Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Separate MethodMatcher and AuthorizationManager #1

Open
wants to merge 123 commits into
base: gh-9289
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
d85a7cf
Make user info response status check error only
BenjaminFaal Jan 12, 2021
c03ba45
Use spring-build-conventions:0.0.37
rwinch Jan 26, 2021
3e1616c
Remove BearerTokenAuthenticationWebFilter
jzheaux Jan 26, 2021
041e4aa
Change Example Name
jzheaux Jan 28, 2021
75706f1
Allow null or empty authorities for DefaultOAuth2User
mayur9991 Jan 27, 2021
873b9bd
Configure CurrentSecurityContextArgumentResolver BeanResolver
happier233 Jan 6, 2021
107f38f
Polish Tests
jzheaux Feb 3, 2021
9b42495
Constrain Nimbus Dependencies
jzheaux Feb 3, 2021
10dce79
Update saml2-login.adoc
kavi87 Feb 4, 2021
c836c71
Fix typo in reactive CSRF docs
eleftherias Feb 8, 2021
9a2c184
Use plugins-release
jzheaux Feb 10, 2021
8c8fef0
Revert "Use plugins-release"
jzheaux Feb 10, 2021
ca5e303
Fix Test Configuration
jzheaux Feb 10, 2021
ccb3b02
Bearer Token Server-side Errors Return 500
jzheaux Feb 10, 2021
02d017a
Adjust Test Assertion
jzheaux Feb 10, 2021
f6bfdd9
Update to Spring Boot 2.4.2
jzheaux Feb 11, 2021
df10f7d
Update to Kotlin 1.4.30
jzheaux Feb 11, 2021
983f490
Update to GAE 1.9.86
jzheaux Feb 11, 2021
a85caa4
Lock Dependencies
jzheaux Feb 11, 2021
61a6792
Release 5.5.0-M2
jzheaux Feb 11, 2021
c4be1c6
Revert "Lock Dependencies"
jzheaux Feb 11, 2021
304495f
Next Development Version
jzheaux Feb 11, 2021
3116369
Optimize HttpSessionSecurityContextRepository
rwinch Jan 22, 2021
95da121
Additional Test for HttpSessionSecurityContextRepository
rwinch Jan 22, 2021
a0a9718
Use Instant with micro-second precision
jzheaux Feb 12, 2021
5e5ff27
Configure Jackson for nanosecond precision
jzheaux Feb 12, 2021
3d6c5bf
Migrate LDAP Samples to UnboundId
jzheaux Feb 5, 2021
ccfbff4
Remove javax.annotation Usage
jzheaux Feb 5, 2021
f129410
Add Java 8 Polyfill for Apache DS tests
jzheaux Feb 5, 2021
f9c4dba
Update Git Workflows to Use JDK 11
jzheaux Feb 5, 2021
987b19f
Update Build Section to Require JDK 11
jzheaux Feb 8, 2021
857830f
Add RememberMeDsl
IvanPavlov1995 Feb 5, 2021
fb391c5
Add setMetadataFilename method to Saml2MetadataFilter
GitHanter Feb 20, 2021
c0fa3f9
Encode the Content-Disposition header following RFC 8187
GitHanter Feb 20, 2021
3e8ad4b
Polish Test
jzheaux Mar 2, 2021
6e41246
Throw Saml2AuthenticationException
GitHanter Feb 27, 2021
f3fa8e8
Polish
GitHanter Feb 27, 2021
c860076
Fix Saml2MetadataFilter Test
jzheaux Mar 2, 2021
8f07ca4
Fix missing return in example
IvanAgafonov Mar 3, 2021
cf2bb62
Fix typo in doc
wonwoo Mar 4, 2021
92b3a7b
Clarify in .csrf() enables CSRF protection
eleftherias Mar 5, 2021
efb394d
Allow ACL to be owned by GrantedAuthoritySid
bberto Feb 12, 2021
31f310f
Add BearerTokenAuthenticationConverter
thecodinglog Aug 19, 2020
b774e91
Polish BearerTokenAuthenticationConverter
jzheaux Mar 12, 2021
7060a84
Update to GAE 1.9.87
eleftherias Mar 15, 2021
b72d0d5
Update to Kotlin 1.4.31
eleftherias Mar 15, 2021
f05cc62
Lock dependencies for 2.5.0-M3
eleftherias Mar 15, 2021
1c351ca
Release 5.5.0-M3
eleftherias Mar 15, 2021
0724b7e
Next development version
eleftherias Mar 15, 2021
4a49284
Revert "Lock dependencies for 2.5.0-M3"
eleftherias Mar 15, 2021
b8e4788
Fix test to use non-expired token
H-LREB Mar 17, 2021
aad76e6
Update to Gradle 6.8.3
eleftherias Mar 18, 2021
a015b8b
Add Saml2MessageBinding#from
jzheaux Mar 23, 2021
d0d0a8d
Add OpenSAML 4 Support
jzheaux Dec 7, 2020
f5fe64c
Fix typo
eleftherias Mar 24, 2021
0f3df3e
Consider Order on SecurityFilterChain bean definitions
eleftherias Mar 24, 2021
8d82eba
Update ComparableVersion to version from Maven 3.6.3
candrews Mar 25, 2021
d948528
Add javadoc at constructors.
manousos Mar 24, 2021
404e9e1
Fix Javadoc Errors
jzheaux Mar 30, 2021
4b351b1
Remove SpringSecurityAuthnRequestBuilder
jzheaux Mar 30, 2021
dd3b903
Change to GPG_PRIVATE_KEY_NO_HEADER
jzheaux Mar 30, 2021
88fd834
Remove samples
rwinch Apr 2, 2021
6b3918f
Add buildSrc
rwinch Apr 2, 2021
06f38ac
buildSrc.skipTests
rwinch Apr 2, 2021
bfec10b
Remove MergePlugin
rwinch Apr 5, 2021
d39f737
Add shibboleth.net Maven repository
rwinch Apr 5, 2021
02ad4ce
Add mavenCentral to settings.gradle
rwinch Apr 5, 2021
58a69bb
Remove Sample Plugins
rwinch Apr 5, 2021
e4c03e9
Update plugins to support api/implementation
rwinch Apr 4, 2021
1a76ee7
Update Gradle configuration names
rwinch Apr 4, 2021
0f0e8ed
Add spring-security-dependencies
rwinch Apr 4, 2021
de1b3e9
Remove DepencencyManagementPlugin
rwinch Apr 5, 2021
60d3db5
add management platform(project(":spring-security-dependencies"))
rwinch Apr 5, 2021
8af36c9
Remove dependency-management.gradle
rwinch Apr 5, 2021
f6a5b72
Add updateDependencies
rwinch Apr 5, 2021
a90adbc
Re-enable Gradle Depencency Cache
rwinch Apr 5, 2021
b67d2e0
Use Checkstyle.configDirectory
rwinch Apr 5, 2021
0d8ee3a
Fix deprecation warnings for SchemaZipPlugin
rwinch Apr 5, 2021
1be9bb9
Fix deprecation warnigns in DocsPlugin
rwinch Apr 5, 2021
6e0d9e6
Remove test_alternative_jdks
rwinch Apr 5, 2021
67fdac1
Fix Encryptors.java javadoc
prashanttholia Apr 2, 2021
3c33535
Update javadoc for AesBytesEncrytor constructors
prashanttholia Apr 2, 2021
136a44a
Remove GAE
rwinch Apr 5, 2021
360b615
Remove com.sun.xml.bind
rwinch Apr 5, 2021
f329255
Remove commons-httpclient
rwinch Apr 5, 2021
2a3b03c
Remove validation-api
rwinch Apr 5, 2021
7cd316b
Remove aspectjtools
rwinch Apr 5, 2021
a7b2ebd
Remove hibernate-validator
rwinch Apr 5, 2021
9b83fac
Remove cas-webapp
rwinch Apr 5, 2021
19fd2f2
Remove spring-boot-gradle-plugin
rwinch Apr 5, 2021
ad2bc7d
Remove Unused code in spring-security-dependencies.gradle
rwinch Apr 5, 2021
eb6dccf
updateDependencies support custom rules
rwinch Apr 5, 2021
0ec20cf
Reject commons-codec updates
rwinch Apr 5, 2021
457435b
Reject jython updates
rwinch Apr 5, 2021
230c39e
Reject com.nimbusds:nimbus-jose-jwt updates
rwinch Apr 5, 2021
9b94e61
updateDepencencies support for nimbus-jose-jwt
rwinch Apr 5, 2021
38a230e
Reject org.opensaml updates
rwinch Apr 6, 2021
df710e4
updateDependencies creates issues at spring-projects
rwinch Apr 6, 2021
2bad807
Update aspectj-plugin to 5.3.0
rwinch Apr 6, 2021
8323590
Update r2dbc-spi-test to 0.8.4.RELEASE
rwinch Apr 6, 2021
7cc8dac
Update spring-doc-resources to 0.2.5
rwinch Apr 6, 2021
f3f1106
Update io.spring.javaformat to 0.0.27
rwinch Apr 6, 2021
49498b7
Update nohttp-checkstyle to 0.0.5.RELEASE
rwinch Apr 6, 2021
ba5de76
Update org.jetbrains.kotlin to 1.4.32
rwinch Apr 6, 2021
951202e
Polish SAML 2.0 Artifacts
jzheaux Apr 6, 2021
6f79921
Default to OpenSAML 3
jzheaux Apr 6, 2021
7c37745
Update com.nimbusds to 9.3.1
rwinch Apr 8, 2021
1038732
Update aspectj-plugin to 5.3.3.3
rwinch Apr 8, 2021
0b2540c
Update blockhound to 1.0.6.RELEASE
rwinch Apr 8, 2021
43f30a3
Update hsqldb to 2.6.0
rwinch Apr 8, 2021
57f463d
Update mockito-core to 3.9.0
rwinch Apr 8, 2021
224160f
Update spring-data-bom to 2020.0.7
rwinch Apr 8, 2021
9c97970
Add Jwt Client Authentication support
jgrandja Nov 17, 2020
76b9a42
Consider AuthorizationManager for Method Security
evgeniycheban Jan 18, 2021
6121d68
Adjust Packaging
jzheaux Apr 7, 2021
8cff33c
Add check for custom advice
jzheaux Apr 8, 2021
470adeb
Add GrantedAuthorityDefaults to Expression Handler
jzheaux Apr 8, 2021
1f2d12b
Polish AOP Structure
jzheaux Apr 8, 2021
6f58333
Add AfterMethodAuthorizationManager
jzheaux Apr 8, 2021
358de24
Polish Javadoc
jzheaux Apr 8, 2021
b2eff81
Add AuthorizationMethodPointcuts
jzheaux Apr 8, 2021
76aa137
Document AuthorizationManager for Method Security
jzheaux Apr 8, 2021
fa9ca5f
Use Interceptors instead of Advice
jzheaux Apr 9, 2021
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
63 changes: 14 additions & 49 deletions .github/workflows/continuous-integration-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@ jobs:
with:
name: errors
path: job-initiate-error-tracking.txt
build_jdk_8:
name: Build JDK 8
build_jdk_11:
name: Build JDK 11
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 8
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Cache Gradle packages
uses: actions/cache@v2
with:
Expand All @@ -64,41 +64,6 @@ jobs:
with:
name: errors
path: job-${{ github.job }}.txt
test_alternate_jdks:
name: Test JDK 11 and 12
runs-on: ubuntu-latest
strategy:
matrix:
jdk: [11, 12]
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Set up JDK ${{ matrix.jdk }}
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.jdk }}
- name: Cache Gradle packages
uses: actions/cache@v2
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
- name: Test with Gradle
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew test -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace
- name: Track error step
uses: spring-projects/track-build-errors-action@v1
if: ${{ failure() }}
with:
job-name: ${{ github.job }}-${{ matrix.jdk }}
- name: Export errors file
uses: actions/upload-artifact@v2
if: ${{ failure() }}
with:
name: errors
path: job-${{ github.job }}-${{ matrix.jdk }}.txt
snapshot_tests:
name: Test against snapshots
runs-on: ubuntu-latest
Expand All @@ -107,7 +72,7 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Snapshot Tests
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
Expand Down Expand Up @@ -136,7 +101,7 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Run Sonar on given (non-master) branch
if: ${{ github.ref != 'refs/heads/master' }}
run: |
Expand Down Expand Up @@ -165,21 +130,21 @@ jobs:
path: job-${{ github.job }}.txt
deploy_artifacts:
name: Deploy Artifacts
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
needs: [build_jdk_11, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Deploy artifacts
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
export VERSION_HEADER=$'Version: GnuPG v2\n\n'
export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY#"$VERSION_HEADER"}
export ORG_GRADLE_PROJECT_signingKey=${GPG_PRIVATE_KEY_NO_HEADER#"$VERSION_HEADER"}
export ORG_GRADLE_PROJECT_signingPassword="$GPG_PASSPHRASE"
./gradlew deployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
./gradlew finalizeDeployArtifacts -PossrhUsername="$OSSRH_TOKEN_USERNAME" -PossrhPassword="$OSSRH_TOKEN_PASSWORD" -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" --stacktrace --no-parallel
Expand All @@ -203,14 +168,14 @@ jobs:
path: job-${{ github.job }}.txt
deploy_docs:
name: Deploy Docs
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
needs: [build_jdk_11, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Deploy Docs
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
Expand All @@ -234,14 +199,14 @@ jobs:
path: job-${{ github.job }}.txt
deploy_schema:
name: Deploy Schema
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis]
needs: [build_jdk_11, snapshot_tests, sonar_analysis]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Deploy Schema
run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
Expand All @@ -265,7 +230,7 @@ jobs:
path: job-${{ github.job }}.txt
notify_result:
name: Check for failures
needs: [build_jdk_8, test_alternate_jdks, snapshot_tests, sonar_analysis, deploy_artifacts, deploy_docs, deploy_schema]
needs: [build_jdk_11, snapshot_tests, sonar_analysis, deploy_artifacts, deploy_docs, deploy_schema]
if: always()
runs-on: ubuntu-latest
steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-build-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: '8'
java-version: '11'
- name: Cache Gradle packages
uses: actions/cache@v2
with:
Expand Down
4 changes: 2 additions & 2 deletions README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked fr
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK11 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.
Be sure that your `JAVA_HOME` environment variable points to the `jdk-11` folder extracted from the JDK download.

=== Check out sources
[indent=0]
Expand Down
21 changes: 11 additions & 10 deletions acl/spring-security-acl.gradle
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
apply plugin: 'io.spring.convention.spring-module'

dependencies {
compile project(':spring-security-core')
compile 'org.springframework:spring-aop'
compile 'org.springframework:spring-context'
compile 'org.springframework:spring-core'
compile 'org.springframework:spring-jdbc'
compile 'org.springframework:spring-tx'
management platform(project(":spring-security-dependencies"))
api project(':spring-security-core')
api 'org.springframework:spring-aop'
api 'org.springframework:spring-context'
api 'org.springframework:spring-core'
api 'org.springframework:spring-jdbc'
api 'org.springframework:spring-tx'

optional 'net.sf.ehcache:ehcache'

testCompile 'org.springframework:spring-beans'
testCompile 'org.springframework:spring-context-support'
testCompile 'org.springframework:spring-test'
testImplementation 'org.springframework:spring-beans'
testImplementation 'org.springframework:spring-context-support'
testImplementation 'org.springframework:spring-test'

testRuntime 'org.hsqldb:hsqldb'
testRuntimeOnly 'org.hsqldb:hsqldb'
}
Original file line number Diff line number Diff line change
Expand Up @@ -93,11 +93,17 @@ public void securityCheck(Acl acl, int changeType) {
&& ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
return;
}
// Not authorized by ACL ownership; try via adminstrative permissions
GrantedAuthority requiredAuthority = getRequiredAuthority(changeType);

// Iterate this principal's authorities to determine right
Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (acl.getOwner() instanceof GrantedAuthoritySid
&& authorities.contains(((GrantedAuthoritySid) acl.getOwner()).getGrantedAuthority())) {
return;
}

// Not authorized by ACL ownership; try via adminstrative permissions
GrantedAuthority requiredAuthority = getRequiredAuthority(changeType);

if (authorities.contains(requiredAuthority.getAuthority())) {
return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

import static org.mockito.BDDMockito.given;

/**
* @author Rob Winch
*
Expand Down Expand Up @@ -66,6 +68,14 @@ public void securityCheckWhenCustomAuthorityThenNameIsUsed() {
this.strategy.securityCheck(this.acl, AclAuthorizationStrategy.CHANGE_GENERAL);
}

// gh-9425
@Test
public void securityCheckWhenAclOwnedByGrantedAuthority() {
given(this.acl.getOwner()).willReturn(new GrantedAuthoritySid("ROLE_AUTH"));
this.strategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_SYSTEM_ADMIN"));
this.strategy.securityCheck(this.acl, AclAuthorizationStrategy.CHANGE_GENERAL);
}

@SuppressWarnings("serial")
class CustomAuthority implements GrantedAuthority {

Expand Down
13 changes: 7 additions & 6 deletions aspects/spring-security-aspects.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,14 @@ apply plugin: 'io.spring.convention.spring-module'
apply plugin: 'io.freefair.aspectj'

dependencies {
compile "org.aspectj:aspectjrt"
compile project(':spring-security-core')
compile 'org.springframework:spring-beans'
compile 'org.springframework:spring-context'
compile 'org.springframework:spring-core'
management platform(project(":spring-security-dependencies"))
api "org.aspectj:aspectjrt"
api project(':spring-security-core')
api 'org.springframework:spring-beans'
api 'org.springframework:spring-context'
api 'org.springframework:spring-core'

testCompile 'org.springframework:spring-aop'
testImplementation 'org.springframework:spring-aop'
testAspect sourceSets.main.output
}

Expand Down
58 changes: 53 additions & 5 deletions build.gradle
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
buildscript {
dependencies {
classpath 'io.spring.gradle:spring-build-conventions:0.0.36'
classpath "io.spring.javaformat:spring-javaformat-gradle-plugin:$springJavaformatVersion"
classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
classpath 'io.spring.nohttp:nohttp-gradle:0.0.5.RELEASE'
classpath "io.freefair.gradle:aspectj-plugin:5.0.1"
classpath "io.freefair.gradle:aspectj-plugin:5.3.3.3"
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlinVersion"
}
repositories {
Expand All @@ -17,6 +15,7 @@ apply plugin: 'io.spring.nohttp'
apply plugin: 'locks'
apply plugin: 'io.spring.convention.root'
apply plugin: 'org.jetbrains.kotlin.jvm'
apply plugin: 'org.springframework.security.update-dependencies'

group = 'org.springframework.security'
description = 'Spring Security'
Expand All @@ -25,12 +24,58 @@ ext.snapshotBuild = version.contains("SNAPSHOT")
ext.releaseBuild = version.contains("SNAPSHOT")
ext.milestoneBuild = !(snapshotBuild || releaseBuild)

dependencyManagementExport.projects = subprojects.findAll { !it.name.contains('-boot') }

repositories {
mavenCentral()
}

updateDependenciesSettings {
gitHub {
organization = "spring-projects"
repository = "spring-security"
}
addFiles({
return [
project.file("buildSrc/src/main/java/io/spring/gradle/convention/AsciidoctorConventionPlugin.java"),
project.file("buildSrc/src/main/groovy/io/spring/gradle/convention/CheckstylePlugin.groovy")
]
})
dependencyExcludes {
majorVersionBump()
alphaBetaVersions()
releaseCandidatesVersions()
milestoneVersions()
snapshotVersions()
addRule { components ->
components.withModule("commons-codec:commons-codec") { selection ->
ModuleComponentIdentifier candidate = selection.getCandidate();
if (!candidate.getVersion().equals(selection.getCurrentVersion())) {
selection.reject("commons-codec updates break saml tests");
}
}
components.withModule("org.python:jython") { selection ->
ModuleComponentIdentifier candidate = selection.getCandidate();
if (!candidate.getVersion().equals(selection.getCurrentVersion())) {
selection.reject("jython updates break integration tests");
}
}
components.withModule("com.nimbusds:nimbus-jose-jwt") { selection ->
ModuleComponentIdentifier candidate = selection.getCandidate();
if (!candidate.getVersion().equals(selection.getCurrentVersion())) {
selection.reject("nimbus-jose-jwt gets updated when oauth2-oidc-sdk is updated to ensure consistency");
}
}
components.all { selection ->
ModuleComponentIdentifier candidate = selection.getCandidate();
// Do not compare version due to multiple versions existing
// will cause opensaml 3.x to be updated to 4.x
if (candidate.getGroup().equals("org.opensaml")) {
selection.reject("org.opensaml maintains two different versions, so it must be updated manually");
}
}
}
}
}

subprojects {
plugins.withType(JavaPlugin) {
project.sourceCompatibility='1.8'
Expand All @@ -40,6 +85,7 @@ subprojects {
}
}


allprojects {
if (!['spring-security-bom', 'spring-security-docs'].contains(project.name)) {
apply plugin: 'io.spring.javaformat'
Expand Down Expand Up @@ -75,4 +121,6 @@ if (hasProperty('buildScan')) {

nohttp {
allowlistFile = project.file("etc/nohttp/allowlist.lines")
source.exclude "buildSrc/build/**"

}
6 changes: 6 additions & 0 deletions buildSrc/.idea/compiler.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions buildSrc/.idea/gradle.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading