Commit Graph

265 Commits (2cc15dc671cbf88631238c667a9c672afe0cd7a0)

Author SHA1 Message Date
Phillip Webb 8147eb6d6d Merge branch '2.6.x' into 2.7.x 3 years ago
Phillip Webb fee45e056a Merge branch '2.6.x' into 2.7.x
Closes gh-29375
3 years ago
Phillip Webb 91d2b1b988 Merge branch '2.5.x' into 2.6.x
Closes gh-29374
3 years ago
Phillip Webb eb6b48fff0 Use side-effect free environment with tests rather than converting
Refine the logic introduced in 64270eca to use a side-effect free
Environment implementation rather than converting the Environment early.

Early conversion can cause condition evaluation issues if
`src/test/resources/application.properties` files are bound to the
`SpringApplication`. Specifically the `spring.main.web-application-type`
property can change the `Environment` type which must happen before
conditions are evaluated.

Fixes gh-29169
3 years ago
Stephane Nicoll 69d1c3674a Upgrade to latest Hazelcast 3.x in integration tests 3 years ago
Stephane Nicoll a780e87e9c Upgrade to Hazelcast 5.0.2
See gh-29265
3 years ago
Phillip Webb b25e92f3e2 Merge branch '2.6.x' into 2.7.x 3 years ago
izeye 728206dba0 Polish GraphQL changes
See gh-29140
Closes gh-29194
3 years ago
Brian Clozel 88ee4fab36 Polish
See gh-29140
3 years ago
Brian Clozel c522a8007b Add smoke test for Spring GraphQL
See gh-29140
3 years ago
Madhura Bhave d9d161cd6b Allow previously authorized users to access the error page
Prior to this commit, the `ErrorPageSecurityFilter` verified if
access to the error page was allowed by invoking the
`WebInvocationPrivilegeEvaluator` with the Authentication from the
`SecurityContextHolder`.
This meant that access to the error page was denied for a `null` Authentication
 or `AnonymousAuthenticationToken` in cases where the error page required
authenticated access. This prevented authorized users from accessing the
error page in case the Authentication wasn't retrievable for the error dispatch,
which is the case for `@Transient` authentication or stateless session policy.

This commit updates the `ErrorPageSecurityFilter` to check access to the error page
only if the error is an authn or authz error in cases where an authentication object
is not found in the SecurityContextHolder. This makes the error response consistent
when bad credentials or no credentials are used while also allowing access to previously
authorized users.

Fixes gh-28953
3 years ago
Phillip Webb f676602c96 Merge branch '2.5.x' into 2.6.x 3 years ago
Phillip Webb 783981ba98 Merge branch '2.4.x' into 2.5.x 3 years ago
Phillip Webb d336a96b7f Update web.xml xsd references to for 3.1 version
See gh-29075
3 years ago
Phillip Webb 6e01c3edbe Merge branch '2.5.x' into 2.6.x
Closes gh-29077
3 years ago
Phillip Webb 17363d1b3a Merge branch '2.4.x' into 2.5.x
Closes gh-29076
3 years ago
Phillip Webb 1749c893dc Update web-app version to 3.1
Update the web-app version specified in `web.xml` to 3.1 in order to
make Eclipse happy.

Closes gh-29075
3 years ago
Phillip Webb beb68671bb Update copyright year of changed files 3 years ago
Scott Frederick 4eed637481 Merge branch '2.5.x'
Closes gh-28789
3 years ago
Scott Frederick 12244a8edd Remove use of Thymeleaf from smoke tests
Closes gh-28788
3 years ago
Phillip Webb b6d0b44703 Fix @SuppressWarnings 3 years ago
Madhura Bhave dd1d1482dc Deny unauthorized access to the error page
Fixes gh-26356

Co-authored-by Andy Wilkinson <wilkinsona@vmware.com>
3 years ago
Madhura Bhave 6b79d2860f Merge branch '2.5.x' into main
Closes gh-28724
3 years ago
Madhura Bhave 64270eca51 Convert environment used by SpringBootTestContextLoader
This commit aligns `SpringBootTest`s to also use `ApplicationEnvironment`
instead of `StandardEnvironment`. This prevents the side-effect of active
profiles from `@ActiveProfiles` from being added to the environment when
doGetActiveProfiles is called. In this case, calling `addActiveProfiles()`
in the environment post processor would result in `@ActiveProfiles` being
added to the environment first, resulting in the wrong order.

The additional call to `setActiveProfiles()` is also not necessary when using
ApplicationEnvironment because that call was put in place to prevent the side-effect
which `ApplicationEnvironment` does not have.

Fixes gh-28530
3 years ago
Andy Wilkinson 2a342ef416 Merge branch '2.5.x'
Closes gh-28662
3 years ago
Andy Wilkinson 5e4a502b2d Merge branch '2.4.x' into 2.5.x
Closes gh-28661
3 years ago
Andy Wilkinson 2cec3971d7 Prohibit unwanted dependencies in all modules not just starters
Closes gh-28658
3 years ago
Andy Wilkinson 2541c0cbdc Disable on Windows tests that use embedded Kafka
Closes gh-28406
3 years ago
Madhura Bhave 42d21a8336 Remove parameterization of session smoke tests
There are dedicated smoke tests for Hazelcast, MongoDB and Redis
that run on CI.
This commit also polishes some of the other smoke tests related to
Spring Session
3 years ago
Madhura Bhave 2caa6cb227 Polish "Add smoke tests for Spring Session Redis/Mongo"
See gh-28362
3 years ago
Angel L. Villalain Garcia 9a16c246ec Add smoke tests for Spring Session Redis/Mongo
Add smoke tests that verify the correct behavior of the sessions
endpoint when using Spring Session with MongoDB and Redis.

See gh-28362
3 years ago
Madhura Bhave b350eaee8a Fix checkstyle 3 years ago
Madhura Bhave 8dcf3e2c70 Polish "Add smoke test with Spring Session and Hazelcast"
See gh-28173
3 years ago
Susmitha 70dd655b60 Add smoke test with Spring Session and Hazelcast
See gh-28173
3 years ago
Phillip Webb 55a1ec72cc Update copyright year of changed files 3 years ago
Madhura Bhave 8fd9eb72d4 Allow part of a composite contributor in a health group
Closes gh-23027

Co-authored-by: Phillip Webb <pwebb@vmware.com>
3 years ago
Andy Wilkinson fd2fbcb3c6 Merge branch '2.5.x'
Closes gh-27758
3 years ago
Andy Wilkinson 6d8ba3e8b1 Merge branch '2.4.x' into 2.5.x
Closes gh-27757
3 years ago
Andy Wilkinson ffbd28b60a Polish "Polish access modifiers for test classes"
See gh-27736
3 years ago
izeye 8a425dedfd Polish access modifiers for test classes
See gh-27736
3 years ago
Andy Wilkinson e737388f5c Merge branch '2.5.x'
Closes gh-27654
3 years ago
Andy Wilkinson d6cf46acc5 Merge branch '2.4.x' into 2.5.x
Closes gh-27653
3 years ago
Andy Wilkinson 403dda7f0d Remove field inject and circular reference from Data Mongo smoke test
Closes gh-27651
3 years ago
Andy Wilkinson e265825653 Merge branch '2.5.x'
Closes gh-27506
3 years ago
Andy Wilkinson 08e26c97aa Merge branch '2.4.x' into 2.5.x
Closes gh-27505
3 years ago
Andy Wilkinson 031a036c9f Customize security filter registration in separate management context
Fixes gh-27372
3 years ago
Phillip Webb 7e9ac39f0d Update copyright year of changed files 3 years ago
Andy Wilkinson 37f690323f Polish
Closes gh-27432
3 years ago
Andy Wilkinson bb26b7bdf5 Polish
Closes gh-27431
3 years ago
izeye 734293d491 Polish
See gh-27418
3 years ago