Commit Graph

1874 Commits

Author SHA1 Message Date
Juny Tse d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 12:02:13 -06:00
Marcus Da Coregio d86ed6f523 Update copyright headers
Issue gh-10956
2022-05-06 14:14:16 -03:00
Marcus Da Coregio 1959c25a03 Fix mvcMatchers overriding previous paths
Closes gh-10956
2022-05-06 14:11:37 -03:00
Rob Winch 7b6fd598d0 Multiple <authentication-manager> Do Not Duplicate Alias
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
2022-05-03 14:57:22 -05:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration
Closes gh-11174
2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
2022-04-28 14:13:52 +02:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL
Closes gh-11153
2022-04-28 08:19:20 -03:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me
Closes gh-11170
2022-04-28 12:43:13 +02:00
nor-ek a3e7e54b70 Security Context Dsl
Closes gh-11039
2022-04-26 17:34:44 +02:00
Marcus Da Coregio 23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
Issue gh-10908
2022-04-25 09:42:00 -03:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter
Closes gh-11109
2022-04-15 14:16:35 -05:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types
Closes gh-11092
2022-04-14 15:58:00 -03:00
Josh Cummings 147ab42440
Revert "Pick up AuthorizationManager Bean"
This reverts commit 32b83aae63.

Issue gh-11067
2022-04-12 09:32:09 -06:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter
Closes gh-11084
2022-04-08 16:13:44 -05:00
Josh Cummings 32b83aae63
Pick up AuthorizationManager Bean
Closes gh-11067
Closes gh-11068
2022-04-08 10:08:33 -06:00
Josh Cummings b39f213e64
Revert "Add AuthorizationManager to Messaging"
This reverts commit 77a6e014a9.
2022-04-07 17:39:34 -06:00
Josh Cummings 77a6e014a9
Add AuthorizationManager to Messaging
Closes gh-11076
2022-04-07 17:39:10 -06:00
Josh Cummings 66213e5b2e
Add Default Test to HttpBasicConfigurerTests
Issue gh-10973
2022-04-05 17:11:39 -06:00
Josh Cummings 47c8676be7
Polish Saml2LoginConfigurerTests
Issue gh-10973
2022-04-05 17:11:38 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry
Closes gh-11046
2022-03-30 14:31:11 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
2022-03-29 16:03:19 -06:00
Josh Cummings a43677d36a
Simplify PrePostMethodSecurityConfiguration
Issue gh-9288
2022-03-29 15:44:16 -06:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest)
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
2022-03-25 14:21:52 -05:00
Yuriy Savchenko 446ab5047c
Add authorizeHttpRequests to Kotlin DSL
Closes gh-10481
2022-03-22 09:39:06 -06:00
Yuriy Savchenko 3016ed0067
Fix typos in Kotlin DSL docs
Issue gh-10481
2022-03-22 08:27:29 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository()
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
2022-03-11 17:21:49 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:23:35 -07:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support
Closes gh-10842
2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support
Closes gh-9012
2022-03-09 09:18:01 -03:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding
Issue gh-10923
2022-03-02 16:19:03 -07:00
m0k045e 3aa7a65cb4 OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
Closes gh-10846
2022-02-28 15:30:19 -07:00
Eleftheria Stein e97c643870 Deprecate WebSecurityConfigurerAdapter
Closes gh-10822
2022-02-17 12:13:50 +01:00
Eleftheria Stein c2635ba6bf Apply configurers from spring.factories to HttpSecurity bean
Closes gh-10814
2022-02-09 14:40:57 +01:00
Josh Cummings cbd87fac89 Polish ignoring() log messaging
- Public API remains unchanged

Issue gh-9334
2022-02-07 14:50:28 -07:00
Manuel Jordan 01ed617d5f Print ignore message DefaultSecurityFilterChain
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
2022-02-07 14:50:19 -07:00
Josh Cummings d538423f98 Add Saml2AuthenticationRequestResolver
Closes gh-10355
2022-01-24 15:09:45 -07:00
Rob Winch ba922dcdf0 Exclude javax from hibernate dependency
Issue gh-10501
2022-01-19 14:35:25 -06:00
Rob Winch 27e1a2ca69 Remove javax.transaction
Issue gh-10501
2022-01-19 14:35:05 -06:00
Rob Winch 9d4ecc9c37 Additional removal of javax.inject
Issue gh-10501
2022-01-19 14:34:45 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api
Issue gh-10501
2022-01-19 14:34:32 -06:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j
Issue gh-10499
2022-01-19 14:33:46 -06:00
Rob Winch 3c641dee75 Remove commons-logging
Closes gh-10499
2022-01-19 14:33:44 -06:00
Eleftheria Stein a537b636c1 Add LDAP factory beans
Issue gh-10138
2022-01-18 15:11:30 +01:00
Josh Cummings 75f25bff82 Polish multiple RequestRejectedHandlers support
Issue gh-10603
2022-01-14 16:49:38 -07:00
Adam Ostrožlík 4ea57f3e3f Support multiple RequestRejectedHandler beans
Closes gh-10603
2022-01-14 16:46:15 -07:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8
Closes gh-10695
2022-01-11 09:19:41 -03:00
heowc 1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00