Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,453 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

2671 Commits

Author SHA1 Message Date
DingHao ed16c86115 Improve @CurrentSecurityContext meta-annotations 
Closes gh-15551
 2024-08-13 13:18:15 -06:00
Josh Cummings 59ec1f6480
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration" 
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.

Issue gh-15497
 2024-08-12 10:12:14 -06:00
Josh Cummings 08b8b09066
Update Copyright 
Issue gh-15286
 2024-08-10 11:48:14 -06:00
Josh Cummings 2b33f6f04a Add Config Tests for AuthenticationPrincipal Templates 
Issue gh-15286
 2024-08-10 11:46:51 -06:00
Josh Cummings e40c98e6d7 Deprecate PrePostTemplateDefaults 
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.

If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.

Issue gh-15286
 2024-08-10 11:46:51 -06:00
DingHao 2c02d8aec7 Update Copyright 2024-08-10 11:46:51 -06:00
DingHao 895978c818 Auto config AuthenticationPrincipalArgumentResolver When AnnotationTemplateExpressionDefaults bean is Present 2024-08-10 11:46:51 -06:00
Rob Winch 71f40f2bc4 Merge branch '6.3.x' 
Use explicit types instead of var

Closes gh-155537
 2024-08-08 15:30:16 -05:00
Daniel Garnier-Moiroux 3b8cdc323f Remove unused method 2024-08-08 15:29:41 -05:00
Daniel Garnier-Moiroux 109da2719f Use explicit types everywhere instead of var 2024-08-08 15:29:41 -05:00
Josh Cummings 02cca6f737
Polish AuthorizationAdvisorProxyFactory advisor configuration 
Closes gh-15497
 2024-08-07 10:09:51 -06:00
Josh Cummings 816ebe38b5
Add OpenSAML to Config Build 
Issue gh-11658
 2024-08-06 18:14:12 -06:00
Josh Cummings 1da383b360
Add OpenSAML 5 Support 
Issue gh-11658
 2024-08-06 18:14:11 -06:00
Josh Cummings 78a0173cc1
Use OpenSAML API for web 
Issue gh-11658
 2024-08-06 18:14:11 -06:00
Josh Cummings 51fc05630d
Use OpenSAML API for web.authentication.logout 
Issue gh-11658
 2024-08-06 18:14:10 -06:00
Josh Cummings ff9a925e88
Use OpenSAML API for metadata 
Issue gh-11658
 2024-08-06 18:14:10 -06:00
Josh Cummings 416859e70e
Use OpenSAML API in authentication.logout 
Issue gh-11658
 2024-08-06 18:14:10 -06:00
Daniel Garnier-Moiroux bc8ba7f3b7 Inline CSS for default login and logout page 
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
  in air-gapped or offline scenarios, and no dependency on an external CDN that may
  go away some day.
 2024-08-05 09:27:18 -05:00
Josh Cummings 37a2812d1a
Mimic Annotation Fallback Logic 
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.

This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.

Issue gh-15352
 2024-07-31 16:17:42 -06:00
Josh Cummings f20ae1a71c
Revert gh-13783 
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.

Closes gh-15352
 2024-07-31 16:16:34 -06:00
Marcus Hert Da Coregio 304685521c Fix tags order 2024-07-29 15:35:48 -03:00
Marcus Hert Da Coregio 8231b8a03b Merge branch '6.3.x' 2024-07-29 14:56:16 -03:00
Marcus Hert Da Coregio c1b3b329af Merge branch '6.2.x' into 6.3.x 2024-07-29 14:56:09 -03:00
baezzys 3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource 
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
 2024-07-29 14:55:55 -03:00
Marcus Hert Da Coregio 98af8d1123 Add permissionsPolicyHeader 
This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`.

Closes gh-14803
 2024-07-29 09:26:42 -03:00
Josh Cummings 9d8888c5f0 Use AssertingPartyMetadata 
Issue gh-15394
 2024-07-19 18:48:23 -07:00
Josh Cummings fdcf3c6df9
Merge branch '6.3.x' 2024-07-18 15:51:21 -06:00
Josh Cummings ba714d78ab
Merge branch '6.2.x' into 6.3.x 
Closes gh-15440
 2024-07-18 15:51:10 -06:00
Josh Cummings 3daeeb8789
Merge branch '5.8.x' into 6.2.x 
Closes gh-15439
 2024-07-18 15:50:58 -06:00
Josh Cummings dab48d25b0
Improve Error Message When Registration Missing 
Closes gh-15363
 2024-07-18 15:50:41 -06:00
Josh Cummings 796e4d6b6c
Add query parameter support for authn requests 
Closes gh-15017
 2024-07-13 23:57:57 -06:00
Josh Cummings 8ee497f4c5
Merge branch '6.2.x' into 6.3.x 
Closes gh-15410
 2024-07-12 11:04:08 -06:00
Josh Cummings 7422a1134a Allow logout+jwt JWT type 
Closes gh-15003
 2024-07-12 10:03:40 -07:00
Josh Cummings 773e86701e
Add ParameterRequestMatcher 
Closes gh-15342
 2024-07-02 15:17:54 -06:00
Marcus Hert Da Coregio aa9c1bab67 Upgrade to Spring Framework 6.2.0-M4 
Closes gh-15266
 2024-06-18 14:07:05 -03:00
Josh Cummings 0e7566ede3
Adjust any-request check 
Storing the request matcher outside of the for loop means that
if one of the SecurityFilterChain instances is not of type
DefaultSecurityFilterChain, then the error may print out an
earlier request matcher instead of the current one.

Instead, this commit changes to print out the entire filter chain
so that it can be inside of the for loop, regardless of type.

Issue gh-15220
 2024-06-17 14:34:03 -06:00
Max Batischev 4c780bf8d4 Add support checking AnyRequestMatcher securityFilterChains 
Closes gh-15220
 2024-06-17 13:05:36 -06:00
Steve Riesenberg 7eaab95639
Polish gh-15237 2024-06-13 16:05:15 -05:00
Max Batischev 4e52eda0f5
Add support configuring OAuth2AuthorizationRequestResolver as bean 
Closes gh-15236
 2024-06-13 16:05:15 -05:00
Marcus Hert Da Coregio b4c8fdf91d Add missing @Test annotation 2024-06-10 15:43:52 -03:00
Marcus Hert Da Coregio 7c43fc111f Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL 
Closes gh-15136
 2024-06-10 15:41:28 -03:00
Josh Cummings 4ca0de9c2d
Sync XSD with RncToXsd Task 2024-06-06 15:17:56 -06:00
Josh Cummings a7f9ccb6d6
Use GrantedAuthorityDefaults Bean in Kotlin DSL 
Closes gh-15171
 2024-06-06 15:16:32 -06:00
Josh Cummings 87ee464dce
Merge branch '6.3.x' 2024-06-06 13:36:39 -06:00
Josh Cummings 22c7b8760a
Merge branch '6.2.x' into 6.3.x 
Closes gh-15211
 2024-06-06 13:36:20 -06:00
Josh Cummings f231ea277d
Merge branch '5.8.x' into 6.2.x 
Closes gh-15210
 2024-06-06 13:35:56 -06:00
Josh Cummings 6aabd768a8
Pick MvcRequestMatcher for MockMvc requests 
Closes gh-13849
 2024-06-06 13:17:43 -06:00
Josh Cummings 81abc453fe
Merge branch '6.3.x' 2024-06-03 17:43:12 -06:00
Josh Cummings 0aed8df549
Merge branch '6.2.x' into 6.3.x 
Closes gh-15197
 2024-06-03 17:42:58 -06:00
Josh Cummings d6228e0882
Merge branch '5.8.x' into 6.2.x 
Closes gh-15196
 2024-06-03 17:42:25 -06:00