a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
a3a9de1b9b
PermitAllSupport supports AuthorizeHttpRequestsConfigurer
...
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
2021-11-30 15:17:22 -07:00
43317c5a61
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
2021-11-30 15:27:58 -06:00
4318a51971
Fix CsrfConfigurer default AccessDeniedHandler consistency
...
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.
This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation
Fixes: gh-6511
2021-11-16 14:22:35 -06:00
61ee4e5a76
Avoid using SpEL to change the meaning of the injection point
...
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
2021-11-16 13:53:00 -06:00
aa0f788f59
Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes
2021-11-16 13:44:18 -06:00
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
76ebbb84f7
Separate Namespace Servlet Docs
...
Issue gh-10367
2021-11-05 12:45:46 -06:00
2f1638ec57
Fix javadoc
...
Closes gh-10382
2021-10-22 11:20:37 -03:00
cb70b6a39b
Fixed invalid usage of & tag in Javadocs
2021-10-21 11:47:04 +02:00
04b47c5928
Fixed various broken links in Javadocs
2021-10-21 11:47:04 +02:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
6b26032ce7
Fixed invalid usege of > tag in Javadocs
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
6db58cbf8a
Conditionally resolve bearer token from request parameters
...
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.
This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).
Closes gh-10326
2021-10-13 17:10:50 -05:00
33708e61fb
Add postProcess support to Saml2LogoutConfigurer
...
Closes gh-10311
2021-10-13 12:05:48 -06:00
fbb7691be4
Polish SecurityNamespaceHandler Tests
...
Issue gh-8974
2021-10-13 11:50:14 -06:00
8daa6ec1fd
SecurityNamespaceHandler: update schema version to 5.6
...
Closes gh-8974
2021-10-13 11:49:57 -06:00
ba8844a67e
Deprecate Kotlin methods that don't use reified types
...
Closes gh-10365
2021-10-13 10:16:37 +02:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
7112ee3eaa
Allow SAML 2.0 loginProcessingURL without registrationId
...
Closes gh-10176
2021-10-04 09:54:40 -03:00
e36e2b2a97
Move Saml2AuthnRequestRepository to web package
...
Moving to solve package tangles
Issue gh-9185
2021-09-29 14:10:39 -03:00
3b64cdfc03
Fix XsdDocumentedTests
...
Issue gh-5835
2021-09-24 10:25:26 -05:00
c3ba2332da
Wire BeanResolver into DefaultMethodSecurityExpressionHandler
...
Closes gh-10305
2021-09-22 14:14:29 -06:00
7b599d4770
Share JWKSource Instances
...
Closes gh-10312
2021-09-22 13:28:08 -06:00
0364518b69
Update Saml2LoginConfigurer to pick up Saml2AuthenticationTokenConverter bean
...
Closes gh-10268
2021-09-17 08:13:19 -03:00
1e76b11b3c
Remove duplicate entry from test LDIF file
...
Closes gh-10274
2021-09-16 10:26:06 +02:00
4f06fc6ed1
Add Saml2LogoutConfigurer
...
Closes gh-9497
2021-09-13 16:39:48 -06:00
6488295cad
Add RelyingPartyRegistrationResolver
...
Closes gh-9486
2021-09-13 16:39:48 -06:00
58d50888df
Fix return type to allow further security config
2021-09-13 15:31:02 -03:00
f2b2e6002f
Replace static "ROLE_" with customized role prefix
...
Fix gh-4134
2021-09-09 11:48:25 -06:00
3ab6bee856
Make method static to prevent circular dependency error
...
Workaround for circular dependency between ServerHttpSecurityConfiguration and WebFluxConfigurationSupport.
Closes gh-10076
2021-08-11 13:46:45 +02:00
662ab10416
Fix test getting stuck
...
The tests are getting stuck when running a single test class and the mock is performed in a static variable inside an inner class
Issue gh-6025
2021-07-27 14:55:53 -06:00
16e17d242e
Add Saml2AuthenticationRequestRepository
...
Closes gh-9185
2021-07-27 14:55:53 -06:00
6b68a6d62b
Apply rnc2Xsd
...
Issue gh-8657
2021-07-27 13:22:42 -06:00
6370906ead
Add SpringOpaqueTokenIntrospector
...
Closes gh-9354
2021-07-26 10:50:50 -06:00
d1dfb2b9ee
Improve OpenSAML Version Check
...
Closes gh-10077
2021-07-26 10:42:40 -06:00
5c8fb254c2
Add AuthenticationDetailsSource to OAuth2 Login Kotlin DSL
...
Closes gh-9838
2021-07-16 15:42:00 +02:00
b1612b1283
Add AuthenticationDetailsSource to Form Login Kotlin DSL
...
Closes gh-9837
2021-07-16 15:42:00 +02:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
342884e851
kotlin uses @ExtendWith(SpringTestContextExtension::class)
...
cd config/src/test/kotlin
rg 'SpringTestContext' -l | xargs sed -i '/^import org.junit.jupiter.api.Test/a import org.junit.jupiter.api.extension.ExtendWith'
rg 'SpringTestContext' -l | xargs sed -i '/^import org.springframework.security.config.test.SpringTestContext/a import org.springframework.security.config.test.SpringTestContextExtension'
rg 'SpringTestContext' -l | xargs sed -i '/^class .*/i @ExtendWith(SpringTestContextExtension::class)'
2021-07-09 15:57:21 -05:00
cc732bda3b
Use @ExtendWith(SpringExtension::class)
2021-07-09 15:57:21 -05:00
3b3ccb962d
Fix @Test(expected =
2021-07-09 15:57:21 -05:00
2bd55f0f62
@Test to JUnit 5 for kotlin
...
rg -g "*.kt" "import org.junit.Test" -l | xargs sed -i 's/import org.junit.Test/import org.junit.jupiter.api.Test/'
2021-07-09 15:57:21 -05:00
e251abb1ae
more import cleanup
2021-07-09 14:49:47 -05:00
3c4e15264c
Add @ExtendWith(SpringTestContextExtension.class)
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^public class/i @ExtendWith(SpringTestContextExtension.class)'
2021-07-09 14:49:46 -05:00
7dfd169ece
Add import ExtendWith
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' --files-without-match | xargs sed -i '/^import org.junit.jupiter.api.Test;/a import org.junit.jupiter.api.extension.ExtendWith;'
2021-07-09 14:49:45 -05:00
e4b09f62f0
Add SpringTestContextExtension to existing ExtendWith
...
rg 'import org.springframework.security.config.test.SpringTestContext' -l -g "*.java" | xargs rg '@ExtendWith' -l | xargs sed -E -i 's/@ExtendWith\((.*)\)/@ExtendWith({ \1, SpringTestContextExtension.class })/'
2021-07-09 14:49:42 -05:00
Josh Cummings
Hiroshi Shirosaki
Igor Pelesic
Guirong Hu
« Christophe
Stephane Nicoll
Onur Kagan Ozcan
Marcus Da Coregio
Emil Sierżęga
Rob Winch
Philipp Neuschwander
Gaurav Tiwari
Emil Sierżęga
Eleftheria Stein
Derek Van Blerkom
Yanming Zhou
Abdul Al-Faraj
Nick McKinney