Steve Riesenberg
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
Josh Cummings
8d096554f8
Add AuthorizationEvent
...
Closes gh-11972
2022-10-10 12:28:57 -06:00
Josh Cummings
f054505d6d
Support Deferred Contexts
...
Closes gh-11817
Issue gh-10913
2022-09-30 16:49:47 -06:00
Evgeniy Cheban
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
Josh Cummings
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
Josh Cummings
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
Josh Cummings
e990174c89
Polish ReactiveMethodSecurity Support
...
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @Deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well
Issue gh-9401
Polish
2022-08-25 14:36:03 -06:00
Josh Cummings
6fd23d2567
Add MockMethodInvocation Constructor
...
Issue gh-9401
2022-08-25 14:36:02 -06:00
Evgeniy Cheban
cbb4f40f0c
ReactiveAuthorizationManager + Reactive Method Security
...
Closes gh-9401
2022-08-25 14:35:04 -06:00
Rob Winch
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
Evgeniy Cheban
400cd60368
Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer
...
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous
Closes gh-11360
2022-07-14 12:48:39 -06:00
Josh Cummings
db25a37320
Consolidate ExpressionAuthorizationDecision
...
Issue gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings
281814a955
Add MethodExpressionAuthorizationManager
...
Closes gh-11493
2022-07-13 17:58:16 -06:00
Josh Cummings
51475e2583
Polish InterceptMethodsBeanDefinitionDecorator
...
Issue gh-11328
2022-07-13 17:57:38 -06:00
Josh Cummings
38cb6c3172
Use SecurityContextHolderStrategy for Context Propagation
...
Issue gh-11060
2022-06-30 11:18:07 -06:00
Josh Cummings
ee66850aed
Add SecurityContextHolderStrategy for Jaas
...
Issue gh-11060
Issue gh-11061
2022-06-28 09:26:05 -06:00
Josh Cummings
52d8e10ace
Use SecurityContextHolderStrategy for Database Support
...
Issue gh-11060
2022-06-28 09:08:42 -06:00
Josh Cummings
25c74896d1
Add SecurityContextHolderStrategy to Method Security
...
Issue gh-11060
2022-06-27 13:02:59 -06:00
Rob Winch
d32f74d19d
SecurityContextHolder Deferred SecurityContext
...
Closes gh-10913
2022-06-17 17:03:19 -05:00
Josh Cummings
31e25b115e
Add SecurityContextHolderStrategy to Default Components
...
Issue gh-11060
2022-06-17 11:28:10 -06:00
Marcus Da Coregio
4c2401a576
Revert "Make source code compatible with JDK 8"
...
This reverts commit 60ed3602f6
.
2022-06-02 19:24:42 +02:00
Evgeniy Cheban
d557d2d0eb
Add RoleHierarchy to AuthorityAuthorizationManager
...
Added roleHierarchy field to AuthorityAuthorizationManager
that defaults to NullRoleHierarchy along with setter method to override.
Closes gh-11304
2022-06-01 08:28:16 -06:00
Evgeniy Cheban
362f15534e
createEvaluationContext should defer lookup of Authentication
...
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication
Closes gh-9667
2022-05-18 17:34:14 -06:00
Evgeniy Cheban
3f861f7f20
Polish gh-11188
2022-05-12 16:20:43 -05:00
Evgeniy Cheban
9f669c5e3c
Consider replacing an inner loop with Set of authority strings in AuthorityAuthorizationManager
...
Closes gh-11188
2022-05-09 16:05:04 -06:00
Evgeniy Cheban
66bbfc7a50
@EnableMethodSecurity doesn't resolve Method Security annotations on interfaces through a Proxy
...
Removed proxy unwrapping in case of resolving Method Security annotations,
this cause an issue when interfaces which are implemented by the proxy was skipped,
resulting in a missing security checks on those methods.
Closes gh-11175
2022-05-03 13:17:23 -05:00
Josh Cummings
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
Josh Cummings
057f4a86d5
Add default strategy constructor
...
Closes gh-11059
2022-04-05 17:29:47 -06:00
Josh Cummings
061f69eb70
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:03:19 -06:00
Parikshit Dutta
bd9434882f
Add authorization events
...
Closes gh-9288
2022-03-29 15:44:21 -06:00
Norbert Nowak
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
Josh Cummings
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
Ulrich Grave
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
Eleftheria Stein
c6b185465d
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:24:23 +01:00
Rob Winch
70fa8b1fdb
Add Support for @Transient SecurityContext
...
Closes gh-9995
2022-02-03 09:45:51 -06:00
Rob Winch
678c386834
jsr250-api -> jakarta.annotation-api
...
Issue gh-10501
2022-01-19 14:34:32 -06:00
Rob Winch
f8e14683f6
Remove jcl-over-slf4j
...
Issue gh-10499
2022-01-19 14:33:46 -06:00
Marcus Da Coregio
60ed3602f6
Make source code compatible with JDK 8
...
Closes gh-10695
2022-01-11 09:19:41 -03:00
Guirong Hu
22379e79e7
Fix the bug that the custom GrantedAuthority comparison fails
...
Closes gh-10566
2021-12-08 08:50:36 -03:00
Josh Cummings
a68411566e
Polish Memory Leak Mitigation
...
Issue gh-9841
2021-11-30 15:33:47 -07:00
Hiroshi Shirosaki
2bc643d6c8
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
2021-11-30 15:33:39 -07:00
Eleftheria Stein
bbeca7cd65
Polish LDAP serialization
...
Closes gh-9263
2021-11-29 18:03:15 +01:00
Markus Heiden
3c18278123
Start with LDAP Jackson2 mixins
...
Issue gh-9263
2021-11-29 18:03:03 +01:00
Josh Cummings
7b15098570
Update Spring Security to 5.7
...
Closes gh-10509
2021-11-15 17:10:00 -07:00
Emil Sierżęga
e0821f2a99
DaoAuthenticationProviderTests#avg returns fraction
2021-10-28 09:35:52 -06:00
Steve Riesenberg
5e091b94a9
Deprecate RemoteAuthentication* for 5.6
...
Closes gh-10430
2021-10-21 11:39:11 -05:00
Emil Sierżęga
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
Rob Winch
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
Marcus Da Coregio
7fa39c8807
Deprecate EhCache2 support
...
Since EhCache 3 is fully JSR-107 compliant, we should remove EhCache2 support and provide JCache implementations
Closes gh-10362
2021-10-14 14:51:27 -03:00
Marcus Da Coregio
86c24da38b
Improve Method Security logging
...
Closes gh-10247
2021-10-08 14:22:09 -03:00