Josh Cummings
150b81d008
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 12:21:10 -06:00
Josh Cummings
ce218c78f9
Add SecurityContextHolderStrategy Java Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:58:38 -06:00
Steve Riesenberg
a061191bd2
Allow form login when single OAuth2 Provider is configured
...
Closes gh-6802
2022-06-15 13:42:06 -05:00
Steve Riesenberg
d18291676f
Update copyright year
...
Issue gh-11372
2022-06-15 13:14:07 -05:00
Steve Riesenberg
c7df39a3e6
Fix tests using root cause for exception messages
...
Closes gh-11372
2022-06-14 17:12:15 -05:00
Houssem BELHADJ AHMED
f4049c18b1
add SAML authentication request support to login configurer
...
Closes gh-8873
2022-06-06 08:05:33 -06:00
Josh Cummings
9683856956
Polish InterceptUrlConfigTests
...
Issue gh-11305
2022-05-31 16:05:17 -06:00
Josh Cummings
2afa9313eb
Use AuthorizationManager in <http>
...
Closes gh-11305
2022-05-31 16:01:41 -06:00
Josh Cummings
f4c0fcb5ef
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 13:35:19 -06:00
Juny Tse
f2d6ead398
Use Base64 encoder with no CRLF in output for SAML 2.0 messages
...
Closes gh-11262
2022-05-25 11:42:54 -06:00
Josh Cummings
5cbc1a47da
Use original query string to verify signature
...
Closes gh-11235
2022-05-23 15:30:07 -06:00
Josh Cummings
88f9529329
Correctly encode query parameters
...
Issue gh-11235
2022-05-23 15:30:01 -06:00
Josh Cummings
0814136ee8
Polish WebExpressionAuthorizationManager
...
- Add support for request variables
- Added additional tests
Issue gh-11105
2022-05-13 14:14:42 -06:00
Evgeniy Cheban
c4766e64fe
Add AuthorizationManager that uses ExpressionHandler
...
Closes gh-11105
2022-05-13 14:05:34 -06:00
Rob Winch
f34ea188e2
RequestRejectedException is 400 by Default
...
Closes gh-7568
2022-05-12 10:32:27 -05:00
Marcus Da Coregio
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
Marcus Da Coregio
dc2bd2b4f8
Update copyright headers
...
Issue gh-10956
2022-05-06 14:33:59 -03:00
Marcus Da Coregio
de9b7b4fb8
Fix mvcMatchers overriding previous paths
...
Closes gh-10956
2022-05-06 14:33:59 -03:00
Marcus Da Coregio
995b2918bb
Remove SAML Deprecations
...
Closes gh-11077
2022-05-06 10:15:42 -03:00
Rob Winch
dec0d97ef0
Multiple <authentication-manager> Do Not Duplicate Alias
...
Previously, two authentication managers with different ids would duplicate
the alias to the global authentication manager. This would cause failures
for when allowBeanDefinitionOverriding = false.
This commit ensures that if the global authentication manager alias is
already set, then it is not set again. This means the first
<authentication-manager> will be used as the global AuthenticationManager.
Closes gh-8767
2022-05-03 14:50:56 -05:00
Josh Cummings
4ebd37ae77
Add 5.8 Support
2022-05-03 09:04:34 -06:00
Josh Cummings
397ccbc1c8
Add 5.7 Schema
2022-05-03 09:03:50 -06:00
Eleftheria Stein
736f439bb5
Detect UserDetailsService bean in X509 configuration
...
Closes gh-11174
2022-04-28 14:48:40 +02:00
Eleftheria Stein
ac06057cf6
Detect UserDetailsService bean in remember me
...
Closes gh-11170
2022-04-28 12:44:27 +02:00
Rob Winch
e79b6b3ac8
Default SecurityContextHolderFilter
...
Closes gh-11110
2022-04-15 14:59:38 -05:00
Rob Winch
9a9a43a0c0
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:18:25 -05:00
Josh Cummings
c6ad72004e
Revert "Pick up AuthorizationManager Bean"
...
This reverts commit 4ca5346871 .
Issue gh-11067
2022-04-12 09:58:30 -06:00
Marcus Da Coregio
50f8df6f07
Use HttpStatusCode
...
Closes gh-11091
2022-04-11 09:19:56 -03:00
Rob Winch
7be32872e9
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:24 -05:00
Josh Cummings
4ca5346871
Pick up AuthorizationManager Bean
...
Closes gh-11067
Closes gh-11068
2022-04-08 11:42:37 -06:00
Josh Cummings
be434e1540
Add Default Test to HttpBasicConfigurerTests
...
Issue gh-10973
2022-04-05 17:32:13 -06:00
Josh Cummings
f09652d447
Polish Saml2LoginConfigurerTests
...
Issue gh-10973
2022-04-05 17:32:13 -06:00
Josh Cummings
bdd5f86526
Polish Authorization Event Support
...
- Added spring-security-config support
- Renamed classes
- Changed contracts to include the authenticated user and secured
object
- Added method security support
Issue gh-9288
2022-03-29 16:37:21 -06:00
Rob Winch
e176d764ba
Add SecurityContextRepository.loadContext(HttpServletRequest)
...
This allows loading the SecurityContext lazily, without the need for the
response, and does not attempt to automatically save the request when
the response is comitted.
Closes gh-11028
2022-03-25 14:38:37 -05:00
Steve Riesenberg
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
Rob Winch
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
Norbert Nowak
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
Marcus Da Coregio
1762a4ce70
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 10:48:34 -03:00
Marcus Da Coregio
1cbe7a75d3
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 10:40:26 -03:00
Josh Cummings
5b9a45de01
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:30:21 -07:00
m0k045e
8cc18fa9dc
OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
...
Closes gh-10846
2022-02-28 15:31:22 -07:00
Eleftheria Stein
9f9fbb395f
Apply configurers from spring.factories to HttpSecurity bean
...
Closes gh-10814
2022-02-09 14:42:04 +01:00
Josh Cummings
84616543a3
Polish ignoring() log messaging
...
- Public API remains unchanged
Issue gh-9334
2022-02-07 14:58:20 -07:00
Manuel Jordan
6ae651bd67
Print ignore message DefaultSecurityFilterChain
...
When either `web.ignoring().mvcMatchers(...)` or
`web.ignoring().antMatchers(...)` methods are used, for all their
variations, the DefaultSecurityFilterChain class now indicates
correctly through its ouput what paths are ignored according the
`ignoring()` settings.
Closes gh-9334
2022-02-07 14:58:20 -07:00
Josh Cummings
5a2556879a
Add Saml2AuthenticationRequestResolver
...
Closes gh-10355
2022-01-24 16:18:33 -07:00
Rob Winch
f94090a59b
Remove spring-security-openid
...
Closes gh-10773
2022-01-21 16:55:19 -06:00
Adam Ostrožlík
27cfb9c89d
Support multiple RequestRejectedHandler beans
...
Closes gh-10603
2022-01-14 17:21:00 -07:00
Marcus Da Coregio
d884d9a461
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2021-12-13 09:19:41 -03:00
Marcus Da Coregio
0beb725259
Add Cross Origin Policies headers
...
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers
Closes gh-9385, gh-10118
2021-12-08 11:07:09 +01:00
Marcus Da Coregio
263665ad55
Prevent using both authorizeRequests and authorizeHttpRequests
...
Closes gh-10573
2021-12-06 15:54:28 -03:00