5a7eb108c8
Fix Javadoc
2023-06-22 11:22:15 -06:00
590e9e23d9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13253
2023-05-31 15:42:41 -06:00
79f1cf799d
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13252
2023-05-31 15:31:31 -06:00
bcc1cfc28a
Restore OAuth2AuthorizedClientRepository Test Instrumentation
...
Closes gh-13113
2023-05-31 15:30:03 -06:00
e3cc8d13e8
Merge branch '5.8.x' into 6.0.x
2023-04-19 11:29:49 -03:00
744b74f4c9
Merge branch '5.7.x' into 5.8.x
2023-04-19 11:27:08 -03:00
8bec14009e
Fix typo in SecurityMockMvcResultMatchers.java
...
Change the first parameter's name of the AuthenticatedMatcher.withAuthentication() method from assesrtAuthentication to assertAuthentication
2023-04-19 11:25:55 -03:00
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
c15f45d9ee
Only register hints for servlet applications
...
Closes gh-12622
2023-02-03 16:37:33 -03:00
1648151dd2
Register hints for @WithSecurityContext on class level
...
Issue gh-12215
2022-11-17 10:18:15 -03:00
177e11fbd7
Add WebTestUtils test runtime hints
...
Closes gh-12216
2022-11-16 11:16:20 -03:00
7094ee3710
Add runtime hints for annotations using @WithSecurityContext
...
Closes gh-12215
2022-11-16 10:02:34 -03:00
9cb668aec2
SessionManagementConfigurer properly defaults SecurityContextRepository
...
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.
This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.
Closes gh-12070
2022-10-20 10:57:47 -05:00
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter
...
Issue gh-11960
2022-10-13 09:39:55 -05:00
7c872cf7fd
Merge branch '5.8.x'
2022-10-12 15:02:40 -05:00
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
4479cefade
Default Require Explicit Session Management = true
...
Closes gh-11763
2022-09-30 21:49:05 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
306a3bc20a
Merge branch '5.8.x'
2022-09-12 10:49:40 -05:00
6e2e8c41b5
typo fitler -> filter
2022-09-12 10:43:41 -05:00
e7880b1815
Javadoc typo 'sue' -> 'use'
2022-09-12 10:43:03 -05:00
0248421df1
Merge branch '5.8.x'
2022-09-08 10:15:24 -05:00
b478e5bc93
gh-6899: @WithMockUser as metaannotation
2022-09-08 09:44:32 -05:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
206c6ffb54
Remove deprecation warnings with Context.putAll
...
Closes gh-11476
2022-07-08 16:03:45 -05:00
d96b4a0463
Set the useTrailingSlashMatch to true for tests
...
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552 .
This causes failures in Spring Security's tests.
Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.
Closes gh-11451
2022-07-05 11:29:36 -06:00
6ac9366657
Add SecurityContextHolderStrategy Test Support
...
Issue gh-11061
Issue gh-11444
2022-06-27 13:17:45 -06:00
f86992a0af
Add SecurityContextHolderStrategy Test Support
...
Issue gh-11061
Issue gh-11444
2022-06-27 13:02:11 -06:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
b1233d053f
Add test support for SecurityContextHolderFilter
...
Issue gh-9635
2022-04-13 15:59:21 -05:00
6e6d472da4
Add test support for SecurityContextHolderFilter
...
Issue gh-9635
2022-04-13 10:53:11 -05:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
440e89095f
Replace StringUtils class completely
...
Issue gh-9925
Closes gh-10805
2022-02-07 13:48:29 +01:00
4a3654a95b
Replace StringUtils class completely
...
Issue gh-9925
Closes gh-10805
2022-02-07 13:47:52 +01:00
0e8c03401b
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 14:34:16 -06:00
8f64bb6c8c
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 14:33:53 -06:00
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
Laurent MARTELLI
Josh Cummings
Marcus Da Coregio
Amal Krishna
Rob Winch
Steve Riesenberg
aSemy
mariusz
Joshua Sattler
Igor Bolic
Norbert Nowak
giger85