Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 06:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,899 Commits 33 Branches 337 Tags
Commit Graph

1605 Commits

Author SHA1 Message Date
Rob Winch
e5d2aaf6fe
Deprecate OpenID 2.0 support 
Deprecate OpenID 2.0 support
 2020-05-12 09:37:56 -05:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Dávid Kovács
f2a2b469c4 Deprecate openID 2.0 support 
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.

Fixes gh-7153
 2020-05-09 12:04:13 +02:00
Rob Winch
d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Joe Grandja
86ca6b013c Unlock dependencies 
This reverts commit 206960cf448b38e643045468b2291e66bfbbd4a9.
 2020-05-06 17:27:35 -04:00
Joe Grandja
206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Dávid Kovács
339d44b5a1 Deprecate openID 2.0 support 
This commit puts deprecation notice on docs, sample applications and configurations (java and xml)

Fixes gh-7153
 2020-05-02 10:18:31 +02:00
Rob Winch
4a9fa0337a Allow Configure RequestRjectedHandler in XML 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Leonard Brünings
b826c798f7 Add RequestRejectedHandler 
Closes gh-5007
 2020-05-01 10:51:01 -05:00
Dávid Kovács
8e8251ac5f Add ROLE_INFRASTRUCTURE to infrastructure beans 
Closes gh-8407
 2020-04-27 08:59:24 -05:00
Adam Millerchip
0f29bee1b0 Add authorize() DSL method that accepts HttpMethod 
Fixes: gh-8307
 2020-04-22 16:14:04 -04:00
Adam Millerchip
16a7cbee4b Use named arguments in Kotlin authorization rule 2020-04-22 16:14:04 -04:00
Adam Millerchip
401393d756 Extract pattern type in request matcher DSL 2020-04-22 16:14:04 -04:00
Antonin Arquey
5cd1ec7bb3 Add AuthoritiesMapper setter for reactive OAuth2Login 
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login

- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
  and OAuth2LoginReactiveAuthenticationManager

- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager

Fixes gh-8324
 2020-04-17 16:55:05 -04:00
Roberto Paolillo
2cccf223df Add Flag to enable searching of LDAP groups on subtrees 
Closes gh-8939
 2020-04-17 12:55:11 -05:00
Loïc Labagnara
146d9ba0bf Add marker to make Kotlin DSL type safe. 
Fixes gh-8366
 2020-04-14 16:23:28 -04:00
Evgeniy Cheban
a70d55552b
Resource Server Finds JwtAuthenticationConverter Beans 
Fixes gh-8185
 2020-04-13 22:47:20 -06:00
Rob Winch
9a42a028e7 Logout defaults to use Global SecurityContextServerLogoutHandler 
Closes gh-8375
 2020-04-13 16:36:12 -05:00
Josh Cummings
711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor 
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.

Fixes gh-8359
 2020-04-08 16:27:46 -06:00
Eleftheria Stein
39e09e4ca5 Idiomatic Kotlin DSL for server HTTP security 
Issue: gh-5558
 2020-04-07 11:04:59 -04:00
Eleftheria Stein
6017510fdd Compile Kotlin tasks using JVM 1.8 2020-04-07 11:04:59 -04:00
hotire
6d45ec5d6b Fix typo in Javadoc of ServerHttpSecurity#hasAuthority 2020-04-06 14:19:42 -05:00
Markus Engelbrecht
dc6b8ce470
Add addFilterAfter and addFilterBefore to Kotlin DSL 
Fixes gh-8316
 2020-04-03 12:04:03 -04:00
Eleftheria Stein
1de0cf5057 Fix HttpSecurity Javadoc 
Fixes gh-4404
 2020-04-02 11:32:38 -04:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Rob Winch
b055f8bb25 SpringTestContext returns ConfigurableWebApplicationContext 
Closes gh-8233
 2020-03-30 17:46:25 -05:00
Joe Grandja
e27e548215 oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 04:36:23 -04:00
Eleftheria Stein
97085ef310 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:27:14 -04:00
Josh Cummings
2d8c65db56
Support port=0 for LDAP Servers 
Fixes gh-8138
 2020-03-18 09:45:10 -06:00
Josh Cummings
4d99ee2896
Allow port=0 in XSD 
Issue gh-8138
 2020-03-18 09:45:10 -06:00
Josh Cummings
f438bdfbcf
Add spring-security-5.4.xsd 
Issue gh-8138
 2020-03-18 09:45:10 -06:00
Erik van Paassen
ad9bb7f230 Fix typo in Javadoc of HttpSecurity#csrf() 
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
 2020-03-17 12:42:11 -06:00
Eleftheria Stein
40b15f5a46 Rename to SessionFixationDslTests 2020-03-17 12:05:25 -04:00
Josh Cummings
bfd36d9a54
Remove Redundant ConcurrentSessionFilter Refs 
Fixes gh-8105
 2020-03-13 16:27:30 -06:00
Markus Engelbrecht
d81321bc29
Fix typo 'properites' in documentation 
Fixes gh-8095
 2020-03-11 10:54:14 -06:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7e449e1e8347f9a0b3959c7abf095dc.
 2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Josh Cummings
c729fee7bc
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-03 15:42:02 -07:00
Joe Grandja
c111099640 Polish client-registration xsd attributes 
Issue gh-4557
 2020-03-02 15:02:46 -05:00
Josh Cummings
e97396b9c7 Add Resource Server XML Support 
Fixes gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
f1a2d69968 Add AuthenticationProvider List Configurability 
Issue gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
34b40deb38 Add By-RequestMatcher Exception Handling 
Issue gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
98a2ca3bbc Add Csrf Ignore Configurability 
Issue gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
19584884b3
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 15:32:27 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Rob Winch
727fee1e12 Polish HeaderWriterSpec 
Assert.notNull(Object,Supplier) is for when then message passed in
requires concatenation and avoids doing extra work. Since this does
not require concatenation, we can use Assert.notNull(Object,String)

Issue gh-7636
 2020-02-27 07:57:51 -06:00
Ankur Pathak
480c5bc87e Custom ServerHttpHeadersWriter to HeaderSpec 
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
 2020-02-27 07:55:30 -06:00
Eleftheria Stein
2fb3d3d5a2 Add hasRole to authorizeRequests in Kotlin DSL 
Fixes: gh-8023
 2020-02-25 08:29:26 -05:00
Joe Grandja
4cd89b584f Polish gh-5184 2020-02-20 21:25:17 -05:00
Joe Grandja
8a4ff4452b Add XML namespace support for oauth2-client 
Fixes gh-5184
 2020-02-20 20:05:48 -05:00