00e4a8fb54
Add support for One-Time Token Login
...
Closes gh-15114
2024-09-03 10:07:56 -03:00
fd05c5ad76
Remove Advised Methods from Authorization Proxy Objects
...
Closes gh-15561
2024-08-30 10:40:25 -07:00
626610a975
Polish Annotation API
...
Rename to a class that isn't focused on the synthesis implementation detail.
Also add Security to the front of the name to clarify that it is only intended
for security annotations, reminiscent of SecurityMetadataSource.
Refine method signatures to better articulate supported use cases.
Issue gh-15286
2024-08-30 08:51:49 -06:00
cc6de8fa5d
Hide MergedAnnotation Implementation Details
...
Issue gh-15286
2024-08-29 17:27:14 -06:00
84fc5a70ee
Fix variable targetClassToUse not used
...
Closes gh-15567
2024-08-26 15:49:22 -07:00
1118b0ec63
Defer Sorting AuthorizationAdvisors in addAdvisor
...
Issue gh-15658
2024-08-20 17:23:10 -06:00
4da13f6091
Merge branch '6.3.x'
2024-08-20 16:47:48 -06:00
0cab7c8f15
Defer Sorting AuthorizationAdvisors
...
Invoking AnnotationAwareOrderComparator#sort while the
AuthorizationAdvisors are still being computed causes those
advisors to be eagerly instantiated, making components
like ObservationRegistry ineligible for post processing.
This commit defers the sorting of the advisors until
after they are all fully instantiated and available in
the application context.
Closes gh-15658
2024-08-20 16:47:29 -06:00
f398be793d
Simplify AuthorizationAdvisorProxyFactory Configuration
...
Closes gh-15497
2024-08-19 12:34:38 -06:00
912062d307
Merge branch '6.2.x' into 6.3.x
2024-08-19 09:11:10 -03:00
79fb0113c8
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
2caf1fb6b4
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
13125d0745
Add AuthorizationDeniedException(String)
...
Closes gh-15607
2024-08-14 13:57:07 -05:00
59ec1f6480
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
...
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.
Issue gh-15497
2024-08-12 10:12:14 -06:00
08b8b09066
Update Copyright
...
Issue gh-15286
2024-08-10 11:48:14 -06:00
e40c98e6d7
Deprecate PrePostTemplateDefaults
...
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.
If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.
Issue gh-15286
2024-08-10 11:46:51 -06:00
6d657ea3da
InMemoryUserDetailsManager preserve user type
...
Closes gh-3192
2024-08-09 10:09:41 -06:00
503d653cea
Add InMemoryUserDetailsManager tests
...
Tests added:
createUserWhenUserAlreadyExistsThenException
updateUserWhenUserDoesNotExistThenException
loadUserByUsernameWhenUserNullThenException
Issue gh-3192
2024-08-09 10:09:41 -06:00
34d964eb08
Default Handler Resolution to Reflection-Based
...
Closes gh-15496
2024-08-07 14:50:33 -06:00
de77e054fd
Default Handler Resolution to Reflection-Based
...
Closes gh-15496
2024-08-07 14:34:40 -06:00
02cca6f737
Polish AuthorizationAdvisorProxyFactory advisor configuration
...
Closes gh-15497
2024-08-07 10:09:51 -06:00
37a2812d1a
Mimic Annotation Fallback Logic
...
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.
This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.
Issue gh-15352
2024-07-31 16:17:42 -06:00
77bce14462
Polish Annotation Test
...
This new arrangement of the test better matches the class
hierarchy described by the original ticket.
Issue gh-13234
2024-07-31 16:17:42 -06:00
90335bd0a6
Polish Annotation Test
...
This test was made more effective by having it focus on the real
scenario of resolving annotations from the standpoint of a bean
2024-07-31 16:17:42 -06:00
f20ae1a71c
Revert gh-13783
...
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.
Closes gh-15352
2024-07-31 16:16:34 -06:00
4036e910c7
Add @FunctionalInterface to AuthenticationManager
2024-07-18 17:25:44 -07:00
c736e075c1
Add AnnotationSythesizer API
...
Closes gh-13234
Closes gh-13490
Closes gh-15097
2024-07-18 09:55:17 -06:00
e3438aa36a
Support AliasFor
...
Closes gh-15436
2024-07-18 09:46:39 -06:00
03bcc6776a
Correct Authorization Tests
...
Issue gh-9289
2024-07-18 09:46:38 -06:00
56c93afc66
Correct Tests About Conflicting Annotations
...
Issue gh-9289
2024-07-18 09:46:38 -06:00
9a714424d5
Adds missing translated messages for PT-BR
...
Partially fix #spring-projectsgh-9315
Adds Brazilian Portuguese translation missing for following messages in messages_pt_BR.properties;
- ExceptionTranslationFilter.insufficientAuthentication
- LdapAuthenticationProvider.badLdapConnection
- PersistentTokenBasedRememberMeServices.cookieStolen
2024-05-31 12:36:52 -06:00
aa9bf83c6d
Polish Exception Handling
...
Issue gh-15093
2024-05-31 12:34:33 -06:00
63f48167bd
Add Kotlin support to PreFilter and PostFilter annotations
...
Closes gh-15093
2024-05-31 12:32:28 -06:00
742c95b1fc
Use instanceof Pattern Matching
2024-05-15 08:32:25 -03:00
e932387714
fix docs error
...
Closes gh-14978
2024-05-13 09:28:27 -03:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
b3c7f3ff19
Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
...
Issue gh-7395
2024-04-30 08:38:03 -03:00
2a6f0cac5a
Fix not exist class in java doc
...
Closes gh-14954
2024-04-25 11:37:23 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
933ef67637
Polish AuthorizationDeniedException Handling
...
Issue gh-14600
2024-04-11 14:30:00 -06:00
50b85aea0d
Handle SpEL AuthorizationDeniedExceptions
...
Closes gh-14600
2024-04-10 15:36:23 -07:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
c8e5fbf21b
Fix Package Tangle
...
Issue gh-14598
2024-04-05 16:48:52 -06:00
e5f7453690
fix: variable naming convention
...
Changed the variable name from MAX_INTITEM_LENGTH to MAX_INT_ITEM_LENGTH to adhere to naming conventions
2024-04-05 15:05:32 -07:00
3f7355abc6
Synthesize all annotation attributes
...
Issue gh-14601
2024-04-04 13:30:29 -06:00
6f07d63938
Support SpEL Returning AuthorizationDecision
...
Closes gh-14598
2024-04-04 11:32:00 -06:00
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
...
This reverts commit 77f2977c55
2024-04-04 11:31:45 -06:00
77f2977c55
Support SpEL Returning AuthorizationDecision
...
Closes gh-14599
2024-04-04 09:52:15 -07:00
d85857f905
Add Authorization Denied Handlers for Method Security
...
Closes gh-14601
2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio
DingHao
Josh Cummings
Daniel Garnier-Moiroux
Rob Winch
MrJovanovic13
KyeongHoon Lee
Juliana Hachmann
Blagoja Stamatovski
Hyeon Sung
YunByungil