d9d161cd6b
Allow previously authorized users to access the error page
...
Prior to this commit, the `ErrorPageSecurityFilter` verified if
access to the error page was allowed by invoking the
`WebInvocationPrivilegeEvaluator` with the Authentication from the
`SecurityContextHolder`.
This meant that access to the error page was denied for a `null` Authentication
or `AnonymousAuthenticationToken` in cases where the error page required
authenticated access. This prevented authorized users from accessing the
error page in case the Authentication wasn't retrievable for the error dispatch,
which is the case for `@Transient` authentication or stateless session policy.
This commit updates the `ErrorPageSecurityFilter` to check access to the error page
only if the error is an authn or authz error in cases where an authentication object
is not found in the SecurityContextHolder. This makes the error response consistent
when bad credentials or no credentials are used while also allowing access to previously
authorized users.
Fixes gh-28953
2021-12-17 16:58:58 -08:00
c077ebecf7
Merge branch '2.5.x' into 2.6.x
...
Closes gh-29103
2021-12-17 16:37:53 +01:00
2fec06ac7e
Find annotation without initializing factory beans
...
Closes gh-28977
2021-12-17 16:08:30 +01:00
1c35ec2c3c
Merge branch '2.5.x' into 2.6.x
...
Closes gh-29012
2021-12-17 12:14:31 +01:00
5d0206320a
Upgrade to Logback 1.2.9
...
Closes gh-29011
2021-12-17 12:13:02 +01:00
bcaa59ce73
Merge branch '2.5.x' into 2.6.x
...
Closes gh-29098
2021-12-17 10:50:07 +01:00
614d34195a
Merge pull request #29094 from An1s9n
...
* pr/29094:
Polish CacheManager customization section in reference doc
Closes gh-29094
2021-12-17 10:50:00 +01:00
415c58e21b
Polish CacheManager customization section in reference doc
...
See gh-29094
2021-12-17 10:48:55 +01:00
10362a9315
Merge branch '2.5.x' into 2.6.x
...
Closes gh-29096
2021-12-17 10:30:26 +01:00
8c9d398422
Test our Gradle plugin against Gradle 7.3.2
...
Closes gh-29093
2021-12-17 09:11:44 +01:00
587d6fa309
Polish
2021-12-16 13:55:42 -08:00
f676602c96
Merge branch '2.5.x' into 2.6.x
2021-12-16 13:49:12 -08:00
783981ba98
Merge branch '2.4.x' into 2.5.x
2021-12-16 13:48:25 -08:00
d336a96b7f
Update web.xml xsd references to for 3.1 version
...
See gh-29075
2021-12-16 13:45:12 -08:00
a6a5b81dd0
Merge branch '2.5.x' into 2.6.x
2021-12-16 13:05:44 -08:00
f3bcbca841
Update copyright year of changed files
2021-12-16 13:05:17 -08:00
92b096abbf
Fix message interpolation when code is used as default message
...
When `setUseCodeAsDefaultMessage(true)` was set on a message source,
attempting to interpolate the default message returned from the message
source would result in the code being unusable by upstream message
resolvers.
Fixes gh-28930
2021-12-16 12:20:37 -06:00
6555ad404e
Merge branch '2.5.x' into 2.6.x
2021-12-16 17:51:40 +01:00
a7a37f4ad6
Upgrade to Spring Framework 5.3.14
...
Closes gh-28970
2021-12-16 17:50:53 +01:00
b8bf2cbbc7
Upgrade to Spring Framework 5.3.14
...
Closes gh-28961
2021-12-16 17:50:18 +01:00
55859ea64c
Stop accessing the datasource if initialization mode is set to never
...
Closes gh-28931
2021-12-16 16:50:22 +01:00
6e01c3edbe
Merge branch '2.5.x' into 2.6.x
...
Closes gh-29077
2021-12-15 22:17:22 -08:00
17363d1b3a
Merge branch '2.4.x' into 2.5.x
...
Closes gh-29076
2021-12-15 22:16:37 -08:00
1749c893dc
Update web-app version to 3.1
...
Update the web-app version specified in `web.xml` to 3.1 in order to
make Eclipse happy.
Closes gh-29075
2021-12-15 22:14:52 -08:00
9e6709eda0
Enable caching for system tests in CI
...
Setting the `systemTest` Gradle task output as never up-to-date ensures
that all system tests are executed each time they are run in CI. The
`--rerun-tasks` Gradle option that was used previously had the same
effect but also disabled build caching.
Closes gh-29029
2021-12-15 14:04:17 -06:00
3b4d27e4d3
Merge branch '2.5.x' into 2.6.x
2021-12-15 16:41:09 +01:00
30ebb17b2b
Polish
2021-12-15 16:38:27 +01:00
adece85619
Merge branch '2.5.x' into 2.6.x
2021-12-15 15:44:49 +01:00
a5734ef194
Upgrade to Reactor 2020.0.14
...
Closes gh-28969
2021-12-15 15:12:20 +01:00
28214e1e8c
Upgrade to Reactor 2020.0.14
...
Closes gh-28960
2021-12-15 15:11:38 +01:00
4f14428351
Upgrade to Undertow 2.2.14.Final
...
Closes gh-29072
2021-12-15 15:11:24 +01:00
e4a7e872ad
Upgrade to Tomcat 9.0.56
...
Closes gh-29071
2021-12-15 15:11:23 +01:00
a4fbc98667
Upgrade to Thymeleaf 3.0.14.RELEASE
...
Closes gh-29070
2021-12-15 15:11:21 +01:00
45e8711b5b
Upgrade to Spring WS 3.1.2
...
Closes gh-29069
2021-12-15 15:11:20 +01:00
3bbc4649b7
Upgrade to MSSQL JDBC 9.4.1.jre8
...
Closes gh-29068
2021-12-15 15:11:19 +01:00
0cec0a90a6
Upgrade to Kotlin 1.6.10
...
Closes gh-29067
2021-12-15 15:11:17 +01:00
36332d42b8
Upgrade to JUnit Jupiter 5.8.2
...
Closes gh-29066
2021-12-15 15:11:16 +01:00
657f6e0010
Upgrade to Jedis 3.7.1
...
Closes gh-29065
2021-12-15 15:11:15 +01:00
afd254424b
Upgrade to JDOM2 2.0.6.1
...
Closes gh-29064
2021-12-15 15:11:14 +01:00
7156e3fb23
Upgrade to HttpCore 4.4.15
...
Closes gh-29063
2021-12-15 15:11:13 +01:00
0219408b7e
Upgrade to HttpAsyncClient 4.1.5
...
Closes gh-29062
2021-12-15 15:11:11 +01:00
081d4f6d9c
Upgrade to Hibernate 5.6.2.Final
...
Closes gh-29061
2021-12-15 15:11:10 +01:00
76b1ec3cac
Upgrade to Hazelcast 4.2.3
...
Closes gh-29060
2021-12-15 15:11:09 +01:00
84d552f4d2
Upgrade to Flyway 8.0.5
...
Closes gh-29059
2021-12-15 15:11:08 +01:00
fedf341d65
Upgrade to Ehcache3 3.9.8
...
Closes gh-29058
2021-12-15 15:11:07 +01:00
0165c40f02
Upgrade to Dropwizard Metrics 4.2.5
...
Closes gh-29057
2021-12-15 15:11:05 +01:00
b11aa6d5cd
Upgrade to Couchbase Client 3.2.4
...
Closes gh-29056
2021-12-15 15:11:04 +01:00
d80e68adf0
Upgrade to Caffeine 2.9.3
...
Closes gh-29055
2021-12-15 15:11:03 +01:00
c45bdd19fd
Upgrade to AppEngine SDK 1.9.93
...
Closes gh-29054
2021-12-15 15:11:01 +01:00
97ee63b55b
Upgrade to Undertow 2.2.14.Final
...
Closes gh-29051
2021-12-15 14:01:27 +01:00
Madhura Bhave
Stephane Nicoll
Andy Wilkinson
Brian Clozel
Pavel Anisimov
Phillip Webb
Scott Frederick