f04cd641b0
Fix @since tag
...
Issue gh-10590, gh-10554
2022-01-06 13:18:25 -03:00
994e93741b
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2022-01-05 14:06:47 -03:00
04e1a11e35
Add RequestMatcherEntry
2022-01-05 14:06:47 -03:00
547056d5cc
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2022-01-05 14:06:47 -03:00
ba810e468f
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2022-01-05 14:01:57 -03:00
40dfe8f259
Add RequestMatcherEntry
2022-01-05 14:00:47 -03:00
b448954f43
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2022-01-05 13:57:36 -03:00
18427b6411
Configure WebInvocationPrivilegeEvaluator bean for multiple filter chains
...
Closes gh-10554
2021-12-13 08:57:30 -03:00
7e17a00197
Add RequestMatcherEntry
2021-12-13 08:57:30 -03:00
53b8cff26f
Introduce AuthorizationManagerWebInvocationPrivilegeEvaluator
...
Closes gh-10590
2021-12-13 08:57:30 -03:00
65426a40ec
Add Cross Origin Policies headers
...
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers
Closes gh-9385, gh-10118
2021-12-07 17:23:06 +01:00
62e8799a8d
Use BDD in tests
2021-12-02 17:44:47 -06:00
df0f6f83af
Polish gh-9597
2021-12-02 17:44:47 -06:00
925d531cbe
Set details on authentication token created by HttpServlet3RequestFactory
...
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated.
This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource.
Closes gh-9579
2021-12-02 17:44:46 -06:00
47b8860681
Update copyright year
...
Issue gh-10557
2021-12-01 17:36:52 -06:00
c7ffd2513a
Update copyright year
...
Issue gh-10557
2021-12-01 17:36:19 -06:00
bb2d80fea3
Update copyright year
...
Issue gh-10557
2021-12-01 17:35:43 -06:00
828cac8889
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:19:33 -06:00
f49c286050
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:05:13 -06:00
b3e0f167ff
Fix case sensitive headers comparison
...
Closes gh-10557
2021-12-01 15:01:06 -06:00
1251cde04c
Add Missing Since
...
Issue gh-10482
2021-11-30 15:17:48 -07:00
a3a9de1b9b
PermitAllSupport supports AuthorizeHttpRequestsConfigurer
...
PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.
Closes gh-10482
2021-11-30 15:17:22 -07:00
204f0b4599
Polish gh-10007
2021-11-30 15:27:58 -06:00
43317c5a61
Support IP whitelist for Spring Security Webflux
...
Closes gh-7765
2021-11-30 15:27:58 -06:00
2bf7a5ae80
Improve log message when no CSRF token found
...
Closes gh-10436
2021-11-19 08:37:25 -03:00
96a6fef820
Prevent Save @Transient Authentication with existing HttpSession
...
Previously, @Transient Authentication would get saved if an existing
HttpSession existed but it shouldn't.
This commit always prevents @Transient Authentication from being saved.
Closes gh-9992
2021-11-16 14:44:49 -06:00
caad3d57e2
Improve log message when no CSRF token found
...
Closes gh-10436
2021-10-29 14:06:17 -03:00
00f4033b9b
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-22 13:22:12 -03:00
e4a76b0ec9
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-22 10:19:34 -05:00
04b47c5928
Fixed various broken links in Javadocs
2021-10-21 11:47:04 +02:00
a188138715
Javadocs author tag doesn't work in methods
2021-10-21 11:47:04 +02:00
f836897190
Checkstyle Fixes
...
- Javadoc tag ordering
- Private constructors before inner classes
Issue gh-10394
2021-10-18 21:03:35 -05:00
e1f4ec1137
Fix Jackson
2021-10-18 21:03:12 -05:00
6e86fab19d
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-18 13:02:42 -05:00
faec20bc69
Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext
...
Closes gh-10208
2021-10-14 09:27:02 -03:00
7b98c2ea95
Restructure SwitchUserFilter Logs
...
Issue gh-6311
2021-10-12 13:32:29 -06:00
02b2fcc6f0
Restore ManagementConfigurationPlugin
...
Issue gh-9615
2021-10-05 11:23:29 -03:00
d2e5f2ae0d
Update Gradle to 7.2
...
Closes gh-9615
2021-10-04 15:19:40 -03:00
7d81a52780
Allow AuthenticationPrincipal argument type to be primitive
...
Closes gh-10172
2021-10-04 16:22:21 +02:00
84d173c310
Fix typo
2021-09-27 10:55:18 -03:00
a4c088a3b3
Introducing WebSessionServerLogoutHandler
...
Closes gh-4838
2021-08-16 13:08:35 -06:00
6f3e346b76
Add SecurityContextHolder#addListener
...
Closes gh-10032
2021-08-11 17:12:13 -06:00
b8d51725c7
Immutable SecurityContext
...
Issue gh-10032
2021-08-11 17:12:13 -06:00
f73f213f50
Remove DependencySetPlugin
...
Closes gh-10070
2021-07-12 15:31:38 -05:00
f800d2c993
Add hamcrest dependency
2021-07-09 15:57:21 -05:00
b6ff4d3674
Fix mockito UnnecessaryStubbingException
2021-07-09 14:35:10 -05:00
3e93b024d6
openrewrite Junit Migration
2021-07-09 14:32:52 -05:00
14240b2559
Remove Powermock
...
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.
Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.
Closes gh-6025
2021-07-08 12:35:32 -05:00
d121ab9565
Support A Well-Known URL for Changing Passwords
...
Closes gh-8657
2021-07-01 16:57:53 -06:00
3219fd554d
DigestAuthenticationFilter decodes nonce only once
...
Closes gh-8455
2021-06-18 15:25:00 -04:00
Marcus Da Coregio