1911 Commits

Author SHA1 Message Date
Ruslan Stelmachenko
caa4093619 Fix javadoc for migration from WebSecurityConfigurerAdapter 2023-04-24 16:32:16 -06:00
Marcus Da Coregio
2d52fb8e4b Clear Repository on Logout 2023-04-17 06:47:57 -03:00
Martin Tarjányi
5eefe9dcff Fix typo in SessionManagementConfigurer javadoc 2023-03-22 10:07:44 -03:00
Marcus Da Coregio
1c3ce1e401 Fix entity-id ignored in RelyingPartyRegistration XML config
Closes gh-11898
2023-02-23 15:16:40 -03:00
Leonid Rozenblyum
000b4bc495 Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.

In particular, this exception can occur when mixing standard and custom DSL to register filters.

The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.

It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.

The error handling is implemented similarly to HttpSecurity#addFilter.

Closes gh-12637
2023-02-16 14:54:44 -07:00
Marcus Da Coregio
fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Mitja Kotnik
f39f215140 Replace javadoc with SecurityFilterChain bean definition 2022-12-05 14:40:05 -08:00
Guillaume Husta
a5464ed819 Fix typo in DefaultLoginPageConfigurer Javadoc
'isLogoutRequest' seems to have nothing to do here.
2022-12-05 14:31:15 -08:00
Marcus Da Coregio
f561d3784e Improve deprecation notice in WebSecurityConfigurerAdapter
Closes gh-12260
2022-11-21 10:05:08 -03:00
Josh Cummings
6efac34ca7
Merge branch '5.6.x' into 5.7.x
Closes gh-12125
2022-11-01 18:06:01 -06:00
Koos Gadellaa
5c4362bbc4
Refresh parsers when not found
Closes gh-3065
2022-11-01 18:05:15 -06:00
Marcus Da Coregio
a8d6c1d21f Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:58:22 -03:00
Marcus Da Coregio
c7912c551b Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:51:53 -03:00
Rob Winch
faf9fb7337 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:46 -05:00
Rob Winch
9f00045638 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:30 -05:00
Steve Riesenberg
99f768bab9 Polish HttpSecurity 2022-07-29 17:43:00 -05:00
Steve Riesenberg
984355e637 Remove references to WebSecurityConfigurerAdapter
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer

Closes gh-11288
2022-07-29 17:43:00 -05:00
Steve Riesenberg
09173c95d6 Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
Closes gh-11277
2022-07-29 17:43:00 -05:00
Marcus Da Coregio
a996dfc55b Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:38:50 -03:00
Marcus Da Coregio
d66ad22652 Add Deprecated annotation to WebSecurity#securityInterceptor
Closes gh-11634
2022-07-27 14:32:44 -03:00
Juny Tse
649428b49a
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 12:06:27 -06:00
Juny Tse
d0da160007
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
Closes gh-11262
2022-05-25 12:02:13 -06:00
Marcus Da Coregio
e45dcb3ab2 Update copyright headers
Issue gh-10956
2022-05-06 14:18:42 -03:00
Marcus Da Coregio
d3a451fffb Fix mvcMatchers overriding previous paths
Closes gh-10956
2022-05-06 14:18:36 -03:00
Marcus Da Coregio
d86ed6f523 Update copyright headers
Issue gh-10956
2022-05-06 14:14:16 -03:00
Marcus Da Coregio
1959c25a03 Fix mvcMatchers overriding previous paths
Closes gh-10956
2022-05-06 14:11:37 -03:00
Rob Winch
7b6fd598d0 Multiple <authentication-manager> Do Not Duplicate Alias
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.

This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.

Closes gh-8767
2022-05-03 14:57:22 -05:00
Eleftheria Stein
5ac5edc2e6 Detect UserDetailsService bean in X509 configuration
Closes gh-11174
2022-04-28 14:47:18 +02:00
Eleftheria Stein
d40c15e09e Update remember me Javadocs
Describe the new behaviour for retrieving the UserDetailsService

Issue gh-11170
2022-04-28 14:13:52 +02:00
Marcus Da Coregio
e94adedb94 Add shouldFilterAllDispatcherTypes to Kotlin DSL
Closes gh-11153
2022-04-28 08:19:20 -03:00
Eleftheria Stein
8e34cedcfe Detect UserDetailsService bean in remember me
Closes gh-11170
2022-04-28 12:43:13 +02:00
nor-ek
a3e7e54b70 Security Context Dsl
Closes gh-11039
2022-04-26 17:34:44 +02:00
Marcus Da Coregio
9d378103b0 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
Issue gh-10908
2022-04-25 09:43:50 -03:00
Marcus Da Coregio
23594b3d01 Fix setServletContext not being called for AuthorizationManagerWebInvocationPrivilegeEvaluator
Issue gh-10908
2022-04-25 09:42:00 -03:00
Rob Winch
aaf78330b1 ForceEagerSessionCreationFilter
Closes gh-11109
2022-04-15 14:16:35 -05:00
Marcus Da Coregio
7fea639a43 Add Option to Filter All Dispatcher Types
Closes gh-11092
2022-04-14 15:58:00 -03:00
Josh Cummings
147ab42440
Revert "Pick up AuthorizationManager Bean"
This reverts commit 32b83aae63db382d3107ad3eb68259715bbd88da.

Issue gh-11067
2022-04-12 09:32:09 -06:00
Rob Winch
39b0620a84 Add DisableUrlRewritingFilter
Closes gh-11084
2022-04-08 16:13:44 -05:00
Josh Cummings
32b83aae63
Pick up AuthorizationManager Bean
Closes gh-11067
Closes gh-11068
2022-04-08 10:08:33 -06:00
Josh Cummings
b39f213e64
Revert "Add AuthorizationManager to Messaging"
This reverts commit 77a6e014a9c3da916559ae7d1707b09db3ab1194.
2022-04-07 17:39:34 -06:00
Josh Cummings
77a6e014a9
Add AuthorizationManager to Messaging
Closes gh-11076
2022-04-07 17:39:10 -06:00
Josh Cummings
66213e5b2e
Add Default Test to HttpBasicConfigurerTests
Issue gh-10973
2022-04-05 17:11:39 -06:00
Josh Cummings
47c8676be7
Polish Saml2LoginConfigurerTests
Issue gh-10973
2022-04-05 17:11:38 -06:00
Josh Cummings
c175118f62
Use RequestMatcherEntry
Closes gh-11046
2022-03-30 14:31:11 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
2022-03-29 16:03:19 -06:00
Josh Cummings
a43677d36a
Simplify PrePostMethodSecurityConfiguration
Issue gh-9288
2022-03-29 15:44:16 -06:00
Rob Winch
67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest)
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
2022-03-25 14:21:52 -05:00
Yuriy Savchenko
446ab5047c
Add authorizeHttpRequests to Kotlin DSL
Closes gh-10481
2022-03-22 09:39:06 -06:00
Yuriy Savchenko
3016ed0067
Fix typos in Kotlin DSL docs
Issue gh-10481
2022-03-22 08:27:29 -06:00
Rob Winch
87ed31a99c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-11 17:22:23 -06:00