Change WebSocketMessageBrokerSecurityBeanDefinitionParser to use
XorCsrfChannelInterceptor by default, so WebSocket XML configuration
matches the default Xor-based configuration already in
WebSocketMessageBrokerSecurityConfiguration.
Closes gh-17260
Signed-off-by: Matt Magoffin <matt@solarnetwork.net>
This commit changes the config module to use
PathPatternRequestMatcher in favor of
MvcRequestMatcher and AntPathRequestMatcher.
This allows removing several HandlerMappingIntrospector
support classes as well which were in place to
support MvcRequestMatcher.
Issue gh-16886
Issue gh-16887
This commit formats authorizeHttpRequests blocks
to use the same parameter name and places the
reference on the same line as the parameter.
Issue gh-13067
This commit changes all auhorizeRequests
declarations to use the same variable name
and declare the lambda parameter and reference
on the same line.
Issue gh-13067
This commit removes all and() methods that have been
deprecated in the HttpSecurity DSL with the exception
of featurePolicy, which will be removed when that
feature is removed. Note that since featurePolicy
does not have a lambda equivalent, the and support
needs to remain for the moment.
Issue gh-13067
Replaces repeated if-else string comparisons with a Set.contains() check
for known WebSocket handshake handler class names in MessageSecurityPostProcessor.
Improves readability and maintainability without changing behavior.
Signed-off-by: Wonpyo Hong <evga7@naver.com>
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.
Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.
As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.
Closes gh-10820
Tran Ngoc Nhan
Josh Cummings
Matt Magoffin
Soumik Sarker
Joe Grandja
Kevin Yue
Rob Winch
Maciej Kowalski
evga7
Evgeniy Cheban
Max Batischev
Christian Schuster