DingHao
c631afcf5b
Avoid unnecessary instantiation of HttpSecurity when a SecurityFilterChain bean is provided
...
Signed-off-by: DingHao <dh.hiekn@gmail.com >
2025-01-09 17:23:58 -06:00
Josh Cummings
9ae432f0d2
Add Filter Chain Validation Test
...
Issue gh-15982
2024-12-19 15:04:01 -07:00
Max Batischev
624a8fb252
Add Alerting About Deprecated Authorize Config
...
Closes gh-16213
2024-12-19 15:04:01 -07:00
Max Batischev
e257af8854
Add Support Same Request Matchers Checking
...
Closes gh-15982
2024-12-19 15:04:01 -07:00
Max Batischev
e9bdb5b96e
Polish SecurityFilterChain Validation
...
Issue gh-15982
2024-12-19 15:04:01 -07:00
Josh Cummings
fa58ebbc0c
Merge branch '6.4.x'
2024-12-19 08:55:44 -07:00
Josh Cummings
05076db53a
Merge branch '6.3.x' into 6.4.x
2024-12-19 08:55:35 -07:00
Josh Cummings
a9f8a23e50
Merge branch '6.2.x' into 6.3.x
2024-12-19 08:55:25 -07:00
Josh Cummings
643a3f1206
Test Setting logoutRequestRepository
...
Issue gh-16093
2024-12-19 08:55:18 -07:00
Josh Cummings
1104b45832
Polish SessionLimit
...
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation
Issue gh-16206
2024-12-18 18:32:28 -07:00
Claudenir Machado
1864577e98
Address SessionLimitStrategy
...
Closes gh-16206
2024-12-18 18:32:12 -07:00
Josh Cummings
3eeb4317f6
Add setFavorRelativeUris
...
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.
Issue gh-7273
2024-12-17 22:35:41 -07:00
Michal Okosy
7848b959da
Use relative URLs in /login redirects
...
Closes gh-7273
2024-12-17 22:35:41 -07:00
Josh Cummings
25740db819
Merge branch '6.4.x'
2024-12-17 13:10:52 -07:00
Josh Cummings
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions
...
Issue gh-16276
2024-12-17 13:05:23 -07:00
Josh Cummings
d233b70285
Merge branch '6.4.x'
2024-12-17 09:37:01 -07:00
Josh Cummings
841c03fe3b
Add Serializable Compatilibity to Saml 2.0 Exceptions
...
Issue gh-16276
2024-12-17 09:36:29 -07:00
Josh Cummings
9d02949fa9
Merge branch '6.4.x'
2024-12-13 16:58:17 -07:00
Josh Cummings
b9911fd522
Add serialVersionUID to Authentication classes
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
Josh Cummings
77f76f8465
Merge branch '6.4.x'
2024-12-13 11:53:51 -07:00
Josh Cummings
e3cd4339b2
Add Serial Version
...
Closes gh-16163
2024-12-13 11:53:15 -07:00
Rob Winch
2fcd305509
Increment to 6.5.0-SNAPSHOT
...
Closes gh-16221
2024-12-12 21:47:11 -06:00
Josh Cummings
7592483654
Add Test to Report Missing serialVersionUID
...
Issue gh-16276
2024-12-12 18:12:11 -07:00
Josh Cummings
f7b9b7228f
Include Classes Listed in Generator Map
...
This allows testing of classes that are serializable,
but do not use Security's serialVersionUID.
Issue gh-16276
2024-12-12 18:07:53 -07:00
Josh Cummings
82cc3ad5ec
Arrange Class Generators by Module
...
Issue gh-16276
2024-12-12 18:07:52 -07:00
Josh Cummings
4cbaabb239
Added Testing
...
Issue gh-16177
2024-12-10 14:09:46 -07:00
Josh Cummings
4dd00fe146
Merge branch '6.3.x'
2024-12-06 15:19:19 -07:00
Josh Cummings
dd8ee38194
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16229
2024-12-06 15:18:42 -07:00
Josh Cummings
3d1e4b5f18
Polish Tests
...
Confirm that responses are a valid JSON map
Issue gh-16177
2024-12-06 15:14:07 -07:00
Tran Ngoc Nhan
39cd8d9faf
Update copyright headers
2024-12-05 14:52:59 -07:00
Josh Cummings
2b5a2eef82
Address Observation Bean Name Collisions
...
Closes gh-16161
2024-11-25 13:26:52 -07:00
Josh Cummings
a55021539a
Add RSocket and WebFlux Observation Tests
...
Issue gh-11989
Issue gh-11990
2024-11-25 13:26:52 -07:00
Josh Cummings
91832bfc8e
Add EnableWebSecurity + EnableWebSocketSecurity Test
...
Issue gh-16011
2024-11-20 13:28:06 -07:00
Daniel Garnier-Moiroux
2639ac6545
webauthn: introduce WebAuthnConfigurer#disableDefaultRegistrationPage
2024-11-14 12:11:43 -06:00
Daniel Garnier-Moiroux
de7c452e42
webauthn: use DefaultResourcesFilter#webauthn
...
- Unconditionally use the DefaultResourcesFilter, because the javascript file is required by the
DefaultWebAythnPageGeneratingFilter, which is always registered.
2024-11-14 12:11:43 -06:00
Rob Winch
5a95952c95
Merge branch '6.3.x'
...
Closes gh-16063
2024-11-11 15:17:02 -06:00
Rob Winch
e1ad989d38
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16062
2024-11-11 14:58:39 -06:00
Rob Winch
81e74e65d4
Support ServerExchangeRejectedHandler @Bean
...
Closes gh-16061
2024-11-11 14:58:00 -06:00
Cedric Montfort
d9d77bed82
Allow logout+jwt JWT type for reactive
...
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken ).
Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d )), so back
porting the same on the reactive side to close the gap.
Closes gh-15702
2024-10-28 14:21:48 -07:00
Josh Cummings
27294b2e11
Allow RelyingPartyRegistration Placeholder Resolution in XML
...
Closes gh-14645
2024-10-25 16:12:27 -06:00
Rob Winch
1ba6301afa
Support ServerWebExchangeFirewall @Bean
...
Closes gh-15987
2024-10-25 12:13:41 -05:00
Rob Winch
8d5fddda9d
Merge branch '6.3.x'
...
Support ServerWebExchangeFirewall @Bean
Closes gh-15974in 6.4.x
2024-10-25 12:07:01 -05:00
Rob Winch
adc66e134b
Merge branch '6.2.x' into 6.3.x
...
Support ServerWebExchangeFirewall @Bean
Closes gh-15991
2024-10-25 11:56:53 -05:00
Rob Winch
3ba1263d64
Support ServerWebExchangeFirewall @Bean
...
Closes gh-15987
2024-10-24 16:47:36 -05:00
Tomasz Letachowicz
b2e0539ff5
Add localization to DefaultLoginPageConfigurerTests test in order to avoid failure when system language is different
2024-10-24 11:34:34 -05:00
Josh Cummings
8bac87fb20
Merge branch '6.3.x'
2024-10-23 15:24:32 -07:00
Josh Cummings
c104f44546
Merge branch '6.2.x' into 6.3.x
2024-10-23 15:23:15 -07:00
Scott Murphy Heiberg
18dba34bde
Make RequestMatcherDelegatingAuthorizationManager Post-Processable
...
Closes gh-15948
2024-10-23 15:15:10 -07:00
xhaggi
7f537241e7
Use SessionAuthenticationStrategy for Remember-Me authentication
...
Closes gh-2253
2024-10-15 14:07:07 -07:00
Max Batischev
d37d41c130
Polish One-Time Token API Names and Doc
...
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.
Issue gh-15114
2024-10-15 14:04:56 -07:00