Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,152 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

10152 Commits

Author SHA1 Message Date
Simone Giannino ea373645e5 Update saganCreateRelease property referenceDocUrl 
- Updated saganCreateRelease task with the new referenceDocUrl for reference documentation

Closes gh-11016
 2022-04-01 13:07:32 -03:00
Johannes Graf d4931ecf2b
use okta as registration id 
looks like `ping` is some registration id used in the past.
 2022-03-30 14:40:25 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings 04c483387e
Document Authorization Events 
Issue gh-9288
 2022-03-29 16:03:20 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Josh Cummings a43677d36a
Simplify PrePostMethodSecurityConfiguration 
Issue gh-9288
 2022-03-29 15:44:16 -06:00
Marcus Da Coregio c73bd4756d Change samplesBranch property to point to correct branch 
Closes gh-11040
 2022-03-28 13:35:11 -03:00
Marcus Da Coregio 6c52c52a68 Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 09:45:23 -03:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Rob Winch 8940719dbb HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:01:40 -05:00
Eleftheria Stein d4d6ddbaae Fix formatting in reference docs 2022-03-24 15:13:50 +01:00
Yuriy Savchenko 446ab5047c
Add authorizeHttpRequests to Kotlin DSL 
Closes gh-10481
 2022-03-22 09:39:06 -06:00
Yuriy Savchenko 3016ed0067
Fix typos in Kotlin DSL docs 
Issue gh-10481
 2022-03-22 08:27:29 -06:00
Marcus Da Coregio 7deaab8822 Next development version 2022-03-21 14:51:40 -03:00
Marcus Da Coregio ed0a323a71 Release 5.7.0-M3 2022-03-21 14:00:04 -03:00
Marcus Da Coregio 94adc640ca Update spring-data-bom to 2021.2.0-M4 
Closes gh-11014
 2022-03-21 13:57:14 -03:00
Marcus Da Coregio 0c9e73876d Update org.springframework to 5.3.17 
Closes gh-11011
 2022-03-21 10:10:13 -03:00
Marcus Da Coregio e128e8d87e Update htmlunit-driver to 2.60.0 
Closes gh-11010
 2022-03-21 10:10:11 -03:00
Marcus Da Coregio fe5cfa9cae Update org.jetbrains.kotlin to 1.6.20-RC 
Closes gh-11009
 2022-03-21 10:10:08 -03:00
Marcus Da Coregio 01c2694073 Update hibernate-entitymanager to 5.6.7.Final 
Closes gh-11008
 2022-03-21 10:10:06 -03:00
Marcus Da Coregio 393f182b40 Update htmlunit to 2.60.0 
Closes gh-11007
 2022-03-21 10:10:03 -03:00
Marcus Da Coregio dae500fb9b Update io.projectreactor to 2020.0.17 
Closes gh-11005
 2022-03-21 10:09:58 -03:00
Marcus Da Coregio 44aee2034b Update mockk to 1.12.3 
Closes gh-11004
 2022-03-21 10:09:55 -03:00
Marcus Da Coregio 106d77a1b9 Update com.nimbusds to 9.31 
Closes gh-11003
 2022-03-21 10:09:53 -03:00
Marcus Da Coregio 661848ef7e Update jackson-bom to 2.13.2 
Closes gh-11000
 2022-03-21 10:09:46 -03:00
Marcus Da Coregio 84717e0546 Update logback-classic to 1.2.11 
Closes gh-10999
 2022-03-21 10:09:43 -03:00
Steve Riesenberg 28dd7dabfb
Update What's New for 5.7 2022-03-17 12:56:17 -05:00
Steve Riesenberg 987ee2e67a
Polish gh-10911 2022-03-17 12:53:56 -05:00
David Kirstein 1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:53:55 -05:00
Steve Riesenberg c38c722473
Update What's New for 5.7 2022-03-17 09:56:45 -05:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Joe Grandja 4a8219d16c Update whats-new.adoc with gh-9812 2022-03-17 04:41:33 -04:00
Joe Grandja 50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
ShinDongHun1 7955e5ac52 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:29:40 +01:00
Josh Cummings cf29bf996c
Polish InResponseTo support 
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
 2022-03-15 14:06:58 -06:00
Elias Lousseief 3c878549b5
Add support for validation of InResponseTo 
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
 2022-03-15 14:06:57 -06:00
Elias Lousseief 836f203d44
Refactored OpenSaml4AuthenticationProviderTests 
Factored out repeatedly used code for signing a request.
 2022-03-15 14:06:57 -06:00
Simone Giannino 73003d59d6 OAuth 2.0 logout handler resolves uri placeholders 
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
 2022-03-15 12:54:39 -06:00
Rob Winch fabeabd2db Fix docs SecurityContextHolder Diagram 
Issue gh-9635
 2022-03-12 13:44:45 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository() 
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
 2022-03-11 17:21:49 -06:00
Rob Winch e4f1826622 Remove "Hi ... there" From Docs 
Close gh-10963
 2022-03-11 13:41:19 -06:00
Rob Winch b71b2f81e1 Add Persistence to documentation 
Closes gh-10962
 2022-03-11 13:41:19 -06:00
Rob Winch 9967078059 Antora 3.0.0 
Issue gh-10962
 2022-03-11 13:41:19 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Rob Winch d2f24ae5f5 Add SecurityContextRepository to all Authentication Filters 
Closes gh-10949
 2022-03-09 15:40:17 -06:00
Rob Winch 9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch 2e9b04ed48 CasAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00