Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,211 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1893 Commits

Author SHA1 Message Date
Josh Cummings 2a70707c35 Add SecurityContextHolderStrategy XML Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00
Josh Cummings 2c09a300b6 Add SecurityContextHolderStrategy Java Configuration for Defaults 
Issue gh-11061
 2022-06-17 11:28:10 -06:00
Steve Riesenberg 79c2b8709b
Allow form login when single OAuth2 Provider is configured 
Closes gh-6802
 2022-06-15 14:05:55 -05:00
Jared Rufer 3ca4b06612
Support multiple SingleLogoutService bindings. 
Closes gh-11286
 2022-06-09 12:56:16 -06:00
Marcus Da Coregio 4d65d96b8a Fix saml2Tests always running after a single test 
This commit makes the check task depend on the saml2Tests task.
The test task was also configured to run after saml2Tests, to make sure that the
compileTestJava runs after the compileSaml2TestJava

Issue gh-10816
 2022-06-03 11:22:46 -03:00
Marcus Da Coregio 3dd54bcda7 Run SAML 2.0 tests in an exclusive task 
Issue gh-10816
 2022-06-02 19:24:42 +02:00
Marcus Da Coregio 23903b5f18 Use Reflection to instantiate OpenSAML4 classes 
Because the OpenSAML4 classes are compiled using Java 11, we have to rely on reflection to instante those classes since the config module should be compatible with Java 8

Issue gh-10816
 2022-06-02 19:24:42 +02:00
Marcus Da Coregio ccb1f68bfe Fix member variable using Java 9+ feature 
This causes compile errors when trying to build using JDK 8

Issue gh-10695
 2022-06-02 19:24:42 +02:00
Marcus Da Coregio 4c2401a576 Revert "Make source code compatible with JDK 8" 
This reverts commit 60ed3602f6.
 2022-06-02 19:24:42 +02:00
Josh Cummings 38d481eba6
Make Internal Class Package-Private 
Issue gh-11305
 2022-05-31 16:04:26 -06:00
Josh Cummings d994ddc9b8
Polish InterceptUrlConfigTests 
Issue gh-11305
 2022-05-31 16:04:02 -06:00
Josh Cummings 9dbd1f3e25
Use AuthorizationManager in <http> 
Closes gh-11305
 2022-05-31 15:10:00 -06:00
Josh Cummings 7c0ba58019
Fix rnc typo 
Issue gh-11076
 2022-05-27 16:59:23 -06:00
Josh Cummings 8a03d1fcec Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-05-27 12:20:48 -06:00
Juny Tse 16664dcdbd
Use Base64 encoder with no CRLF in output for SAML 2.0 messages 
Closes gh-11262
 2022-05-25 11:43:50 -06:00
Josh Cummings b51c71c3b3
Use original query string to verify signature 
Closes gh-11235
 2022-05-23 13:56:28 -06:00
Josh Cummings 5adb6e25a3
Correctly encode query parameters 
Issue gh-11235
 2022-05-20 17:46:40 -06:00
Josh Cummings ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban 07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Marcus Da Coregio 18c220c870 Update copyright headers 
Issue gh-10956
 2022-05-06 14:26:29 -03:00
Marcus Da Coregio 18345feeed Fix mvcMatchers overriding previous paths 
Closes gh-10956
 2022-05-06 14:26:29 -03:00
Rob Winch 6420cf28a9 Multiple <authentication-manager> Do Not Duplicate Alias 
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
 2022-05-03 14:52:22 -05:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Eleftheria Stein 5ac5edc2e6 Detect UserDetailsService bean in X509 configuration 
Closes gh-11174
 2022-04-28 14:47:18 +02:00
Eleftheria Stein d40c15e09e Update remember me Javadocs 
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
 2022-04-28 14:13:52 +02:00
Marcus Da Coregio e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL 
Closes gh-11153
 2022-04-28 08:19:20 -03:00
Eleftheria Stein 8e34cedcfe Detect UserDetailsService bean in remember me 
Closes gh-11170
 2022-04-28 12:43:13 +02:00
nor-ek a3e7e54b70 Security Context Dsl 
Closes gh-11039
 2022-04-26 17:34:44 +02:00
Marcus Da Coregio 23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator 
Issue gh-10908
 2022-04-25 09:42:00 -03:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Josh Cummings 147ab42440
Revert "Pick up AuthorizationManager Bean" 
This reverts commit 32b83aae63.

Issue gh-11067
 2022-04-12 09:32:09 -06:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Josh Cummings 32b83aae63
Pick up AuthorizationManager Bean 
Closes gh-11067
Closes gh-11068
 2022-04-08 10:08:33 -06:00
Josh Cummings b39f213e64
Revert "Add AuthorizationManager to Messaging" 
This reverts commit 77a6e014a9.
 2022-04-07 17:39:34 -06:00
Josh Cummings 77a6e014a9
Add AuthorizationManager to Messaging 
Closes gh-11076
 2022-04-07 17:39:10 -06:00
Josh Cummings 66213e5b2e
Add Default Test to HttpBasicConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:39 -06:00
Josh Cummings 47c8676be7
Polish Saml2LoginConfigurerTests 
Issue gh-10973
 2022-04-05 17:11:38 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Josh Cummings a43677d36a
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 15:44:16 -06:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Yuriy Savchenko 446ab5047c
Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 09:39:06 -06:00
Yuriy Savchenko 3016ed0067
Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:27:29 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-11 17:21:49 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support 
Closes gh-10842
 2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding 
Issue gh-10923
 2022-03-02 16:19:03 -07:00