Add a minimal test to ensure that
DelegatingMissingAuthorityAccessDeniedHandler and
DefaultLoginPageGeneratingFilterTests work together properly.
Issue gh-18002
If the GrantedAuthority is not equal, but contains a duplicate
GrantedAuthority#getAuthority() then at the time of authentication,
the Filter or WebFilter will duplicate the GrantedAuthority which leads
to a memory leak. This is important to avoid for when we add support for
a GrantedAuthority that might have an issuedAt attribute. If it is too
old, then we'd want only the new GrantedAuthority to be added and the old
instance to be removed. However, the two GrantedAuthority instances
will not be equal because the issuedAt will not be equal.
Closes gh-17981
Previously build threw an Exception when entryPoints was empty and
defaultEntryPoint was specified.
This commit changes build to return the defaultEntryPoint instead.
Closes gh-17955
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`
Closes gh-17931
It would be better to introduce parameter types for
principal and credentials into Authentication.Builder
at the same time as doing so for Authentication
Issue gh-17861
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.
Issue gh-17862
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible
Issue gh-17861
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.
It also adds Builders for each one of the authentication
result classes.
Issue gh-17861
Internally, RequestMatcher is sometimes used as a key to a
HashMap. Accordingly, each implementation should implement
equals and hashCode.
Closes gh-17842
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.
Closes gh-17814
Rename DEFAULT_ANT_PATH_REQUEST_MATCHER to DEFAULT_PATH_REQUEST_MATCHER
to reflect PathPatternRequestMatcher usage instead of legacy Ant
pattern terminology.
Signed-off-by: Jaehwan Lee <jhrick0129@gmail.com>
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
Rob Winch
Josh Cummings
DingHao
Andrey Litvitski
Steve Riesenberg
Nikita Konev
Jaehwan Lee
Tim Boeckstaens