By extending FilterChainProxy CompositeFilterChainProxy is more passive since
users often depend on the type of the springSecurityFilterChain Bean being
FilterChainProxy (even though it can already be other types - when debug is
enabled).
Issue gh-14128
Tomcat uses different ServletContext instances from startup- and request-time.
This commit ensures that if the programmatic API isn't available at startup-time,
then use the ServletContext attached to the HttpServletRequest at runtime.
Issue gh-13794
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:
- 5dce82c48b
Since processResources is configured directly instead of via the source
set container, an explicit dependency task between rncToXsd and
sourcesJar must be defined.
Issue gh-13845
Since processResources is configured directly instead of via the source
set container, an explicit dependency task between rncToXsd and
versionlessXsd must be defined.
Issue gh-13845
This change removes .xsd entries that would appear in the top level of
the assembled artifacts. This occurred because the output of the
rncToXsd task does not consider the path beneath the resources
directory. To fix this, the processResources task is directly
configured with a copy spec so the required path can be set.
Issue gh-13845
When using Spring Security ACL and compiling to Native, in order to create the '*AuthorizationMethodInterceptor' Proxy beans during build time, Spring tries to resolve the DataSource bean since the DataSource can be a dependency of some AclService implementations, and fails because some required data source properties are not available during build time.
This commit defers the initialization of the MethodSecurityExpressionHandler to the runtime.
Closes gh-12653
This addresses a deprecation warning causing build caching to be
disabled for some tasks. With this change, we tell Gradle that the
rncToXsd task produces output that should be considered a resource.
This clears up ambiguities when computing the task graph.
These tests began failing on snapshots after changes in
Spring Framework's `DispatcherServlet` to reset the response
on an error.
For now, we can have these tests operate with a 200 OK response.
An issue was opened in the spring-framework issuer tracker to
discuss this and address `CorsFilter` (and any other filter) that
writes headers that would be cleared on an error.
See spring-projects/spring-framework#31154
Steve Riesenberg
Geir Hedemark
Marcus Hert Da Coregio
DingHao
Josh Cummings
Rob Winch
Steve Riesenberg
Eric Haag
Tim te Beek
Olivier Vanekem