2705 Commits

Author SHA1 Message Date
Eleftheria Stein
bbeca7cd65 Polish LDAP serialization
Closes gh-9263
2021-11-29 18:03:15 +01:00
Markus Heiden
3c18278123 Start with LDAP Jackson2 mixins
Issue gh-9263
2021-11-29 18:03:03 +01:00
Eleftheria Stein
4f8c1b34af Polish LDAP serialization
Closes gh-9263
2021-11-29 17:59:24 +01:00
Markus Heiden
7cfd415cb5 Start with LDAP Jackson2 mixins
Issue gh-9263
2021-11-29 17:49:57 +01:00
Josh Cummings
7b15098570 Update Spring Security to 5.7
Closes gh-10509
2021-11-15 17:10:00 -07:00
Marcus Da Coregio
5a0f1d51c3 Drop EhCache2 support
Issue gh-10363
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
b2e6c60d94 Remove remoting technologies support
Closes gh-10366
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
010f719344 Upgrade to JDK 17
Closes gh-10343
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
12f3e908b0 Update to Spring Security 6.0 2021-11-01 09:02:41 -03:00
Emil Sierżęga
e0821f2a99 DaoAuthenticationProviderTests#avg returns fraction 2021-10-28 09:35:52 -06:00
Steve Riesenberg
5e091b94a9 Deprecate RemoteAuthentication* for 5.6
Closes gh-10430
2021-10-21 11:39:11 -05:00
Emil Sierżęga
a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch
f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Marcus Da Coregio
7fa39c8807 Deprecate EhCache2 support
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations

Closes gh-10362
2021-10-14 14:51:27 -03:00
Marcus Da Coregio
86c24da38b Improve Method Security logging
Closes gh-10247
2021-10-08 14:22:09 -03:00
Marcus Da Coregio
ef01124eb9 Add reasons to AuthorizationDecisions
Closes gh-9287
2021-10-08 14:22:09 -03:00
Marcus Da Coregio
570092c467 Remove trace logs for PrePostAnnotationSecurityMetadataSource
Those logs were producing too much noise on the console without adding much value.

Issue gh-10247
2021-10-08 14:22:09 -03:00
Alexander Furer
8c74d6cea5 Fix isAssignable order
Closes gh-10236
2021-09-30 13:56:37 -06:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
OllisGit
658aff501c Assert Error-Messages already includes dashes
When the cert-content is not valid, the assert output message is not correct.
Because it outputs too many dashes .The const X509- and PKCS8-PEM_HEADER already includes the dashes.

I took the output message via copy and paste, but it was still not valid ;-(

Only the output is affected, the checks itself is correct.
2021-09-27 09:53:55 -03:00
heowc
7b73b94198 Fix typo 2021-09-22 16:29:50 -06:00
Josh Cummings
5da55448f9 Polish SecurityContextChangedEvent
- Changed methods to getOldContext and getNewContext

Closes gh-10249
2021-09-13 16:04:36 -06:00
Josh Cummings
3e87ef84ae Replace SecurityContextHolder#addListener
Closes gh-10226
2021-09-13 15:57:06 -06:00
Hiroshi Shirosaki
6f3e346b76 Add SecurityContextHolder#addListener
Closes gh-10032
2021-08-11 17:12:13 -06:00
Josh Cummings
b8d51725c7 Immutable SecurityContext
Issue gh-10032
2021-08-11 17:12:13 -06:00
Josh Cummings
01af7877ea
Polish RsaKeyConverters
- Remove potential for returning null
- Remove potential for parsing more than one header

Issue gh-9736
2021-07-12 14:21:23 -06:00
shazin
5f7d871258 Add X.509 Certificate Support
Closes gh-9736
2021-07-12 14:21:08 -06:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
2021-07-08 12:35:32 -05:00
Josh Cummings
81ded2a0e5
Polish Assertion
By using the supplier version of Assert.notNull, the
string concatenation is delayed.

Issue gh-3403
2021-06-30 10:12:27 -06:00
Marcus Da Coregio
19aa44af41 Improve Error Message for Invalid Properties
Closes gh-3403
2021-06-30 10:07:21 -06:00
Ruben Suarez Alvarez
7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
YBCoding
25fa187406 Add insufficient authentication message for French
Partially fix gh-9315
2021-06-15 09:08:59 -05:00
pxzxj
20577c39c1 Add insufficient authentication message for Simplified Chinese and Traditional Chinese
Partially fix gh-9315
2021-06-14 16:00:29 -05:00
Josh Cummings
7ed38f1a26
Adjust Test Names
Issue gh-9514
2021-06-07 14:31:05 -06:00
Josh Cummings
e1e31939a3
Add @since
Issue gh-9514
2021-06-07 14:26:29 -06:00
Giacomo Baso
80743a267c
Add SecurityContext to delegating TaskScheduler
Wrap DelegatingSecurityContextTaskScheduler's Runnable tasks in
DelegatingSecurityContextRunnables, allowing to specify a
SecurityContext to use for tasks execution.

- Renamed private variable taskScheduler to delegate
- Removed unused local variable in unit test
- Add SecurityContext tests for delegating TaskScheduler

Closes gh-9514
2021-06-07 13:54:24 -06:00
Josh Cummings
67e5c05a47 Polish AuthorizationManager Method Security
- Removed consolidated pointcut advisor in favor of each interceptor
being an advisor. This allows Spring AOP to do more of the heavy
lifting of selecting the set of interceptors that applies
- Created new method context for after interceptors instead of
modifying existing one
- Added documentation
- Added XML support
- Added AuthorizationInterceptorsOrder to simplify interceptor
ordering
- Adjusted annotation lookup to comply with JSR-250 spec
- Adjusted annotation lookup to exhaustively search for duplicate
annotations
- Separated into three @Configuration classes, one for each set of
authorization annotations

Issue gh-9289
2021-05-18 17:34:04 -06:00
Evgeniy Cheban
84e2e80915 Consider AuthorizationManager for Method Security
Closes gh-9289
2021-05-18 17:34:04 -06:00
Josh Cummings
d203235567
Update to Spring Security 5.6
Closes gh-9695
2021-05-18 10:45:17 -06:00
Josh Cummings
17cfc6ade3
Inline ResourceKeyConverterAdapter
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
Eleftheria Stein
de0cd11a72 Fix PreAuthorize when returning Kotlin Flow
Closes gh-9676
2021-04-28 12:33:18 +02:00
Josh Cummings
163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings
df8abcfae7
Use Interceptors instead of Advice
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
2021-04-09 18:45:31 -06:00
Josh Cummings
6bcf479659
Polish Javadoc
Issue gh-9289
2021-04-09 18:44:25 -06:00
Josh Cummings
6828987b4b
Add AfterMethodAuthorizationManager
- Removes the need to keep MethodAuthorizationContext#returnObject
in sync with other method parameters
- Restores MethodAuthorizationContext's immutability

Closes gh-9591
2021-04-09 18:43:56 -06:00
Josh Cummings
2b494ebc5f
Polish AOP Structure
- Changed from MethodMatcher to Pointcut since authorization
annotations also can be attached to classes
- Adjusted advice to extend Before or AfterAdvice
- Adjusted advice to extend PointcutAdvisor so
that it can share its Pointcut
- Adjusted advice to extend AopInfrastructureBean to
align with old advice classes

Issue gh-9289
2021-04-09 17:46:33 -06:00
Josh Cummings
45376b359b
Adjust Packaging
Issue gh-9289
2021-04-09 17:46:32 -06:00