809ff883b0
Address SecurityContextHolder memory leak
...
To get current context without creating a new context.
Creating a new context may cause ThreadLocal leak.
Closes gh-9841
4 years ago
898ba67098
Polish gh-10007
4 years ago
9f51240bf1
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
4 years ago
9a9136d96d
Fix import spacing
4 years ago
c6a27d44e5
Remove failing test due to HttpMethod changes
...
Closes gh-10569
4 years ago
82426e20e1
Fix JwtClaimValidator wrong error code
...
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 .
Also see gh-10337
Closes gh-10337
4 years ago
4f8c1b34af
Polish LDAP serialization
...
Closes gh-9263
4 years ago
7cfd415cb5
Start with LDAP Jackson2 mixins
...
Issue gh-9263
4 years ago
74e3abc992
Polish gh-10081
4 years ago
86193b9540
Add ObjectIdentityGenerator customization to JdbcAclService
...
Providing the possibility to change, how ObjectIdentitys are created inside the BasicLookupStrategy,JdbcAclService
There was a problem with hard coded object identity creation inside the BasicLookupStrategy and the JdbcAclService. It was overkill to overwrite
these classes only for changing this, so introducing an ObjectIdentityGenerator seems the be the better solution here. At default, the standard
ObjectIdentityRetrievalStrategyImpl is used, but can be customized due to setters.
Closes gh-10079
4 years ago
04161b9288
Fix return type for NoOpPasswordEncoder bean in documentation
4 years ago
0541341201
Remove usages of Gradle's jcenter() repository
...
Closes gh-10253
4 years ago
5c012dc7eb
Fix Gradle Deprecation Warnings
4 years ago
ba5a68ec63
Polish LdapAuthenticationPopulator Support
...
PR gh-9276
4 years ago
ae08608011
LdapAuthoritiesPopulator should be postProcessed
...
To enable customizations through withObjectPostProcessor
4 years ago
4374905801
Establish new Package Tangle Baseline
...
Ran ./gradlew check && ./gradlew s101 -Ps101.label=baseline
Issue gh-10333
4 years ago
4bc55769a3
Import cleanup
...
Issue gh-10333
4 years ago
4f186f2c1f
Move Dsl files to annotation Package
...
Closes gh-10333
4 years ago
0d8450a725
Bump up Gradle enterprise plugin to 3.7.2
4 years ago
25feedb870
Fix removal of framework deprecated code
...
Issue https://github.com/spring-projects/spring-framework/issues/27686
4 years ago
862122a267
Update clockSkew javadoc according to implementation
...
Closes gh-10174
4 years ago
2dac210cac
Polish AuthRequestConverter Sample Doc
...
Issue gh-10364
4 years ago
9316241c01
Fix AuthnRequestConverter Sample Typos
...
Closes gh-10364
4 years ago
879b2d089f
Fix setJWTClaimSetJWSKeySelector Typo
...
Closes gh-10504
4 years ago
5913501e1a
#10505 Fix jwtDecoder
...
Fixed jwtDecoder(JWTProcessor jwtProcessor, OAuth2TokenValidator<Jwt> jwtValidator)
4 years ago
498636e26b
Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler
...
Closes gh-10425
4 years ago
bd34d70f97
Prevent Save @Transient Authentication with existing HttpSession
...
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.
This commit always prevents @Transient Authentication from being saved.
Closes gh-9992
4 years ago
e85958f65c
Fix CsrfConfigurer default AccessDeniedHandler consistency
...
Fix when AccessDeniedHandler is specified per RequestMatcher on
ExceptionHandlingConfigurer.
This introduces evolutions on :
- CsrfConfigurer#getDefaultAccessDeniedHandler,
to retrieve an AccessDeniedHandler similar to the one used by
ExceptionHandlingConfigurer.
- OAuth2ResourceServerConfigurer#accessDeniedHandler, to continue to
handle CsrfException with the default AccessDeniedHandler implementation
Fixes: gh-6511
4 years ago
0aa75e04b7
Fix imports for ChannelSecurityConfigurerTests
...
gh-7997
4 years ago
2e4c6c3bf1
Avoid using SpEL to change the meaning of the injection point
...
This commit removes the use of SpEL expression and replaces it with an
explicit call to the underlying method.
4 years ago
ef25304a30
Add RedirectStrategy customization to ChannelSecurityConfigurer for RetryWith classes
4 years ago
625c7d6473
Rename prefix/suffix in DelegatingPasswordEncoder
...
Issue gh-10273
4 years ago
912c762e12
Support for changing prefix and suffix in `DelegatingPasswordEncoder`
...
Closes gh-10273
4 years ago
10ac6dc761
Update aspectj-plugin to 6.3.0
...
Version 6.3.0 aligns with the used Gradle 7.3
4 years ago
e398fbf2a7
Include 5.6.0 Release in docs
4 years ago
7236f2c5f2
Added authorizeHttpRequests Docs
...
Closes gh-10442
4 years ago
eceb9ed479
Polish gh-10479
4 years ago
939a5581f2
Antora remove unnecessary logging
4 years ago
3c39761ca1
Add --stacktrace Antora argument
4 years ago
0f0be0b326
Remove old local-antora-playbook.yml
4 years ago
c93595969e
Add Spring Security 5.6.0-RC1
4 years ago
a3e658872c
Update What's New for 5.6
4 years ago
9887b282ce
Polish gh-10479
4 years ago
cba5d3239e
Fix versions
4 years ago
4f88bb8e5f
Antora Playbook
4 years ago
ab794bf67a
Consistency update for servlet docs
4 years ago
83f76fa1f6
Separate OAuth 2.0 Client Reactive Docs
...
Related gh-10367
4 years ago
0c12aeb7a1
Revamp OAuth 2.0 Login Reactive documentation
...
Related gh-8174
4 years ago
2a6e00ceb0
Don't Cache ReactiveJwtDecoders Errors
...
Closes gh-10444
4 years ago
09a14bf8a0
Port Missing Integration Docs
...
Closes gh-10465
4 years ago
Hiroshi Shirosaki
Steve Riesenberg
Guirong Hu
Jonas Erbe
Eleftheria Stein
Markus Heiden
Jonas Dittrich
Henning Poettker
Lars Grefer
Josh Cummings
Filip Hanik
Norbert Nowak
Jerome Prinet
Marcus Da Coregio
Dávid Kováč
Jeff Maxwell
Khaled Hamlaoui
Rob Winch
« Christophe
Stephane Nicoll
Onur Kagan Ozcan
heowc
Joe Grandja