Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,499 Commits 48 Branches 362 Tags
Commit Graph

1247 Commits

Author SHA1 Message Date
Johnny Lim
c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Josh Cummings
1a02cafe81
NamespaceHttpAnonymousTests groovy->java 
Issue: gh-4939
 2019-01-07 15:04:26 -07:00
Josh Cummings
9b65107922
NamespaceDebugTests groovy->java 
Issue: gh-4939
 2019-01-04 17:53:31 -07:00
Farooq Khan
5f33bbe512 Removed isServlet30 check 2019-01-04 08:27:26 -07:00
Ankur Pathak
6e1db1105b Fixes typo in x,rnc files 
1. Fixes type ammount to amount in *.rnc files
2. Regenerates *.xsd files from *.rnc files

Fixes: gh-6325
 2019-01-02 11:17:02 -07:00
Ankur Pathak
f289ef8689 Fixes Documentation Problem 
Fixes documentation problem of Anonymous Authentication
in ServerHttpSecurity

Fixes: gh-6327
 2019-01-02 11:13:18 -07:00
Josh Cummings
d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja
9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Josh Cummings
7a55af246e
Polish tests and javadoc 
When using AssertJ, it's easy to commit the following error

assertThat(some boolean condition)

The above actually does nothing. It at least needs to be

assertThat(some boolean condition).isTrue()

This commit refines some assertions that were missing a verify
condition.

Also, one Javadoc was just a little bit confusing, so this
clarifies it.

Issue: gh-6259
 2018-12-21 08:47:37 -07:00
Rafael Dominguez
086b105273
Remove Servlet 2.5 Support for Session Fixation 
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.

Fixes: gh-6259
 2018-12-21 08:47:37 -07:00
Joe Grandja
12f320851d Set openid scope in OAuth2LoginTests 2018-12-21 09:24:55 -06:00
Joe Grandja
8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00
Robbie Martinus
e60ae4984a Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec 
Fixes gh-6306
 2018-12-19 09:55:47 -06:00
Ankur Pathak
3bcb1d9458 Allow setting authenticationEntryPoint for Http Basic 
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned

Fixes: gh-6270
 2018-12-17 11:24:11 -06:00
Ankur Pathak
2b369cfe98 Added support for Anonymous Authentication 
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder

Fixes: gh-5934
 2018-12-12 16:05:30 -06:00
ir73
9a357f8cb6 Moved CachingUserDetailsService to spring-core 
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService

Fixes gh-4139
 2018-12-11 13:22:08 -06:00
Dongmin Shin
56eb658eae RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts 
Fixes: gh-4876
 2018-12-07 14:17:44 -06:00
Ankur Pathak
8b3fb55aea Added methods to add filter relatively in ServerHttpSecurity 
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order

Fixes: gh-6138
 2018-12-04 13:29:53 -06:00
Daniel Bustamante Ospina
6bddb38cac Update to Gradle 5.0 
Change project's gradle version to 5.0, this requires to make some minor
adjustments.

Fixes: gh-6148
 2018-11-30 08:50:47 -06:00
Joe Grandja
b8f038e86a Polish OAuth2ResourceServerConfigurer 2018-11-30 06:37:00 -05:00
Eric Deandrea
be423debfd ServerAuthenticationConverter should be configurable 
Fixes gh-6186
 2018-11-29 14:37:22 -07:00
Josh Cummings
3a43ed8f1c Register NullRequestCache When Disabled 
Fixes: gh-6102
 2018-11-20 07:15:09 -07:00
Josh Cummings
f30fcdda6b
RequestCacheConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 15:40:12 -07:00
Josh Cummings
686393ed5c
ExceptionHandlingConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 14:51:26 -07:00
Josh Cummings
1ea73e7d8e Jwt Decoder Local Key Configuration 
Adds support for configuring Resource Server DSL with a local public
key.

Fixes: gh-5131
 2018-11-16 13:07:19 -06:00
Josh Cummings
d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Karl Goffin
db5e54266c #3912 lazyBean method respects @Primary annotation 2018-11-14 14:31:29 -06:00
Josh Cummings
8eedb3919e
Policy OAuth2ResourceServerSpecTests 
Issue: gh-6052
 2018-11-12 15:01:15 -07:00
Erik van Paassen
3a6582d2a6 Fix csrf:token-repository-ref XSD documentation 
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.

Fixes gh-6037
 2018-11-08 10:14:49 -06:00
Josh Cummings
9a13f9acde Custom Bearer Token Error Handling Support 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
 2018-11-07 16:29:56 -06:00
Josh Cummings
75e7e099ab
MiscHttpConfigTests groovy->java 
Issue: gh-4939
 2018-10-30 12:58:20 -06:00
Bob Maertz
52be2839ca Migraged unit test from groovy to java 
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java

gh-4939
 2018-10-23 20:04:42 -05:00
Joe Grandja
8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder 
Fixes gh-6009
 2018-10-23 14:08:23 -04:00
Brian Demers
8f49ca850a Fixing IllegalStateException message in OAuth2ResourceServerConfigurer 
Updated message to include `http.oauth2ResourceServer()`
 2018-10-17 15:14:36 -05:00
Josh Cummings
bd9e3877f9 JDK 10 Compatibility 
Upgrading dependencies and reconfiguring PowerMock

Issue: gh-5860
 2018-10-17 15:03:42 -05:00
Joe Grandja
921abefaa2 Remove address and phone scope from CommonOAuth2Provider.OKTA 
Fixes gh-5987
 2018-10-17 11:50:34 -04:00
Josh Cummings
22bd8f1c1f Reactive Jwt Authentication Converter Support 
Fixes: gh-5092
 2018-10-15 11:55:12 -05:00
Rob Winch
93ca455405 OAuth2LoginAuthenticationFilter ignores authenticated Users 
This ensures that OAuth2 Client support works with the same log in URL as
oauth2 login.

Fixes: gh-5915
 2018-10-12 16:29:27 -05:00
Rob Winch
5d18bb68ed Add @formatter to @EnableWebFluxSecurity Javadoc 
Fixes: gh-5898
 2018-09-21 08:11:50 -05:00
Rob Winch
45a9c0fd54 Polish Automatically Add CsrfServerLogoutHandler 
Issue: gh-5337
 2018-09-21 00:59:36 -05:00
Eric Deandrea
b060ec050a Automatically add CsrfServerLogoutHandler if csrf enabled 
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled

Fixes gh-5337
 2018-09-21 00:59:36 -05:00
Vedran Pavic
79828d4f7b Polish WebFlux Referrer-Policy header config 2018-09-20 17:14:16 -05:00
Rob Winch
8a49c431c3 Add OAuth2ClientSpec.and 
Fixes: gh-5888
 2018-09-20 10:19:21 -05:00
Josh Cummings
73c1abbba0
EnableGlobalMethodSecurity Misconfiguration Check 
This polishes the EnableGlobalMethodSecurity misconfiguration check to
not error if the user has specified a custom method security metadata
source.

Issue: gh-5341
 2018-09-20 07:55:03 -06:00
artsiom
1e864ad764
Validate @EnableGlobalMethodSecurity usage 
Fixes: gh-5341
 2018-09-20 07:55:03 -06:00
Rob Winch
9e0c7f17b7 Default RequestCache should ignore favicon 
Fixes: gh-5875
 2018-09-19 14:29:14 -05:00
Joe Grandja
8b0a3a760c Use providedSessionAuthenticationStrategy 
Fixes gh-5763
 2018-09-19 07:04:49 -04:00
Rob Winch
501c008526 Add WebFlux Redirect to HTTPS Reference 
Fixes: gh-5869
 2018-09-18 21:12:37 -05:00
Rob Winch
54d07b6b8b Add WebFlux HTTP Headers Reference 
Fixes: gh-5868
 2018-09-18 17:09:41 -05:00
Rob Winch
72301e548a Reactive OAuth2 DSL Customizations 
Fixes: gh-5855
 2018-09-17 21:21:36 -05:00