1
0
mirror of synced 2026-07-15 15:49:09 +00:00

Compare commits

...

42 Commits

Author SHA1 Message Date
github-actions[bot] 0115e8aea1 Release 5.8.14 2024-08-19 18:22:56 +00:00
dependabot[bot] 6b69edb9a7 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:35:26 -07:00
dependabot[bot] 0ba26176db Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.1 to 1.14.2.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.1...v1.14.2)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:35:04 -07:00
dependabot[bot] 85775fe794 Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 5.3.37 to 5.3.39.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.37...v5.3.39)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-14 20:33:05 -07:00
dependabot[bot] 1ca53164ee Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.0.47 to 1.0.48.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.0.47...v1.0.48)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 21:21:27 -07:00
dependabot[bot] 47a521ca26 Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2020.0.46 to 2020.0.47.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2020.0.46...2020.0.47)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 21:06:03 -07:00
dependabot[bot] 751c6a762a Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.0 to 1.13.1.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:30:01 -07:00
dependabot[bot] 7d7b59bea4 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:29:17 -07:00
Steve Riesenberg 7149622efd Revert "Migrate slack notifications to GChat"
This reverts commits:
- 5d335ccf8d
- a5b1dec99a
2024-08-09 10:39:34 -05:00
dependabot[bot] e9e0ec89fb Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.12.0 to 1.13.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 18:28:27 -07:00
dependabot[bot] 596c5f9b0c Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.11 to 1.0.0-alpha.12.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.11...v1.0.0-alpha.12)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 18:13:16 -07:00
Steve Riesenberg 5d335ccf8d Fix job dependencies
Issue gh-15503
2024-07-31 16:59:35 -05:00
Josh Cummings 5cdcdc9bcb Suppress Node Files From Nohttp Analysis
Given that we have no control over the contents of
third-party code, it isn't helpful to have nohttp
generate errors for the usage of http:// in that code.
2024-07-31 15:48:28 -06:00
Steve Riesenberg a5b1dec99a Migrate slack notifications to GChat
Closes gh-15503
2024-07-31 14:59:04 -05:00
Roman Zabaluev ea2ec04633 Clarify url Parameter Usage in AD Provider
Closes gh-7760
2024-07-29 14:04:13 -07:00
dependabot[bot] c6bc1ec969 Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.5 to 3.2.0-alpha.6.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.5...v3.2.0-alpha.6)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 17:39:11 -07:00
dependabot[bot] 9ac5ee9bdb Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 17:38:32 -07:00
Marcus Hert Da Coregio 31babecfbd Only Merge PRs from Original Repository 2024-07-26 10:25:30 -03:00
Marcus Hert Da Coregio 4c12940304 Change Skip Condition 2024-07-26 10:18:48 -03:00
dependabot[bot] bb3738dbfd Bump com.gradle.develocity from 3.17.5 to 3.17.6
Bumps com.gradle.develocity from 3.17.5 to 3.17.6.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-22 20:58:46 -07:00
Josh Cummings 5c1a108b8b Remove Stray JavaDoc Statement
As of the 5.2 release, a separate registrar bean was no longer necessary

Closes gh-15425
2024-07-22 15:33:57 -06:00
dependabot[bot] 1c4a63387b Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-21 17:42:57 -07:00
Josh Cummings dab48d25b0 Improve Error Message When Registration Missing
Closes gh-15363
2024-07-18 15:50:41 -06:00
dependabot[bot] caa325f92e Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.11.1 to 1.12.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.11.1...v1.12.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 18:14:10 -07:00
dependabot[bot] 174e3ef356 Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.10 to 1.0.0-alpha.11.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.10...v1.0.0-alpha.11)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 17:56:21 -07:00
Josh Cummings 32e2735f45 Clarify Valid Metadata Locations 2024-07-10 17:10:49 -06:00
Marcus Hert Da Coregio 9cfc9bb8a8 Use in:title
Issue gh-14484
2024-07-10 12:48:39 -03:00
dependabot[bot] 341f58d411 Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2020.0.45 to 2020.0.46.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2020.0.45...2020.0.46)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 21:35:04 -07:00
dependabot[bot] c00197bdf5 Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.0.46 to 1.0.47.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.0.46...v1.0.47)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 21:19:30 -07:00
Marcus Hert Da Coregio 01e1813020 Remove single quotes from boolean value
Issue gh-14484
2024-07-09 08:16:06 -03:00
Marcus Hert Da Coregio 65c037853e Debug PR event payload
Issue gh-14484
2024-07-08 11:08:36 -03:00
dependabot[bot] 05256da801 Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.13 to 0.9.14.
- [Commits](https://github.com/spullara/mustache.java/compare/mustache.java-0.9.13...mustache.java-0.9.14)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-07 20:59:36 -07:00
dependabot[bot] 2bdb57a8a8 Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627
Bumps `org-eclipse-jetty` from 9.4.54.v20240208 to 9.4.55.v20240627.

Updates `org.eclipse.jetty:jetty-server` from 9.4.54.v20240208 to 9.4.55.v20240627

Updates `org.eclipse.jetty:jetty-servlet` from 9.4.54.v20240208 to 9.4.55.v20240627

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-03 21:08:34 -07:00
Marcus Hert Da Coregio a3095527a0 Label superseded dependabot updates as duplicates
Issue gh-14484
2024-07-03 13:47:35 -03:00
dependabot[bot] 9189916287 Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3
Bumps [org.skyscreamer:jsonassert](https://github.com/skyscreamer/JSONassert) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/skyscreamer/JSONassert/releases)
- [Changelog](https://github.com/skyscreamer/JSONassert/blob/master/CHANGELOG.md)
- [Commits](https://github.com/skyscreamer/JSONassert/compare/jsonassert-1.5.1...jsonassert-1.5.3)

---
updated-dependencies:
- dependency-name: org.skyscreamer:jsonassert
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 21:15:38 -07:00
dependabot[bot] 97e6ac76af Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.4 to 3.2.0-alpha.5.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.4...v3.2.0-alpha.5)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 18:20:05 -07:00
Marcus Hert Da Coregio 779030b6cd Document the role of CredentialsContainer
Closes gh-15319
2024-06-28 15:33:34 -03:00
Marcus Hert Da Coregio 1135ad5a5a Skip checkExpectedBranchVersion task on PR Build workflow
Issue gh-15226
2024-06-28 09:31:48 -03:00
Marcus Hert Da Coregio e3d642ce7c Add Task to Verify Branch Version Matches the Project Version
Closes gh-15226
2024-06-27 14:34:41 -03:00
github-actions[bot] 00247350d0 Update Antora Spring UI to v0.4.16 2024-06-20 15:47:54 -03:00
github-actions[bot] 9e2cadb475 Next development version 2024-06-17 16:00:03 +00:00
github-actions[bot] 20332fedb0 Release 5.8.13 2024-06-17 15:22:54 +00:00
19 changed files with 196 additions and 40 deletions
@@ -0,0 +1,46 @@
name: Mark Duplicate Dependabot PRs
on:
pull_request:
types: [closed]
jobs:
check_duplicate_prs:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Extract Dependency Name from PR Title
id: extract
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}')
echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT
- name: Find PRs
id: find_duplicates
env:
DEPENDENCY_NAME: ${{ steps.extract.outputs.dependency_name }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "$DEPENDENCY_NAME"' --json number --jq 'map(.number) | join(",")')
echo "prs=$PRS" >> $GITHUB_OUTPUT
- name: Label Duplicate PRs
if: steps.find_duplicates.outputs.prs != ''
env:
PRS: ${{ steps.find_duplicates.outputs.prs }}
CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
for i in ${PRS//,/ }
do
if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then
echo "Marking PR $i as duplicate"
gh pr edit "$i" --add-label "status: duplicate"
gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER"
fi
done
+1 -1
View File
@@ -9,7 +9,7 @@ permissions: write-all
jobs:
merge-dependabot-pr:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
steps:
- uses: actions/checkout@v4
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
java-version: '11'
distribution: 'adopt'
- name: Build with Gradle
run: ./gradlew clean build --continue
run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue
generate-docs:
name: Generate Docs
runs-on: ubuntu-latest
+1
View File
@@ -25,6 +25,7 @@ apply plugin: 'org.springframework.github.milestone'
apply plugin: 'org.springframework.github.changelog'
apply plugin: 'org.springframework.github.release'
apply plugin: 'org.springframework.security.versions.verify-dependencies-versions'
apply plugin: 'org.springframework.security.check-expected-branch-version'
group = 'org.springframework.security'
description = 'Spring Security'
+4
View File
@@ -68,6 +68,10 @@ gradlePlugin {
id = "org.springframework.security.versions.verify-dependencies-versions"
implementationClass = "org.springframework.security.convention.versions.VerifyDependenciesVersionsPlugin"
}
checkExpectedBranchVersion {
id = "org.springframework.security.check-expected-branch-version"
implementationClass = "org.springframework.security.CheckExpectedBranchVersionPlugin"
}
}
}
@@ -0,0 +1,85 @@
/*
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.gradle.api.DefaultTask;
import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.plugins.JavaBasePlugin;
import org.gradle.api.tasks.TaskAction;
import org.gradle.api.tasks.TaskProvider;
/**
* @author Marcus da Coregio
*/
public class CheckExpectedBranchVersionPlugin implements Plugin<Project> {
@Override
public void apply(Project project) {
TaskProvider<CheckExpectedBranchVersionTask> checkExpectedBranchVersionTask = project.getTasks().register("checkExpectedBranchVersion", CheckExpectedBranchVersionTask.class, (task) -> {
task.setGroup("Build");
task.setDescription("Check if the project version matches the branch version");
});
project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkExpectedBranchVersionTask));
}
public static class CheckExpectedBranchVersionTask extends DefaultTask {
@TaskAction
public void run() throws IOException {
Project project = getProject();
if (project.hasProperty("skipCheckExpectedBranchVersion")) {
return;
}
String version = (String) project.getVersion();
String branchVersion = getBranchVersion(project);
if (!branchVersion.matches("^[0-9]+\\.[0-9]+\\.x$")) {
System.out.println("Branch version does not match *.x, ignoring");
return;
}
if (!versionsMatch(version, branchVersion)) {
throw new IllegalStateException(String.format("Project version [%s] does not match branch version [%s]. " +
"Please verify that the branch contains the right version.", version, branchVersion));
}
}
private static String getBranchVersion(Project project) throws IOException {
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
project.exec((exec) -> {
exec.commandLine("git", "symbolic-ref", "--short", "HEAD");
exec.setErrorOutput(System.err);
exec.setStandardOutput(baos);
});
return baos.toString();
}
}
private boolean versionsMatch(String projectVersion, String branchVersion) {
String[] projectVersionParts = projectVersion.split("\\.");
String[] branchVersionParts = branchVersion.split("\\.");
if (projectVersionParts.length < 2 || branchVersionParts.length < 2) {
return false;
}
return projectVersionParts[0].equals(branchVersionParts[0]) && projectVersionParts[1].equals(branchVersionParts[1]);
}
}
}
@@ -434,7 +434,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
}
}
private String computeErrorMessage(Collection<? extends ServletRegistration> registrations) {
private static String computeErrorMessage(Collection<? extends ServletRegistration> registrations) {
String template = "This method cannot decide whether these patterns are Spring MVC patterns or not. "
+ "If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); "
+ "otherwise, please use requestMatchers(AntPathRequestMatcher).\n\n"
@@ -628,7 +628,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
public boolean matches(HttpServletRequest request) {
String name = request.getHttpServletMapping().getServletName();
ServletRegistration registration = this.servletContext.getServletRegistration(name);
Assert.notNull(name, "Failed to find servlet [" + name + "] in the servlet context");
Assert.notNull(registration, computeErrorMessage(this.servletContext.getServletRegistrations().values()));
try {
Class<?> clazz = Class.forName(registration.getClassName());
return DispatcherServlet.class.isAssignableFrom(clazz);
@@ -670,18 +670,12 @@ public abstract class AbstractRequestMatcherRegistry<C> {
@Override
public boolean matches(HttpServletRequest request) {
if (this.dispatcherServlet.matches(request)) {
return this.mvc.matches(request);
}
return this.ant.matches(request);
return requestMatcher(request).matches(request);
}
@Override
public MatchResult matcher(HttpServletRequest request) {
if (this.dispatcherServlet.matches(request)) {
return this.mvc.matcher(request);
}
return this.ant.matcher(request);
return requestMatcher(request).matcher(request);
}
@Override
@@ -400,6 +400,19 @@ public class AbstractRequestMatcherRegistryTests {
verifyNoMoreInteractions(mvc);
}
@Test
public void matchesWhenNoMappingThenException() {
MockServletContext servletContext = new MockServletContext();
servletContext.addServlet("default", DispatcherServlet.class).addMapping("/");
servletContext.addServlet("path", Servlet.class).addMapping("/services/*");
MvcRequestMatcher mvc = mock(MvcRequestMatcher.class);
AntPathRequestMatcher ant = mock(AntPathRequestMatcher.class);
DispatcherServletDelegatingRequestMatcher requestMatcher = new DispatcherServletDelegatingRequestMatcher(ant,
mvc, servletContext);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/services/endpoint");
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> requestMatcher.matcher(request));
}
private void mockMvcIntrospector(boolean isPresent) {
ApplicationContext context = this.matcherRegistry.getApplicationContext();
given(context.containsBean("mvcHandlerMappingIntrospector")).willReturn(isPresent);
+1 -1
View File
@@ -30,7 +30,7 @@ urls:
redirect_facility: httpd
ui:
bundle:
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.15/ui-bundle.zip
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.16/ui-bundle.zip
snapshot: true
runtime:
log:
+1
View File
@@ -44,6 +44,7 @@
***** xref:servlet/authentication/passwords/in-memory.adoc[In Memory]
***** xref:servlet/authentication/passwords/jdbc.adoc[JDBC]
***** xref:servlet/authentication/passwords/user-details.adoc[UserDetails]
***** xref:servlet/authentication/passwords/credentials-container.adoc[CredentialsContainer]
***** xref:servlet/authentication/passwords/user-details-service.adoc[UserDetailsService]
***** xref:servlet/authentication/passwords/password-encoder.adoc[PasswordEncoder]
***** xref:servlet/authentication/passwords/dao-authentication-provider.adoc[DaoAuthenticationProvider]
@@ -0,0 +1,12 @@
[[servlet-authentication-credentialscontainer]]
= CredentialsContainer
{security-api-url}org/springframework/security/core/CredentialsContainer.html[The `CredentialsContainer`] interface indicates that the implementing object contains sensitive data, and is used internally by Spring Security to erase the authentication credentials after a successful authentication.
This interface is implemented by most of Spring Security internal domain classes, like {security-api-url}org/springframework/security/core/userdetails/User.html[User] and {security-api-url}org/springframework/security/authentication/UsernamePasswordAuthenticationToken.html[UsernamePasswordAuthenticationToken].
The `ProviderManager` manager checks whether the returned `Authentication` implements this interface.
If so, xref:servlet/authentication/architecture.adoc#servlet-authentication-providermanager-erasing-credentials[it calls the `eraseCredentials` method] to remove the credentials from the object.
If you want your custom authentication objects to have their credentials erased after authentication, you should ensure that the classes implement the `CredentialsContainer` interface.
Users who are writing their own `AuthenticationProvider` implementations should create and return an appropriate `Authentication` object there, minus any sensitive data, rather than using this interface.
+4 -4
View File
@@ -1,10 +1,10 @@
{
"dependencies": {
"antora": "3.2.0-alpha.4",
"antora": "3.2.0-alpha.6",
"@antora/atlas-extension": "1.0.0-alpha.2",
"@antora/collector-extension": "1.0.0-alpha.4",
"@antora/collector-extension": "1.0.0-beta.2",
"@asciidoctor/tabs": "1.0.0-beta.6",
"@springio/antora-extensions": "1.11.1",
"@springio/asciidoctor-extensions": "1.0.0-alpha.10"
"@springio/antora-extensions": "1.14.2",
"@springio/asciidoctor-extensions": "1.0.0-alpha.12"
}
}
+3
View File
@@ -12,4 +12,7 @@
<property name="optional" value="true"/>
</module>
<module name="SuppressWithPlainTextCommentFilter"/>
<module name="BeforeExecutionExclusionFileFilter">
<property name="fileNamePattern" value=".*[\\/]node(_modules|js)[\\/].*$"/>
</module>
</module>
+1 -1
View File
@@ -1,5 +1,5 @@
springBootVersion=2.7.12
version=5.8.13-SNAPSHOT
version=5.8.14
samplesBranch=5.8.x
org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError
org.gradle.parallel=true
+6 -6
View File
@@ -7,7 +7,7 @@ io-spring-nohttp = "0.0.11"
org-apache-directory-server = "1.5.5"
org-aspectj = "1.9.20.1"
org-bouncycastle = "1.70"
org-eclipse-jetty = "9.4.54.v20240208"
org-eclipse-jetty = "9.4.55.v20240627"
org-jetbrains-kotlin = "1.7.22"
org-jetbrains-kotlinx = "1.6.4"
org-junit-jupiter = "5.9.3"
@@ -15,7 +15,7 @@ org-mockito = "4.8.1"
org-opensaml4 = "4.1.0"
org-opensaml3 = "3.4.6"
org-slf4j = "1.7.36"
org-springframework = "5.3.37"
org-springframework = "5.3.39"
[libraries]
ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.2.13"
@@ -30,8 +30,8 @@ com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:4.0.14"
commons-collections = "commons-collections:commons-collections:3.2.2"
io-freefair-gradle-aspectj-plugin = "io.freefair.gradle:aspectj-plugin:6.5.1"
io-mockk = "io.mockk:mockk:1.13.3"
io-projectreactor-netty-reactor-netty = "io.projectreactor.netty:reactor-netty:1.0.46"
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2020.0.45"
io-projectreactor-netty-reactor-netty = "io.projectreactor.netty:reactor-netty:1.0.48"
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2020.0.47"
io-projectreactor-tools-blockhound = "io.projectreactor.tools:blockhound:1.0.9.RELEASE"
io-r2dbc-r2dbc-h2 = { module = "io.r2dbc:r2dbc-h2", version.ref = "io-r2dbc" }
io-r2dbc-r2dbc-spi-test = { module = "io.r2dbc:r2dbc-spi-test", version.ref = "io-r2dbc" }
@@ -87,7 +87,7 @@ org-python-jython = "org.python:jython:2.5.3"
org-seleniumhq-selenium-htmlunit-driver = "org.seleniumhq.selenium:htmlunit-driver:2.65.0"
org-seleniumhq-selenium-selenium-java = "org.seleniumhq.selenium:selenium-java:3.141.59"
org-seleniumhq-selenium-selenium-support = "org.seleniumhq.selenium:selenium-support:3.141.59"
org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.1"
org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.3"
org-slf4j-log4j-over-slf4j = { module = "org.slf4j:log4j-over-slf4j", version.ref = "org-slf4j" }
org-slf4j-slf4j-api = { module = "org.slf4j:slf4j-api", version.ref = "org-slf4j" }
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2021.2.18"
@@ -103,7 +103,7 @@ org-apache-commons-commons-io = "org.apache.commons:commons-io:1.3.2"
io-github-gradle-nexus-publish-plugin = "io.github.gradle-nexus:publish-plugin:1.1.0"
org-gretty-gretty = "org.gretty:gretty:3.0.9"
com-github-ben-manes-gradle-versions-plugin = "com.github.ben-manes:gradle-versions-plugin:0.38.0"
com-github-spullara-mustache-java-compiler = "com.github.spullara.mustache.java:compiler:0.9.13"
com-github-spullara-mustache-java-compiler = "com.github.spullara.mustache.java:compiler:0.9.14"
org-hidetake-gradle-ssh-plugin = "org.hidetake:gradle-ssh-plugin:2.10.1"
org-jfrog-buildinfo-build-info-extractor-gradle = "org.jfrog.buildinfo:build-info-extractor-gradle:4.29.4"
org-sonarsource-scanner-gradle-sonarqube-gradle-plugin = "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1"
@@ -136,9 +136,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
ContextFactory contextFactory = new ContextFactory();
/**
* @param domain the domain name (may be null or empty)
* @param url an LDAP url (or multiple URLs)
* @param rootDn the root DN (may be null or empty)
* @param domain the domain name (can be null or empty)
* @param url an LDAP url (or multiple space-delimited URLs).
* @param rootDn the root DN (can be null or empty)
* @see <a href="https://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html">JNDI
* URL format documentation</a>
*/
public ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn) {
Assert.isTrue(StringUtils.hasText(url), "Url cannot be empty");
@@ -50,11 +50,6 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
* To locate the bearer token, this looks in the Reactor {@link Context} for a key of type
* {@link Authentication}.
*
* Registering
* {@see org.springframework.security.config.annotation.web.configuration.OAuth2ResourceServerConfiguration.OAuth2ResourceServerWebFluxSecurityConfiguration.BearerRequestContextSubscriberRegistrar},
* as a {@code @Bean} will take care of this automatically, but certainly an application
* can supply a {@link Context} of its own to override.
*
* @author Josh Cummings
* @since 5.2
*/
@@ -45,8 +45,8 @@ public final class RelyingPartyRegistrations {
* Return a {@link RelyingPartyRegistration.Builder} based off of the given SAML 2.0
* Asserting Party (IDP) metadata location.
*
* Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some
* valid endpoints might include:
* Valid locations can be classpath- or file-based or they can be HTTPS endpoints.
* Some valid endpoints might include:
*
* <pre>
* metadataLocation = "classpath:asserting-party-metadata.xml";
@@ -69,8 +69,8 @@ public final class RelyingPartyRegistrations {
* about the asserting party. Thus, you will need to remember to still populate
* anything about the relying party, like any private keys the relying party will use
* for signing AuthnRequests.
* @param metadataLocation The classpath- or file-based locations or HTTP endpoints of
* the asserting party metadata file
* @param metadataLocation The classpath- or file-based locations or HTTPS endpoints
* of the asserting party metadata file
* @return the {@link RelyingPartyRegistration.Builder} for further configuration
*/
public static RelyingPartyRegistration.Builder fromMetadataLocation(String metadataLocation) {
@@ -130,8 +130,8 @@ public final class RelyingPartyRegistrations {
* Return a {@link Collection} of {@link RelyingPartyRegistration.Builder}s based off
* of the given SAML 2.0 Asserting Party (IDP) metadata location.
*
* Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some
* valid endpoints might include:
* Valid locations can be classpath- or file-based or they can be HTTPS endpoints.
* Some valid endpoints might include:
*
* <pre>
* metadataLocation = "classpath:asserting-party-metadata.xml";
@@ -155,7 +155,7 @@ public final class RelyingPartyRegistrations {
* about the asserting party. Thus, you will need to remember to still populate
* anything about the relying party, like any private keys the relying party will use
* for signing AuthnRequests.
* @param location The classpath- or file-based locations or HTTP endpoints of the
* @param location The classpath- or file-based locations or HTTPS endpoints of the
* asserting party metadata file
* @return the {@link Collection} of {@link RelyingPartyRegistration.Builder}s for
* further configuration
+1 -1
View File
@@ -5,7 +5,7 @@ pluginManagement {
}
plugins {
id "com.gradle.develocity" version "3.17.5"
id "com.gradle.develocity" version "3.17.6"
id "io.spring.ge.conventions" version "0.0.17" apply false
}