5bb5d0f6be
Polish gh-16589
2025-03-18 18:07:56 -05:00
fc1469ad5e
Ensure ID Token is updated after refresh token
...
Signed-off-by: Hao <kyrieeeee2@gmail.com>
2025-03-18 18:07:56 -05:00
e6223dede3
Merge branch '6.4.x'
...
- adb303e
2025-03-17 14:34:18 -05:00
05116eabbd
Merge branch '6.3.x' into 6.4.x
...
- adb303e
2025-03-17 14:18:49 -05:00
adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
2025-03-17 14:16:44 -05:00
3a11d1529d
Merge branch '6.4.x'
...
- Disable Flaky WebAuthnWebDriverTests
Closes gh-16754
2025-03-17 13:57:37 -05:00
f2f9d8282a
Disable Flaky WebAuthnWebDriverTests
...
Closes gh-16753
2025-03-17 13:54:17 -05:00
58a665e5aa
Add Support SingleResultAuthorizationManager
...
Closes gh-16590
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-03-07 13:46:23 -07:00
72070cd191
Deprecate ChannelSecurityConfigurer
...
Closes gh-16680
2025-02-28 09:38:45 -07:00
be23268c37
Add redirectToHttps DSL Configurer
...
Closes gh-16679
2025-02-28 09:38:07 -07:00
fa35c5b4d8
Make DefaultOneTimeToken Serializable
...
Closes gh-16617
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-27 12:49:48 -07:00
76a566265c
Use PortResolver Beans by Default
...
Closes gh-16664
2025-02-26 16:13:10 -06:00
7d301f87d6
Add Opt-in PathPattern Strategy
...
Closes gh-16573
2025-02-21 13:40:24 -07:00
588220a020
Add PathPatterRequestMatcher
...
Closes gh-16429
Clsoes gh-16430
2025-02-21 13:40:23 -07:00
51ce91f07b
Merge branch '6.4.x'
2025-02-18 15:11:08 -07:00
cc2cfc62b0
Add Test Requiring serialVersionUID
...
Issue gh-16276
2025-02-18 15:06:50 -07:00
c4b223266c
Return Invalid Credentials message on login error
...
Closes gh-16484
Signed-off-by: tejas-teju <tejas8196@gmail.com>
2025-02-14 16:01:22 -07:00
e42865b926
Merge branch '6.4.x'
2025-02-14 13:08:17 -07:00
946812691e
Make AuthenticatorAttestation Serializable
...
Issue gh-16481
2025-02-14 13:07:56 -07:00
b5a4218a0b
Make WebAuthnAuthenticationRequestToken Serializable
...
Closes gh-16481
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-14 11:51:46 -07:00
f9e04594a7
Refactor authorization manager variable naming
...
- Renamed PERMIT_ALL_AUTHORIZATION_MANAGER to snake_case style
- Introduced AUTHORIZATION_DECISION for reuse
Signed-off-by: plll0123 <jsh951227@gmail.com>
2025-02-14 10:02:55 -07:00
666d3a4af6
Merge branch '6.4.x'
2025-02-13 17:25:39 -07:00
879b44f9a1
Make PublicKeyCredentialRequestOptions Serializable
...
Closes gh-16432
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-13 17:17:16 -07:00
2480d41981
Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP)
...
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
2025-02-11 14:10:23 -05:00
238f47ce5e
One Time Token login registers the default login page
...
closes gh-16414
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-02-10 09:55:51 -06:00
5ee6b83953
Introduce OneTimeTokenAuthenticationFilter
...
closes gh-16539
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-02-10 09:55:51 -06:00
8e19b8039c
Merge branch '6.4.x'
2025-02-05 15:49:20 -07:00
4776446b14
Add Missing Serialzed AuthorizationDeniedException
...
Issue gh-16544
2025-02-05 15:48:55 -07:00
9676739c88
TestServerOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable
...
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-05 14:14:16 -07:00
be81377235
Add Support ServerGenerateOneTimeTokenRequestResolver
...
Closes gh-16488
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-02-05 14:14:16 -07:00
981e3fd779
Merge branch '6.4.x'
2025-02-05 13:59:12 -07:00
b4c7795699
Support Serialization for Authorization Components
...
Closes gh-16544
2025-02-05 13:58:32 -07:00
f7e0f7fa8a
Polish OneTimeTokenLoginConfigurer
...
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-02-04 12:38:27 -07:00
5ff87128b1
Make Saml2AuthenticationToken Serializable
...
Issue gh-16286
2025-02-03 10:13:14 -07:00
bcc4b415b3
Make RelyingPartyRegistration Serializable
...
Closes gh-16286
2025-02-03 10:13:13 -07:00
10394c8f2a
OTT Tests use Mocks Instead of Comparing Expires
...
Previously, expires was compared to test if a custom implementations
were used. Now the tests verify this through mocks.
Closes gh-16515
2025-01-31 16:47:50 -06:00
5af4b9a2ad
Merge branch '6.4.x'
2025-01-30 18:06:01 -07:00
4b5bacf71a
Make Saml2AuthenticationToken Serializable
...
Issue gh-16286
2025-01-30 18:05:17 -07:00
e50415de85
Make RelyingPartyRegistration Serializable
...
Closes gh-16286
2025-01-30 17:45:41 -07:00
28615e7f64
Remove Stray Import
2025-01-24 11:47:40 -07:00
a841737941
Use credPropsField.getType()
...
Using the type from a field retains generics information.
Issue gh-16432
2025-01-23 20:13:11 -06:00
c7bc4c98db
Make PublicKeyCredentialRequestOptions Serializable
...
Closes gh-16432
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-23 20:13:10 -06:00
e1a42db845
Merge branch '6.4.x'
2025-01-23 17:03:53 -07:00
e1e5970a24
Support Serialization for LDAP Components
...
Issue gh-16276
2025-01-23 16:55:30 -07:00
36716d12ba
Serialization Support of Core Components
...
Issue gh-16276
2025-01-23 16:50:30 -07:00
d7921daa13
Support Serialization for SecurityConfig
...
Issue gh-16276
2025-01-23 16:44:53 -07:00
d043884e32
Support Serialization
...
Issue gh-16276
2025-01-23 16:44:45 -07:00
177ce59a4b
Merge branch '6.4.x'
...
Implement Serializable for WebAuthnAuthentication
Closes gh-16474
2025-01-23 14:12:30 -06:00
e557c7227b
Implement Serializable for WebAuthnAuthentication
...
Closes gh-16273
Closes gh-16285
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-01-23 13:53:26 -06:00
f8132018d5
Merge branch '6.4.x'
...
TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable
Closes gh-16472
2025-01-23 12:45:09 -06:00
751b5580a1
TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable
...
Previously there were race conditions on the static member lastToken of
TestOneTimeTokenGenerationSuccessHandler. This is because the tests run in
parallel and one test may override the other tests lastToken and thus
make the assertion on it incorrect.
This commit changes lastToken to be a non-static variable to ensure that
each test has it's own lastToken for asserting the expected value.
Closes gh-16471
2025-01-23 12:43:22 -06:00
4f860a5481
Merge branch '6.4.x'
...
# Conflicts:
# config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
2025-01-22 17:30:29 -06:00
474b5e151a
Add Support GenerateOneTimeTokenRequestResolver
...
Closes gh-16291
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-22 17:09:55 -06:00
d97e01d1de
Merge branch '6.3.x' into 6.4.x
...
Closes gh-16466
2025-01-22 17:09:34 -06:00
211fa52649
Favor provided instances over shared objects
...
Prior to this commit, providing oauth2Login() and oauth2Client() with
clientRegistrationRepository() and authorizedClientRepository() caused
objects to be shared across both configurers.
These configurers will now prefer explicitly provided instances of
those objects when they are available.
Closes gh-16105
2025-01-22 17:07:44 -06:00
68c8a5ad99
Remove debug test
...
Issue gh-16443
2025-01-22 16:11:25 -06:00
6149489b70
Merge branch '6.4.x'
...
fix flakey test in WebAuthnWebDriverTests
Closes gh-16464
2025-01-22 14:46:05 -06:00
028c212be4
fix flakey test in WebAuthnWebDriverTests
...
Closes gh-16463
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-01-22 14:45:44 -06:00
4ee9358900
Add serializeAndDeserializeAreEqual
...
Checks that serialization/deserialization can be performed.
Issue gh-16443
2025-01-22 14:06:11 -06:00
e5ea75f7f4
Implement Serial
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-01-21 18:14:52 -06:00
a2abe3c33e
Add HttpMessageConverter WebAuthnDsl Support
...
Issue gh-16397
2025-01-17 21:07:46 -06:00
4314e68329
Add WebAuthenticationDsl.creationOptionsRepository
...
Issue gh-16396
2025-01-17 20:51:43 -06:00
bea232237f
Fix whitespace
2025-01-17 20:51:43 -06:00
f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean
...
Closes gh-16369
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-17 18:57:08 -06:00
5462b4c358
webauthnWhenConfiguredMessageConverter uses mock
...
Issue gh-16397
2025-01-17 18:29:23 -06:00
0d4f786484
Fix WebAuthnConfigurer Javadoc
...
Issue gh-16397
2025-01-17 18:29:23 -06:00
8181cec06c
Set HttpMessageConverter by DSL
...
Closes gh-16369
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-17 18:29:23 -06:00
c2a5709e0f
Merge branch '6.4.x'
2025-01-17 16:09:01 -07:00
bbe4f87641
Mark Serialization Support for Events
...
Issue gh-16276
2025-01-17 16:08:31 -07:00
17fb4d1c0d
Fixed typo in WebAuthnDsl
...
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-16 14:33:57 -07:00
443af32314
Move Servlet Mocks to Web
...
Issue gh-13551
2025-01-15 17:32:58 -07:00
8827b2e564
Polish Using Request ServletContext
...
Issue gh-14418
2025-01-15 17:27:08 -07:00
75a35793dc
Polish requestMatchers Logic
...
Issue gh-13551
2025-01-15 17:27:00 -07:00
6019803064
Merge branch '6.4.x'
2025-01-14 18:38:14 -07:00
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
2025-01-14 18:37:53 -07:00
8035815e56
Merge branch '6.4.x'
2025-01-14 16:29:06 -07:00
feea103050
Formatting
...
Issue gh-16276
2025-01-14 16:28:53 -07:00
28644aa966
Merge branch '6.4.x'
2025-01-14 16:17:34 -07:00
6f379aa907
Add Serializable to Csrf Components
...
Issue gh-16276
2025-01-14 16:07:20 -07:00
7fae738a9b
Add support fullyAuthenticated to Kotlin DSL
...
Closes gh-16162
2025-01-13 17:03:14 -07:00
85b854c61c
Merge branch '6.4.x'
...
- Fix Kotlin DSL webAuthn { }
- Add Support disableDefaultRegistrationPage to WebAuthnDsl
Closes gh-16403
Closes gh-16404
2025-01-12 22:17:10 -06:00
decf4def95
Add Support disableDefaultRegistrationPage to WebAuthnDsl
...
Closes gh-16395
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-12 22:16:55 -06:00
882766e54f
Fix Kotlin webAuthn {}
...
Fixes the default configuration for WebAuthn Kotlin DSL
Closes gh-16338
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-12 22:16:55 -06:00
bf9b95a481
Add Support OAuth2AuthorizationRequestResolver As Bean
...
Closes gh-16380
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-10 16:25:03 -06:00
72a2831f76
CustomBeanPostProcessor -> CountHttpSecurityBeanPostProcessor
...
Issue gh-16370
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2025-01-09 17:23:58 -06:00
c631afcf5b
Avoid unnecessary instantiation of HttpSecurity when a SecurityFilterChain bean is provided
...
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-09 17:23:58 -06:00
6cfc372f70
Polish remove unused code
...
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-01-09 14:27:22 -06:00
5937ba9a06
Polish use getBeanProvider instead of getBeanNamesForType
2025-01-07 13:20:39 -06:00
9ae432f0d2
Add Filter Chain Validation Test
...
Issue gh-15982
2024-12-19 15:04:01 -07:00
624a8fb252
Add Alerting About Deprecated Authorize Config
...
Closes gh-16213
2024-12-19 15:04:01 -07:00
e257af8854
Add Support Same Request Matchers Checking
...
Closes gh-15982
2024-12-19 15:04:01 -07:00
e9bdb5b96e
Polish SecurityFilterChain Validation
...
Issue gh-15982
2024-12-19 15:04:01 -07:00
fa58ebbc0c
Merge branch '6.4.x'
2024-12-19 08:55:44 -07:00
05076db53a
Merge branch '6.3.x' into 6.4.x
2024-12-19 08:55:35 -07:00
a9f8a23e50
Merge branch '6.2.x' into 6.3.x
2024-12-19 08:55:25 -07:00
643a3f1206
Test Setting logoutRequestRepository
...
Issue gh-16093
2024-12-19 08:55:18 -07:00
7aafe2ed5a
Set Saml2RelyingPartyInitiatedLogoutSuccessHandler#logoutRequestRepository
...
Closes gh-16093
2024-12-19 08:53:02 -07:00
1104b45832
Polish SessionLimit
...
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation
Issue gh-16206
2024-12-18 18:32:28 -07:00
1864577e98
Address SessionLimitStrategy
...
Closes gh-16206
2024-12-18 18:32:12 -07:00
3eeb4317f6
Add setFavorRelativeUris
...
This places the new functionality behind a setting so that
we can remain passive until we can change the setting in
the next major release.
Issue gh-7273
2024-12-17 22:35:41 -07:00
7848b959da
Use relative URLs in /login redirects
...
Closes gh-7273
2024-12-17 22:35:41 -07:00
25740db819
Merge branch '6.4.x'
2024-12-17 13:10:52 -07:00
27c2a8ad11
Add Serializable Compatibility to Web Authentication Exceptions
...
Issue gh-16276
2024-12-17 13:05:23 -07:00
d233b70285
Merge branch '6.4.x'
2024-12-17 09:37:01 -07:00
841c03fe3b
Add Serializable Compatilibity to Saml 2.0 Exceptions
...
Issue gh-16276
2024-12-17 09:36:29 -07:00
b9f3a28678
Add UserDetailsService Constructor
...
Closes gh-15973
2024-12-16 17:59:16 -07:00
f45cc22e11
Allow configuring custom ServerHttpHeadersWriter for Kotlin DSL
...
Closes gh-16009
2024-12-16 17:54:04 -07:00
a5b0304596
Move AnyRequest Validation
...
This will make way for other adding other checks
Issue gh-15982
2024-12-13 18:24:57 -07:00
c1f5eb3192
Merge branch '6.4.x'
2024-12-13 18:24:39 -07:00
5ee1586a5a
Remove Unexposed Inner Classes from Serialization Test
...
The following inner classes are used only internally by a non-Serializable component
Issue gh-16276
2024-12-13 18:18:09 -07:00
9d02949fa9
Merge branch '6.4.x'
2024-12-13 16:58:17 -07:00
018e1ae1a4
Added Serialization Values
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
b9911fd522
Add serialVersionUID to Authentication classes
...
Issue gh-16276
2024-12-13 16:41:32 -07:00
77f76f8465
Merge branch '6.4.x'
2024-12-13 11:53:51 -07:00
e3cd4339b2
Add Serial Version
...
Closes gh-16163
2024-12-13 11:53:15 -07:00
a6354e5137
Merge branch '6.4.x'
...
Closes gh-16283
2024-12-13 10:10:21 -06:00
fb954063bf
Fix WebAuthnWebdriverTests
...
Closes gh-16279
2024-12-13 10:08:27 -06:00
5a81a1fe66
Merge branch '6.4.x'
2024-12-12 22:21:44 -06:00
2a76a09552
Disable Flaky WebAuthnWebDriverTests
2024-12-12 22:21:36 -06:00
2fcd305509
Increment to 6.5.0-SNAPSHOT
...
Closes gh-16221
2024-12-12 21:47:11 -06:00
7592483654
Add Test to Report Missing serialVersionUID
...
Issue gh-16276
2024-12-12 18:12:11 -07:00
f7b9b7228f
Include Classes Listed in Generator Map
...
This allows testing of classes that are serializable,
but do not use Security's serialVersionUID.
Issue gh-16276
2024-12-12 18:07:53 -07:00
82cc3ad5ec
Arrange Class Generators by Module
...
Issue gh-16276
2024-12-12 18:07:52 -07:00
47b5ab400a
Add 6.4.x Serialization Files
...
Closes gh-16274
2024-12-12 18:07:52 -07:00
99cc65d74c
webauthn: add webdriver test
...
- These tests verify the full end-to-end flow, including the javascript
code bundled in the default login and logout pages. They require a full
web browser, with support for Virtual Authenticators for automated testing.
At this point in time, only Chrome supports virutal authenticators.
2024-12-11 16:53:38 -06:00
4cbaabb239
Added Testing
...
Issue gh-16177
2024-12-10 14:09:46 -07:00
aa85ebc65f
Remove Extraneous Field
...
Issue gh-15678
2024-12-09 08:00:22 -07:00
4dd00fe146
Merge branch '6.3.x'
2024-12-06 15:19:19 -07:00
dd8ee38194
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16229
2024-12-06 15:18:42 -07:00
87de6cea1b
Use Reactive JSON Encoder
...
Closes gh-16177
2024-12-06 15:14:07 -07:00
3d1e4b5f18
Polish Tests
...
Confirm that responses are a valid JSON map
Issue gh-16177
2024-12-06 15:14:07 -07:00
3e20f7b5b5
Polish Error Messages
...
- aligned the grammar
- formatted using gradlew format
- updated copyright year
Issue gh-16193
2024-12-05 17:37:46 -07:00
32e1d4c990
Improve AuthorizationManager configuration error messages
...
Closes gh-16193
2024-12-05 17:37:46 -07:00
39cd8d9faf
Update copyright headers
2024-12-05 14:52:59 -07:00
96b3c77ce0
Merge branch '6.3.x'
2024-12-05 12:30:37 -07:00
ef7b11ac01
Delay initialization UserDetailsService in Global Authentication
2024-12-05 12:26:04 -07:00
5966baf9bf
Update copyright headers
2024-12-04 16:51:05 -07:00
2ed1cafed8
Restore Deprecated ObjectPostProcessor Usage
...
Closes gh-16174
2024-12-04 16:51:05 -07:00
8c0ea3e630
Add Deprecated ObjectPostProcessor constructor
...
Issue gh-16174
2024-12-04 16:51:05 -07:00
2b5a2eef82
Address Observation Bean Name Collisions
...
Closes gh-16161
2024-11-25 13:26:52 -07:00
a55021539a
Add RSocket and WebFlux Observation Tests
...
Issue gh-11989
Issue gh-11990
2024-11-25 13:26:52 -07:00
315aafd464
Merge remote-tracking branch 'origin/6.3.x'
2024-11-22 17:23:43 -07:00
e8ba039a61
Delay initialization AuthenticationProvider in Global Authentication
2024-11-22 17:22:14 -07:00
b896a74669
Resolve Observation Bean Name Collisions
...
Closes gh-16011
2024-11-20 13:28:06 -07:00
91832bfc8e
Add EnableWebSecurity + EnableWebSocketSecurity Test
...
Issue gh-16011
2024-11-20 13:28:06 -07:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
2639ac6545
webauthn: introduce WebAuthnConfigurer#disableDefaultRegistrationPage
2024-11-14 12:11:43 -06:00
de7c452e42
webauthn: use DefaultResourcesFilter#webauthn
...
- Unconditionally use the DefaultResourcesFilter, because the javascript file is required by the
DefaultWebAythnPageGeneratingFilter, which is always registered.
2024-11-14 12:11:43 -06:00
5a95952c95
Merge branch '6.3.x'
...
Closes gh-16063
2024-11-11 15:17:02 -06:00
e1ad989d38
Merge branch '6.2.x' into 6.3.x
...
Closes gh-16062
2024-11-11 14:58:39 -06:00
81e74e65d4
Support ServerExchangeRejectedHandler @Bean
...
Closes gh-16061
2024-11-11 14:58:00 -06:00
f46e56de78
Improve Error Message for Conflicting Filter Chains
...
Closes gh-15874
2024-11-07 13:01:16 -07:00
8a6e1297a1
Add Warning Message for Missing Leading Slashes
...
Closes gh-16020
2024-10-31 12:22:17 -06:00
d9d77bed82
Allow logout+jwt JWT type for reactive
...
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken ).
Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d
2024-10-28 14:21:48 -07:00
27294b2e11
Allow RelyingPartyRegistration Placeholder Resolution in XML
...
Closes gh-14645
2024-10-25 16:12:27 -06:00
689a4141df
Remove unused import
2024-10-25 13:42:33 -07:00
ffed4ea1dc
Polish diamond usage
2024-10-25 13:42:33 -07:00
1ba6301afa
Support ServerWebExchangeFirewall @Bean
...
Closes gh-15987
2024-10-25 12:13:41 -05:00
8d5fddda9d
Merge branch '6.3.x'
...
Support ServerWebExchangeFirewall @Bean
Closes gh-15974in 6.4.x
2024-10-25 12:07:01 -05:00
adc66e134b
Merge branch '6.2.x' into 6.3.x
...
Support ServerWebExchangeFirewall @Bean
Closes gh-15991
2024-10-25 11:56:53 -05:00
3ba1263d64
Support ServerWebExchangeFirewall @Bean
...
Closes gh-15987
2024-10-24 16:47:36 -05:00
b2e0539ff5
Add localization to DefaultLoginPageConfigurerTests test in order to avoid failure when system language is different
2024-10-24 11:34:34 -05:00
8bac87fb20
Merge branch '6.3.x'
2024-10-23 15:24:32 -07:00
c104f44546
Merge branch '6.2.x' into 6.3.x
2024-10-23 15:23:15 -07:00
18dba34bde
Make RequestMatcherDelegatingAuthorizationManager Post-Processable
...
Closes gh-15948
2024-10-23 15:15:10 -07:00
b0e8730d70
Add Passkeys Support
...
Closes gh-13305
2024-10-20 22:54:53 -05:00
7f537241e7
Use SessionAuthenticationStrategy for Remember-Me authentication
...
Closes gh-2253
2024-10-15 14:07:07 -07:00
d37d41c130
Polish One-Time Token API Names and Doc
...
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.
Issue gh-15114
2024-10-15 14:04:56 -07:00
e9fe6360bc
Add Reactive One-Time Token Login Kotlin DSL Support
...
Closes gh-15887
2024-10-15 14:04:56 -07:00
c40334317d
Polish One-Time Token Component Names
...
Aligning parts of speech so that names are using nouns/verbs
where comparable components are using nouns/verbs.
Issue gh-15114
2024-10-14 14:07:47 -06:00
b8aa78829c
Improve readability of empty collection checks
2024-10-14 12:16:39 -07:00
31f8caec5f
Polish diamond operator usage
2024-10-14 11:51:35 -07:00
9ce5a76e8c
Polish AuthorizationManager#authorize
...
Issue gh-14843
2024-10-14 11:48:57 -07:00
e7644925f8
Add AuthorizationResult support for AuthorizationManager
...
Closes gh-14843
2024-10-14 11:48:57 -07:00
702538ebce
AuthorizationEventPublisher Accepts AuthorizationResult
...
Closes gh-15915
Co-authored-by: Max Batischev <mblancer@mail.ru>
2024-10-14 11:48:57 -07:00
ef1226ddf8
Use Oauth2UserService bean in OidcReactiveOAuth2UserService
...
Closes gh-15846
2024-10-14 11:41:04 -07:00
2edaedf099
Improve encapsulation for jwtValidators
2024-10-07 16:41:50 -07:00
b26f2af5d5
Polish
...
Formatting as well as adding a missing defer
Issue gh-15699
2024-10-07 16:39:54 -07:00
2ca2e56383
Add Reactive One-Time Token Login support
...
Closes gh-15699
2024-10-07 16:39:54 -07:00
aceb5fa6bb
Allow logout+jwt JWT type for reactive
...
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken ).
Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d
2024-09-30 16:32:45 -07:00
29331a0d8c
Merge branch '6.3.x'
2024-09-30 17:24:03 -06:00
746464e035
Merge branch '6.2.x' into 6.3.x
2024-09-30 17:21:13 -06:00
c1857c0308
Fix Formatting
...
Issue gh-15771
2024-09-30 16:19:26 -07:00
690e012fb1
Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing
...
Closes gh-15771
2024-09-30 16:19:26 -07:00
8b97fdde43
Polish OAuth2ClientConfiguration
2024-09-30 16:16:45 -07:00
ee9a887ae5
Fix Package Tangle
...
Move ObjectPostProcessor to be alongside Customizer, another
functional interface for describing Spring Security object
configuration.
2024-09-26 14:08:25 -06:00
d6b620b9f7
Make Observations Selectable
...
Closes gh-15678
2024-09-26 11:30:40 -06:00
69e3c248fa
Abstract ObservationRegistry Behind ObjectPostProcessor
...
Issue gh-15678
2024-09-26 11:30:40 -06:00
1ed20aa210
Add ObservationRegistry Tests
...
Issue gh-11989
Issue gh-11990
2024-09-26 11:30:40 -06:00
717529deb4
Add Generic Type to ObjectPostProcessor Lookups
...
Issue gh-15678
2024-09-26 11:30:39 -06:00
e618fc425d
Favor ObjectProvider
...
Closes gh-15805
2024-09-23 16:11:43 -07:00
9dda65a5e3
Polish CorsSpecTests
...
Use concrete ApplicationContext to simplify future maintenance.
Issue gh-4832
2024-09-23 16:11:43 -07:00
cd7f6e09b0
Look up ReactiveOAuth2AccessTokenResponseClient as a bean
...
Closes gh-11097
2024-09-23 11:06:12 -05:00
22dffc0a98
Run format
2024-09-20 09:06:37 -07:00
0a0721b030
Complete HttpSecurity Deprecation notices
2024-09-20 09:06:37 -07:00
a88a7744ed
Require GeneratedOneTimeTokenHandler on constructor
...
Issue gh-15114
2024-09-17 08:21:26 -03:00
b311b811a1
Pick Up OidcSessionRegistry Bean
...
Closes gh-15813
2024-09-15 21:30:55 -07:00
590aef0af1
Configure OidcSessionRegistry in Kotlin
...
Closes gh-15814
2024-09-15 21:30:55 -07:00
8bb5875595
Expose OidcBackChannelLogoutHandler
...
This component already uses by default a URI that doesn't require
a CSRF token and aalready allows for configuring a cookie name.
So, by making it public and configurable in the DSL, both
of these tickets quite naturally close.
Closes gh-13841
Closes gh-14904
2024-09-15 21:30:55 -07:00
2d4c498c3b
Test Meta-Annotation Class Type Support in Reactive
...
Issue gh-15747
2024-09-15 21:30:55 -07:00
75fd84ce16
Test Reactive Method Security Exactly-One Invocation Semantics
...
Issue gh-15651
2024-09-15 21:30:55 -07:00
1aec571a81
Test Reactive Method Security Exactly Once Semantics
...
Issue gh-15592
2024-09-15 21:30:55 -07:00
3e1f8bb960
Test Reactive Method Security with Abstract Classes
...
Issue gh-15352
2024-09-15 21:30:55 -07:00
fee5dd30c0
Test AuthorizeReturnObject in Reactive
...
Issue gh-14597
2024-09-15 21:30:55 -07:00
fc2ad34e5d
Test meta-annotation parameter support in Reactive
...
Issue gh-14480
2024-09-15 21:30:55 -07:00
6f5e103dec
Use AnnotationTemplateExpressionDefaults in Reactive
...
Issue gh-15097
2024-09-15 21:30:55 -07:00
86f64e7e86
Add Reactive Authorization Proxy Data Hints
...
Issue gh-15709
2024-09-15 21:30:55 -07:00
2bb3787d2b
Use addAdvisors in Reactive Proxy Configuration
...
Issue gh-15497
2024-09-15 21:30:55 -07:00
0618d4e03f
Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions
...
Closes gh-14652
2024-09-13 08:42:14 -03:00
51c226f24c
Add loginPage() to DSL in reactive oauth2Login()
...
Closes gh-15674
2024-09-11 15:56:54 -05:00
9e5cc5f267
Merge remote-tracking branch 'origin/6.3.x'
2024-09-11 15:14:45 -05:00
51d0a8b57d
Fix getBeansWithName in global authentication configurers
2024-09-11 10:46:24 -07:00
7e41785dfc
Remove trailing spaces in default UIs
...
- Default UIs had blank lines with only spaces. These get deleted by the
spring-javaformat plugin. In order to avoid this behavior, an extra \s
had been inserted in the tests. The reason for those \s is not obvious.
- This commit cleans up the \s but changing the HTML templates.
2024-09-11 10:44:45 -07:00
85693b2806
Add DefaultResourcesFitler to XML configuration
2024-09-11 10:21:12 -07:00
63f018eb18
Update tests using deprecated classes
...
Issue gh-15737
2024-09-10 15:10:42 -05:00
c1b9035544
Use static CSS in OneTimeToken default UI
2024-09-10 12:46:13 -07:00
45d53973ab
Serve static content (css, js) for reactive default UIs from DefaultResourcesWebFilter
2024-09-10 12:46:13 -07:00
11616a1d78
Use static CSS in servlet default UI
2024-09-10 12:46:13 -07:00
c5c5cd5ed0
Serve static content (css, js) for default UIs from DefaultResourcesFilter
2024-09-10 12:46:13 -07:00
be6dc1d2bf
Polish MethodSecurityExpressionHandler Test
...
- Rename to follow convention
- Use a mock object to verify usage
Issue gh-15715
2024-09-10 13:12:47 -06:00
ef8b0addbb
Support custom MethodSecurityExpressionHandler
...
Closes gh-15715
2024-09-10 12:01:29 -07:00
e29058c7e4
Add AuthorizeReturnObject Spring Data Hints
...
Issue gh-15709
2024-09-10 11:57:31 -07:00
fd5d03d384
Add AuthorizeReturnObject Hints
...
Closes gh-15709
2024-09-10 11:57:31 -07:00
6428bf2bd8
Add test for rendering "request token" form in OneTimeTokenLoginConfigurerTests
2024-09-06 09:13:30 -03:00
803c32eb4e
Remove unused logger in OneTimeTokenLoginConfigurer
2024-09-06 09:13:30 -03:00
8d47906191
Render default UIs using lightweight templates
2024-09-05 15:02:42 -07:00
a953a3d162
Remove log message
2024-09-05 16:40:26 -03:00
c0a10b90ba
Merge remote-tracking branch 'origin/6.3.x'
2024-09-04 14:48:23 -06:00
5c20505b0e
Support Class Attributes in Annotation Template Processing
...
Closes gh-15721
2024-09-04 13:41:46 -07:00
81e4c7273a
Add One-Time Token Login support to Kotlin DSL
...
Closes gh-15698
2024-09-04 09:13:38 -03:00
db04b5a248
Merge branch '6.3.x'
2024-09-03 16:34:09 -06:00
ff41521e1e
Merge branch '6.2.x' into 6.3.x
2024-09-03 16:33:46 -06:00
b22061d0b6
Merge branch '5.8.x' into 6.2.x
2024-09-03 16:33:22 -06:00
97cefa6830
Update Formatting
...
Issue gh-15714
2024-09-03 15:32:59 -07:00
f836efb912
Address unnecessary method invocation
...
Closes gh-15714
2024-09-03 15:32:59 -07:00
00e4a8fb54
Add support for One-Time Token Login
...
Closes gh-15114
2024-09-03 10:07:56 -03:00
f0f47b54ec
Improve warning message
2024-08-31 16:48:59 -07:00
d2e8c19789
Merge branch '6.3.x'
2024-08-26 16:33:04 -06:00
279cb89eac
Merge branch '6.2.x' into 6.3.x
2024-08-26 16:32:58 -06:00
f372f5cf52
Replace OidcSessionStrategy References with OidcSessionRegistry
2024-08-26 15:32:35 -07:00
dff3780c5e
Merge branch '6.3.x'
2024-08-22 12:38:17 -06:00
4c0d969f1f
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15676
2024-08-22 12:37:45 -06:00
3ee5a96e53
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15675
2024-08-22 12:24:56 -06:00
5c604b95fb
Correct PostFilterAuthorizationMethodInterceptor Target Type
...
Previously, `postFilterAuthorizationMethodInterceptor` mistakenly
was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar`
re-publishes each pre/post annotation interceptor also as an `Advisor`,
this resulted in a duplicate advisor for `@PostFilter`.
Closes gh-15651
2024-08-22 12:10:25 -06:00
f398be793d
Simplify AuthorizationAdvisorProxyFactory Configuration
...
Closes gh-15497
2024-08-19 12:34:38 -06:00
6352877bc4
Merge branch '6.3.x'
2024-08-19 12:34:32 -06:00
ae8e4d148e
Produce Exactly One AuthorizationAdvisor Per Annotation
...
Closes gh-15592
2024-08-19 12:30:03 -06:00
27af1df87d
Simplify Method Interceptor Configuration
...
Simplifies to use only one ObjectProvider for easier
future maintenance
Issue gh-15592
2024-08-19 12:27:56 -06:00
b731623b3a
Fix checkstyle errors with @Deprecated
2024-08-19 10:55:58 -03:00
b92ed92548
Fix checkstyle errors with @Deprecated
2024-08-19 10:55:28 -03:00
912062d307
Merge branch '6.2.x' into 6.3.x
2024-08-19 09:11:10 -03:00
79fb0113c8
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
2caf1fb6b4
Bump io-spring-javaformat from 0.0.42 to 0.0.43
...
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
be used together
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:08:24 -03:00
ed16c86115
Improve @CurrentSecurityContext meta-annotations
...
Closes gh-15551
2024-08-13 13:18:15 -06:00
59ec1f6480
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
...
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.
Issue gh-15497
2024-08-12 10:12:14 -06:00
08b8b09066
Update Copyright
...
Issue gh-15286
2024-08-10 11:48:14 -06:00
2b33f6f04a
Add Config Tests for AuthenticationPrincipal Templates
...
Issue gh-15286
2024-08-10 11:46:51 -06:00
e40c98e6d7
Deprecate PrePostTemplateDefaults
...
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.
If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.
Issue gh-15286
2024-08-10 11:46:51 -06:00
2c02d8aec7
Update Copyright
2024-08-10 11:46:51 -06:00
895978c818
Auto config AuthenticationPrincipalArgumentResolver When AnnotationTemplateExpressionDefaults bean is Present
2024-08-10 11:46:51 -06:00
71f40f2bc4
Merge branch '6.3.x'
...
Use explicit types instead of var
Closes gh-155537
2024-08-08 15:30:16 -05:00
3b8cdc323f
Remove unused method
2024-08-08 15:29:41 -05:00
109da2719f
Use explicit types everywhere instead of var
2024-08-08 15:29:41 -05:00
02cca6f737
Polish AuthorizationAdvisorProxyFactory advisor configuration
...
Closes gh-15497
2024-08-07 10:09:51 -06:00
816ebe38b5
Add OpenSAML to Config Build
...
Issue gh-11658
2024-08-06 18:14:12 -06:00
1da383b360
Add OpenSAML 5 Support
...
Issue gh-11658
2024-08-06 18:14:11 -06:00
78a0173cc1
Use OpenSAML API for web
...
Issue gh-11658
2024-08-06 18:14:11 -06:00
51fc05630d
Use OpenSAML API for web.authentication.logout
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
ff9a925e88
Use OpenSAML API for metadata
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
416859e70e
Use OpenSAML API in authentication.logout
...
Issue gh-11658
2024-08-06 18:14:10 -06:00
bc8ba7f3b7
Inline CSS for default login and logout page
...
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
in air-gapped or offline scenarios, and no dependency on an external CDN that may
go away some day.
2024-08-05 09:27:18 -05:00
37a2812d1a
Mimic Annotation Fallback Logic
...
For backward compatibility, this commit changes the annotation traversal
logic to match what is found in PrePostAnnotationSecurityMetadataSource.
This reverts gh-13783 which is a feature that unfortunately regressess
pre-existing behavior like that found in gh-15352. As such, that
functionality has been removed.
Issue gh-15352
2024-07-31 16:17:42 -06:00
f20ae1a71c
Revert gh-13783
...
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.
Closes gh-15352
2024-07-31 16:16:34 -06:00
304685521c
Fix tags order
2024-07-29 15:35:48 -03:00
8231b8a03b
Merge branch '6.3.x'
2024-07-29 14:56:16 -03:00
c1b3b329af
Merge branch '6.2.x' into 6.3.x
2024-07-29 14:56:09 -03:00
3d4bcf1b44
fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource
...
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
2024-07-29 14:55:55 -03:00
98af8d1123
Add permissionsPolicyHeader
...
This method is a replacement of `permissionsPolicy(Customizer)` that returns its own configurer instead of `HeadersConfigurer`.
Closes gh-14803
2024-07-29 09:26:42 -03:00
9d8888c5f0
Use AssertingPartyMetadata
...
Issue gh-15394
2024-07-19 18:48:23 -07:00
fdcf3c6df9
Merge branch '6.3.x'
2024-07-18 15:51:21 -06:00
ba714d78ab
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15440
2024-07-18 15:51:10 -06:00
3daeeb8789
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15439
2024-07-18 15:50:58 -06:00
dab48d25b0
Improve Error Message When Registration Missing
...
Closes gh-15363
2024-07-18 15:50:41 -06:00
796e4d6b6c
Add query parameter support for authn requests
...
Closes gh-15017
2024-07-13 23:57:57 -06:00
8ee497f4c5
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15410
2024-07-12 11:04:08 -06:00
7422a1134a
Allow logout+jwt JWT type
...
Closes gh-15003
2024-07-12 10:03:40 -07:00
773e86701e
Add ParameterRequestMatcher
...
Closes gh-15342
2024-07-02 15:17:54 -06:00
aa9c1bab67
Upgrade to Spring Framework 6.2.0-M4
...
Closes gh-15266
2024-06-18 14:07:05 -03:00
0e7566ede3
Adjust any-request check
...
Storing the request matcher outside of the for loop means that
if one of the SecurityFilterChain instances is not of type
DefaultSecurityFilterChain, then the error may print out an
earlier request matcher instead of the current one.
Instead, this commit changes to print out the entire filter chain
so that it can be inside of the for loop, regardless of type.
Issue gh-15220
2024-06-17 14:34:03 -06:00
4c780bf8d4
Add support checking AnyRequestMatcher securityFilterChains
...
Closes gh-15220
2024-06-17 13:05:36 -06:00
7eaab95639
Polish gh-15237
2024-06-13 16:05:15 -05:00
4e52eda0f5
Add support configuring OAuth2AuthorizationRequestResolver as bean
...
Closes gh-15236
2024-06-13 16:05:15 -05:00
b4c8fdf91d
Add missing @Test annotation
2024-06-10 15:43:52 -03:00
7c43fc111f
Support RoleHierarchy Bean in authorizeHttpRequests Kotlin DSL
...
Closes gh-15136
2024-06-10 15:41:28 -03:00
4ca0de9c2d
Sync XSD with RncToXsd Task
2024-06-06 15:17:56 -06:00
a7f9ccb6d6
Use GrantedAuthorityDefaults Bean in Kotlin DSL
...
Closes gh-15171
2024-06-06 15:16:32 -06:00
87ee464dce
Merge branch '6.3.x'
2024-06-06 13:36:39 -06:00
22c7b8760a
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15211
2024-06-06 13:36:20 -06:00
f231ea277d
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15210
2024-06-06 13:35:56 -06:00
6aabd768a8
Pick MvcRequestMatcher for MockMvc requests
...
Closes gh-13849
2024-06-06 13:17:43 -06:00
81abc453fe
Merge branch '6.3.x'
2024-06-03 17:43:12 -06:00
0aed8df549
Merge branch '6.2.x' into 6.3.x
...
Closes gh-15197
2024-06-03 17:42:58 -06:00
d6228e0882
Merge branch '5.8.x' into 6.2.x
...
Closes gh-15196
2024-06-03 17:42:25 -06:00
cdd626644e
Use Request-Level Servlet Context
...
Spring Security cannot use the ServletContext attached
to the ApplicationContext since there may be child
ApplicationContext's with their own ServletContext.
Because of that, it is necessary to always use the
ServletContext attached to the request.
Closes gh-14418
2024-06-03 17:41:51 -06:00
5a798e93f1
Polish MVC Tests
...
Issue gh-14418
2024-06-03 17:41:51 -06:00
9101bf1f7d
Allow logout+jwt JWT type
...
Closes gh-15003
2024-05-31 14:41:05 -06:00
f104d1aeea
Update Copyright
...
PR gh-15013
2024-05-31 12:39:17 -06:00
3b7f714f00
Add SecurityContextRepository to Kotlin Reactive DSL
2024-05-31 12:38:17 -06:00
c89647a56e
Deprecate shouldFilterAllDispatcherTypes from Kotlin DSL
...
Issue gh-12138
2024-05-27 09:00:54 -03:00
9f44f3b79a
Deprecate authorizeRequests from Kotlin DSL
...
Closes gh-15173
2024-05-27 08:51:32 -03:00
f6ea99d8a3
Prepare for Spring Security 6.4
...
Closes gh-15155
2024-05-24 11:41:28 -03:00
ddcaeb5c20
Serialize objects from 6.3.x
...
Issue gh-3737
2024-05-24 09:47:29 -03:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
b3c7f3ff19
Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
...
Issue gh-7395
2024-04-30 08:38:03 -03:00
47775f5167
Merge branch '6.2.x'
2024-04-26 17:09:29 -06:00
29d3b438b9
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:09:17 -06:00
1ecb036fba
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:09:05 -06:00
0e211382ee
Remove useBase64 parameter
2024-04-26 17:05:49 -06:00
11421c6385
Merge branch '6.2.x'
2024-04-25 14:03:27 -06:00
664dfd9b45
Defer Anonymous Filter Construction
...
By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.
This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.
Closes gh-14941
2024-04-25 14:03:10 -06:00
7ddc00521e
Improve logging for Global Authentication
...
Closes gh-14663
2024-04-25 11:35:59 -06:00
2bcbef1695
Add Saml2Logout DSL Support
...
Closes gh-14935
2024-04-22 11:12:45 -06:00
a4dbf458ab
Add relying-party-registrations#id
...
Closes gh-14487
2024-04-18 12:56:56 -06:00
2fbbcc4bd0
Polish Method Authorization Denied Handling
...
- Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied
- Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult
- @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method
Issue gh-14601
2024-04-12 15:55:25 -03:00
fd891d8fe3
Add proxyBeanMethods=false
...
Addresses too early creation warning of a configuration imported by
ReactiveOAuth2ClientConfiguration.
Closes gh-14900
2024-04-12 11:17:41 -05:00
61eba00654
Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
...
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module.
Issue gh-7395
2024-04-10 14:58:01 -03:00
8d914ef145
Add @AuthorizationDeniedHandler for Method Authorization Denied Handling
...
Issue gh-14601
2024-04-08 14:42:13 -03:00
75197ca531
inject PasswordEncoder into DaoAuthenticationProvider constructor
...
Closes gh-14691
2024-04-08 09:39:25 -05:00
d6ae058ee1
Merge branch '6.2.x'
...
Closes gh-14866
2024-04-08 11:16:30 -03:00
697d0c9af4
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14865
2024-04-08 11:16:15 -03:00
472c9f8275
Avoid initializing raw bean during runtime in native-images
...
Closes gh-14825
2024-04-08 11:11:23 -03:00
61e93ee68b
Merge branch '6.2.x'
2024-04-04 14:56:32 -05:00
16e2bdc9bc
Merge branch '6.1.x' into 6.2.x
2024-04-04 14:55:45 -05:00
c2447ec257
Merge branch '5.8.x' into 6.1.x
2024-04-04 14:55:03 -05:00
39dbd24dcb
Polish gh-14742
2024-04-04 14:51:19 -05:00
bb43174752
Fix Bean Name
...
Issue gh-14480
2024-04-04 13:30:30 -06:00
3f7355abc6
Synthesize all annotation attributes
...
Issue gh-14601
2024-04-04 13:30:29 -06:00
33ebd5405a
Removed dataSource null validation
...
Fixed data source validation
2024-04-04 14:21:18 -05:00
6f07d63938
Support SpEL Returning AuthorizationDecision
...
Closes gh-14598
2024-04-04 11:32:00 -06:00
0a9c482f62
Revert "Support SpEL Returning AuthorizationDecision"
...
This reverts commit 77f2977c55
2024-04-04 11:31:45 -06:00
77f2977c55
Support SpEL Returning AuthorizationDecision
...
Closes gh-14599
2024-04-04 09:52:15 -07:00
d85857f905
Add Authorization Denied Handlers for Method Security
...
Closes gh-14601
2024-04-03 09:25:12 -03:00
ff19f04fca
Add JwtValidators append to default
...
Implemented simplified creation of default OAuth2TokenValidator with additional validators.
Closes gh-14831
2024-04-02 14:41:35 -07:00
7d66525e23
Add Compromised Password Checker
...
Closes gh-7395
2024-04-01 09:48:07 -03:00
abf9dc165a
Merge branch '6.2.x'
2024-03-26 10:55:48 -05:00
614123e6f9
Update tests that fail on Windows
...
Issue gh-14609
2024-03-26 10:49:47 -05:00
44033cd8b9
Make Internal Logout URI Configurable
...
Closes gh-14609
2024-03-22 16:31:44 -06:00
e18ec48134
Fix Test
...
Issue gh-14553
2024-03-22 16:31:42 -06:00
Steve Riesenberg
Hao
Rob Winch
Max Batischev
Josh Cummings
tejas-teju
plll0123
Joe Grandja
Daniel Garnier-Moiroux
DingHao
Tran Ngoc Nhan
Steven Williams
Claudenir Machado
Michal Okosy
Josh Cummings
Evgeniy Cheban
Dmitry Spikhalsky
Cedric Montfort
Tomasz Letachowicz
Scott Murphy Heiberg
xhaggi
kwonyonghyun
chao.wang
Thomas Darimont
Ryan Scheidter
Marcus Hert Da Coregio
Max Batischev
tugjg
Yanming Zhou
Hero Wanders
baezzys
earlgrey02
sheheryarumair