Prior to this commit, the `ErrorPageSecurityFilter` verified if
access to the error page was allowed by invoking the
`WebInvocationPrivilegeEvaluator` with the Authentication from the
`SecurityContextHolder`.
This meant that access to the error page was denied for a `null` Authentication
or `AnonymousAuthenticationToken` in cases where the error page required
authenticated access. This prevented authorized users from accessing the
error page in case the Authentication wasn't retrievable for the error dispatch,
which is the case for `@Transient` authentication or stateless session policy.
This commit updates the `ErrorPageSecurityFilter` to check access to the error page
only if the error is an authn or authz error in cases where an authentication object
is not found in the SecurityContextHolder. This makes the error response consistent
when bad credentials or no credentials are used while also allowing access to previously
authorized users.
Fixes gh-28953
Update `build.gradle` files to ensure that `junit-platform-launcher` is
a `testRuntimeOnly` dependency. This ensures that tests can be run from
Eclipse.
Closes gh-25074
Replace `WebSecurityConfigurer` and `WebSecurityConfigurerAdapter`
configurations with `WebSecurityCustomizer` or `SecurityFilterChain`
beans.
Closes gh-23421
Update all dependencies declarations to use the form `scope(reference)`
rather than `scope reference`.
Prior to this commit we declared dependencies without parentheses unless
we were forced to add them due to an `exclude`.
Replace Gradle single quote strings with the double quote form
whenever possible. The change helps to being consistency to the
dependencies section where mostly single quotes were used, but
occasionally double quotes were required due to `${}` references.
Madhura Bhave
Scott Frederick
Andy Wilkinson
Phillip Webb
Madhura Bhave
Phillip Webb
Andy Wilkinson
Stephane Nicoll