65d96b8a
Fix saml2Tests always running after a single test
...
This commit makes the check task depend on the saml2Tests task.
The test task was also configured to run after saml2Tests, to make sure that the
compileTestJava runs after the compileSaml2TestJava
Issue gh-10816
2022-06-03 11:22:46 -03:00
3dd54bcda7
Run SAML 2.0 tests in an exclusive task
...
Issue gh-10816
2022-06-02 19:24:42 +02:00
23903b5f18
Use Reflection to instantiate OpenSAML4 classes
...
Because the OpenSAML4 classes are compiled using Java 11, we have to rely on reflection to instante those classes since the config module should be compatible with Java 8
Issue gh-10816
2022-06-02 19:24:42 +02:00
ccb1f68bfe
Fix member variable using Java 9+ feature
...
This causes compile errors when trying to build using JDK 8
Issue gh-10695
2022-06-02 19:24:42 +02:00
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
2022-06-02 19:24:42 +02:00
9683856956
Polish InterceptUrlConfigTests
...
Issue gh-11305
2022-05-31 16:05:17 -06:00
38d481eba6
Make Internal Class Package-Private
...
Issue gh-11305
2022-05-31 16:04:26 -06:00
d994ddc9b8
Polish InterceptUrlConfigTests
...
Issue gh-11305
2022-05-31 16:04:02 -06:00
2afa9313eb
Use AuthorizationManager in <http>
...
Closes gh-11305
2022-05-31 16:01:41 -06:00
9dbd1f3e25
Use AuthorizationManager in <http>
...
Closes gh-11305
2022-05-31 15:10:00 -06:00
e125a76687
Fix rnc typo
...
Issue gh-11076
2022-05-27 17:06:02 -06:00
7c0ba58019
Fix rnc typo
...
Issue gh-11076
2022-05-27 16:59:23 -06:00
f4c0fcb5ef
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 13:35:19 -06:00
8a03d1fcec
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 12:20:48 -06:00
649428b49a
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 12:06:27 -06:00
d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 12:02:13 -06:00
16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:43:50 -06:00
f2d6ead398
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:42:54 -06:00
5cbc1a47da
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 15:30:07 -06:00
88f9529329
Correctly encode query parameters
...
Issue gh-11235
2022-05-23 15:30:01 -06:00
b51c71c3b3
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 13:56:28 -06:00
5adb6e25a3
Correctly encode query parameters
...
Issue gh-11235
2022-05-20 17:46:40 -06:00
0814136ee8
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 14:14:42 -06:00
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 14:05:34 -06:00
ffaf5b4e61
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 13:53:38 -06:00
07b0be3f42
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 13:52:49 -06:00
f34ea188e2
RequestRejectedException is 400 by Default
...
Closes gh-7568
2022-05-12 10:32:27 -05:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
dc2bd2b4f8
Update copyright headers
...
Issue gh-10956
2022-05-06 14:33:59 -03:00
de9b7b4fb8
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:33:59 -03:00
18c220c870
Update copyright headers
...
Issue gh-10956
2022-05-06 14:26:29 -03:00
18345feeed
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:26:29 -03:00
e45dcb3ab2
Update copyright headers
...
Issue gh-10956
2022-05-06 14:18:42 -03:00
d3a451fffb
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:18:36 -03:00
d86ed6f523
Update copyright headers
...
Issue gh-10956
2022-05-06 14:14:16 -03:00
1959c25a03
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:11:37 -03:00
995b2918bb
Remove SAML Deprecations
...
Closes gh-11077
2022-05-06 10:15:42 -03:00
7b6fd598d0
Multiple <authentication-manager> Do Not Duplicate Alias
...
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.
This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.
Closes gh-8767
2022-05-03 14:57:22 -05:00
6420cf28a9
Multiple <authentication-manager> Do Not Duplicate Alias
...
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.
This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.
Closes gh-8767
2022-05-03 14:52:22 -05:00
dec0d97ef0
Multiple <authentication-manager> Do Not Duplicate Alias
...
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.
This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.
Closes gh-8767
2022-05-03 14:50:56 -05:00
4ebd37ae77
Add 5.8 Support
2022-05-03 09:04:34 -06:00
397ccbc1c8
Add 5.7 Schema
2022-05-03 09:03:50 -06:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
48ac100a92
Remove WebSecurityConfigurerAdapter from Kotlin tests
...
Issue gh-10902
2022-04-28 16:13:35 +02:00
736f439bb5
Detect UserDetailsService bean in X509 configuration
...
Closes gh-11174
2022-04-28 14:48:40 +02:00
9dd393cb9c
Update remember me Javadocs
...
Describe the new behaviour for retrieving the UserDetailsService
Issue gh-11170
2022-04-28 14:48:29 +02:00
5ac5edc2e6
Detect UserDetailsService bean in X509 configuration
...
Closes gh-11174
2022-04-28 14:47:18 +02:00
d40c15e09e
Update remember me Javadocs
...
Describe the new behaviour for retrieving the UserDetailsService
Issue gh-11170
2022-04-28 14:13:52 +02:00
a0232ed135
Add shouldFilterAllDispatcherTypes to Kotlin DSL
...
Closes gh-11153
2022-04-28 08:34:48 -03:00
e94adedb94
Add shouldFilterAllDispatcherTypes to Kotlin DSL
...
Closes gh-11153
2022-04-28 08:19:20 -03:00
ac06057cf6
Detect UserDetailsService bean in remember me
...
Closes gh-11170
2022-04-28 12:44:27 +02:00
8e34cedcfe
Detect UserDetailsService bean in remember me
...
Closes gh-11170
2022-04-28 12:43:13 +02:00
7dc4364f43
Fix Kotlin mockk test compatibility
...
Issue gh-11039
2022-04-26 18:13:29 +02:00
558bb161c5
Security Context Dsl
...
Closes gh-11039
2022-04-26 17:38:00 +02:00
a3e7e54b70
Security Context Dsl
...
Closes gh-11039
2022-04-26 17:34:44 +02:00
9a57b42786
Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Issue gh-10908
2022-04-25 09:53:20 -03:00
9d378103b0
Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Issue gh-10908
2022-04-25 09:43:50 -03:00
23594b3d01
Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Issue gh-10908
2022-04-25 09:42:00 -03:00
e79b6b3ac8
Default SecurityContextHolderFilter
...
Closes gh-11110
2022-04-15 14:59:38 -05:00
9a9a43a0c0
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:18:25 -05:00
aaf78330b1
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:16:35 -05:00
5367524030
Change the default of shouldFilterAllDispatchTypes to true
...
Closes gh-11107
2022-04-14 16:30:42 -03:00
84b5c76a7b
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 16:10:36 -03:00
7fea639a43
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 15:58:00 -03:00
c6ad72004e
Revert "Pick up AuthorizationManager Bean"
...
This reverts commit 4ca5346871
2022-04-12 09:58:30 -06:00
147ab42440
Revert "Pick up AuthorizationManager Bean"
...
This reverts commit 32b83aae63
2022-04-12 09:32:09 -06:00
50f8df6f07
Use HttpStatusCode
...
Closes gh-11091
2022-04-11 09:19:56 -03:00
39b0620a84
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:44 -05:00
7be32872e9
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:24 -05:00
4ca5346871
Pick up AuthorizationManager Bean
...
Closes gh-11067
Closes gh-11068
2022-04-08 11:42:37 -06:00
32b83aae63
Pick up AuthorizationManager Bean
...
Closes gh-11067
Closes gh-11068
2022-04-08 10:08:33 -06:00
b39f213e64
Revert "Add AuthorizationManager to Messaging"
...
This reverts commit 77a6e014a9
2022-04-07 17:39:34 -06:00
77a6e014a9
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-04-07 17:39:10 -06:00
be434e1540
Add Default Test to HttpBasicConfigurerTests
...
Issue gh-10973
2022-04-05 17:32:13 -06:00
f09652d447
Polish Saml2LoginConfigurerTests
...
Issue gh-10973
2022-04-05 17:32:13 -06:00
66213e5b2e
Add Default Test to HttpBasicConfigurerTests
...
Issue gh-10973
2022-04-05 17:11:39 -06:00
47c8676be7
Polish Saml2LoginConfigurerTests
...
Issue gh-10973
2022-04-05 17:11:38 -06:00
1edfa07d27
Use RequestMatcherEntry
...
Closes gh-11046
2022-03-30 14:40:06 -06:00
c175118f62
Use RequestMatcherEntry
...
Closes gh-11046
2022-03-30 14:31:11 -06:00
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
fa574c8785
Simplify PrePostMethodSecurityConfiguration
...
Issue gh-9288
2022-03-29 16:22:42 -06:00
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
a43677d36a
Simplify PrePostMethodSecurityConfiguration
...
Issue gh-9288
2022-03-29 15:44:16 -06:00
e176d764ba
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:38:37 -05:00
67fd46bfa6
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:21:52 -05:00
446ab5047c
Add authorizeHttpRequests to Kotlin DSL
...
Closes gh-10481
2022-03-22 09:39:06 -06:00
3016ed0067
Fix typos in Kotlin DSL docs
...
Issue gh-10481
2022-03-22 08:27:29 -06:00
ca00b1415b
Add authorizeHttpRequests to Kotlin DSL
...
Closes gh-10481
2022-03-22 08:26:41 -06:00
932ff4f5c4
Fix typos in Kotlin DSL docs
...
Issue gh-10481
2022-03-22 08:26:41 -06:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
f9619cef68
Extract createSecurityContextRepository()
...
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.
Issue gh-9635
2022-03-12 13:23:47 -06:00
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
dbcb5004b4
Extract createSecurityContextRepository()
...
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.
Issue gh-9635
2022-03-11 17:21:49 -06:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
1762a4ce70
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 10:48:34 -03:00
1cbe7a75d3
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 10:40:26 -03:00
93d4fd3559
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 09:18:01 -03:00
73f839312d
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 09:18:01 -03:00
963251314b
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:40:11 -07:00
5b9a45de01
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:30:21 -07:00
7a02bd14c1
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:19:03 -07:00
8cc18fa9dc
OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
...
Closes gh-10846
2022-02-28 15:31:22 -07:00
3aa7a65cb4
OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
...
Closes gh-10846
2022-02-28 15:30:19 -07:00
eca32b4812
Upgrade to Kotlin 1.6.20-M1
...
Closes gh-10687
2022-02-22 08:51:27 -03:00
606bd120fb
Deprecate WebSecurityConfigurerAdapter
...
Closes gh-10822
2022-02-17 12:25:14 +01:00
e97c643870
Deprecate WebSecurityConfigurerAdapter
...
Closes gh-10822
2022-02-17 12:13:50 +01:00
9f9fbb395f
Apply configurers from spring.factories to HttpSecurity bean
...
Closes gh-10814
2022-02-09 14:42:04 +01:00
c2635ba6bf
Apply configurers from spring.factories to HttpSecurity bean
...
Closes gh-10814
2022-02-09 14:40:57 +01:00
f53c65b3a0
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 15:07:29 -07:00
0be772ff5b
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 15:07:29 -07:00
84616543a3
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 14:58:20 -07:00
6ae651bd67
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 14:58:20 -07:00
cbd87fac89
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 14:50:28 -07:00
01ed617d5f
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 14:50:19 -07:00
5a2556879a
Add Saml2AuthenticationRequestResolver
...
Closes gh-10355
2022-01-24 16:18:33 -07:00
d538423f98
Add Saml2AuthenticationRequestResolver
...
Closes gh-10355
2022-01-24 15:09:45 -07:00
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
4f3072b3d9
Exclude javax from hibernate dependency
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
13c467734a
Remove javax.transaction
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
c01b2b946b
Additional removal of javax.inject
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
58090c37ea
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
04f3bbcefa
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
c67ee6f2a8
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 15:32:12 -06:00
5902b46e9b
Remove jcl-over-slf4j
...
Issue gh-10499
# Conflicts:
# dependencies/spring-security-dependencies.gradle
2022-01-19 15:32:01 -06:00
62449d6fa2
Remove commons-logging
...
Closes gh-10499
2022-01-19 15:31:22 -06:00
11df19406b
Remove javax.inject
...
Issue gh-10501
2022-01-19 14:49:47 -06:00
44bc953a39
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:40:56 -06:00
95b4a3742b
Remove commons-logging
...
Closes gh-10499
2022-01-19 14:40:54 -06:00
ba922dcdf0
Exclude javax from hibernate dependency
...
Issue gh-10501
2022-01-19 14:35:25 -06:00
27e1a2ca69
Remove javax.transaction
...
Issue gh-10501
2022-01-19 14:35:05 -06:00
9d4ecc9c37
Additional removal of javax.inject
...
Issue gh-10501
2022-01-19 14:34:45 -06:00
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
0e8c03401b
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 14:34:16 -06:00
8f64bb6c8c
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 14:33:53 -06:00
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
Marcus Da Coregio
Rob Winch
Yuriy Savchenko
Evgeniy Cheban
Igor Bolic
Josh Cummings
Joshua Sattler
Steve Riesenberg
Anbu Sampath
Joe Grandja
Jared Rufer
Houssem BELHADJ AHMED
Juny Tse
Eleftheria Stein
nor-ek
m0k045e
Manuel Jordan