spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	87de6cea1b	Use Reactive JSON Encoder Closes gh-16177	1 year ago
Josh Cummings	3d1e4b5f18	Polish Tests Confirm that responses are a valid JSON map Issue gh-16177	1 year ago
DingHao	ef7b11ac01	Delay initialization UserDetailsService in Global Authentication	1 year ago
DingHao	e8ba039a61	Delay initialization AuthenticationProvider in Global Authentication	1 year ago
Joe Grandja	a8c4d6cead	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	a7bf8f7cc6	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	0eaffb37e7	Require Locale argument for toLower/toUpperCase usage	1 year ago
Rob Winch	81e74e65d4	Support ServerExchangeRejectedHandler @Bean Closes gh-16061	1 year ago
Rob Winch	c24b5ebe98	Support ServerExchangeRejectedHandler @Bean Closes gh-15975	1 year ago
Rob Winch	e86d88d0cf	Support ServerExchangeRejectedHandler @Bean Closes gh-15975	1 year ago
Cedric Montfort	d9d77bed82	Allow logout+jwt JWT type for reactive The OIDC back-channel spec recommends using a logout token typ `logout+jwt` (see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken). Support of this type was recently added [on the servlet side]([on the Servlet side](`9101bf1f7d`)), so back porting the same on the reactive side to close the gap. Closes gh-15702	1 year ago
Rob Winch	5c2106b22e	Format	1 year ago
Rob Winch	1ba6301afa	Support ServerWebExchangeFirewall @Bean Closes gh-15987	1 year ago
Rob Winch	3ba1263d64	Support ServerWebExchangeFirewall @Bean Closes gh-15987	1 year ago
Scott Murphy Heiberg	18dba34bde	Make RequestMatcherDelegatingAuthorizationManager Post-Processable Closes gh-15948	1 year ago
Rob Winch	e48d6b039b	Support ServerWebExchangeFirewall @Bean Closes gh-15974	1 year ago
Josh Cummings	c1857c0308	Fix Formatting Issue gh-15771	2 years ago
chao.wang	690e012fb1	Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing Closes gh-15771	2 years ago
Daniel Garnier-Moiroux	51d0a8b57d	Fix getBeansWithName in global authentication configurers	2 years ago
DingHao	5c20505b0e	Support Class Attributes in Annotation Template Processing Closes gh-15721	2 years ago
Josh Cummings	97cefa6830	Update Formatting Issue gh-15714	2 years ago
tugjg	f836efb912	Address unnecessary method invocation Closes gh-15714	2 years ago
Hero Wanders	f372f5cf52	Replace OidcSessionStrategy References with OidcSessionRegistry	2 years ago
Josh Cummings	5c604b95fb	Correct PostFilterAuthorizationMethodInterceptor Target Type Previously, `postFilterAuthorizationMethodInterceptor` mistakenly was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar` re-publishes each pre/post annotation interceptor also as an `Advisor`, this resulted in a duplicate advisor for `@PostFilter`. Closes gh-15651	2 years ago
Josh Cummings	ae8e4d148e	Produce Exactly One AuthorizationAdvisor Per Annotation Closes gh-15592	2 years ago
Josh Cummings	27af1df87d	Simplify Method Interceptor Configuration Simplifies to use only one ObjectProvider for easier future maintenance Issue gh-15592	2 years ago
Daniel Garnier-Moiroux	b731623b3a	Fix checkstyle errors with @Deprecated	2 years ago
Daniel Garnier-Moiroux	b92ed92548	Fix checkstyle errors with @Deprecated	2 years ago
Daniel Garnier-Moiroux	79fb0113c8	Bump io-spring-javaformat from 0.0.42 to 0.0.43 Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43. Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) --- updated-dependencies: - dependency-name: io.spring.javaformat:spring-javaformat-checkstyle dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... --- Manual updates: - Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST be used together Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
Daniel Garnier-Moiroux	3b8cdc323f	Remove unused method	2 years ago
Daniel Garnier-Moiroux	109da2719f	Use explicit types everywhere instead of var	2 years ago
Josh Cummings	f20ae1a71c	Revert gh-13783 This feature unfortunately regresses pre-existing behavior like that found in gh-15352. As such, this functionality has been removed. Closes gh-15352	2 years ago
baezzys	3d4bcf1b44	fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource - Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present. - Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.	2 years ago
Josh Cummings	dab48d25b0	Improve Error Message When Registration Missing Closes gh-15363	2 years ago
Josh Cummings	7422a1134a	Allow logout+jwt JWT type Closes gh-15003	2 years ago
Josh Cummings	6aabd768a8	Pick MvcRequestMatcher for MockMvc requests Closes gh-13849	2 years ago
Josh Cummings	cdd626644e	Use Request-Level Servlet Context Spring Security cannot use the ServletContext attached to the ApplicationContext since there may be child ApplicationContext's with their own ServletContext. Because of that, it is necessary to always use the ServletContext attached to the request. Closes gh-14418	2 years ago
Josh Cummings	5a798e93f1	Polish MVC Tests Issue gh-14418	2 years ago
Marcus Hert Da Coregio	ddcaeb5c20	Serialize objects from 6.3.x Issue gh-3737	2 years ago
Marcus Hert Da Coregio	08f11f06ab	Revert unnecessary commits from main Issue gh-15016	2 years ago
Marcus Hert Da Coregio	b3c7f3ff19	Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision Issue gh-7395	2 years ago
sheheryarumair	0e211382ee	Remove useBase64 parameter	2 years ago
Josh Cummings	664dfd9b45	Defer Anonymous Filter Construction By delaying when the AnonymousAuthenticationFilter is constructed, it's now possible to call the principal and filter methods inside of a custom DSL implementation. This does not extend to setting the key or the authentication provider though, as these must be set during the init phase. Closes gh-14941	2 years ago
Daniel Garnier-Moiroux	7ddc00521e	Improve logging for Global Authentication Closes gh-14663	2 years ago
Josh Cummings	2bcbef1695	Add Saml2Logout DSL Support Closes gh-14935	2 years ago
Josh Cummings	a4dbf458ab	Add relying-party-registrations#id Closes gh-14487	2 years ago
Marcus Hert Da Coregio	2fbbcc4bd0	Polish Method Authorization Denied Handling - Renamed @AuthorizationDeniedHandler to @HandleAuthorizationDenied - Merged the post processor interface into MethodAuthorizationDeniedHandler , it now has two methods handleDeniedInvocation and handleDeniedInvocationResult - @HandleAuthorizationDenied now handles AuthorizationDeniedException thrown from the method Issue gh-14601	2 years ago
Steve Riesenberg	fd891d8fe3	Add proxyBeanMethods=false Addresses too early creation warning of a configuration imported by ReactiveOAuth2ClientConfiguration. Closes gh-14900	2 years ago
Marcus Hert Da Coregio	61eba00654	Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module. Issue gh-7395	2 years ago
Marcus Hert Da Coregio	8d914ef145	Add @AuthorizationDeniedHandler for Method Authorization Denied Handling Issue gh-14601	2 years ago

1 2 3 4 5 ...

2665 Commits (2b6d586987e2a57ead4e28af7cc0ef2b35ec657d)