Commit Graph

2771 Commits

Author SHA1 Message Date
Steve Riesenberg c75ca10900
Add DeferredSecurityContext
Issue gh-12023
2022-10-17 19:33:58 -05:00
Josh Cummings 8d096554f8
Add AuthorizationEvent
Closes gh-11972
2022-10-10 12:28:57 -06:00
Josh Cummings f054505d6d
Support Deferred Contexts
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
Evgeniy Cheban c1d27612af Simplify AuthorizationManager composition
Closes gh-11625
2022-09-20 16:24:45 -06:00
Josh Cummings 3f8503f1b4
Deprecate AccessDecisionManager et al
Closes gh-11302
2022-09-20 16:09:59 -06:00
Josh Cummings 0f58620643 Add AspectJ AuthorizationManager Support
Closes gh-11326
2022-08-26 15:59:08 -06:00
Josh Cummings e990174c89
Polish ReactiveMethodSecurity Support
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
2022-08-25 14:36:03 -06:00
Josh Cummings 6fd23d2567
Add MockMethodInvocation Constructor
Issue gh-9401
2022-08-25 14:36:02 -06:00
Evgeniy Cheban cbb4f40f0c ReactiveAuthorizationManager + Reactive Method Security
Closes gh-9401
2022-08-25 14:35:04 -06:00
Rob Winch 2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Evgeniy Cheban 400cd60368 Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11360
2022-07-14 12:48:39 -06:00
Josh Cummings db25a37320
Consolidate ExpressionAuthorizationDecision
Issue gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings 281814a955
Add MethodExpressionAuthorizationManager
Closes gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings 51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
Issue gh-11328
2022-07-13 17:57:38 -06:00
Josh Cummings 38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
Issue gh-11060
2022-06-30 11:18:07 -06:00
Josh Cummings ee66850aed
Add SecurityContextHolderStrategy for Jaas
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
Josh Cummings 52d8e10ace
Use SecurityContextHolderStrategy for Database Support
Issue gh-11060
2022-06-28 09:08:42 -06:00
Josh Cummings 25c74896d1
Add SecurityContextHolderStrategy to Method Security
Issue gh-11060
2022-06-27 13:02:59 -06:00
Rob Winch d32f74d19d SecurityContextHolder Deferred SecurityContext
Closes gh-10913
2022-06-17 17:03:19 -05:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components
Issue gh-11060
2022-06-17 11:28:10 -06:00
Marcus Da Coregio 4c2401a576 Revert "Make source code compatible with JDK 8"
This reverts commit 60ed3602f6.
2022-06-02 19:24:42 +02:00
Evgeniy Cheban d557d2d0eb Add RoleHierarchy to AuthorityAuthorizationManager
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.

Closes gh-11304
2022-06-01 08:28:16 -06:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
2022-05-18 17:34:14 -06:00
Evgeniy Cheban 3f861f7f20
Polish gh-11188 2022-05-12 16:20:43 -05:00
Evgeniy Cheban 9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
Closes gh-11188
2022-05-09 16:05:04 -06:00
Evgeniy Cheban 66bbfc7a50 @EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.

Closes gh-11175
2022-05-03 13:17:23 -05:00
Josh Cummings 0e9228d10a
Prepare for Spring Security 5.8 2022-05-02 16:34:23 -06:00
Josh Cummings 057f4a86d5
Add default strategy constructor
Closes gh-11059
2022-04-05 17:29:47 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
2022-03-29 16:03:19 -06:00
Parikshit Dutta bd9434882f
Add authorization events
Closes gh-9288
2022-03-29 15:44:21 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:23:35 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support
Issue gh-10905
2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module
Closes gh-10905
2022-03-01 12:07:55 -07:00
Eleftheria Stein c6b185465d Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
Closes gh-10837
2022-02-15 11:24:23 +01:00
Rob Winch 70fa8b1fdb Add Support for @Transient SecurityContext
Closes gh-9995
2022-02-03 09:45:51 -06:00
Rob Winch 678c386834 jsr250-api -> jakarta.annotation-api
Issue gh-10501
2022-01-19 14:34:32 -06:00
Rob Winch f8e14683f6 Remove jcl-over-slf4j
Issue gh-10499
2022-01-19 14:33:46 -06:00
Marcus Da Coregio 60ed3602f6 Make source code compatible with JDK 8
Closes gh-10695
2022-01-11 09:19:41 -03:00
Guirong Hu 22379e79e7 Fix the bug that the custom GrantedAuthority comparison fails
Closes gh-10566
2021-12-08 08:50:36 -03:00
Josh Cummings a68411566e Polish Memory Leak Mitigation
Issue gh-9841
2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki 2bc643d6c8 Address SecurityContextHolder memory leak
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.

Closes gh-9841
2021-11-30 15:33:39 -07:00
Eleftheria Stein bbeca7cd65 Polish LDAP serialization
Closes gh-9263
2021-11-29 18:03:15 +01:00
Markus Heiden 3c18278123 Start with LDAP Jackson2 mixins
Issue gh-9263
2021-11-29 18:03:03 +01:00
Josh Cummings 7b15098570 Update Spring Security to 5.7
Closes gh-10509
2021-11-15 17:10:00 -07:00
Emil Sierżęga e0821f2a99 DaoAuthenticationProviderTests#avg returns fraction 2021-10-28 09:35:52 -06:00
Steve Riesenberg 5e091b94a9 Deprecate RemoteAuthentication* for 5.6
Closes gh-10430
2021-10-21 11:39:11 -05:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
2021-10-18 21:03:35 -05:00
Marcus Da Coregio 7fa39c8807 Deprecate EhCache2 support
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations

Closes gh-10362
2021-10-14 14:51:27 -03:00
Marcus Da Coregio 86c24da38b Improve Method Security logging
Closes gh-10247
2021-10-08 14:22:09 -03:00