Commit Graph

10614 Commits

Author SHA1 Message Date
Rob Winch ebf180833e Update to mockito 4.7.0
Closes gh-11748
2022-08-23 16:01:46 -05:00
Rob Winch 2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Rob Winch 0c2c95c02f Merge branch '5.7.x' into 5.8.x 2022-08-23 13:47:10 -05:00
Rob Winch 7d972b10db Merge branch '5.6.x' into 5.7.x 2022-08-23 13:46:56 -05:00
Rob Winch 8c69699458 Remove backportbot.yml
Issue gh-11736
2022-08-23 13:46:32 -05:00
Rob Winch e3c447d761 Merge branch '5.7.x' into 5.8.x
Closes gh-11746
2022-08-23 13:42:37 -05:00
Rob Winch d37c413460 Merge branch '5.7.x' into 5.8.x 2022-08-23 13:39:25 -05:00
Rob Winch f774c4de39 Merge branch '5.6.x' into 5.7.x
Closes gh-11738
2022-08-23 13:30:59 -05:00
Rob Winch fc10d5fc29 repository=spring-projects/spring-security
Previously the repository used spring-project (missing the s)
2022-08-23 13:30:20 -05:00
Rob Winch df785408f1 Merge branch '5.6.x' into 5.7.x 2022-08-23 13:23:15 -05:00
Rob Winch c79ebf4edf Setup Forward Merge 2022-08-22 16:19:44 -05:00
Marcus Da Coregio a8d6c1d21f Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:58:22 -03:00
Marcus Da Coregio c7912c551b Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:51:53 -03:00
Marcus Da Coregio 3826fca567 Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
2022-08-19 09:33:08 -03:00
Rob Winch 1de810a565 Add DeferHttpSession*Tests
Closes gh-6125
2022-08-18 17:00:47 -05:00
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
2022-08-18 17:00:47 -05:00
Steve Riesenberg 7c7f9380c7
Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:54:45 -05:00
tinolazreg 888715bbb2
Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:54:45 -05:00
Steve Riesenberg 53a3ff8932
Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:53:45 -05:00
tinolazreg 77d11a3f9f
Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:53:44 -05:00
Steve Riesenberg 51dc672625
Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:48:42 -05:00
tinolazreg d1c742d7aa
Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:48:41 -05:00
Evgeniy Cheban ba50c50b4b
Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager
- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11509
2022-08-16 15:14:08 -06:00
Marcus Da Coregio 7359bd5949 Move SAML Post inline javascript to script tag
To avoid relying on HTML event handlers and adding unsafe-* rules to CSP, the javascript is moved to a <script> tag. This also allows a better browser compatibility

Closes gh-11676
2022-08-16 15:06:10 -06:00
jujunChen 13feb87171
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
jujunChen d93bde7465
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:06 -06:00
jujunChen e3d85881e9
Modify words
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:48:14 -06:00
Rob Winch c1a6cea60a Defer CsrfFilter Session Access
Closes gh-11456
2022-08-16 11:31:27 -05:00
Rob Winch 5b64526ba9 Add CsrfFilter.csrfRequestAttributeName
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.

This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.

Issue gh-11699
2022-08-15 17:07:02 -05:00
Rob Winch 666f175225 LazyCsrfTokenRepository#loadToken Supports Deferring Delegation
Previously LazyCsrfTokenRepository supported lazily saving the CsrfToken
which allowed for lazily saving the CsrfToken. However, it did not
support lazily reading the CsrfToken. This meant every request required
reading the CsrfToken (often the HttpSession).

This commit allows for lazily reading the CsrfToken and thus prevents
unnecessary reads to the HttpSession.

Closes gh-11700
2022-08-15 17:07:02 -05:00
Rob Winch faf9fb7337 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:46 -05:00
Rob Winch 9f00045638 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:30 -05:00
Rob Winch 002a770f13 NamespaceLdapAuthenticationProviderTests use Dynamic Port
Closes gh-11710
2022-08-15 15:26:12 -05:00
Rob Winch f33d7253b6 GitHubMilestoneApiTests due_on Uses LocalDate
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
2022-08-15 13:04:29 -05:00
Rob Winch d8ae2c8763 GitHubMilestoneApiTests due_on Uses LocalDate
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
2022-08-15 13:03:10 -05:00
Rob Winch 4473c3f7d0 GitHubMilestoneApiTests due_on Uses LocalDate
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
2022-08-15 13:01:58 -05:00
github-actions[bot] 1510460a1a Next development version 2022-08-15 16:14:19 +00:00
github-actions[bot] db74e9d128 Next development version 2022-08-15 16:07:33 +00:00
github-actions[bot] c188b70c88 Next development version 2022-08-15 16:06:45 +00:00
github-actions[bot] 4559d269e0 Release 5.6.7 2022-08-15 15:25:05 +00:00
github-actions[bot] 173d74d693 Release 5.7.3 2022-08-15 15:24:54 +00:00
github-actions[bot] 063e56ce8b Release 5.8.0-M2 2022-08-15 15:24:27 +00:00
Josh Cummings 66cb3e02d0
Update org.springframework.data to 2021.2.2
Closes gh-11698
2022-08-11 14:20:52 -06:00
Josh Cummings 74675ef793
Update org.springframework to 5.3.22
Closes gh-11697
2022-08-11 14:20:48 -06:00
Josh Cummings a92ac82c4b
Update jsonassert to 1.5.1
Closes gh-11696
2022-08-11 14:20:45 -06:00
Josh Cummings db638c2a77
Update org.jetbrains.kotlinx to 1.6.4
Closes gh-11695
2022-08-11 14:20:41 -06:00
Josh Cummings f884527c1b
Update hibernate-entitymanager to 5.6.10.Final
Closes gh-11694
2022-08-11 14:20:38 -06:00
Josh Cummings dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622
Closes gh-11693
2022-08-11 14:20:35 -06:00
Josh Cummings 2eeee99d2e
Update io.projectreactor to 2020.0.22
Closes gh-11691
2022-08-11 14:20:28 -06:00
Josh Cummings e8c56420bf
Update mockk to 1.12.5
Closes gh-11690
2022-08-11 14:20:24 -06:00