Josh Cummings
a7562ad950
Update io.spring.javaformat to 0.0.38
...
Closes gh-12891
2023-03-20 10:44:35 -06:00
Josh Cummings
3ad6c6ce06
Use EntityId-lookup Components
...
Closes gh-12880
2023-03-17 18:00:02 -06:00
Josh Cummings
46452c0cae
Add saml2Metadata
...
Closes gh-11828
2023-03-17 18:00:02 -06:00
hdeadman
e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
hdeadman
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
Marcus Da Coregio
963a18a27f
Merge branch '6.0.x'
...
Closes gh-12778
2023-02-23 15:17:47 -03:00
Marcus Da Coregio
7d22e02593
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12777
2023-02-23 15:17:25 -03:00
Marcus Da Coregio
97ba596ca3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12776
2023-02-23 15:17:04 -03:00
Marcus Da Coregio
1c3ce1e401
Fix entity-id ignored in RelyingPartyRegistration XML config
...
Closes gh-11898
2023-02-23 15:16:40 -03:00
Josh Cummings
afb5a4ae2c
Merge branch '6.0.x'
...
Closes gh-12688
2023-02-16 14:56:55 -07:00
Josh Cummings
cedb9fd199
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12687
2023-02-16 14:56:32 -07:00
Josh Cummings
0baf650f38
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12686
2023-02-16 14:55:22 -07:00
Leonid Rozenblyum
000b4bc495
Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
...
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.
In particular, this exception can occur when mixing standard and custom DSL to register filters.
The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.
It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.
The error handling is implemented similarly to HttpSecurity#addFilter.
Closes gh-12637
2023-02-16 14:54:44 -07:00
Josh Cummings
d91837eadc
Merge branch '6.0.x'
...
Closes gh-12641
2023-02-07 12:46:42 -07:00
Tobias Meurer
7dd5cc6082
Pick Up Custom SecurityContextRespository
...
Closes gh-12579
2023-02-07 12:46:12 -07:00
Marcus Da Coregio
da28a426f2
Merge branch '6.0.x'
...
Closes gh-12625
2023-02-03 14:35:08 -03:00
Marcus Da Coregio
3572111cf5
Add JwtDecoder hint for oauth2Login
...
Closes gh-12615
2023-02-03 14:34:32 -03:00
Evgeniy Cheban
59829321a8
Allow configuring SecurityContextRepository for BasicAuthenticationFilter
...
Closes gh-12031
2023-02-03 10:09:16 -06:00
Steve Riesenberg
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
Steve Riesenberg
13487be268
Default to XorCsrfChannelInterceptor in 6.0.x
...
Closes gh-12378
2023-01-26 15:45:04 -06:00
Steve Riesenberg
1363a4eece
Merge branch '5.8.x' into 6.0.x
2023-01-26 15:44:47 -06:00
Josh Cummings
1243d1327e
Merge branch '6.0.x'
...
Closes gh-12593
2023-01-26 14:09:19 -07:00
Josh Cummings
c3563df25a
Include HttpStatusRequestRequestedHandler
...
Closes gh-12548
2023-01-26 14:07:22 -07:00
Josh Cummings
66711f2365
Add RequestRejectedHandler Test
...
Issue gh-12548
2023-01-26 13:07:16 -07:00
Steve Riesenberg
c306df9b46
Add XorCsrfChannelInterceptor
...
Issue gh-12378
2023-01-23 16:00:35 -06:00
Evgeniy Cheban
d84b8d2d12
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context
...
Closes gh-12473
2023-01-10 10:54:37 -07:00
Josh Cummings
e61b17fe13
Merge branch '6.0.x'
...
Closes gh-12514
2023-01-10 10:21:38 -07:00
Josh Cummings
5b6b3d585f
Change EnableReactiveMethodSecurity Defaults
...
Closes gh-12506
2023-01-10 08:30:52 -07:00
Joe Grandja
e139f1c2ba
Polish gh-12438
2022-12-22 11:16:19 -05:00
Spas Poptchev
919280b3e4
Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration
...
Closes gh-12430
2022-12-22 10:12:18 -05:00
Marcus Da Coregio
ca333203aa
Merge branch '6.0.x'
...
Closes gh-12372
2022-12-14 10:30:55 -03:00
Marcus Da Coregio
7080ea652f
Add hints for ProxyFactoryBean AuthenticationManager
...
Closes gh-12367
2022-12-14 10:16:04 -03:00
Marcus Da Coregio
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
Steve Riesenberg
dd9f954ace
Fix tests in CsrfConfigurerTests
...
Closes gh-12241
2022-11-18 14:58:41 -06:00
Steve Riesenberg
5da78f44f2
Merge branch '5.8.x'
2022-11-18 14:54:33 -06:00
Steve Riesenberg
ea6ce05662
Add configurer tests for CookieCsrfTokenRepository
...
Issue gh-12236
2022-11-18 13:12:59 -06:00
Steve Riesenberg
2ed7cff643
Check for existing token before clearing
...
Closes gh-12236
2022-11-18 13:12:59 -06:00
Josh Cummings
e08ed89403
Polish Span and Meter Names
...
Closes gh-12156
2022-11-17 15:09:52 -07:00
Marcus Da Coregio
3b5d19c8a4
Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1
...
Closes gh-12146
Closes gh-12148
2022-11-08 08:34:21 -03:00
Josh Cummings
fc8e20b89f
Merge branch '5.8.x'
...
Closes gh-12133
2022-11-02 15:49:18 -06:00
Josh Cummings
3192618220
Add authenticationFailureHandler
...
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer
Closes gh-12132
2022-11-02 15:35:01 -06:00
Rob Winch
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
Josh Cummings
abe68abfe4
Merge remote-tracking branch 'origin/5.8.x'
2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa
bd4e0fb5db
Set LogoutRequestRepository on Saml2 LogoutSuccessHandler
...
Closes gh-11363
2022-10-26 16:44:23 -06:00
Rob Winch
9cb668aec2
SessionManagementConfigurer properly defaults SecurityContextRepository
...
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.
This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.
Closes gh-12070
2022-10-20 10:57:47 -05:00
Rob Winch
a4858d9eaa
Add SpringTestContext.addFilter
...
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.
Closes gh-12071
2022-10-20 10:54:24 -05:00
Steve Riesenberg
33b492df54
Default to DelegatingSecurityContextRepository
...
Closes gh-12023
Closes gh-12049
2022-10-17 20:04:43 -05:00
Steve Riesenberg
bd43c1f28a
Merge branch '5.8.x'
...
# Conflicts:
# web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
# web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
Steve Riesenberg
c75ca10900
Add DeferredSecurityContext
...
Issue gh-12023
2022-10-17 19:33:58 -05:00
Joe Grandja
753e113a13
RequestMatcherDelegatingAuthorizationManager defaults to deny
...
Closes gh-11958
2022-10-13 11:12:00 -04:00