spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-21 16:30:27 +00:00

Author	SHA1	Message	Date
Steve Riesenberg	af2b84246b	Fix flaky test Issue gh-15735	2024-10-18 12:22:08 -05:00
Josh Cummings	9ce5a76e8c	Polish AuthorizationManager#authorize Issue gh-14843	2024-10-14 11:48:57 -07:00
Max Batischev	e7644925f8	Add AuthorizationResult support for AuthorizationManager Closes gh-14843	2024-10-14 11:48:57 -07:00
Josh Cummings	702538ebce	AuthorizationEventPublisher Accepts AuthorizationResult Closes gh-15915 Co-authored-by: Max Batischev <mblancer@mail.ru>	2024-10-14 11:48:57 -07:00
Max Batischev	2ca2e56383	Add Reactive One-Time Token Login support Closes gh-15699	2024-10-07 16:39:54 -07:00
Rob Winch	1dd79c379b	Add JdbcOneTimeTokenService Closes gh-15735	2024-10-02 14:42:13 -05:00
Rob Winch	c4b60cd080	Reduce visibility for JdbcOneTimeTokenServiceTests Issue gh-15735	2024-10-02 14:24:23 -05:00
Rob Winch	e8c71df899	Use private Inner JdbcOneTimeTokenService classes Issue gh-15735	2024-10-02 14:24:23 -05:00
Rob Winch	612b15abcc	JdbcOneTimeTokenService.setCleanupCron Spring Security uses setter methods for optional member variables. Allows for a null cleanupCron to disable the cleanup. In a clustered environment it is likely that users do not want all nodes to be performing a cleanup because it will cause contention on the ott table. Another example is if a user wants to invoke cleanUpExpiredTokens with a different strategy all together, they might want to disable the cron job. Issue gh-15735	2024-10-02 14:22:25 -05:00
Rob Winch	4787ac254d	cleanUpExpiredTokens->cleanupExpiredTokens Issue gh-15735	2024-10-02 10:59:26 -05:00
Rob Winch	4f328c9503	destroy() shuts down the taskScheduler Issue gh-15735	2024-10-02 10:59:21 -05:00
Max Batischev	0c216f0b59	Add public to setClock method in InMemoryOneTimeTokenService Closes gh-15863	2024-09-30 15:33:33 -05:00
Max Batischev	50cc36d53e	Add support JdbcOneTimeTokenService Closes gh-15735	2024-09-29 00:06:10 +03:00
Jonny Coddington	b90851d968	Improve Error Messages for PasswordEncoder Closes gh-14880 Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>	2024-09-17 14:16:08 -07:00
Marcus Hert Da Coregio	0618d4e03f	Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions Closes gh-14652	2024-09-13 08:42:14 -03:00
Josh Cummings	fd5d03d384	Add AuthorizeReturnObject Hints Closes gh-15709	2024-09-10 11:57:31 -07:00
Josh Cummings	da38b13a17	Add SecurityHintsRegistrar An interface for registering hints based on Security infrastructure beans. Closes gh-15772	2024-09-10 11:57:31 -07:00
Josh Cummings	fce2eb1531	Add AuthorizationProxy Interface Closes gh-15747	2024-09-09 15:39:03 -06:00
Niels Basjes	2dc787a573	Fix adding more implied roles in the RoleHierarchy Builder. Closes gh-15717 Signed-off-by: Niels Basjes <niels@basjes.nl>	2024-09-04 10:28:50 -03:00
Marcus Hert Da Coregio	00e4a8fb54	Add support for One-Time Token Login Closes gh-15114	2024-09-03 10:07:56 -03:00
DingHao	fd05c5ad76	Remove Advised Methods from Authorization Proxy Objects Closes gh-15561	2024-08-30 10:40:25 -07:00
Josh Cummings	626610a975	Polish Annotation API Rename to a class that isn't focused on the synthesis implementation detail. Also add Security to the front of the name to clarify that it is only intended for security annotations, reminiscent of SecurityMetadataSource. Refine method signatures to better articulate supported use cases. Issue gh-15286	2024-08-30 08:51:49 -06:00
Josh Cummings	cc6de8fa5d	Hide MergedAnnotation Implementation Details Issue gh-15286	2024-08-29 17:27:14 -06:00
Josh Cummings	59ec1f6480	Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration" This commit had some unintended consequences when the advisor interceptor was published in a Spring Boot application. As such, 15497 will be reopened to investigate. In the meantime, this commit reverts the previous change so as to allow the build to pass. Issue gh-15497	2024-08-12 10:12:14 -06:00
MrJovanovic13	6d657ea3da	InMemoryUserDetailsManager preserve user type Closes gh-3192	2024-08-09 10:09:41 -06:00
MrJovanovic13	503d653cea	Add InMemoryUserDetailsManager tests Tests added: createUserWhenUserAlreadyExistsThenException updateUserWhenUserDoesNotExistThenException loadUserByUsernameWhenUserNullThenException Issue gh-3192	2024-08-09 10:09:41 -06:00
Josh Cummings	de77e054fd	Default Handler Resolution to Reflection-Based Closes gh-15496	2024-08-07 14:34:40 -06:00
Josh Cummings	02cca6f737	Polish AuthorizationAdvisorProxyFactory advisor configuration Closes gh-15497	2024-08-07 10:09:51 -06:00
Josh Cummings	37a2812d1a	Mimic Annotation Fallback Logic For backward compatibility, this commit changes the annotation traversal logic to match what is found in PrePostAnnotationSecurityMetadataSource. This reverts gh-13783 which is a feature that unfortunately regressess pre-existing behavior like that found in gh-15352. As such, that functionality has been removed. Issue gh-15352	2024-07-31 16:17:42 -06:00
Josh Cummings	77bce14462	Polish Annotation Test This new arrangement of the test better matches the class hierarchy described by the original ticket. Issue gh-13234	2024-07-31 16:17:42 -06:00
Josh Cummings	90335bd0a6	Polish Annotation Test This test was made more effective by having it focus on the real scenario of resolving annotations from the standpoint of a bean	2024-07-31 16:17:42 -06:00
Josh Cummings	c736e075c1	Add AnnotationSythesizer API Closes gh-13234 Closes gh-13490 Closes gh-15097	2024-07-18 09:55:17 -06:00
Josh Cummings	e3438aa36a	Support AliasFor Closes gh-15436	2024-07-18 09:46:39 -06:00
Josh Cummings	03bcc6776a	Correct Authorization Tests Issue gh-9289	2024-07-18 09:46:38 -06:00
Josh Cummings	56c93afc66	Correct Tests About Conflicting Annotations Issue gh-9289	2024-07-18 09:46:38 -06:00
Blagoja Stamatovski	63f48167bd	Add Kotlin support to PreFilter and PostFilter annotations Closes gh-15093	2024-05-31 12:32:28 -06:00
Marcus Hert Da Coregio	b3c7f3ff19	Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision Issue gh-7395	2024-04-30 08:38:03 -03:00
Marcus Hert Da Coregio	2fbbcc4bd0	Polish Method Authorization Denied Handling - Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied - Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult - @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method Issue gh-14601	2024-04-12 15:55:25 -03:00
Josh Cummings	50b85aea0d	Handle SpEL AuthorizationDeniedExceptions Closes gh-14600	2024-04-10 15:36:23 -07:00
Marcus Hert Da Coregio	61eba00654	Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module. Issue gh-7395	2024-04-10 14:58:01 -03:00
Josh Cummings	c8e5fbf21b	Fix Package Tangle Issue gh-14598	2024-04-05 16:48:52 -06:00
Josh Cummings	6f07d63938	Support SpEL Returning AuthorizationDecision Closes gh-14598	2024-04-04 11:32:00 -06:00
Josh Cummings	0a9c482f62	Revert "Support SpEL Returning AuthorizationDecision" This reverts commit 77f2977c55842a717f8cb5c0344a7dd14b39c794.	2024-04-04 11:31:45 -06:00
Josh Cummings	77f2977c55	Support SpEL Returning AuthorizationDecision Closes gh-14599	2024-04-04 09:52:15 -07:00
Marcus Hert Da Coregio	d85857f905	Add Authorization Denied Handlers for Method Security Closes gh-14601	2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio	7d66525e23	Add Compromised Password Checker Closes gh-7395	2024-04-01 09:48:07 -03:00
Josh Cummings	9898e0e993	Move AuthorizationAdvisorProxyFactory To prevent package tangles Issue gh-14596	2024-03-22 11:00:39 -06:00
Josh Cummings	12ea8a5738	Add Supplier Support Issue gh-14597	2024-03-22 11:00:39 -06:00
Josh Cummings	795e44d11f	Add Value-Type Ignore Support Issue gh-14597	2024-03-22 11:00:39 -06:00
Josh Cummings	ce54a6db18	Add TestAuthentication convenience method Issue gh-14597	2024-03-19 10:27:03 -06:00

1 2 3 4 5 ...

1429 Commits