Commit Graph

9849 Commits

Author SHA1 Message Date
Hans Hosea Schaefer b671a96073
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 12:10:03 -06:00
Marcus Hert da Coregio 2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
2021-05-26 10:36:44 -06:00
César Revert cf74ad3a52 Anonymous in ExceptionTranslationWebFilter
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
2021-05-26 09:17:41 -05:00
Craig Andrews a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Craig Andrews 0e6d47b082 Add guard around debug logging involving string concatenation 2021-05-26 09:11:38 -05:00
Craig Andrews 0af74ce134 Use ServletUriComponentsBuilder instead of UrlPathHelper 2021-05-26 09:11:38 -05:00
Craig Andrews 2bcd4627fa Eliminate use of Optional 2021-05-26 09:11:38 -05:00
Craig Andrews 10a264c144 Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy
Performs a redirect to the original request URL when an invalid requested session is detected.

In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
2021-05-26 09:11:38 -05:00
Steve Riesenberg 36dcbe24d0 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 13:31:34 -05:00
Steve Riesenberg 18a2a4ace9 Handle encoded spaces in the root dn
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.

Closes gh-9742
2021-05-25 10:54:41 -06:00
Marcus Hert da Coregio 2d61fda1af Combine multiple OS builds into one
Closes gh-9790
2021-05-25 10:40:28 -06:00
Marcus Hert da Coregio fa7ba5e3db Update Env Variables in Build Windows Job
Closes gh-9761
2021-05-25 10:40:28 -06:00
Eleftheria Stein 488683f5a5 Polish DNS SRV lookup method with port
Issue gh-9030
2021-05-20 14:29:45 +02:00
Kathryn Newbould 2af322c06d Add method to return both IP and port for SRV DNS lookup requests
Closes gh-9030
2021-05-20 14:28:50 +02:00
Eleftheria Stein fa77f4c8ff Deprecate feature-policy where not already deprecated
Issue gh-9262
2021-05-19 10:04:09 +02:00
Eleftheria Stein be903b8e25 Cleanup unused import 2021-05-19 10:04:09 +02:00
Eleftheria Stein 1728b06b30 Ensure Kotlin 1.3 compatibility
Closes gh-9765
2021-05-19 10:04:08 +02:00
Josh Cummings 67e5c05a47 Polish AuthorizationManager Method Security
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
2021-05-18 17:34:04 -06:00
Evgeniy Cheban 84e2e80915 Consider AuthorizationManager for Method Security
Closes gh-9289
2021-05-18 17:34:04 -06:00
Josh Cummings f7f435d3f4
Include all configured branches in CI
Closes gh-9775
2021-05-18 15:57:40 -06:00
Rob Winch 081e3301ad Use GPG_PRIVATE_KEY directly
Closes gh-9776
2021-05-18 16:44:29 -05:00
Rob Winch 1898446f68 core depends on crypto
Issue gh-9767
2021-05-18 16:03:38 -05:00
Rob Winch 56b7c662e4 Remove spring-security-crypto from spring-core pom
Instead of having api extend included configuration, we should use the
*Classpath configurations.

Closes gh-9767
2021-05-18 15:30:44 -05:00
Rob Winch 8a4ee8af43 Artifactory defaults to publish mavenJava Publication
Closes gh-9772
2021-05-18 15:30:44 -05:00
Josh Cummings d203235567
Update to Spring Security 5.6
Closes gh-9695
2021-05-18 10:45:17 -06:00
Josh Cummings 8c0248d0dc
Remove Temporary Module 2021-05-18 10:09:43 -06:00
Rob Winch df4d0dc488 Ignore Invalid buildSrc Tests 2021-05-18 01:00:37 -05:00
Rob Winch 073f72277e Next Development Version 2021-05-18 00:47:37 -05:00
Rob Winch abd100122e Fix SpringNexsPublishPlugin spacing in root 2021-05-17 23:57:18 -05:00
Rob Winch 39c5f3d955 Fix closeAndReleaseOssrhStagingRepository 2021-05-17 23:54:28 -05:00
Rob Winch 05dd69395d Delay until PublishAllJavaComponentsPlugin 2021-05-17 23:53:01 -05:00
Rob Winch 03924951a2 Update GitHub Actions to use publishArtifacts 2021-05-17 23:40:43 -05:00
Rob Winch 4d251157b2 opensaml4MainCompile 2021-05-17 23:21:17 -05:00
Rob Winch 1491f2e0b6 Fix saml javadoc 2021-05-17 22:39:34 -05:00
Rob Winch 777a27523e fix bom 2021-05-17 22:29:45 -05:00
Rob Winch b750f3b86c copyproperties for bom plugin 2021-05-17 22:22:55 -05:00
Rob Winch b0f661f432 Revert "Map optional dependencies to Maven"
This reverts commit 7dc34ccef7.
2021-05-17 22:17:52 -05:00
Rob Winch d8e4f6c866 Revert "Management no longer operates on optional/provided to spring-security-dependencies added as bom to poms"
This reverts commit c9bf98c887.
2021-05-17 22:17:50 -05:00
Rob Winch c9bf98c887 Management no longer operates on optional/provided to spring-security-dependencies added as bom to poms 2021-05-17 21:18:58 -05:00
Rob Winch 7dc34ccef7 Map optional dependencies to Maven 2021-05-17 20:44:12 -05:00
Rob Winch 5b74484d3d Fix ManagementConfigurationPlugin Configurations
- remove COMPILE_CONFIGURATION_NAME
- remove TEST_COMPILE_CONFIGURATION_NAME

This is because otherwise spring-security-depencencies appears as
maven bom and it should be internal
2021-05-17 19:16:33 -05:00
Rob Winch 0158d2023e Remove MavenBomTask 2021-05-17 18:25:29 -05:00
Rob Winch 3d4bc6ca9e remove spring-pom.properties 2021-05-17 17:58:56 -05:00
Rob Winch b2d14be18e Revert "versionMapping"
This reverts commit 834a1fca0d.
2021-05-17 17:50:08 -05:00
Rob Winch 834a1fca0d versionMapping 2021-05-17 17:50:02 -05:00
Rob Winch daf37942c5 Fix maven.from 2021-05-17 17:49:37 -05:00
Rob Winch c72f8dec0c Fix MavenBom 2021-05-17 17:49:04 -05:00
Rob Winch 928c855a7d polish publish 2021-05-17 16:31:13 -05:00
Rob Winch d826984fc0 remove artifactory config that is invalid 2021-05-17 16:21:17 -05:00
Rob Winch 3b77986e85 apply publishplugin 2021-05-17 16:21:07 -05:00