Josh Cummings
590e9e23d9
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13253
2023-05-31 15:42:41 -06:00
Josh Cummings
79f1cf799d
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13252
2023-05-31 15:31:31 -06:00
Josh Cummings
bcc1cfc28a
Restore OAuth2AuthorizedClientRepository Test Instrumentation
...
Closes gh-13113
2023-05-31 15:30:03 -06:00
Marcus Da Coregio
e3cc8d13e8
Merge branch '5.8.x' into 6.0.x
2023-04-19 11:29:49 -03:00
Marcus Da Coregio
744b74f4c9
Merge branch '5.7.x' into 5.8.x
2023-04-19 11:27:08 -03:00
Amal Krishna
8bec14009e
Fix typo in SecurityMockMvcResultMatchers.java
...
Change the first parameter's name of the AuthenticatedMatcher.withAuthentication() method from assesrtAuthentication to assertAuthentication
2023-04-19 11:25:55 -03:00
Marcus Da Coregio
1a4a2a9055
Merge branch '5.8.x' into 6.0.x
2023-04-14 13:32:10 -03:00
Marcus Da Coregio
54117d7d27
Fix test suffix to align with checkstyle
2023-04-14 13:29:15 -03:00
Marcus Da Coregio
52ed165476
Move classpath checks to class member variable
...
Closes gh-11437
2023-02-07 09:25:06 -03:00
Marcus Da Coregio
c15f45d9ee
Only register hints for servlet applications
...
Closes gh-12622
2023-02-03 16:37:33 -03:00
Marcus Da Coregio
1648151dd2
Register hints for @WithSecurityContext on class level
...
Issue gh-12215
2022-11-17 10:18:15 -03:00
Marcus Da Coregio
177e11fbd7
Add WebTestUtils test runtime hints
...
Closes gh-12216
2022-11-16 11:16:20 -03:00
Marcus Da Coregio
7094ee3710
Add runtime hints for annotations using @WithSecurityContext
...
Closes gh-12215
2022-11-16 10:02:34 -03:00
Rob Winch
9cb668aec2
SessionManagementConfigurer properly defaults SecurityContextRepository
...
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.
This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.
Closes gh-12070
2022-10-20 10:57:47 -05:00
Steve Riesenberg
2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter
...
Issue gh-11960
2022-10-13 09:39:55 -05:00
Steve Riesenberg
7c872cf7fd
Merge branch '5.8.x'
2022-10-12 15:02:40 -05:00
Steve Riesenberg
440748ec65
Add test support for Xor CSRF tokens
...
Issue gh-4001
2022-10-12 15:02:15 -05:00
Marcus Da Coregio
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
Marcus Da Coregio
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
Steve Riesenberg
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Rob Winch
4479cefade
Default Require Explicit Session Management = true
...
Closes gh-11763
2022-09-30 21:49:05 -05:00
Steve Riesenberg
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
Rob Winch
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
Steve Riesenberg
306a3bc20a
Merge branch '5.8.x'
2022-09-12 10:49:40 -05:00
aSemy
6e2e8c41b5
typo fitler -> filter
2022-09-12 10:43:41 -05:00
aSemy
e7880b1815
Javadoc typo 'sue' -> 'use'
2022-09-12 10:43:03 -05:00
Rob Winch
0248421df1
Merge branch '5.8.x'
2022-09-08 10:15:24 -05:00
mariusz
b478e5bc93
gh-6899: @WithMockUser as metaannotation
2022-09-08 09:44:32 -05:00
Joshua Sattler
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
Steve Riesenberg
206c6ffb54
Remove deprecation warnings with Context.putAll
...
Closes gh-11476
2022-07-08 16:03:45 -05:00
Igor Bolic
d96b4a0463
Set the useTrailingSlashMatch to true for tests
...
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552 .
This causes failures in Spring Security's tests.
Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.
Closes gh-11451
2022-07-05 11:29:36 -06:00
Josh Cummings
6ac9366657
Add SecurityContextHolderStrategy Test Support
...
Issue gh-11061
Issue gh-11444
2022-06-27 13:17:45 -06:00
Josh Cummings
f86992a0af
Add SecurityContextHolderStrategy Test Support
...
Issue gh-11061
Issue gh-11444
2022-06-27 13:02:11 -06:00
Marcus Da Coregio
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
Rob Winch
b1233d053f
Add test support for SecurityContextHolderFilter
...
Issue gh-9635
2022-04-13 15:59:21 -05:00
Rob Winch
6e6d472da4
Add test support for SecurityContextHolderFilter
...
Issue gh-9635
2022-04-13 10:53:11 -05:00
Steve Riesenberg
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
Rob Winch
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
Rob Winch
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
Norbert Nowak
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
Norbert Nowak
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
giger85
440e89095f
Replace StringUtils class completely
...
Issue gh-9925
Closes gh-10805
2022-02-07 13:48:29 +01:00
giger85
4a3654a95b
Replace StringUtils class completely
...
Issue gh-9925
Closes gh-10805
2022-02-07 13:47:52 +01:00
Rob Winch
0e8c03401b
javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
...
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch
8f64bb6c8c
javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
...
Issue gh-10501
2022-01-19 14:33:53 -06:00
Marcus Da Coregio
db60df2f9c
Update to Spring Framework 6.0
...
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00