fc7f87feac
Removed unused test classes SomeDomainObject/Manager
2022-09-30 10:55:36 -05:00
76fbca9f46
Merge branch '5.8.x'
2022-09-30 09:50:02 -05:00
93250013e4
Make X-Xss-Protection configurable through ServerHttpSecurity
...
OWASP recommends using "X-Xss-Protection: 0". The default is currently
"X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0".
This commits adds the ability to configure the xssProtection header
value in ServerHttpSecurity.
This commit deprecates the use of "enabled" and "block" booleans to
configure XSS protection, as the state "!enabled + block" is invalid.
This impacts HttpSecurity.
Issue gh-9631
2022-09-30 09:38:08 -05:00
43a1f8249c
Update What's New for 6.0
2022-09-29 15:57:48 -05:00
e0e6467d9b
Remove UsernamePasswordAuthenticationToken check
...
This commit reverts 21dd050d7b
2022-09-29 15:25:53 -05:00
1e0e9a2c98
Allow authenticationIsRequired to be overridden
...
Issue gh-10347
2022-09-29 15:25:53 -05:00
4d62621094
Merge branch '5.8.x'
2022-09-29 14:09:21 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
3bfdf6dd0f
Merge branch '5.8.x'
...
Closes gh-11922
2022-09-29 11:21:24 -03:00
cf3349f31a
Configure ContentNegotiationStrategy in HttpSecurityConfiguration
...
Closes gh-11916
2022-09-29 11:21:08 -03:00
7f0140278e
Add native hint for OAuth2 Client's schemas
...
Closes gh-11920
2022-09-29 10:01:51 -03:00
ef879aadd6
Add native hint for the users JDBC schema
...
Closes gh-11907
2022-09-29 09:42:37 -03:00
88e4b8b556
Merge remote-tracking branch 'origin/5.8.x'
2022-09-26 11:42:34 -06:00
506e50bfd0
Move Saml2 Authentication Filters
...
Issue gh-8819
2022-09-26 10:44:27 -06:00
6c6aedf772
Update What's New for 6.0
2022-09-26 10:07:50 -05:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
7527fd811c
Merge branch '5.8.x'
2022-09-26 09:56:55 -05:00
bbac85e20b
Reduce severity of invalid registrationId to warn
...
This prevents filling the log file with error messages when routine
scans are being performed.
Closes gh-11344
2022-09-26 09:56:20 -05:00
c0e784b16d
Update What's New for 6.0
2022-09-26 09:48:52 -05:00
80a6ce940e
Merge remote-tracking branch 'origin/5.8.x'
2022-09-23 16:32:12 -06:00
ae6fb8c681
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 16:31:22 -06:00
37a160245f
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-23 16:31:21 -06:00
21c0c73878
Remove request-resolver-ref in 6.0
...
Issue gh-11896
2022-09-23 16:04:35 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
53dbcfd457
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 12:06:59 -06:00
3c66ef6305
Change default SecurityContextRepository
...
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.
Closes gh-11026
2022-09-22 17:31:14 -05:00
ccac34b07c
Merge branch '5.8.x'
2022-09-22 16:45:48 -05:00
d140d95305
Fix assertion in NullSecurityContextRepository
...
Issue gh-11060
2022-09-22 15:33:22 -05:00
5d757919a2
Add SecurityContextHolderStrategy to new repository
...
In 6.0, RequestAttributeSecurityContextRepository will be the default
implementation of SecurityContextRepository. This commit adds the
ability to configure a custom SecurityContextHolderStrategy, similar
to other components.
Issue gh-11060
Closes gh-11895
2022-09-22 15:33:21 -05:00
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
44b7847258
Fix Import Order
...
Issue gh-8819
2022-09-21 09:08:41 -06:00
70460ca009
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-20 17:44:05 -06:00
61c80bcac5
Move Saml2 Authentication Filters
...
Closes gh-8819
2022-09-20 17:18:05 -06:00
48e31f87e4
Remove Deprecated OpenSAML 3 Support
...
Closes gh-10556
2022-09-20 16:57:38 -06:00
2a487ae7f8
Updated hashcode and equals
...
Closes gh-4133
2022-09-20 16:36:37 -06:00
e071c28e8a
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:25:45 -06:00
c1d27612af
Simplify AuthorizationManager composition
...
Closes gh-11625
2022-09-20 16:24:45 -06:00
46f402243b
Merge remote-tracking branch 'origin/5.8.x'
2022-09-20 16:11:16 -06:00
3f8503f1b4
Deprecate AccessDecisionManager et al
...
Closes gh-11302
2022-09-20 16:09:59 -06:00
63af5c9b03
Merge branch '5.8.x'
2022-09-20 08:33:55 -03:00
983ca6ea27
Update What's New for 5.8
2022-09-20 08:33:38 -03:00
2b4a3a85f9
Update What's New for 6.0
2022-09-20 08:33:11 -03:00
e256b7511d
Merge branch '5.8.x'
...
Closes gh-11881
2022-09-19 15:59:11 -03:00
0c96989cbe
Move script tag into body element
...
Closes gh-11879
2022-09-19 15:46:23 -03:00
9564f1b5e4
Next development version
2022-09-19 16:55:17 +00:00
009032e03c
Next development version
2022-09-19 15:47:44 +00:00
Emil Sierżęga
Steve Riesenberg
Daniel Garnier-Moiroux
shazin
Dan Allen
Marcus Da Coregio
Josh Cummings
Rob Winch
Evgeniy Cheban
github-actions[bot]