Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,788 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1585 Commits

Author SHA1 Message Date
Evgeniy Cheban 5540bbcf0b
createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:36:17 -06:00
Evgeniy Cheban 362f15534e createEvaluationContext should defer lookup of Authentication 
- Added createEvaluationContext method that accepts Supplier<Authentication>
- Refactored classes that use EvaluationContext to use lazy initialization of Authentication

Closes gh-9667
 2022-05-18 17:34:14 -06:00
Rob Winch 5b0dab5d3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:54:16 -05:00
Rob Winch 7d97839235 StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:53:29 -05:00
Rob Winch 66d1cd592a StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 09:04:46 -05:00
Rob Winch 077c9e0b3e StrictHttpFirewall allows CJKV characters 
Closes gh-11264
 2022-05-18 08:56:57 -05:00
Rob Winch e2eed33eca Add StrictHttpFirewall.allow* new lines and separators 
Issue gh-11264
 2022-05-17 22:24:31 -05:00
Rob Winch 5bf478e72e Fix Formatting 
Issue gh-11264
 2022-05-17 16:16:02 -05:00
Rob Winch e0a6a9efa9 StrictHttpFirewall allows CJKV characters 
Issue gh-11264
 2022-05-17 15:53:18 -05:00
Rob Winch 472c25b5e8 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch 0df5ece758 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 11:32:01 -05:00
Rob Winch 538252cf07 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch 04ca7ef91b Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:22:30 -05:00
Rob Winch c6461d61ba AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:18:12 -05:00
Rob Winch 4405cf18f3 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:18:11 -05:00
Rob Winch 70863952ae AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch af95be34c6 Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:44 -05:00
Rob Winch ee28896f42 AntRegexRequestMatcher Optimization 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Rob Winch 6b823fb27e Extract rejectNonPrintableAsciiCharactersInFieldName 
Closes gh-11234
 2022-05-16 10:17:26 -05:00
Josh Cummings 0814136ee8
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 14:14:42 -06:00
Evgeniy Cheban c4766e64fe
Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 14:05:34 -06:00
Josh Cummings ffaf5b4e61
Polish WebExpressionAuthorizationManager 
- Add support for request variables
- Added additional tests

Issue gh-11105
 2022-05-13 13:53:38 -06:00
Evgeniy Cheban 07b0be3f42 Add AuthorizationManager that uses ExpressionHandler 
Closes gh-11105
 2022-05-13 13:52:49 -06:00
Rob Winch f34ea188e2 RequestRejectedException is 400 by Default 
Closes gh-7568
 2022-05-12 10:32:27 -05:00
Marcus Da Coregio 000b87f9aa Revert "Use Spring Framework version 6.0.0-M3" 
This reverts commit b803e845e7.
 2022-05-11 08:36:14 -03:00
Marcus Da Coregio 806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio b803e845e7 Use Spring Framework version 6.0.0-M3 
Closes gh-11193
 2022-05-10 14:49:02 -03:00
Marcus Da Coregio ce86f4e4b5 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:51:28 -03:00
David Herberth 57cededd49 Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:51:28 -03:00
Marcus Da Coregio 195d767d98 Polish ServerWebExchangeDelegatingServerHttpHeadersWriter 
Issue gh-11073
 2022-05-06 09:43:34 -03:00
David Herberth 0e2fc51bad Add DelegatingServerHttpHeadersWriter 
Servlet Spring Security has DelegatingRequestMatcherHeaderWriter
the reactive world of Spring Security was missing a class to
conditionally write headers.

Closes gh-11073
 2022-05-06 09:43:34 -03:00
Rob Winch 67830f4111 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:10:07 -05:00
Rob Winch 768267c131 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:09:41 -05:00
Rob Winch 3c259b4be5 Fix WebSessionReactiveSecurityRepository Supports Cache 
Fix the checkstyle for this feature

Closes gh-8422
 2022-05-03 21:08:51 -05:00
Rob Winch dbe7e37f2b WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:51 -05:00
Rob Winch c6eaa05fc5 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:40:38 -05:00
Rob Winch 1ef738ba34 WebSessionReactiveSecurityRepository Supports Cache 2022-05-03 16:15:22 -05:00
Rob Winch 9a9a43a0c0 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:18:25 -05:00
Rob Winch aaf78330b1 ForceEagerSessionCreationFilter 
Closes gh-11109
 2022-04-15 14:16:35 -05:00
Marcus Da Coregio 5367524030 Change the default of shouldFilterAllDispatchTypes to true 
Closes gh-11107
 2022-04-14 16:30:42 -03:00
Marcus Da Coregio 84b5c76a7b Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 16:10:36 -03:00
Marcus Da Coregio 7fea639a43 Add Option to Filter All Dispatcher Types 
Closes gh-11092
 2022-04-14 15:58:00 -03:00
Rob Winch 3a9b080bbe Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:36:08 -05:00
Rob Winch 0c2b9758fc Deprecate loadContext(RequestResponseHolder) 
Fix gh-11032
 2022-04-12 16:35:38 -05:00
Marcus Da Coregio 50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Marcus Da Coregio bc50146f60 Fix tests in AntPathRequestMatcherTests 
Closes gh-11090
 2022-04-11 09:19:56 -03:00
Rob Winch 39b0620a84 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:44 -05:00
Rob Winch 7be32872e9 Add DisableUrlRewritingFilter 
Closes gh-11084
 2022-04-08 16:13:24 -05:00
Eleftheria Stein c4e88415a5 Remove MessageSourceAware from ExceptionTranslationWebFilter 
Closes gh-11057
 2022-04-05 16:13:41 +02:00
Eleftheria Stein ae8e77f9ff Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 14:05:56 +02:00
Eleftheria Stein 725a57fccc Remove blocking call from ExceptionTranslationWebFilter 
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters.

Closes gh-10864
 2022-04-05 13:12:17 +02:00
Josh Cummings 1edfa07d27
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:40:06 -06:00
Josh Cummings c175118f62
Use RequestMatcherEntry 
Closes gh-11046
 2022-03-30 14:31:11 -06:00
Josh Cummings bdd5f86526
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:37:21 -06:00
Parikshit Dutta 990831db85
Add authorization events 
Closes gh-9288
 2022-03-29 16:22:43 -06:00
Josh Cummings 061f69eb70
Polish Authorization Event Support 
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support

Issue gh-9288
 2022-03-29 16:03:19 -06:00
Parikshit Dutta bd9434882f
Add authorization events 
Closes gh-9288
 2022-03-29 15:44:21 -06:00
Marcus Da Coregio 9792e2a0fa Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:21:15 -03:00
Marcus Da Coregio c67632225d Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:13:40 -03:00
Marcus Da Coregio 8c34af711e Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 10:01:51 -03:00
Marcus Da Coregio 6c52c52a68 Use ServletContext in AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10908
 2022-03-28 09:45:23 -03:00
Rob Winch e176d764ba Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:38:37 -05:00
Rob Winch 67fd46bfa6 Add SecurityContextRepository.loadContext(HttpServletRequest) 
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.

Closes gh-11028
 2022-03-25 14:21:52 -05:00
Rob Winch 1e3106f3a2 HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:03:33 -05:00
Rob Winch 8940719dbb HttpSessionSecurityContextRepository support null HttpServletResponse 
Closes gh-11029
 2022-03-25 13:01:40 -05:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Steve Riesenberg 987ee2e67a
Polish gh-10911 2022-03-17 12:53:56 -05:00
David Kirstein 1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:53:55 -05:00
Steve Riesenberg 946e24e1c2
Polish gh-10911 2022-03-17 12:34:16 -05:00
David Kirstein 2b6bc5dd0b
Use configurable charset in ServerHttpBasicAuthenticationConverter 
Closes gh-10903
 2022-03-17 12:34:16 -05:00
ShinDongHun1 90fe1b3a69 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:41:03 +01:00
ShinDongHun1 7955e5ac52 Polish UsernamePasswordAuthenticationFilter method 
Closes gh-10970
 2022-03-16 16:29:40 +01:00
Rob Winch 972039e65c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-12 13:31:04 -06:00
Rob Winch cbba7ea4de AbstractAuthenticationProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-12 13:23:47 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter 
Closes gh-9635
 2022-03-11 17:22:23 -06:00
Norbert Nowak abd33389be Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:49:29 -07:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods 
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
 2022-03-09 15:23:35 -07:00
Rob Winch 4462b73fd9 AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch ba7fb0cb14 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 09e730734b BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch d909d3bc40 RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 7c5b939bbd AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 636f3e1d5d AbstractPreAuthenticatedProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch e6b6104b52 DigestAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch 9b0cd5a0a8 BasicAuthenticationFilter.setSecurityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch 120f2a356f RememberMeAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch 014c471ff1 AuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Rob Winch f11cb988a9 AbstractAuthenticationProcessingFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Marcus Da Coregio 44508df940 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:38:11 -03:00
Marcus Da Coregio 70b67cd2f1 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:22:21 -03:00
Marcus Da Coregio 980e0466a7 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:37 -03:00
Marcus Da Coregio 8c94c2e15a AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains 
Closes gh-10950
 2022-03-09 15:21:14 -03:00
Rob Winch 2abeff2089 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:21:51 -06:00
Rob Winch 65ec2659c4 HttpSessionSecurityContextRepository saves with original response 
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
 2022-03-09 10:17:15 -06:00
Rob Winch bab5d252a2 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-08 15:00:22 -06:00
Rob Winch b9f79543c5 Add RequestAttributeSecurityContextRepository 
Closes gh-10918
 2022-03-07 14:52:24 -06:00
Josh Cummings f0c548cee7 Invert Log Messages 
Closes gh-10909
 2022-02-28 13:17:01 -07:00
Josh Cummings 20d21f8eeb Invert Log Messages 
Closes gh-10909
 2022-02-28 13:16:06 -07:00
Josh Cummings efd5fc745c Invert Log Messages 
Closes gh-10909
 2022-02-28 13:10:06 -07:00
Josh Cummings 371389580b Update JavaDoc 
Issue gh-10564
 2022-02-15 12:57:32 -07:00
Yuriy Savchenko 0fb6840db3 Make WebAuthenticationDetails constructor public 
Closes gh-10564
 2022-02-15 12:57:32 -07:00
Josh Cummings a99a04f050 Update JavaDoc 
Issue gh-10564
 2022-02-15 12:51:09 -07:00
Yuriy Savchenko d6cbacb27a Make WebAuthenticationDetails constructor public 
Closes gh-10564
 2022-02-15 12:50:48 -07:00
Josh Cummings a09f6e15ad Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 15:22:49 -07:00
Manuel Jordan 7e0302be5c Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 15:22:49 -07:00
Josh Cummings f53c65b3a0 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 15:07:29 -07:00
Manuel Jordan 0be772ff5b Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 15:07:29 -07:00
Josh Cummings 84616543a3 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:58:20 -07:00
Manuel Jordan 6ae651bd67 Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:58:20 -07:00
Josh Cummings cbd87fac89 Polish ignoring() log messaging 
- Public API remains unchanged

Issue gh-9334
 2022-02-07 14:50:28 -07:00
Manuel Jordan 01ed617d5f Print ignore message DefaultSecurityFilterChain 
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.

Closes gh-9334
 2022-02-07 14:50:19 -07:00
Rob Winch 70fa8b1fdb Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-03 09:45:51 -06:00
Rob Winch 6f0029fc44 Add Support for @Transient SecurityContext 
Closes gh-9995
 2022-02-02 17:04:44 -06:00
Marcus Da Coregio 0048805c2a RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 10:17:40 -03:00
Marcus Da Coregio 893b651aea RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 09:57:34 -03:00
Marcus Da Coregio a041e7c943 RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 09:50:17 -03:00
Marcus Da Coregio 1c10c10f73 RequestMatcherDelegatingWebInvocationPrivilegeEvaluator doesn't provided access to the ServletContext 
Closes gh-10779
 2022-01-31 09:43:18 -03:00
Josh Cummings 08821369a3 Add Request-based AuthenticationManagerResolvers 
Closes gh-6762
 2022-01-26 09:21:07 -07:00
Josh Cummings 9baf1134c7 Add Request-based AuthenticationManagerResolvers 
Closes gh-6762
 2022-01-26 09:09:02 -07:00
Rob Winch f94090a59b Remove spring-security-openid 
Closes gh-10773
 2022-01-21 16:55:19 -06:00
Rob Winch 04f3bbcefa javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch 0e8c03401b javax.xml.bind:jaxb-api -> jakarta.xml.bind:jakarta.xml.bind-api 
Issue gh-10501
 2022-01-19 14:34:16 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Juan Carlos 2624150052 Add serialVersionUID to DefaultSavedRequest and SavedCookie 
Closes gh-10594
 2022-01-18 09:36:54 -03:00
Juan Carlos 7435da6bbf Add serialVersionUID to DefaultSavedRequest and SavedCookie 
Closes gh-10594
 2022-01-18 09:26:56 -03:00
Josh Cummings feff747669 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 17:21:04 -07:00
Adam Ostrožlík 27cfb9c89d Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 17:21:00 -07:00
Josh Cummings 75f25bff82 Polish multiple RequestRejectedHandlers support 
Issue gh-10603
 2022-01-14 16:49:38 -07:00
Adam Ostrožlík 4ea57f3e3f Support multiple RequestRejectedHandler beans 
Closes gh-10603
 2022-01-14 16:46:15 -07:00
Josh Cummings ca353d6781 Use noNullElements 
Collection#contains(null) does not work for all collection types

Closes gh-10703
 2022-01-14 15:19:13 -07:00
Josh Cummings 6c5ac0d8ec Use noNullElements 
Collection#contains(null) does not work for all collection types

Closes gh-10703
 2022-01-14 15:09:21 -07:00
Josh Cummings aaaf7d3523 Use noNullElements 
Collection#contains(null) does not work for all collection types

Closes gh-10703
 2022-01-14 15:08:38 -07:00
Josh Cummings b2fe9149cf Use noNullElements 
Collection#contains(null) does not work for all collection types

Issue gh-10703
 2022-01-14 14:33:17 -07:00
heowc 6c5fd38a3f Fix typo 2022-01-10 16:24:53 +01:00
heowc 1ab0705b47 Fix typo 2022-01-10 16:17:42 +01:00
Marcus Da Coregio 60595f2801 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:22:58 -03:00
Marcus Da Coregio e7e3f06044 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:22:13 -03:00
Marcus Da Coregio 750dcafbd2 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:21:26 -03:00
Marcus Da Coregio f04cd641b0 Fix @since tag 
Issue gh-10590, gh-10554
 2022-01-06 13:18:25 -03:00
Marcus Da Coregio 994e93741b Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio 04e1a11e35 Add RequestMatcherEntry 2022-01-05 14:06:47 -03:00
Marcus Da Coregio 547056d5cc Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 14:06:47 -03:00
Marcus Da Coregio ba810e468f Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2022-01-05 14:01:57 -03:00
Marcus Da Coregio 40dfe8f259 Add RequestMatcherEntry 2022-01-05 14:00:47 -03:00
Marcus Da Coregio b448954f43 Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2022-01-05 13:57:36 -03:00
Marcus Da Coregio d884d9a461 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 09:19:41 -03:00
Marcus Da Coregio 51b4bd67c9 Add RequestMatcherEntry 2021-12-13 09:19:28 -03:00
Marcus Da Coregio eda346863d Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 09:19:13 -03:00
Marcus Da Coregio 18427b6411 Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains 
Closes gh-10554
 2021-12-13 08:57:30 -03:00
Marcus Da Coregio 7e17a00197 Add RequestMatcherEntry 2021-12-13 08:57:30 -03:00
Marcus Da Coregio 53b8cff26f Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator 
Closes gh-10590
 2021-12-13 08:57:30 -03:00
Eleftheria Stein c68a75bcde Correct imports to jakarta 
Issue gh-9385, gh-10118
 2021-12-08 11:43:13 +01:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Steve Riesenberg 62e8799a8d Use BDD in tests 2021-12-02 17:44:47 -06:00
Steve Riesenberg df0f6f83af Polish gh-9597 2021-12-02 17:44:47 -06:00
Karl Tinawi 925d531cbe Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:44:46 -06:00
Steve Riesenberg aa3c883f87 Use BDD in tests 2021-12-02 17:40:25 -06:00
Steve Riesenberg d37ff18b69 Polish gh-9597 2021-12-02 17:24:17 -06:00
Karl Tinawi c57fc309c2 Set details on authentication token created by HttpServlet3RequestFactory 
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.

This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.

Closes gh-9579
 2021-12-02 17:24:17 -06:00
Steve Riesenberg 47b8860681 Update copyright year 
Issue gh-10557
 2021-12-01 17:36:52 -06:00
Steve Riesenberg c7ffd2513a Update copyright year 
Issue gh-10557
 2021-12-01 17:36:19 -06:00
Steve Riesenberg bb2d80fea3 Update copyright year 
Issue gh-10557
 2021-12-01 17:35:43 -06:00
Steve Riesenberg 5dd2565348 Update copyright year 
Issue gh-10557
 2021-12-01 17:34:16 -06:00
Steve Riesenberg 828cac8889 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:19:33 -06:00
Steve Riesenberg f49c286050 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:05:13 -06:00
Steve Riesenberg b3e0f167ff Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 15:01:06 -06:00
Steve Riesenberg 41c6776455 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 14:55:50 -06:00
Josh Cummings 1251cde04c Add Missing Since 
Issue gh-10482
 2021-11-30 15:17:48 -07:00
Igor Pelesic a3a9de1b9b PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:17:22 -07:00
Josh Cummings 7e55c84cfc Add Missing Since 
Issue gh-10482
 2021-11-30 15:15:35 -07:00
Igor Pelesic 72109e2921 PermitAllSupport supports AuthorizeHttpRequestsConfigurer 
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
 2021-11-30 15:00:04 -07:00
Steve Riesenberg 204f0b4599 Polish gh-10007 2021-11-30 15:27:58 -06:00
Guirong Hu 43317c5a61 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 15:27:58 -06:00
Steve Riesenberg 898ba67098 Polish gh-10007 2021-11-30 13:59:55 -06:00
Guirong Hu 9f51240bf1 Support IP whitelist for Spring Security Webflux 
Closes gh-7765
 2021-11-30 13:59:55 -06:00
Steve Riesenberg 9a9136d96d Fix import spacing 2021-11-30 13:56:46 -06:00
Steve Riesenberg c6a27d44e5 Remove failing test due to HttpMethod changes 
Closes gh-10569
 2021-11-30 13:31:39 -06:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Marcus Da Coregio 2bf7a5ae80 Improve log message when no CSRF token found 
Closes gh-10436
 2021-11-19 08:37:25 -03:00
Rob Winch bd34d70f97 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:45:34 -06:00
Rob Winch 96a6fef820 Prevent Save @Transient Authentication with existing HttpSession 
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.

This commit always prevents @Transient Authentication from being saved.

Closes gh-9992
 2021-11-16 14:44:49 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio caad3d57e2 Improve log message when no CSRF token found 
Closes gh-10436
 2021-10-29 14:06:17 -03:00
Marcus Da Coregio 00f4033b9b Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-22 13:22:12 -03:00
Rob Winch e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00
Emil Sierżęga 04b47c5928 Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
Emil Sierżęga a188138715 Javadocs author tag doesn't work in methods 2021-10-21 11:47:04 +02:00
Rob Winch f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch e1f4ec1137 Fix Jackson 2021-10-18 21:03:12 -05:00
Josh Cummings 6e86fab19d Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-18 13:02:42 -05:00
Marcus Da Coregio faec20bc69 Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext 
Closes gh-10208
 2021-10-14 09:27:02 -03:00
Josh Cummings 7b98c2ea95 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-12 13:32:29 -06:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Eleftheria Stein 7d81a52780 Allow AuthenticationPrincipal argument type to be primitive 
Closes gh-10172
 2021-10-04 16:22:21 +02:00
heowc 84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
Bogdan Ilchyshyn a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00
Hiroshi Shirosaki 6f3e346b76 Add SecurityContextHolder#addListener 
Closes gh-10032
 2021-08-11 17:12:13 -06:00
Josh Cummings b8d51725c7 Immutable SecurityContext 
Issue gh-10032
 2021-08-11 17:12:13 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch f800d2c993 Add hamcrest dependency 2021-07-09 15:57:21 -05:00
Rob Winch b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch 14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Evgeniy Cheban d121ab9565 Support A Well-Known URL for Changing Passwords 
Closes gh-8657
 2021-07-01 16:57:53 -06:00
Alexey Markevich 3219fd554d DigestAuthenticationFilter decodes nonce only once 
Closes gh-8455
 2021-06-18 15:25:00 -04:00
Steve Riesenberg 3bb8e1d200 Remove redundant translations in spring-security-web 2021-06-15 09:18:13 -05:00
Ruben Suarez Alvarez 7cd344acab
Add spanish translation of insufficient authentication and cookie stolen 2021-06-15 09:11:53 -05:00
Josh Cummings ca76c54471
Polish CsrfWebFilterTests 
Issue gh-9113
 2021-06-04 16:41:08 -06:00
Tomoki Tsubaki 0c8b6df82a
Cache Mono that generate the CSRF token 
Closes gh-9113
 2021-06-04 16:41:08 -06:00
AlexeyAnufriev baac9e0cf2 Properly clean cookies with context path after logout 
Closes gh-8846
 2021-06-04 15:42:33 +02:00
Marcus Hert da Coregio 29f4193529 Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 13:46:08 -03:00
Marcus Hert da Coregio 2a7998d0fc Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 10:36:44 -06:00
César Revert cf74ad3a52 Anonymous in ExceptionTranslationWebFilter 
The ExceptionTranslationWebFilter does not support correctly when
anonymous authentication is enabled. With this enabled provoked always
the execution of the access denied handler, and with this fix it
behaves like the ExceptionTranslationFilter (servlet), executing the
access denied handler only if the principal is not empty and neither
anonymous.

Closes gh-9130
 2021-05-26 09:17:41 -05:00
Craig Andrews a7fbae8355 Add test for RequestedUrlRedirectInvalidSessionStrategy 2021-05-26 09:11:38 -05:00
Craig Andrews 0e6d47b082 Add guard around debug logging involving string concatenation 2021-05-26 09:11:38 -05:00
Craig Andrews 0af74ce134 Use ServletUriComponentsBuilder instead of UrlPathHelper 2021-05-26 09:11:38 -05:00
Craig Andrews 2bcd4627fa Eliminate use of Optional 2021-05-26 09:11:38 -05:00
Craig Andrews 10a264c144 Add RequestedUrlRedirectInvalidSessionStrategy implemention of InvalidSessionStrategy 
Performs a redirect to the original request URL when an invalid requested session is detected.

In effect, when a user's session times out, the user is redirected to URL they originally requested instead of some fixed URL.
 2021-05-26 09:11:38 -05:00
Josh Cummings df6ebc7051
Rename DelegatingAuthorizationManager 
Closes gh-9692
 2021-04-28 09:53:25 -06:00
Thomas Vitale e2993d93e1 Make Csrf cookie secure flag configurable (WebFlux) 
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
 2021-04-27 09:34:12 +02:00
Josh Cummings cb6e4f4a11
Add NPE Guards 
- Like values, names are only validated if they are not null

Closes gh-9598
 2021-04-22 11:22:19 -06:00
Craig Andrews 7dc4de05b1 Add guard around logger.debug statement 
The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled
 2021-04-16 10:32:58 -06:00
Josh Cummings 4f7d529c5d
Polish Csrf Tests 
Issue gh-9561
 2021-04-09 22:47:31 -06:00
佚名 87ed527023
Add null check in CsrfFilter and CsrfWebFilter 
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
 2021-04-09 21:43:19 -06:00
Rob Winch f3f1106624 Update io.spring.javaformat to 0.0.27 
Closes gh-9553
 2021-04-05 22:23:59 -05:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch 1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Rob Winch 95da12110b
Additional Test for HttpSessionSecurityContextRepository 
Issue gh-9387
 2021-02-11 15:58:29 -07:00
Rob Winch 3116369f02
Optimize HttpSessionSecurityContextRepository 
Closes gh-9387
 2021-02-11 15:58:28 -07:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings 107f38fff9
Polish Tests 
Issue gh-9331
 2021-02-03 09:05:31 -07:00
happier233 873b9bdbca
Configure CurrentSecurityContextArgumentResolver BeanResolver 
Closes gh-9331
 2021-02-03 09:05:31 -07:00
Evgeniy Cheban 77484018bb Reconsider AntPathRequestMatcher matching logic 
Closes gh-9285
 2021-01-19 12:02:06 -07:00
Rob Winch 0201c31deb Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:37:12 -06:00
Rob Winch a1083d9a5c Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:18:29 -06:00
Josh Cummings 160a4a3676
Reformat MvcRequestMatcher 
- Moved related private methods together

Issue gh-9284
 2021-01-11 08:28:59 -07:00
Evgeniy Cheban 8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods 
Closes gh-9284
 2021-01-09 21:42:16 +03:00
Zeeshan Adnan 848bd44837
Remove unused code 
Issue gh-9203
 2020-12-18 11:49:52 -07:00
Rob Winch 40e027c56d Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2020-12-17 15:01:43 -06:00
Josh Cummings c066e23a86
Add @since attributes 
Issue gh-8900
 2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager 
Closes gh-8900
 2020-12-16 15:58:36 -07:00
Nick McKinney 5306d4c4d5 Minor cleanup on Ant / Regex Request Matchers 
- Removed duplicative code for transforming String into HttpMethod
 - Removed an unnecessary array initialization
 2020-12-14 14:19:23 +01:00
Nick McKinney 6be25df1db Introduced DispatcherType request matcher 
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.

Closes gh-9205
 2020-12-14 14:19:23 +01:00
Christophe Gilles 54d3839f63 Add permissionsPolicy http header 2020-12-11 12:32:18 +01:00
Serdar Kuzucu 48ef27b80a Make assertion messages in CookieCsrfTokenRepository clearer 
Changes assertion message format from 'X is not null' to
'X cannot be null' since this is more meaningful when the error
occurs and the message is printed in the logs.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Serdar Kuzucu 76e117a67a Allow maximum age of csrf cookie to be configured 
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.

Prior to this commit, maximum age was set with a value of -1.

After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.

An IllegalArgumentException will be thrown when
this value is set to zero.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Josh Cummings f614a8230c
Polish getRemoteUser 
- Corrected instanceof check

Issue gh-3357
 2020-12-03 13:08:40 -07:00
Stephen Joyner 9c373ef4f8
getRemoteUser() returns principal name 
Closes gh-3357
 2020-12-03 13:08:40 -07:00
Eleftheria Stein 7f482eda7d Fix CookieRequestCache for URL encoded query parameters 
Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request.

Closes gh-9203
 2020-11-26 18:16:42 +01:00
Aditya Sekhar 4cc3c25a0e removed whitespace formatting 2020-11-13 15:01:17 -06:00
Aditya Sekhar a26975f780 cleanup compatibility method based on spring-projects#8868 2020-11-13 15:01:17 -06:00
zhuang ff58ac836e
Decode cookie once in AbstractRememberMeServices 
Issue gh-9192
 2020-11-09 08:14:20 -05:00
Eleftheria Stein 34a21cd80c Fix formatting 2020-11-09 13:46:09 +01:00
Eleftheria Stein 5661e06e9c Fix typo UserDetailService -> UserDetailsService 2020-11-09 13:13:32 +01:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing 
Closes gh-8951
 2020-11-05 10:57:33 -07:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Alexander Polozov a362ab53bc Change guard expressions order 
Check of allowed user sessions count moved to head for avoid unnecessary fetching all user sessions.
 2020-10-27 09:49:29 -04:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 910b81928f Replace try/catch with AssertJ 
Replace manual try/catch/fail blocks with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Tomoki Tsubaki 65f788532e Fix broken Mono chain 
This commit restore broken Mono chain in WebSessionServerCsrfTokenRepository.generateToken(ServerWebExchange).

Closes gh-9017
 2020-09-16 09:53:23 -06:00
Tomoki Tsubaki 2c297fbd63 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.

Closes gh-9018
 2020-09-16 08:48:00 -06:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Eleftheria Stein-Kousathana 02d1516c56
Restructure BasicAuthenticationFilter Logs 
Issue gh-6311
 2020-09-02 07:42:03 -06:00
Josh Cummings fa7baf551d
Restructure Logs 
Followed common use cases based off of HelloWorld sample:
  - Public endpoint
  - Unauthorized endpoint
  - Undefined endpoint
  - Successful form login
  - Failed form login
  - Post-login redirect

Issue gh-6311
 2020-09-02 07:37:59 -06:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ef8f113619 Use assertThat instead of Java assert 
Fix `DefaultSavedRequestMixinTests` so that `assertThat` is used rather
than Java's `assert` keyword.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 5bdd757108 Polish spring-security-web main code 
Manually polish `spring-security-web` following the formatting
and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ee661f7b71 Fix whitespace issues in format-off code 
Fix a few whitespace issues in format-off code that would
otherwise fail checkstyle.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 834dcf5bcf Use consistent ternary expression style 
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 8d3f039f76 Reduce method visibility when possible 
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb ec6a4cb3f0 Use consistent equals/hashCode/toString order 
Ensure that `equals` `hashCode` and `toString` methods always appear in
the same order. This aligns with the style used in Spring Framework.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 612fb22a7f Remove unnecessary lambda blocks 
Remove lambda blocks that aren't needed and replace instead with a
simple expression.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 52f20b5281 Use parenthesis with single-arg lambdas 
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 01d90c9881 Hide utility class constructors 
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb ff94944313 Add whitespace after copyright header 
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 31ec450d05 Remove superfluous comments 
Remove a few comments that previously add noise but don't offer a great
deal of value.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 8d80166aaf Update exception variable names 
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb e9130489a6 Remove restricted static imports 
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 9a3fa6e812 Simplify boolean returns 
Simplify boolean returns of the form:

	if (b) {
		return true;
	} else {
		return false;
	}

to:

	return b;

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb db55ef4b3b Migrate to BDD Mockito 
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.

The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb c12ced6aaa Migrate SwitchUserWebFilterTests AssertJ 
Replace the JUnit Assertions used in `SwitchUserWebFilterTests` with
AssertJ. This test appears to have been missed during the original
AssertJ migration.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb f1cee9500f Ensure classes are defined in their own files 
Ensure that all classes are defined in their own files. Mostly classes
have been changed to inner-types.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb 4d487e8dc3 Ensure all files end with a new line 
Update all files to ensure that they always end with a new-line
character.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 81fe9fc640 Make all exception classes immutable 
Update all exception classes so that they are fully immutable and cannot
be changed once they have been thrown.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb a0b9442265 Use consistent modifier order 
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 3e700e7571 Remove (non-Javadoc) comments 
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb a2f2e9ac8d Move inner-types so that they are always last 
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 9e08b51ed3 Apply code cleanup rules to projects 
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 8866fa6fb0 Always use 'this.' when accessing fields 
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 6894ff5d12 Make classes final where possible 
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
 2020-08-24 17:33:07 -05:00