Commit Graph

1152 Commits

Author SHA1 Message Date
Josh Cummings
a7562ad950 Update io.spring.javaformat to 0.0.38
Closes gh-12891
2023-03-20 10:44:35 -06:00
Josh Cummings
3ad6c6ce06 Use EntityId-lookup Components
Closes gh-12880
2023-03-17 18:00:02 -06:00
Josh Cummings
46452c0cae Add saml2Metadata
Closes gh-11828
2023-03-17 18:00:02 -06:00
hdeadman
e0284a4503 Fix CAS packages for 4.0.1 and Jasig references
Issue gh-11674
2023-03-01 17:21:24 -03:00
hdeadman
b4d3ac6665 Revert "Remove CAS module"
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
Marcus Da Coregio
963a18a27f Merge branch '6.0.x'
Closes gh-12778
2023-02-23 15:17:47 -03:00
Marcus Da Coregio
7d22e02593 Merge branch '5.8.x' into 6.0.x
Closes gh-12777
2023-02-23 15:17:25 -03:00
Marcus Da Coregio
97ba596ca3 Merge branch '5.7.x' into 5.8.x
Closes gh-12776
2023-02-23 15:17:04 -03:00
Marcus Da Coregio
1c3ce1e401 Fix entity-id ignored in RelyingPartyRegistration XML config
Closes gh-11898
2023-02-23 15:16:40 -03:00
Josh Cummings
afb5a4ae2c Merge branch '6.0.x'
Closes gh-12688
2023-02-16 14:56:55 -07:00
Josh Cummings
cedb9fd199 Merge branch '5.8.x' into 6.0.x
Closes gh-12687
2023-02-16 14:56:32 -07:00
Josh Cummings
0baf650f38 Merge branch '5.7.x' into 5.8.x
Closes gh-12686
2023-02-16 14:55:22 -07:00
Leonid Rozenblyum
000b4bc495 Fix NPE in HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter
Before the fix, these methods would throw a NPE in case when the filter class passed as the second parameter, is not registered yet.

In particular, this exception can occur when mixing standard and custom DSL to register filters.

The fix doesn't change the situation that standard DSL for registration of filters cannot refer to filters that are registered via custom DSL even though those calls were done earlier.

It just provides more user-friendly error handling for this and most likely other scenarios of calls of HttpSecurity#addFilterBefore, HttpSecurity#addFilterAfter.

The error handling is implemented similarly to HttpSecurity#addFilter.

Closes gh-12637
2023-02-16 14:54:44 -07:00
Josh Cummings
d91837eadc Merge branch '6.0.x'
Closes gh-12641
2023-02-07 12:46:42 -07:00
Tobias Meurer
7dd5cc6082 Pick Up Custom SecurityContextRespository
Closes gh-12579
2023-02-07 12:46:12 -07:00
Marcus Da Coregio
da28a426f2 Merge branch '6.0.x'
Closes gh-12625
2023-02-03 14:35:08 -03:00
Marcus Da Coregio
3572111cf5 Add JwtDecoder hint for oauth2Login
Closes gh-12615
2023-02-03 14:34:32 -03:00
Evgeniy Cheban
59829321a8 Allow configuring SecurityContextRepository for BasicAuthenticationFilter
Closes gh-12031
2023-02-03 10:09:16 -06:00
Steve Riesenberg
6abbdd3654 Merge branch '6.0.x' 2023-01-26 15:55:41 -06:00
Steve Riesenberg
13487be268 Default to XorCsrfChannelInterceptor in 6.0.x
Closes gh-12378
2023-01-26 15:45:04 -06:00
Steve Riesenberg
1363a4eece Merge branch '5.8.x' into 6.0.x 2023-01-26 15:44:47 -06:00
Josh Cummings
1243d1327e Merge branch '6.0.x'
Closes gh-12593
2023-01-26 14:09:19 -07:00
Josh Cummings
c3563df25a Include HttpStatusRequestRequestedHandler
Closes gh-12548
2023-01-26 14:07:22 -07:00
Josh Cummings
66711f2365 Add RequestRejectedHandler Test
Issue gh-12548
2023-01-26 13:07:16 -07:00
Steve Riesenberg
c306df9b46 Add XorCsrfChannelInterceptor
Issue gh-12378
2023-01-23 16:00:35 -06:00
Evgeniy Cheban
d84b8d2d12 AuthorizeHttpRequestsConfigurer.AuthorizedUrl.hasRole should look up for a RoleHierarchy bean in the context
Closes gh-12473
2023-01-10 10:54:37 -07:00
Josh Cummings
e61b17fe13 Merge branch '6.0.x'
Closes gh-12514
2023-01-10 10:21:38 -07:00
Josh Cummings
5b6b3d585f Change EnableReactiveMethodSecurity Defaults
Closes gh-12506
2023-01-10 08:30:52 -07:00
Joe Grandja
e139f1c2ba Polish gh-12438 2022-12-22 11:16:19 -05:00
Spas Poptchev
919280b3e4 Allow ServerOAuth2AuthorizationRequestResolver to be set on oauth2 client configuration
Closes gh-12430
2022-12-22 10:12:18 -05:00
Marcus Da Coregio
ca333203aa Merge branch '6.0.x'
Closes gh-12372
2022-12-14 10:30:55 -03:00
Marcus Da Coregio
7080ea652f Add hints for ProxyFactoryBean AuthenticationManager
Closes gh-12367
2022-12-14 10:16:04 -03:00
Marcus Da Coregio
e6173f9e5b Prepare for Spring Security 6.1 2022-11-28 15:47:10 -03:00
Steve Riesenberg
dd9f954ace Fix tests in CsrfConfigurerTests
Closes gh-12241
2022-11-18 14:58:41 -06:00
Steve Riesenberg
5da78f44f2 Merge branch '5.8.x' 2022-11-18 14:54:33 -06:00
Steve Riesenberg
ea6ce05662 Add configurer tests for CookieCsrfTokenRepository
Issue gh-12236
2022-11-18 13:12:59 -06:00
Steve Riesenberg
2ed7cff643 Check for existing token before clearing
Closes gh-12236
2022-11-18 13:12:59 -06:00
Josh Cummings
e08ed89403 Polish Span and Meter Names
Closes gh-12156
2022-11-17 15:09:52 -07:00
Marcus Da Coregio
3b5d19c8a4 Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1
Closes gh-12146
Closes gh-12148
2022-11-08 08:34:21 -03:00
Josh Cummings
fc8e20b89f Merge branch '5.8.x'
Closes gh-12133
2022-11-02 15:49:18 -06:00
Josh Cummings
3192618220 Add authenticationFailureHandler
- To ServerHttpSecurity#httpBasic
- To ServerHttpSecurity#oauthResourceServer

Closes gh-12132
2022-11-02 15:35:01 -06:00
Rob Winch
d860775b45 Document Defer load CsrfToken
Closes gh-12105
2022-10-28 15:41:25 -05:00
Josh Cummings
abe68abfe4 Merge remote-tracking branch 'origin/5.8.x' 2022-10-26 17:13:02 -06:00
mmoussa_mapfreusa
bd4e0fb5db Set LogoutRequestRepository on Saml2 LogoutSuccessHandler
Closes gh-11363
2022-10-26 16:44:23 -06:00
Rob Winch
9cb668aec2 SessionManagementConfigurer properly defaults SecurityContextRepository
Previously the default was an HttpSessionSecurityContextRepository which
meant that if a stateless authentication occurred the SecurityContext would
be lost on ERROR dispatch.

This commit ensures that the RequestAttributeSecurityContextRepository is
also consulted by default.

Closes gh-12070
2022-10-20 10:57:47 -05:00
Rob Winch
a4858d9eaa Add SpringTestContext.addFilter
Add SpringTestContext.addFilter which allows Spring Security's tests
to specify a Filter to be added to the SpringTestContext.

Closes gh-12071
2022-10-20 10:54:24 -05:00
Steve Riesenberg
33b492df54 Default to DelegatingSecurityContextRepository
Closes gh-12023
Closes gh-12049
2022-10-17 20:04:43 -05:00
Steve Riesenberg
bd43c1f28a Merge branch '5.8.x'
# Conflicts:
#	web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
#	web/src/test/java/org/springframework/security/web/context/SecurityContextRepositoryTests.java
2022-10-17 19:35:27 -05:00
Steve Riesenberg
c75ca10900 Add DeferredSecurityContext
Issue gh-12023
2022-10-17 19:33:58 -05:00
Joe Grandja
753e113a13 RequestMatcherDelegatingAuthorizationManager defaults to deny
Closes gh-11958
2022-10-13 11:12:00 -04:00