Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 23:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,597 Commits 37 Branches 348 Tags
Commit Graph

545 Commits

Author SHA1 Message Date
Josh Cummings
e8f920e0ee Polish JdbcAssertingPartyMetadataRepository 
- Remove GetBytes since it's not used yet
- Remove customizable RowMapper since this can be added
later
- Change signing_algorithms to be a String since the conversion
strategy is simple
- Standardize test names
- Simplify conversion of credentials using ThrowingFunction
- Change column names to match RelyingPartyRegistration
field names

Issue gh-16012
 2025-06-11 18:08:31 -06:00
Josh Cummings
2bd05128ec Add JdbcAssertingPartyMetadataRepository#save 
Issue gh-16012

Co-Authored-By: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
Josh Cummings
e2e42a5580 Fix Checkstyle 
Issue gh-16012
 2025-06-11 18:08:31 -06:00
chao.wang
16fd24c002 Add JdbcAssertingPartyMetadataRepository 
Closes gh-16012

Signed-off-by: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
02a8c416aa Add NameID to SAML 2.0 Authentication Info 
Issue gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
36c7b91fb9 SAML 2.0 Single Logout Uses Saml2AuthenticationInfo 
This allows SLO to be triggered without the authentication
principal needing to implement a given interface.

Issue gh-10820
 2025-06-10 17:21:03 -06:00
Josh Cummings
aa3135169d Polish Documentation 
Closes gh-14635
 2025-06-09 16:49:36 -06:00
Liviu Gheorghe
3ddf201d66 Updated Copyrights 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
edfd7b9b43 Addressed review comments 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Liviu Gheorghe
eaf8184142 Send saml logout response even when validation errors happen 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Josh Cummings
f73f253beb
Add Switch for Processing GET Requests 
Issue gh-17099
 2025-06-03 13:12:37 -06:00
Josh Cummings
32c7e8a6ee
Use Saml2Error Static Factories 2025-06-03 13:12:37 -06:00
Josh Cummings
3de7312658
Add Saml2Error Static Factories 2025-06-03 13:12:37 -06:00
Tran Ngoc Nhan
8953f464fb Add Switch for Processing GET Requests 
Closes gh-17099

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-03 13:10:45 -06:00
Josh Cummings
9df3a57d9e
Merge branch '6.4.x' 2025-04-28 11:27:17 -06:00
Josh Cummings
868342b3a9
Add OpenSAML 5 Test 
Issue gh-17008
 2025-04-28 11:25:31 -06:00
Josh Cummings
ce000ed190
Merge branch '6.3.x' into 6.4.x 
Closes gh-17008
 2025-04-28 11:18:46 -06:00
Josh Cummings
5354e4d2c5
Check for Null Issuer 
Closes gh-16989
 2025-04-28 11:18:32 -06:00
Josh Cummings
834370d8eb
Update Deprecated Spring Web Usage 2025-04-23 11:29:19 -06:00
Josh Cummings
3f7f3dabe7
Correct JavaDoc Class Reference 2025-04-23 11:29:18 -06:00
Josh Cummings
b79d81a80f
Merge branch '6.4.x' 2025-04-21 08:32:54 -06:00
Josh Cummings
f8d417dc03
Preserve Encrypted Elements 
Closes gh-16367
 2025-04-21 08:32:07 -06:00
Josh Cummings
3869b13e68
Add ResponseAuthenticationConverter 
Aside from simplifying configuration, this commit also makes it possible
to provide a response authentication converter that doesn't need the
NameID element to be present.

Closes gh-12136
 2025-04-09 17:38:24 -06:00
Josh Cummings
3e686abf50
Add ResponseValidator 
Issue gh-14264
Closes gh-16915
 2025-04-09 17:32:40 -06:00
Josh Cummings
a283700ef8
Add CacheSaml2AuthenticationRequestRepository 
Closes gh-14793
 2025-04-03 17:43:48 -06:00
Josh Cummings
67c21de1cf
Support Continue Filter Chain When No Relying Party 
Closes gh-16000
 2025-04-03 15:32:23 -06:00
Josh Cummings
5436fd5574
Remove Unecessary Code 2025-04-03 14:28:54 -06:00
Josh Cummings
91b0936189
Add AssertionValidator 
- Ships with support for customizing the OpenSAML validators to use
- Or, you can supply your own instance of SAML20AssertionValidator

Closes gh-15578
 2025-04-02 17:44:40 -06:00
Josh Cummings
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Josh Cummings
de07b1108f
Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00
Josh Cummings
50ad378a29
Polish MockHttpServletRequest Usage 
This commit makes so that the requestURI is set to a value that makes
sense with the other properties being mocked.

Issue gh-16632
 2025-03-26 13:27:17 -06:00
Filip Hrisafov
cd9d6ce5c9 Fix typos Open SAML 5 Javadoc referencing Open SAML 4 
Signed-off-by: Filip Hrisafov <filip.hrisafov@gmail.com>
 2025-03-19 18:06:26 -06:00
Rob Winch
c8fea962a0
Merge branch '6.4.x' 
- 04f530b opensamlFiveTest.extendsFrom testRuntimeOnly

Issue gh-16757
 2025-03-17 15:41:13 -05:00
Rob Winch
04f530bc1b
opensamlFiveTest.extendsFrom testRuntimeOnly 
Issue gh-16756
 2025-03-17 15:41:07 -05:00
Rob Winch
e6223dede3
Merge branch '6.4.x' 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16757
 2025-03-17 14:34:18 -05:00
Rob Winch
05116eabbd
Merge branch '6.3.x' into 6.4.x 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16756
 2025-03-17 14:18:49 -05:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Josh Cummings
f2d78a01c3
Fix JavaDoc Typos 2025-02-26 11:31:02 -07:00
Tran Ngoc Nhan
51e9f073dd Fix format 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-02-13 16:18:28 -07:00
Tran Ngoc Nhan
3cf1686c0b Revert Nullable annotation 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-02-13 16:18:28 -07:00
Tran Ngoc Nhan
5d089f680e Consistently NonNull annotation 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-02-13 16:18:28 -07:00
Josh Cummings
5ff87128b1
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-02-03 10:13:14 -07:00
Tran Ngoc Nhan
bcc4b415b3
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-02-03 10:13:13 -07:00
Josh Cummings
4b5bacf71a
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-01-30 18:05:17 -07:00
Tran Ngoc Nhan
e50415de85
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-01-30 17:45:41 -07:00
Josh Cummings
8735368d9e
Don't Support Serialization of Jackson Modules 
Issu gh-16276
 2025-01-14 17:04:36 -07:00
Josh Cummings
841c03fe3b
Add Serializable Compatilibity to Saml 2.0 Exceptions 
Issue gh-16276
 2024-12-17 09:36:29 -07:00
Josh Cummings
b9911fd522
Add serialVersionUID to Authentication classes 
Issue gh-16276
 2024-12-13 16:41:32 -07:00
Josh Cummings
e3cd4339b2
Add Serial Version 
Closes gh-16163
 2024-12-13 11:53:15 -07:00