It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
Previously Spring Security's WithSecurityContextTestExecutionListener
allowed a WithSecurityContextFactory<Annotation> to be used. This
was broken in SEC-3074.
This commit ensures that WithSecurityContextFactory<Annotation> is
supported again.
Fixes gh-3837
This commit provides following editor config:
- Tabs, not spaces
- Unix (LF), not dos (CRLF) line endings
- Eliminate all trailing whitespace
- Latin-1 (ISO-8859-1) encoding for Java sources; use native2ascii to convert if necessary
Following convention cannot be set by editorconfig (only vim and emacs support maxline length of editorconfig):
- Aim to wrap code at 120 characters, but favor readability over wrapping
Fixes gh-3845
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...
Fixes gh-3836
* Rename to DelegatingLogoutSuccessHandler for consistency
* Remove JavascriptOriginRequestMatcher in favor of
RequestHeaderRequestMatcher
Issue gh-3282
Previously if unauthenticated() experienced an AnonymousAuthenticationToken
it would not match.
This commit ensures that if the user is anonymous (not just null)
unauthenticated() works.
Fixes gh-3409
OnCommittedResponseWrapper trackContentLength will throw a
NullPointerException when the content length passed in is null.
This commit properly tracks the null value as a length of 4.
Fixes gh-3823
Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.
This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.
Fixes gh-3797
Previously it required quite a bit of extra work to use RoleHiearchy
within Java Based Spring Security configuration.
Now if a single RoleHiearchy Bean is defined it will automatically
be picked up and used by method security.
Fixes gh-3394
Perviously there were issues with case insenstive patterns and URI
variables that contained upper case characters. For example, the pattern
"/user/{userId}" could not resolve the variable #userId Instead it was
forced to lowercase and #userid was used.
Now if the pattern is case insensitive then so is the variable. This means
that #userId will work as will #userid.
Fixes gh-3786
This forces us to avoid using CipherOutputStream, and instead use the
BlockCiphers directly. As an extra measure for correctness, test the
equivalence of the BC implementations against data sizes from 1 to 2048
bytes.
Fixes gh-2917
This commit updates the TestNG dependency to 6.8.21. This
is the last JDK 1.6 supporting version. The update of TestNG
makes it possible to run the integration tests from within
Intellij allowing for easier debugging and troubleshooting.
Issue gh-3811
- Also moved some logic into a new class, AbstractPasswordEncoder.
Both PBKDF2PasswordEncoder and the now-simplified
StandardPasswordEncoder extend AbstractPasswordEncoder.
- Added tests for PBKDF2PasswordEncoder
Issue gh-2158
Joe Grandja
Rob Winch
Jens Goldhammer
bartolom
Joe Grandja
Dmitrii Volykhin
Patrick Cornelißen
didiez
Wim Deblauwe
Li Weinan
Spring Buildmaster
Shazin Sadakath
Rob Winch
Johnny Lim
Will Tran
Simon Olofsson
Marten Deinum
Andrew NS Yeow
Matthias Merdes
Rob Worsnop