In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.
This change brings `TestingAuthenticationToken` in line with that
convention.
Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.
Fixes: gh-5097
As principals and sessionIds are set in class itself so one can't share
user session count across nodes(Cluster). Using constructor for setting
principals and sessionIds we can pass Cache map to constructor which can
enable common session count in cluster otherwise user would be allowed to
logged in with multiple sessions. There is no point keeping principals
and sessionIds completely internal.
Fixes gh-4772
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.
Fixes gh-3701
Introduced `RoleHierarchyUtils` which enables convenient
construction of `RoleHierarchy` from map based representation.
Where the map key is the role name and the map value is a list
of implied role names.
Here is a small example for that in action:
https://gist.github.com/thomasdarimont/ee9fffdef1adb9243b12ad247478aad4Fixes#3990.
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
Previously the JSON modules didn't use Spring's Assert.
This commit changes the assertions to use Spring's Assert and does
some minor restructuring.
Issue gh-3736
According to the SpringSecurityMessageSource documentation class which uses
SpringSecurityMessageSource should also implement MessageSourceAware interface
in order to support alternative message source.
Issue gh-4048
Document why InteractiveAuthenticationEvent doesn't extend
AuthentcationEvent. This is to avoid multiple AuthenticationSuccessEvent
from being sent to any listeners.
Fixes gh-3857
It is now possible to provide a SpEL expression for
@AuthenticationPrincipal. This allows invoking custom logic including
methods on the principal object.
Fixes gh-3859
Kazuki Shimizu
Rob Winch
Josh Cummings
Chris Burrell
Greg Turnquist
Gajendra kumar
Frank Pavageau
stonio
Rob Winch
avri-schneider
Jitendra Singh
Eddú Meléndez
Joe Grandja
Thomas Darimont
Jitendra Singh Bisht
vitalii-dmytruk
Kevin Conaway
Johnny Lim