Commit Graph

1432 Commits

Author SHA1 Message Date
Josh Cummings
45da5c94b6 Support Serialization in Test Classes
Issue gh-16276
2025-01-17 14:15:30 -07:00
Josh Cummings
69cbe12a7b Register Authorization Proxied Type
Closes gh-16106
2024-11-15 15:07:37 -07:00
Josh Cummings
981fbd5c2c Polish Tests
Closes gh-14768
2024-10-24 20:51:34 -07:00
Steve Riesenberg
af2b84246b Fix flaky test
Issue gh-15735
2024-10-18 12:22:08 -05:00
Josh Cummings
9ce5a76e8c Polish AuthorizationManager#authorize
Issue gh-14843
2024-10-14 11:48:57 -07:00
Max Batischev
e7644925f8 Add AuthorizationResult support for AuthorizationManager
Closes gh-14843
2024-10-14 11:48:57 -07:00
Josh Cummings
702538ebce AuthorizationEventPublisher Accepts AuthorizationResult
Closes gh-15915

Co-authored-by: Max Batischev <mblancer@mail.ru>
2024-10-14 11:48:57 -07:00
Max Batischev
2ca2e56383 Add Reactive One-Time Token Login support
Closes gh-15699
2024-10-07 16:39:54 -07:00
Rob Winch
1dd79c379b Add JdbcOneTimeTokenService
Closes gh-15735
2024-10-02 14:42:13 -05:00
Rob Winch
c4b60cd080 Reduce visibility for JdbcOneTimeTokenServiceTests
Issue gh-15735
2024-10-02 14:24:23 -05:00
Rob Winch
e8c71df899 Use private Inner JdbcOneTimeTokenService classes
Issue gh-15735
2024-10-02 14:24:23 -05:00
Rob Winch
612b15abcc JdbcOneTimeTokenService.setCleanupCron
Spring Security uses setter methods for optional member variables. Allows
for a null cleanupCron to disable the cleanup.

In a clustered environment it is likely that users do not want all nodes
to be performing a cleanup because it will cause contention on the ott
table.

Another example is if a user wants to invoke cleanUpExpiredTokens with a
different strategy all together, they might want to disable the cron job.

Issue gh-15735
2024-10-02 14:22:25 -05:00
Rob Winch
4787ac254d cleanUpExpiredTokens->cleanupExpiredTokens
Issue gh-15735
2024-10-02 10:59:26 -05:00
Rob Winch
4f328c9503 destroy() shuts down the taskScheduler
Issue gh-15735
2024-10-02 10:59:21 -05:00
Max Batischev
0c216f0b59 Add public to setClock method in InMemoryOneTimeTokenService
Closes gh-15863
2024-09-30 15:33:33 -05:00
Max Batischev
50cc36d53e Add support JdbcOneTimeTokenService
Closes gh-15735
2024-09-29 00:06:10 +03:00
Jonny Coddington
b90851d968 Improve Error Messages for PasswordEncoder
Closes gh-14880

Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>
2024-09-17 14:16:08 -07:00
Marcus Hert Da Coregio
0618d4e03f Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions
Closes gh-14652
2024-09-13 08:42:14 -03:00
Josh Cummings
fd5d03d384 Add AuthorizeReturnObject Hints
Closes gh-15709
2024-09-10 11:57:31 -07:00
Josh Cummings
da38b13a17 Add SecurityHintsRegistrar
An interface for registering hints based on Security infrastructure
beans.

Closes gh-15772
2024-09-10 11:57:31 -07:00
Josh Cummings
fce2eb1531 Add AuthorizationProxy Interface
Closes gh-15747
2024-09-09 15:39:03 -06:00
Niels Basjes
2dc787a573 Fix adding more implied roles in the RoleHierarchy Builder.
Closes gh-15717

Signed-off-by: Niels Basjes <niels@basjes.nl>
2024-09-04 10:28:50 -03:00
Marcus Hert Da Coregio
00e4a8fb54 Add support for One-Time Token Login
Closes gh-15114
2024-09-03 10:07:56 -03:00
DingHao
fd05c5ad76 Remove Advised Methods from Authorization Proxy Objects
Closes gh-15561
2024-08-30 10:40:25 -07:00
Josh Cummings
626610a975 Polish Annotation API
Rename to a class that isn't focused on the synthesis implementation detail.
Also add Security to the front of the name to clarify that it is only intended
for security annotations, reminiscent of SecurityMetadataSource.

Refine method signatures to better articulate supported use cases.

Issue gh-15286
2024-08-30 08:51:49 -06:00
Josh Cummings
cc6de8fa5d Hide MergedAnnotation Implementation Details
Issue gh-15286
2024-08-29 17:27:14 -06:00
Josh Cummings
59ec1f6480 Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.

Issue gh-15497
2024-08-12 10:12:14 -06:00
MrJovanovic13
6d657ea3da InMemoryUserDetailsManager preserve user type
Closes gh-3192
2024-08-09 10:09:41 -06:00
MrJovanovic13
503d653cea Add InMemoryUserDetailsManager tests
Tests added:
createUserWhenUserAlreadyExistsThenException
updateUserWhenUserDoesNotExistThenException
loadUserByUsernameWhenUserNullThenException

Issue gh-3192
2024-08-09 10:09:41 -06:00
Josh Cummings
de77e054fd Default Handler Resolution to Reflection-Based
Closes gh-15496
2024-08-07 14:34:40 -06:00
Josh Cummings
02cca6f737 Polish AuthorizationAdvisorProxyFactory advisor configuration
Closes gh-15497
2024-08-07 10:09:51 -06:00
Josh Cummings
37a2812d1a Mimic Annotation Fallback Logic
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.

This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.

Issue gh-15352
2024-07-31 16:17:42 -06:00
Josh Cummings
77bce14462 Polish Annotation Test
This new arrangement of the test better matches the class
hierarchy described by the original ticket.

Issue gh-13234
2024-07-31 16:17:42 -06:00
Josh Cummings
90335bd0a6 Polish Annotation Test
This test was made more effective by having it focus on the real
scenario of resolving annotations from the standpoint of a bean
2024-07-31 16:17:42 -06:00
Josh Cummings
c736e075c1 Add AnnotationSythesizer API
Closes gh-13234
Closes gh-13490
Closes gh-15097
2024-07-18 09:55:17 -06:00
Josh Cummings
e3438aa36a Support AliasFor
Closes gh-15436
2024-07-18 09:46:39 -06:00
Josh Cummings
03bcc6776a Correct Authorization Tests
Issue gh-9289
2024-07-18 09:46:38 -06:00
Josh Cummings
56c93afc66 Correct Tests About Conflicting Annotations
Issue gh-9289
2024-07-18 09:46:38 -06:00
Blagoja Stamatovski
63f48167bd Add Kotlin support to PreFilter and PostFilter annotations
Closes gh-15093
2024-05-31 12:32:28 -06:00
Marcus Hert Da Coregio
b3c7f3ff19 Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
Issue gh-7395
2024-04-30 08:38:03 -03:00
Marcus Hert Da Coregio
2fbbcc4bd0 Polish Method Authorization Denied Handling
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method

Issue gh-14601
2024-04-12 15:55:25 -03:00
Josh Cummings
50b85aea0d Handle SpEL AuthorizationDeniedExceptions
Closes gh-14600
2024-04-10 15:36:23 -07:00
Marcus Hert Da Coregio
61eba00654 Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.

Issue gh-7395
2024-04-10 14:58:01 -03:00
Josh Cummings
c8e5fbf21b Fix Package Tangle
Issue gh-14598
2024-04-05 16:48:52 -06:00
Josh Cummings
6f07d63938 Support SpEL Returning AuthorizationDecision
Closes gh-14598
2024-04-04 11:32:00 -06:00
Josh Cummings
0a9c482f62 Revert "Support SpEL Returning AuthorizationDecision"
This reverts commit 77f2977c55.
2024-04-04 11:31:45 -06:00
Josh Cummings
77f2977c55 Support SpEL Returning AuthorizationDecision
Closes gh-14599
2024-04-04 09:52:15 -07:00
Marcus Hert Da Coregio
d85857f905 Add Authorization Denied Handlers for Method Security
Closes gh-14601
2024-04-03 09:25:12 -03:00
Marcus Hert Da Coregio
7d66525e23 Add Compromised Password Checker
Closes gh-7395
2024-04-01 09:48:07 -03:00
Josh Cummings
9898e0e993 Move AuthorizationAdvisorProxyFactory
To prevent package tangles

Issue gh-14596
2024-03-22 11:00:39 -06:00