GitHub-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-05-02 19:30:50 +01:00
Code Issues Projects Releases Wiki Activity
16,798 Commits 52 Branches 379 Tags
1adb13db669e28f623f0fb5f65b382bbf939add9
Commit Graph

3084 Commits

Author SHA1 Message Date
Rob Winch 1dd79c379b Add JdbcOneTimeTokenService 
Closes gh-15735
 2024-10-02 14:42:13 -05:00
Rob Winch c3a5ae1254 Fix logger checkstyle 2024-10-02 14:39:58 -05:00
Rob Winch 7738e6c895 Add logger.isDebugEnabled() 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch c4b60cd080 Reduce visibility for JdbcOneTimeTokenServiceTests 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch 650ec3ba82 Use Duration for calculating validity 
This improves readability.

Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch e8c71df899 Use private Inner JdbcOneTimeTokenService classes 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch 612b15abcc JdbcOneTimeTokenService.setCleanupCron 
Spring Security uses setter methods for optional member variables. Allows
for a null cleanupCron to disable the cleanup.

In a clustered environment it is likely that users do not want all nodes
to be performing a cleanup because it will cause contention on the ott
table.

Another example is if a user wants to invoke cleanUpExpiredTokens with a
different strategy all together, they might want to disable the cron job.

Issue gh-15735
 2024-10-02 14:22:25 -05:00
Rob Winch 4787ac254d cleanUpExpiredTokens->cleanupExpiredTokens 
Issue gh-15735
 2024-10-02 10:59:26 -05:00
Rob Winch 4f328c9503 destroy() shuts down the taskScheduler 
Issue gh-15735
 2024-10-02 10:59:21 -05:00
Max Batischev 0c216f0b59 Add public to setClock method in InMemoryOneTimeTokenService 
Closes gh-15863
 2024-09-30 15:33:33 -05:00
Max Batischev 50cc36d53e Add support JdbcOneTimeTokenService 
Closes gh-15735
 2024-09-29 00:06:10 +03:00
DingHao 68d814e042 Polish ExpressionTemplateSecurityAnnotationScanner 2024-09-23 16:05:22 -07:00
Jonny Coddington b90851d968 Improve Error Messages for PasswordEncoder 
Closes gh-14880

Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>
 2024-09-17 14:16:08 -07:00
Josh Cummings 1760e7fac8 Cache Annotation Lookups 
Closes gh-15799
 2024-09-15 21:30:55 -07:00
Josh Cummings d194724a04 Skip Proxying If Already Proxied 
Issue gh-15709
 2024-09-15 21:30:55 -07:00
Josh Cummings 6f5e103dec Use AnnotationTemplateExpressionDefaults in Reactive 
Issue gh-15097
 2024-09-15 21:30:55 -07:00
Marcus Hert Da Coregio 0618d4e03f Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions 
Closes gh-14652
 2024-09-13 08:42:14 -03:00
Josh Cummings fd5d03d384 Add AuthorizeReturnObject Hints 
Closes gh-15709
 2024-09-10 11:57:31 -07:00
Josh Cummings da38b13a17 Add SecurityHintsRegistrar 
An interface for registering hints based on Security infrastructure
beans.

Closes gh-15772
 2024-09-10 11:57:31 -07:00
Josh Cummings 927de0d3b8 Use AuthorizationProxy Interface for Class Proxying 
Issue gh-15747
 2024-09-10 07:58:21 -06:00
Marcus Hert Da Coregio 2ff29dc229 Throw AuthorizationDeniedException when AuthorizationResult is available 
Closes gh-15706
 2024-09-10 09:14:50 -03:00
Josh Cummings fce2eb1531 Add AuthorizationProxy Interface 
Closes gh-15747
 2024-09-09 15:39:03 -06:00
Marcus Hert Da Coregio 4855287743 Merge branch '6.3.x' 
Closes gh-15768
 2024-09-09 08:54:14 -03:00
Marcus Hert Da Coregio aeae740926 Merge branch '6.2.x' into 6.3.x 
Closes gh-15767
 2024-09-09 08:54:00 -03:00
Marcus Hert Da Coregio a268b78473 Merge branch '5.8.x' into 6.2.x 
Closes gh-15766
 2024-09-09 08:53:39 -03:00
Marcus Hert Da Coregio a0e6c17512 Do not log exception if CasJackson2Module is not present 
Closes gh-15749
 2024-09-09 08:32:40 -03:00
Josh Cummings c0a10b90ba Merge remote-tracking branch 'origin/6.3.x' 2024-09-04 14:48:23 -06:00
DingHao 5c20505b0e Support Class Attributes in Annotation Template Processing 
Closes gh-15721
 2024-09-04 13:41:46 -07:00
Josh Cummings c53ee19a83 Polish Abstract Deserializer 2024-09-04 07:55:09 -07:00
hyunmin0317 fee79ccb51 Abstract Jackson2 Set and List Deserializers 2024-09-04 07:55:09 -07:00
Niels Basjes 2dc787a573 Fix adding more implied roles in the RoleHierarchy Builder. 
Closes gh-15717

Signed-off-by: Niels Basjes <niels@basjes.nl>
 2024-09-04 10:28:50 -03:00
Marcus Hert Da Coregio 00e4a8fb54 Add support for One-Time Token Login 
Closes gh-15114
 2024-09-03 10:07:56 -03:00
DingHao fd05c5ad76 Remove Advised Methods from Authorization Proxy Objects 
Closes gh-15561
 2024-08-30 10:40:25 -07:00
Josh Cummings 626610a975 Polish Annotation API 
Rename to a class that isn't focused on the synthesis implementation detail.
Also add Security to the front of the name to clarify that it is only intended
for security annotations, reminiscent of SecurityMetadataSource.

Refine method signatures to better articulate supported use cases.

Issue gh-15286
 2024-08-30 08:51:49 -06:00
Josh Cummings cc6de8fa5d Hide MergedAnnotation Implementation Details 
Issue gh-15286
 2024-08-29 17:27:14 -06:00
DingHao 84fc5a70ee Fix variable targetClassToUse not used 
Closes gh-15567
 2024-08-26 15:49:22 -07:00
Josh Cummings 1118b0ec63 Defer Sorting AuthorizationAdvisors in addAdvisor 
Issue gh-15658
 2024-08-20 17:23:10 -06:00
Josh Cummings 4da13f6091 Merge branch '6.3.x' 2024-08-20 16:47:48 -06:00
Josh Cummings 0cab7c8f15 Defer Sorting AuthorizationAdvisors 
Invoking AnnotationAwareOrderComparator#sort while the
AuthorizationAdvisors are still being computed causes those
advisors to be eagerly instantiated, making components
like ObservationRegistry ineligible for post processing.

This commit defers the sorting of the advisors until
after they are all fully instantiated and available in
the application context.

Closes gh-15658
 2024-08-20 16:47:29 -06:00
Josh Cummings f398be793d Simplify AuthorizationAdvisorProxyFactory Configuration 
Closes gh-15497
 2024-08-19 12:34:38 -06:00
Marcus Hert Da Coregio 912062d307 Merge branch '6.2.x' into 6.3.x 2024-08-19 09:11:10 -03:00
Daniel Garnier-Moiroux 79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43 
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 09:11:05 -03:00
Daniel Garnier-Moiroux 2caf1fb6b4 Bump io-spring-javaformat from 0.0.42 to 0.0.43 
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 09:08:24 -03:00
Rob Winch 13125d0745 Add AuthorizationDeniedException(String) 
Closes gh-15607
 2024-08-14 13:57:07 -05:00
Josh Cummings 59ec1f6480 Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration" 
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.

Issue gh-15497
 2024-08-12 10:12:14 -06:00
Josh Cummings 08b8b09066 Update Copyright 
Issue gh-15286
 2024-08-10 11:48:14 -06:00
Josh Cummings e40c98e6d7 Deprecate PrePostTemplateDefaults 
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.

If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.

Issue gh-15286
 2024-08-10 11:46:51 -06:00
MrJovanovic13 6d657ea3da InMemoryUserDetailsManager preserve user type 
Closes gh-3192
 2024-08-09 10:09:41 -06:00
MrJovanovic13 503d653cea Add InMemoryUserDetailsManager tests 
Tests added:
createUserWhenUserAlreadyExistsThenException
updateUserWhenUserDoesNotExistThenException
loadUserByUsernameWhenUserNullThenException

Issue gh-3192
 2024-08-09 10:09:41 -06:00
Josh Cummings 34d964eb08 Default Handler Resolution to Reflection-Based 
Closes gh-15496
 2024-08-07 14:50:33 -06:00