Prior to this commit, the ServletRequest#getParameter method was used in order to verify if the matchingRequestParameterName was present in the request. That method has some side effects like interfering in the execution of the ServletRequest#getInputStream and ServletRequest#getReader method when the request is an HTTP POST (if those methods are invoked after getParameter, or vice-versa, the content won't be available). This commit makes that we only use the query string to check for the parameter, avoiding draining the request's input stream.
Closes gh-13731
When using Spring Security ACL and compiling to Native, in order to create the '*AuthorizationMethodInterceptor' Proxy beans during build time, Spring tries to resolve the DataSource bean since the DataSource can be a dependency of some AclService implementations, and fails because some required data source properties are not available during build time.
This commit defers the initialization of the MethodSecurityExpressionHandler to the runtime.
Closes gh-12653
This addresses a deprecation warning causing build caching to be
disabled for the checkstyleNohttp task. With this change, we tell
Gradle that the rncToXsd task in the spring-security-config project
produces output that should be considered when running the
checkstyleNohttp task. This clears up ambiguities when computing the
task graph.
This addresses a deprecation warning causing build caching to be
disabled for some tasks. With this change, we tell Gradle that the
rncToXsd task produces output that should be considered a resource.
This clears up ambiguities when computing the task graph.
This commit adds an overview to the landing page for OAuth2 with:
* OAuth2 Resource Server
* OAuth2 Client
At this level, OAuth2 Login is combined into the overview for Client
to make it clear that it is part of the oauth2-client module.
Content is broken down into use cases similar to other docs pages
that have been updated recently. This content will be revisited
as additional updates are made to OAuth2 docs, and some use cases
may be moved or even added as needed. This commit only adds a few
initial use cases to get the OAuth2 docs update process started.
Closes gh-13784
These tests began failing on snapshots after changes in
Spring Framework's `DispatcherServlet` to reset the response
on an error.
For now, we can have these tests operate with a 200 OK response.
An issue was opened in the spring-framework issuer tracker to
discuss this and address `CorsFilter` (and any other filter) that
writes headers that would be cleared on an error.
See spring-projects/spring-framework#31154
Steve Riesenberg
Rob Winch
Marcus Da Coregio
Eric Haag
Josh Cummings
Bjorn Harvold
Tim te Beek
moon
Deniz Husaj
Some developer
Kevin2Jordan