Commit Graph

102 Commits

Author SHA1 Message Date
Joe Grandja c2cfe92a02 Merge branch '6.3.x' 2024-11-18 05:16:16 -05:00
Joe Grandja a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00
Marcus Hert Da Coregio 00e4a8fb54 Add support for One-Time Token Login
Closes gh-15114
2024-09-03 10:07:56 -03:00
Josh Cummings 4635dabf87
Merge branch '6.3.x' 2024-08-22 19:44:55 -06:00
Josh Cummings a3b88a8d4b
Enable Runtime Method Parameter Reflection
Several method security tests rely on method parameters
being preserved, in order to demonstrate the difference
between relying on runtime reflection and using the @P
annotation.

Closes gh-15680
2024-08-22 19:44:11 -06:00
Daniel Garnier-Moiroux bc8ba7f3b7 Inline CSS for default login and logout page
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
  in air-gapped or offline scenarios, and no dependency on an external CDN that may
  go away some day.
2024-08-05 09:27:18 -05:00
Josh Cummings 8d43f1bd7d
Merge branch '5.8.x' into 6.2.x 2024-07-31 15:48:44 -06:00
Josh Cummings 5cdcdc9bcb
Suppress Node Files From Nohttp Analysis
Given that we have no control over the contents of
third-party code, it isn't helpful to have nohttp
generate errors for the usage of http:// in that code.
2024-07-31 15:48:28 -06:00
Josh Cummings f231ea277d
Merge branch '5.8.x' into 6.2.x
Closes gh-15210
2024-06-06 13:35:56 -06:00
Josh Cummings 6aabd768a8
Pick MvcRequestMatcher for MockMvc requests
Closes gh-13849
2024-06-06 13:17:43 -06:00
Steve Riesenberg f8fde0d79d
Update nohttp allow list
Issue gh-14609
2024-03-25 14:51:53 -05:00
Josh Cummings 65cce7e305
Merge branch '6.1.x' into 6.2.x
Closes gh-14640
2024-02-20 15:59:32 -07:00
Josh Cummings 008296cce2
Exclude Deprecated Classes
Closes gh-14630
2024-02-20 15:58:55 -07:00
Josh Cummings 238bc9733a
Remove stray projects 2024-02-20 15:57:46 -07:00
Steve Riesenberg 9db33f33c7
Revert unnecessary merges on 6.0.x
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:

- 5dce82c48b
2023-10-31 15:11:45 -05:00
Josh Cummings cb33fd7850
Add OIDC Back-Channel Logout Support
Closes gh-12570
2023-09-16 15:12:21 -06:00
Steve Riesenberg ac7fbea248
Add nohttp exclusions 2023-05-12 14:30:12 -05:00
Steve Riesenberg 1eff924598
Merge branch '5.8.x' into 6.0.x 2023-02-28 16:53:33 -06:00
Steve Riesenberg b2240f376e
Merge branch '5.7.x' into 5.8.x 2023-02-28 16:53:14 -06:00
Steve Riesenberg 7b88ab289d
Add nohttp exclusion
Issue gh-12804
2023-02-28 16:52:19 -06:00
Marcus Da Coregio 7094ee3710 Add runtime hints for annotations using @WithSecurityContext
Closes gh-12215
2022-11-16 10:02:34 -03:00
Marcus Da Coregio fd25568330 Merge branch '5.8.x'
Closes gh-12159
2022-11-08 13:29:36 -03:00
Marcus Da Coregio 9195521eea Merge branch '5.7.x' into 5.8.x
Closes gh-12158
2022-11-08 13:28:28 -03:00
Marcus Da Coregio 40548eb963 Merge branch '5.6.x' into 5.7.x
Closes gh-12157
2022-11-08 13:27:51 -03:00
Marcus Da Coregio 8cde8fb363 Update Gradle to 7.5.1
Closes gh-11779
2022-11-08 13:27:25 -03:00
Josh Cummings 5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Daniel Garnier-Moiroux 200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
Marcus Da Coregio c5e35bf32e Merge branch '5.8.x'
Closes gh-11978
2022-10-10 09:24:50 -03:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher
Closes gh-11938
2022-10-10 09:24:15 -03:00
Rob Winch 0efe26c1fd Merge branch '5.8.x'
Closes gh-11894
2022-09-22 13:47:04 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
2022-09-22 11:09:44 -05:00
Steve Riesenberg 1be9be97a1
Exclude JavadocPackageCheck from Spring Checks
Issue gh-11422
2022-07-15 13:03:45 -05:00
Marcus Da Coregio ee11c3ade7 Exclude JavadocPackageCheck from Spring Checks
Issue gh-11422
2022-07-15 14:10:53 -03:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor
Closes gh-11499
2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class
Closes gh-10960
2022-07-13 15:51:58 -04:00
Josh Cummings a31a99b591
Add SecurityContextHolderStrategy to Default Components
Issue gh-11060
2022-06-17 11:58:36 -06:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components
Issue gh-11060
2022-06-17 11:28:10 -06:00
Marcus Da Coregio 1cbe7a75d3 Add SAML 2.0 Login XML Support
Closes gh-9012
2022-03-09 10:40:26 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support
Closes gh-9012
2022-03-09 09:18:01 -03:00
Rob Winch f94090a59b Remove spring-security-openid
Closes gh-10773
2022-01-21 16:55:19 -06:00
Josh Cummings 4374905801 Establish new Package Tangle Baseline
Ran ./gradlew check && ./gradlew s101 -Ps101.label=baseline

Issue gh-10333
2021-11-19 11:46:08 -07:00
Marcus Da Coregio 17e0a47ef4 Revert "Fix CAS Client Java lib not working with Jakarta EE 9"
This reverts commit aa5564e240.
2021-11-01 09:02:43 -03:00
Marcus Da Coregio 5c4dd51994 Fix CAS Client Java lib not working with Jakarta EE 9
Copy the code from the library and change it to support the Jakarta classes

Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio e36e2b2a97 Move Saml2AuthnRequestRepository to web package
Moving to solve package tangles

Issue gh-9185
2021-09-29 14:10:39 -03:00
Josh Cummings 64f0102425 Establish Structure101 Baseline
Issue gh-6236
2021-09-27 16:06:43 -06:00
Josh Cummings 4272889dc8 Install Structure101 Plugin
Issue gh-6236
2021-09-27 14:56:03 -06:00
Joe Grandja 5830fda2fa Introduce JwtEncoder
Closes gh-9208
2021-09-24 05:13:40 -04:00
Marcus Hert da Coregio ab098f171d Propagate TestSecurityContextHolder to SecurityContextHolder
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder

Closes gh-9565
2021-09-17 16:39:53 -03:00
Josh Cummings 194993ad1a Add Saml2ParameterNames
Closes gh-10270
2021-09-14 17:40:12 -06:00
Dávid Kováč 3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
2021-08-12 16:51:33 -06:00