Merge branch '6.4.x'
This commit is contained in:
Josh Cummings
commit
e1a42db845
|
|
@ -39,11 +39,13 @@ import java.util.Date;
|
|||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apereo.cas.client.validation.AssertionImpl;
|
||||
import org.instancio.Instancio;
|
||||
|
|
@ -58,9 +60,11 @@ import org.junit.jupiter.params.provider.MethodSource;
|
|||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
|
||||
import org.springframework.core.type.filter.AssignableTypeFilter;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AuthorizationServiceException;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.RunAsUserToken;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.authentication.AccountExpiredException;
|
||||
|
|
@ -104,13 +108,16 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
|
|||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.core.context.TransientSecurityContext;
|
||||
import org.springframework.security.core.session.AbstractSessionEvent;
|
||||
import org.springframework.security.core.session.ReactiveSessionInformation;
|
||||
import org.springframework.security.core.session.SessionInformation;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
|
||||
import org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus;
|
||||
import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
|
||||
import org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthority;
|
||||
import org.springframework.security.oauth2.client.ClientAuthorizationException;
|
||||
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
|
||||
|
|
@ -179,6 +186,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
|
|||
import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
|
||||
import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
|
||||
import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
|
||||
import org.springframework.security.web.PortResolverImpl;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetails;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
|
||||
|
|
@ -194,6 +202,8 @@ import org.springframework.security.web.csrf.DefaultCsrfToken;
|
|||
import org.springframework.security.web.csrf.InvalidCsrfTokenException;
|
||||
import org.springframework.security.web.csrf.MissingCsrfTokenException;
|
||||
import org.springframework.security.web.firewall.RequestRejectedException;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
import org.springframework.security.web.savedrequest.SimpleSavedRequest;
|
||||
import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
|
||||
import org.springframework.security.web.session.HttpSessionCreatedEvent;
|
||||
import org.springframework.security.web.webauthn.api.Bytes;
|
||||
|
|
@ -442,6 +452,8 @@ class SpringSecurityCoreVersionSerializableTests {
|
|||
generatorByClassName.put(JaasAuthenticationSuccessEvent.class,
|
||||
(r) -> new JaasAuthenticationSuccessEvent(authentication));
|
||||
generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext));
|
||||
generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value"));
|
||||
generatorByClassName.put(TransientSecurityContext.class, (r) -> new TransientSecurityContext(authentication));
|
||||
|
||||
// cas
|
||||
generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
|
||||
|
|
@ -466,6 +478,11 @@ class SpringSecurityCoreVersionSerializableTests {
|
|||
(r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2"))));
|
||||
generatorByClassName.put(PasswordPolicyException.class,
|
||||
(r) -> new PasswordPolicyException(PasswordPolicyErrorStatus.INSUFFICIENT_PASSWORD_QUALITY));
|
||||
generatorByClassName.put(PasswordPolicyControl.class, (r) -> new PasswordPolicyControl(true));
|
||||
generatorByClassName.put(PasswordPolicyResponseControl.class, (r) -> {
|
||||
byte[] encodedResponse = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 };
|
||||
return new PasswordPolicyResponseControl(encodedResponse);
|
||||
});
|
||||
|
||||
// saml2-service-provider
|
||||
generatorByClassName.put(Saml2AuthenticationException.class,
|
||||
|
|
@ -521,6 +538,20 @@ class SpringSecurityCoreVersionSerializableTests {
|
|||
(r) -> new AuthenticationSwitchUserEvent(authentication, user));
|
||||
generatorByClassName.put(HttpSessionCreatedEvent.class,
|
||||
(r) -> new HttpSessionCreatedEvent(new MockHttpSession()));
|
||||
generatorByClassName.put(SimpleSavedRequest.class, (r) -> {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/uri");
|
||||
request.setQueryString("query=string");
|
||||
request.setScheme("https");
|
||||
request.setServerName("localhost");
|
||||
request.setServerPort(80);
|
||||
request.setRequestURI("/uri");
|
||||
request.setCookies(new Cookie("name", "value"));
|
||||
request.addHeader("header", "value");
|
||||
request.addParameter("parameter", "value");
|
||||
request.setPathInfo("/path");
|
||||
request.addPreferredLocale(Locale.ENGLISH);
|
||||
return new SimpleSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl(), "continue"));
|
||||
});
|
||||
|
||||
// webauthn
|
||||
generatorByClassName.put(Bytes.class, (r) -> TestBytes.get());
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -29,6 +30,9 @@ import org.springframework.util.StringUtils;
|
|||
*/
|
||||
public class SecurityConfig implements ConfigAttribute {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -7138084564199804304L;
|
||||
|
||||
private final String attrib;
|
||||
|
||||
public SecurityConfig(String config) {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import org.springframework.security.authorization.method.AuthorizationManagerBef
|
|||
* @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
|
||||
*/
|
||||
@Deprecated
|
||||
@SuppressWarnings("serial")
|
||||
public class Jsr250SecurityConfig extends SecurityConfig {
|
||||
|
||||
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
|
|||
* instead
|
||||
*/
|
||||
@Deprecated
|
||||
@SuppressWarnings("serial")
|
||||
class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
||||
implements PostInvocationAttribute {
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.access.prepost.PreInvocationAttribute;
|
|||
* instead
|
||||
*/
|
||||
@Deprecated
|
||||
@SuppressWarnings("serial")
|
||||
class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
||||
implements PreInvocationAttribute {
|
||||
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ import org.springframework.util.CollectionUtils;
|
|||
* @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly
|
||||
*/
|
||||
@Deprecated
|
||||
@SuppressWarnings("serial")
|
||||
public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
|
||||
|
||||
private transient MethodSecurityMetadataSource attributeSource;
|
||||
|
|
|
|||
|
|
@ -405,6 +405,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
|
|||
* Represents a version list item. This class is used both for the global item list
|
||||
* and for sub-lists (which start with '-(number)' in the version specification).
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
private static class ListItem extends ArrayList<Item> implements Item {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@
|
|||
|
||||
package org.springframework.security.core.context;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.Transient;
|
||||
|
||||
|
|
@ -30,6 +32,9 @@ import org.springframework.security.core.Transient;
|
|||
@Transient
|
||||
public class TransientSecurityContext extends SecurityContextImpl {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -7925492364422193347L;
|
||||
|
||||
public TransientSecurityContext() {
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@
|
|||
|
||||
package org.springframework.security.ldap.ppolicy;
|
||||
|
||||
import java.io.Serial;
|
||||
|
||||
import javax.naming.ldap.Control;
|
||||
|
||||
/**
|
||||
|
|
@ -37,6 +39,9 @@ public class PasswordPolicyControl implements Control {
|
|||
*/
|
||||
public static final String OID = "1.3.6.1.4.1.42.2.27.8.5.1";
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 2843242715616817932L;
|
||||
|
||||
private final boolean critical;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package org.springframework.security.ldap.ppolicy;
|
|||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.Serial;
|
||||
|
||||
import netscape.ldap.ber.stream.BERChoice;
|
||||
import netscape.ldap.ber.stream.BERElement;
|
||||
|
|
@ -53,6 +54,9 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
|
|||
|
||||
private static final Log logger = LogFactory.getLog(PasswordPolicyResponseControl.class);
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4592657167939234499L;
|
||||
|
||||
private final byte[] encodedValue;
|
||||
|
||||
private PasswordPolicyErrorStatus errorStatus;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
package org.springframework.security.web.savedrequest;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -35,6 +36,9 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class SimpleSavedRequest implements SavedRequest {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 807650604272166969L;
|
||||
|
||||
private String redirectUrl;
|
||||
|
||||
private List<Cookie> cookies = new ArrayList<>();
|
||||
|
|
|
|||
Loading…
Reference in New Issue