Commit Graph

168 Commits

Author SHA1 Message Date
Marcus Da Coregio
52ed165476 Move classpath checks to class member variable
Closes gh-11437
2023-02-07 09:25:06 -03:00
Marcus Da Coregio
c15f45d9ee Only register hints for servlet applications
Closes gh-12622
2023-02-03 16:37:33 -03:00
Marcus Da Coregio
1648151dd2 Register hints for @WithSecurityContext on class level
Issue gh-12215
2022-11-17 10:18:15 -03:00
Marcus Da Coregio
177e11fbd7 Add WebTestUtils test runtime hints
Closes gh-12216
2022-11-16 11:16:20 -03:00
Marcus Da Coregio
7094ee3710 Add runtime hints for annotations using @WithSecurityContext
Closes gh-12215
2022-11-16 10:02:34 -03:00
Steve Riesenberg
7c872cf7fd Merge branch '5.8.x' 2022-10-12 15:02:40 -05:00
Steve Riesenberg
440748ec65 Add test support for Xor CSRF tokens
Issue gh-4001
2022-10-12 15:02:15 -05:00
Steve Riesenberg
5de6da890b Merge branch '5.8.x'
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
Steve Riesenberg
475b3bb6bb Add deferred CsrfTokenRepository.loadDeferredToken
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Steve Riesenberg
bcb21c9384 Merge branch '5.8.x'
# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
Steve Riesenberg
46696a9226 CsrfTokenRequestHandler extends CsrfTokenRequestResolver
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch
0efe26c1fd Merge branch '5.8.x'
Closes gh-11894
2022-09-22 13:47:04 -05:00
Rob Winch
d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
2022-09-22 11:09:44 -05:00
Steve Riesenberg
306a3bc20a Merge branch '5.8.x' 2022-09-12 10:49:40 -05:00
aSemy
6e2e8c41b5 typo fitler -> filter 2022-09-12 10:43:41 -05:00
aSemy
e7880b1815 Javadoc typo 'sue' -> 'use' 2022-09-12 10:43:03 -05:00
Rob Winch
0248421df1 Merge branch '5.8.x' 2022-09-08 10:15:24 -05:00
mariusz
b478e5bc93 gh-6899: @WithMockUser as metaannotation 2022-09-08 09:44:32 -05:00
Steve Riesenberg
206c6ffb54 Remove deprecation warnings with Context.putAll
Closes gh-11476
2022-07-08 16:03:45 -05:00
Josh Cummings
6ac9366657 Add SecurityContextHolderStrategy Test Support
Issue gh-11061
Issue gh-11444
2022-06-27 13:17:45 -06:00
Josh Cummings
f86992a0af Add SecurityContextHolderStrategy Test Support
Issue gh-11061
Issue gh-11444
2022-06-27 13:02:11 -06:00
Marcus Da Coregio
806e05855c Replace removed context-related operators
Closes gh-11194
2022-05-10 14:58:02 -03:00
Rob Winch
b1233d053f Add test support for SecurityContextHolderFilter
Issue gh-9635
2022-04-13 15:59:21 -05:00
Rob Winch
6e6d472da4 Add test support for SecurityContextHolderFilter
Issue gh-9635
2022-04-13 10:53:11 -05:00
Rob Winch
972039e65c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-12 13:31:04 -06:00
Rob Winch
87ed31a99c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-11 17:22:23 -06:00
Norbert Nowak
abd33389be Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:49:29 -07:00
Norbert Nowak
ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:23:35 -07:00
giger85
440e89095f Replace StringUtils class completely
Issue gh-9925
Closes gh-10805
2022-02-07 13:48:29 +01:00
giger85
4a3654a95b Replace StringUtils class completely
Issue gh-9925
Closes gh-10805
2022-02-07 13:47:52 +01:00
Marcus Da Coregio
db60df2f9c Update to Spring Framework 6.0
Issue gh-10360
2021-11-01 09:02:42 -03:00
Marcus Hert da Coregio
ab098f171d Propagate TestSecurityContextHolder to SecurityContextHolder
Create SecurityMockMvcResultHandlers to define security related MockMvc ResultHandlers
Create a method to allow copying the SecurityContext from the TestSecurityContextHolder to SecurityContextHolder

Closes gh-9565
2021-09-17 16:39:53 -03:00
Dávid Kováč
3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
2021-08-12 16:51:33 -06:00
Christian Frommeyer
8de631d5c6 Replace StringUtils from oauth2-oidc-sdk
SecurityMockServerConfigurers.java previously used the StringUtils from
the optional oauth2-oidc-sdk dependency. Replacing this with the
StringUtils from the spring framework this should not force adding the
dependency in cases where it is not actually used.

Closes gh-9923
2021-06-16 12:18:28 -06:00
Rob Winch
4515c86beb WithSecurityContextTestExecutionListener Respects @NestedTestConfiguration
Previously WithSecurityContextTestExecutionListener did not respect
@NestedTestConfiguration.

This commit switches to using TestContextAnnotationUtils to ensure that
@NestedTestConfiguration is respected.

Closes gh-9193
2020-11-06 15:11:50 -06:00
Rob Winch
87d8741730 WithSecurityContextTestExecutionListener Supports Nested Classes
WithSecurityContextTestExecutionListener now supports nested classes. If
the class is nested WithSecurityContext is not found, then the enclosing
class is looked at until there is no enclosing class.

Closes gh-9179
2020-11-03 17:36:37 -06:00
Phillip Webb
ef951bae90 Polish spring-security-test main code
Manually polish `spring-security-test` following the formatting
and checkstyle fixes.

Issue gh-8945
2020-08-24 17:33:09 -05:00
Phillip Webb
834dcf5bcf Use consistent ternary expression style
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
8d3f039f76 Reduce method visibility when possible
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
ec6a4cb3f0 Use consistent equals/hashCode/toString order
Ensure that `equals` `hashCode` and `toString` methods always appear in
the same order. This aligns with the style used in Spring Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
52f20b5281 Use parenthesis with single-arg lambdas
Use regular expression search/replace to ensure all single-arg
lambdas have parenthesis. This aligns with the style used in Spring
Boot and ensure that single-arg and multi-arg lambdas are consistent.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
01d90c9881 Hide utility class constructors
Update all utility classes so that they have a private constructor. This
prevents users from accidentally creating an instance, when they should
just use the static methods directly.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
ff94944313 Add whitespace after copyright header
Add an additional lines after the copyright header and before the
`package` declaration. This aligns with the style used by Spring
Framework.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
8d80166aaf Update exception variable names
Consistently use `ex` for caught exception and `cause` for Exception
constructor arguments.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
e9130489a6 Remove restricted static imports
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.

Issue gh-8945
2020-08-24 17:33:08 -05:00
Phillip Webb
4d487e8dc3 Ensure all files end with a new line
Update all files to ensure that they always end with a new-line
character.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb
a0b9442265 Use consistent modifier order
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb
3e700e7571 Remove (non-Javadoc) comments
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb
a2f2e9ac8d Move inner-types so that they are always last
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb
9e08b51ed3 Apply code cleanup rules to projects
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.

Issue gh-8945
2020-08-24 17:33:07 -05:00