796e4d6b6c
Add query parameter support for authn requests
...
Closes gh-15017
2024-07-13 23:57:57 -06:00
773e86701e
Add ParameterRequestMatcher
...
Closes gh-15342
2024-07-02 15:17:54 -06:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
0e7566ede3
Adjust any-request check
...
Storing the request matcher outside of the for loop means that
if one of the SecurityFilterChain instances is not of type
DefaultSecurityFilterChain, then the error may print out an
earlier request matcher instead of the current one.
Instead, this commit changes to print out the entire filter chain
so that it can be inside of the for loop, regardless of type.
Issue gh-15220
2024-06-17 14:34:03 -06:00
4c780bf8d4
Add support checking AnyRequestMatcher securityFilterChains
...
Closes gh-15220
2024-06-17 13:05:36 -06:00
7eaab95639
Polish gh-15237
2024-06-13 16:05:15 -05:00
4e52eda0f5
Add support configuring OAuth2AuthorizationRequestResolver as bean
...
Closes gh-15236
2024-06-13 16:05:15 -05:00
b4c8fdf91d
Add missing @Test annotation
2024-06-10 15:43:52 -03:00
7c43fc111f
Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL
...
Closes gh-15136
2024-06-10 15:41:28 -03:00
4ca0de9c2d
Sync XSD with RncToXsd Task
2024-06-06 15:17:56 -06:00
a7f9ccb6d6
Use GrantedAuthorityDefaults Bean in Kotlin DSL
...
Closes gh-15171
2024-06-06 15:16:32 -06:00
87ee464dce
Merge branch '6.3.x'
2024-06-06 13:36:39 -06:00
22c7b8760a
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15211
2024-06-06 13:36:20 -06:00
f231ea277d
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15210
2024-06-06 13:35:56 -06:00
6aabd768a8
Pick MvcRequestMatcher for MockMvc requests
...
Closes gh-13849
2024-06-06 13:17:43 -06:00
81abc453fe
Merge branch '6.3.x'
2024-06-03 17:43:12 -06:00
0aed8df549
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15197
2024-06-03 17:42:58 -06:00
d6228e0882
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15196
2024-06-03 17:42:25 -06:00
cdd626644e
Use Request-Level Servlet Context
...
Spring Security cannot use the ServletContext attached
to the ApplicationContext since there may be child
ApplicationContext's with their own ServletContext.
Because of that, it is necessary to always use the
ServletContext attached to the request.
Closes gh-14418
2024-06-03 17:41:51 -06:00
5a798e93f1
Polish MVC Tests
...
Issue gh-14418
2024-06-03 17:41:51 -06:00
9101bf1f7d
Allow logout+jwt JWT type
...
Closes gh-15003
2024-05-31 14:41:05 -06:00
f104d1aeea
Update Copyright
...
PR gh-15013
2024-05-31 12:39:17 -06:00
3b7f714f00
Add SecurityContextRepository to Kotlin Reactive DSL
2024-05-31 12:38:17 -06:00
c89647a56e
Deprecate shouldFilterAllDispatcherTypes from Kotlin DSL
...
Issue gh-12138
2024-05-27 09:00:54 -03:00
9f44f3b79a
Deprecate authorizeRequests from Kotlin DSL
...
Closes gh-15173
2024-05-27 08:51:32 -03:00
f6ea99d8a3
Prepare for Spring Security 6.4
...
Closes gh-15155
2024-05-24 11:41:28 -03:00
ddcaeb5c20
Serialize objects from 6.3.x
...
Issue gh-3737
2024-05-24 09:47:29 -03:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
b3c7f3ff19
Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
...
Issue gh-7395
2024-04-30 08:38:03 -03:00
47775f5167
Merge branch '6.2.x'
2024-04-26 17:09:29 -06:00
29d3b438b9
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:09:17 -06:00
1ecb036fba
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:09:05 -06:00
0e211382ee
Remove useBase64 parameter
2024-04-26 17:05:49 -06:00
11421c6385
Merge branch '6.2.x'
2024-04-25 14:03:27 -06:00
664dfd9b45
Defer Anonymous Filter Construction
...
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.
This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.
Closes gh-14941
2024-04-25 14:03:10 -06:00
7ddc00521e
Improve logging for Global Authentication
...
Closes gh-14663
2024-04-25 11:35:59 -06:00
2bcbef1695
Add Saml2Logout DSL Support
...
Closes gh-14935
2024-04-22 11:12:45 -06:00
a4dbf458ab
Add relying-party-registrations#id
...
Closes gh-14487
2024-04-18 12:56:56 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
fd891d8fe3
Add proxyBeanMethods=false
...
Addresses too early creation warning of a configuration imported by
ReactiveOAuth2ClientConfiguration.
Closes gh-14900
2024-04-12 11:17:41 -05:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
75197ca531
inject PasswordEncoder into DaoAuthenticationProvider constructor
...
Closes gh-14691
2024-04-08 09:39:25 -05:00
d6ae058ee1
Merge branch '6.2.x'
...
Closes gh-14866
2024-04-08 11:16:30 -03:00
697d0c9af4
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14865
2024-04-08 11:16:15 -03:00
472c9f8275
Avoid initializing raw bean during runtime in native-images
...
Closes gh-14825
2024-04-08 11:11:23 -03:00
61e93ee68b
Merge branch '6.2.x'
2024-04-04 14:56:32 -05:00
16e2bdc9bc
Merge branch '6.1.x' into 6.2.x
2024-04-04 14:55:45 -05:00
c2447ec257
Merge branch '5.8.x' into 6.1.x
2024-04-04 14:55:03 -05:00
39dbd24dcb
Polish gh-14742
2024-04-04 14:51:19 -05:00
Josh Cummings
Marcus Hert Da Coregio
Max Batischev
Steve Riesenberg
earlgrey02
sheheryarumair
Daniel Garnier-Moiroux
DingHao