213 Commits

Author SHA1 Message Date
Josh Cummings
d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs.
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
2022-11-01 12:35:39 -06:00
Marcus Da Coregio
7cbb9e82f9 Document how to opt-in for SHA256 in RememberMe
Closes gh-12097
2022-11-01 15:33:45 -03:00
Josh Cummings
39f4fcd5f2
Add AuthenticationEntryPointFailureHandler Preparation Steps
Issue gh-9429
2022-10-31 16:33:25 -06:00
Josh Cummings
ac7f726a24
Add RunAsManager Preparation Steps
Closes gh-11337
2022-10-31 15:46:19 -06:00
Josh Cummings
c5badbc631
Add AccessDecisionManager Preparation Steps
Issue gh-11337
2022-10-31 15:25:05 -06:00
Josh Cummings
86c9d5cfbe
Remove Stray Horizontal Rules
Issue gh-11337
2022-10-31 15:24:59 -06:00
Rob Winch
4112adf6a0 Document Configure Default CsrfTOken BREACH Protection
Closes gh-12107
2022-10-28 15:57:25 -05:00
Rob Winch
96d7c78b67 Polish Document Defer load CsrfToken
Issue gh-12105
2022-10-28 15:51:28 -05:00
Rob Winch
d860775b45 Document Defer load CsrfToken
Closes gh-12105
2022-10-28 15:41:25 -05:00
Josh Cummings
4938c394e4
Move Opt-out Steps
Closes gh-12104
2022-10-28 13:52:02 -06:00
Josh Cummings
8da916fa1c
Add Request Security Preparation Steps
Issue gh-11337
2022-10-28 11:48:21 -06:00
Josh Cummings
e900ca3a86
Polish Method Security Preparation Steps
- Add instruction to declare 5.8 defaults

Issue gh-11337
2022-10-28 09:46:48 -06:00
Josh Cummings
b4974bbce9
Polish Message Security Preparation Steps
- Added step to declare the 5.8 default in case later preparation steps
cannot be taken yet

Issue gh-11337
2022-10-28 09:26:04 -06:00
Josh Cummings
31a1486b88
Add Message Security Preparation Steps
Issue gh-11337
2022-10-27 20:08:13 -06:00
Rob Winch
5721b0351e Polish RequestCache continue Kolin Configuration
Issue gh-12089
2022-10-27 15:13:50 -05:00
Rob Winch
aac1261f0c Document Migration to SecurityContextHolderFilter
Closes gh-12098
2022-10-27 15:12:45 -05:00
Josh Cummings
1dd13e69a4
Standardize Preparation Guide Layout
Closes gh-12096
2022-10-27 10:34:20 -06:00
Josh Cummings
2a95a24390
Add Link to 6.0 Migration Guide
Issue gh-12093
2022-10-26 16:15:36 -06:00
Rob Winch
24cc7ff178 Document Saved Requests Migration
Closes gh-12089
2022-10-26 14:24:00 -05:00
Rob Winch
c17e258a6f Document Saved Requests
Closes gh-12088
2022-10-26 14:22:30 -05:00
Josh Cummings
f6731e89db
Polish Method Security Preparation Steps 2022-10-26 12:37:54 -06:00
Josh Cummings
04fa5af794
Add Missing Doc Header
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
Josh Cummings
e505bc3af4
Add Method Security Preparation Steps 2022-10-25 14:41:10 -06:00
Steve Riesenberg
5a55987d6e
Add links to reference in What's New for 5.8
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
Josh Cummings
59c4538798
Update What's New
Closes gh-12021
2022-10-13 10:13:20 -06:00
Joe Grandja
ffbcaca24a Update reference for PasswordEncoders
Issue gh-10506
2022-10-12 07:32:30 -04:00
Marcus Da Coregio
4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher
Closes gh-11938
2022-10-10 09:24:15 -03:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH
Closes gh-11959
2022-10-07 16:34:17 -05:00
Marcus Da Coregio
f3321c256c Add XML support for shouldFilterAllDispatcherTypes
Closes gh-11492
2022-10-07 10:20:32 -03:00
Steve Riesenberg
dce1c30522
Add support for BREACH
Closes gh-4001
2022-10-05 14:21:13 -05:00
Steve Riesenberg
c1fcf275d9
Update What's New for 5.8
Issue gh-11952
2022-10-05 13:48:18 -05:00
Marcus Da Coregio
ace8caa182 Remove mvcMatchers usage from docs
Issue gh-11347
2022-10-05 13:19:37 -03:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux
0e215a21ad
Add X-Xss-Protection headerValue to XML config
Issue gh-9631
2022-10-03 14:29:34 -05:00
Marcus Da Coregio
039e0328e1 Simplify Java Configuration RequestMatcher Usage
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux
bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch
d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
2022-09-22 11:09:44 -05:00
Marcus Da Coregio
983ca6ea27 Update What's New for 5.8 2022-09-20 08:33:38 -03:00
Steve Riesenberg
8f44f74d44
Update What's New for 5.8 2022-09-14 15:13:41 -05:00
Steve Riesenberg
70eea8dc67
Update What's New for 5.8 2022-09-14 14:58:48 -05:00
Steve Riesenberg
355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f
Add authentication converter for introspected tokens
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
2022-09-13 16:45:36 -05:00
Rob Winch
5ae492b1c1 Add What's New @WithMockUser Supported as Merged Annotation 2022-09-08 09:49:00 -05:00
Steve Riesenberg
86fbb8db07 Add new interfaces for CSRF request processing
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
Marcus Da Coregio
ff6fd78d64 Merge branch '5.7.x' into 5.8.x 2022-09-01 09:39:10 -03:00
Marcus Da Coregio
0a08a23423 Merge branch '5.6.x' into 5.7.x 2022-09-01 09:38:33 -03:00
Underground Hill
8b74bf9742 Updated reference to architecture page
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00