Commit Graph

303 Commits

Author SHA1 Message Date
Josh Cummings 590e9e23d9
Merge branch '5.8.x' into 6.0.x
Closes gh-13253
2023-05-31 15:42:41 -06:00
Josh Cummings 79f1cf799d
Merge branch '5.7.x' into 5.8.x
Closes gh-13252
2023-05-31 15:31:31 -06:00
Josh Cummings bcc1cfc28a
Restore OAuth2AuthorizedClientRepository Test Instrumentation
Closes gh-13113
2023-05-31 15:30:03 -06:00
Marcus Da Coregio e3cc8d13e8 Merge branch '5.8.x' into 6.0.x 2023-04-19 11:29:49 -03:00
Marcus Da Coregio 744b74f4c9 Merge branch '5.7.x' into 5.8.x 2023-04-19 11:27:08 -03:00
Amal Krishna 8bec14009e Fix typo in SecurityMockMvcResultMatchers.java
Change the first parameter's name of the AuthenticatedMatcher.withAuthentication() method from assesrtAuthentication to assertAuthentication
2023-04-19 11:25:55 -03:00
Marcus Da Coregio 1a4a2a9055 Merge branch '5.8.x' into 6.0.x 2023-04-14 13:32:10 -03:00
Marcus Da Coregio 54117d7d27 Fix test suffix to align with checkstyle 2023-04-14 13:29:15 -03:00
Marcus Da Coregio 52ed165476 Move classpath checks to class member variable
Closes gh-11437
2023-02-07 09:25:06 -03:00
Marcus Da Coregio c15f45d9ee Only register hints for servlet applications
Closes gh-12622
2023-02-03 16:37:33 -03:00
Marcus Da Coregio 1648151dd2 Register hints for @WithSecurityContext on class level
Issue gh-12215
2022-11-17 10:18:15 -03:00
Marcus Da Coregio 177e11fbd7 Add WebTestUtils test runtime hints
Closes gh-12216
2022-11-16 11:16:20 -03:00
Marcus Da Coregio 7094ee3710 Add runtime hints for annotations using @WithSecurityContext
Closes gh-12215
2022-11-16 10:02:34 -03:00
Rob Winch 9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
2022-10-20 10:57:47 -05:00
Steve Riesenberg 2a2051cd7b
Default to Xor CSRF tokens in CsrfFilter
Issue gh-11960
2022-10-13 09:39:55 -05:00
Steve Riesenberg 7c872cf7fd
Merge branch '5.8.x' 2022-10-12 15:02:40 -05:00
Steve Riesenberg 440748ec65
Add test support for Xor CSRF tokens
Issue gh-4001
2022-10-12 15:02:15 -05:00
Marcus Da Coregio 398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration
Closes gh-11939
2022-10-07 15:26:46 -03:00
Marcus Da Coregio 35f7e46d05 Remove WebSecurityConfigurerAdapter
Closes gh-10902
2022-10-04 15:13:04 -03:00
Steve Riesenberg 5de6da890b
Merge branch '5.8.x'
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Rob Winch 4479cefade Default Require Explicit Session Management = true
Closes gh-11763
2022-09-30 21:49:05 -05:00
Steve Riesenberg bcb21c9384
Merge branch '5.8.x'
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
Steve Riesenberg 46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch 0efe26c1fd Merge branch '5.8.x'
Closes gh-11894
2022-09-22 13:47:04 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
2022-09-22 11:09:44 -05:00
Steve Riesenberg 306a3bc20a
Merge branch '5.8.x' 2022-09-12 10:49:40 -05:00
aSemy 6e2e8c41b5
typo fitler -> filter 2022-09-12 10:43:41 -05:00
aSemy e7880b1815
Javadoc typo 'sue' -> 'use' 2022-09-12 10:43:03 -05:00
Rob Winch 0248421df1 Merge branch '5.8.x' 2022-09-08 10:15:24 -05:00
mariusz b478e5bc93 gh-6899: @WithMockUser as metaannotation 2022-09-08 09:44:32 -05:00
Joshua Sattler 040111ae9e Remove Configuration meta-annotation from Enable* annotations
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
Steve Riesenberg 206c6ffb54
Remove deprecation warnings with Context.putAll
Closes gh-11476
2022-07-08 16:03:45 -05:00
Igor Bolic d96b4a0463 Set the useTrailingSlashMatch to true for tests
The Spring MVC changed the default behavior for trailing slash match
with https://github.com/spring-projects/spring-framework/issues/28552.
This causes failures in Spring Security's tests.

Setting the `useTrailingSlashMatch` to `true` ensures that Spring
Security will work for users who have modified the default configuration.
Specifing the request mapper with trailing slash path ensures that the tests
are successful when default behavior is used.

Closes gh-11451
2022-07-05 11:29:36 -06:00
Josh Cummings 6ac9366657
Add SecurityContextHolderStrategy Test Support
Issue gh-11061
Issue gh-11444
2022-06-27 13:17:45 -06:00
Josh Cummings f86992a0af
Add SecurityContextHolderStrategy Test Support
Issue gh-11061
Issue gh-11444
2022-06-27 13:02:11 -06:00
Marcus Da Coregio 806e05855c Replace removed context-related operators
Closes gh-11194
2022-05-10 14:58:02 -03:00
Rob Winch b1233d053f Add test support for SecurityContextHolderFilter
Issue gh-9635
2022-04-13 15:59:21 -05:00
Rob Winch 6e6d472da4 Add test support for SecurityContextHolderFilter
Issue gh-9635
2022-04-13 10:53:11 -05:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors
Issue gh-10989
2022-03-18 22:53:29 -05:00
Rob Winch 972039e65c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-12 13:31:04 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-11 17:22:23 -06:00
Norbert Nowak abd33389be Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:49:29 -07:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:23:35 -07:00
giger85 440e89095f Replace StringUtils class completely
Issue gh-9925
Closes gh-10805
2022-02-07 13:48:29 +01:00
giger85 4a3654a95b Replace StringUtils class completely
Issue gh-9925
Closes gh-10805
2022-02-07 13:47:52 +01:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api
Issue gh-10501
2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api
Issue gh-10501
2022-01-19 14:33:53 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin
Issue gh-9615
2021-10-05 11:23:29 -03:00