ce778b0e20
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:25:15 -05:00
c7b39eed58
GitHubMilestoneApiTests due_on Uses LocalDate
...
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.
To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.
Closes gh-11706
2022-08-15 13:02:32 -05:00
425b3501b7
Remove `@Configuration` from `@Enable*` Annotations
...
This removes `@Configuration` from all `@Enable` Annotations and explicitly
adds `@Configuration` to wherever the `@Enable*` Annotations are used.
Closes gh-11653
2022-08-09 17:00:24 -05:00
a5069d7e35
Fix Add @Configuration to @Enable*Security Usage
...
Issue gh-6613
2022-08-09 17:00:16 -05:00
24bb83e2c7
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:31:45 -03:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
c23324e7a7
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 14:14:12 -05:00
ed58ac7d78
Add Conditions to Generating AuthnRequest
...
Closes gh-11657
2022-08-03 17:49:48 -06:00
9e8a04d414
Polish Tests
...
Issue gh-11657
2022-08-03 17:49:46 -06:00
f8971742f2
Remove FilterSecurityInterceptor from WebSecurity
...
Closes gh-11325
2022-08-02 15:34:02 -03:00
508f7d7b8a
Update OpenSamlAuthenticationRequestResolverTests from Junit 4 to Junit 5
2022-08-02 08:02:22 -06:00
947445fcc5
Add ID to Saml2 Post and Redirect Requests
...
Closes gh-11468
2022-08-02 08:02:22 -06:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
15f525c614
Polish HttpSecurity
2022-07-29 17:42:20 -05:00
0c0c75ce22
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:42:20 -05:00
9861769b02
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:42:20 -05:00
9d248c7185
Skip workflows on forks of spring-security
2022-07-28 14:17:42 -05:00
865bf23ecc
Use cache and user.name system property on Windows
2022-07-28 13:00:15 -05:00
4393c2ea02
Add hash-based Content-Security-Policy for SAML pages
...
Closes gh-11631
2022-07-27 18:04:39 -06:00
f86d30f4a1
Only run prerequisites job if on upstream repo
2022-07-27 16:01:16 -05:00
dc59d12405
Simplify dependency graph
2022-07-27 16:01:15 -05:00
bdeb32854e
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-27 16:01:15 -05:00
7f2c797086
Add Deprecated annotation to WebSecurity#securityInterceptor
...
Closes gh-11634
2022-07-27 14:39:56 -03:00
a72c5a55db
Revert "Remove @Configuration from webflux config examples"
...
This reverts commit aec9effb88
2022-07-26 16:46:01 -05:00
aec9effb88
Remove @Configuration from webflux config examples
2022-07-26 16:34:10 -05:00
9fbe6b7731
Fix Snapshot Sources/Javadoc
...
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.
Closes gh-10602
2022-07-26 15:49:52 -05:00
b6258fe1f9
Apply ArtifactoryPlugin in RootProjectPlugin
...
Issue gh-10602
2022-07-26 15:42:51 -05:00
8aa6fbfed2
ArtifactoryPlugin only apply default publications for MavenPublishPlugin
...
Issue gh-10602
2022-07-26 15:42:51 -05:00
e3ed6b3539
Update to build-info-extractor-gradle:4.29.0
...
Issue gh-10602
2022-07-26 15:42:50 -05:00
3b9f5ac77b
"Well-Know" should be "Well-Known"
2022-07-26 15:41:38 -05:00
3f4efedd23
Polish gh-11367
2022-07-26 15:33:34 -05:00
8f93a7fc94
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-07-26 15:33:33 -05:00
b76966638d
Use Spring Framework 6.0.0-SNAPSHOT
2022-07-25 14:24:55 -03:00
0c549ee147
Use SHA256 by default in Remember Me
...
Closes gh-11520
2022-07-25 10:33:12 -03:00
db9d60e82d
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 13:47:07 -03:00
e092ec780f
Merge Same-named Attribute Elements
...
Closes gh-11042
2022-07-20 18:33:24 -06:00
bf138c5154
Next development version
2022-07-18 17:05:25 +00:00
79912a0a44
Release 6.0.0-M6
2022-07-18 13:29:25 -03:00
7e2b344a66
Update org.springframework to 6.0.0-M5
...
Closes gh-11594
2022-07-18 13:28:22 -03:00
860c669666
Revert "Release 6.0.0-M6"
...
This reverts commit c8fa238cfc
2022-07-18 13:18:34 -03:00
c8fa238cfc
Release 6.0.0-M6
2022-07-18 15:27:55 +00:00
b5b3ddd6b4
Deprecate Resource Owner Password Credentials grant
...
Closes gh-11590
2022-07-15 16:45:00 -04:00
6ee1643bae
Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction
...
Closes gh-11589
2022-07-15 15:13:40 -04:00
054791c26c
Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction
...
Closes gh-11588
2022-07-15 15:12:39 -04:00
65db5fa028
Remove deprecations in JwtAuthenticationConverter
...
Closes gh-11587
2022-07-15 14:43:08 -04:00
1ac6054e6f
Remove deprecations in OidcUserInfo
...
Closes gh-11586
2022-07-15 14:42:54 -04:00
6b41faaf55
Remove deprecations in ClaimAccessor
...
Closes gh-11585
2022-07-15 14:42:33 -04:00
0859da5590
Remove deprecations in OAuth2AuthorizedClientArgumentResolver
...
Closes gh-11584
2022-07-15 14:42:03 -04:00
743b6a5bfe
Remove deprecations in OidcClientInitiatedLogoutSuccessHandler
...
Closes gh-11565
2022-07-15 14:04:09 -04:00
cae22867b2
Remove deprecated allowMultipleAuthorizationRequests
...
Closes gh-11564
2022-07-15 13:50:30 -04:00
Rob Winch
Marcus Da Coregio
Igor Bolic
Josh Cummings
Scott Shidlovsky
Joshua Sattler
Steve Riesenberg
Ulrich Grave
Desmond Silveira
naveen
Yuriy Savchenko
github-actions[bot]
Joe Grandja