Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-09 11:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,627 Commits 38 Branches 348 Tags
Commit Graph

11627 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ashley Scopes
dd43d9198b Amended treatment of OAuth2 'iss' claim 
Prior to this commit, the OAuth2 resource server code is failing any issuer
that is not a valid URL. This does not correspond to
https://datatracker.ietf.org/doc/html/rfc7662#page-7 which redirects to
https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1, defining an
issuer as being a "StringOrURI", which is defined at
https://datatracker.ietf.org/doc/html/rfc7519#page-5 as being
an "arbitrary string value" that "MUST be a URI" only for
"any value containing a ':'".

The issue currently is that an issuer that is not a valid URL may be
provided, which will automatically result in the request being aborted
due to being invalid.

I have removed the check entirely, since while the claim could be invalid,
it is still a response that the OAuth2 introspection endpoint has provided.
In the liklihood that interpretations of this behaviour are different for
the OAuth2 server implementation in use, this currently stops Spring
Security from being able to be used at all without implementing a custom
introspector from scratch.

It is also worth noting that the spec does not specify whether it is
valid to normalize issuers or not if they are valid URLs. This may cause
other unintended side effects as a result of this change, so it is
safer to disable it entirely.
 2021-09-15 15:05:08 -06:00
Dmitriy Bogdanov
fe274e7553 Fix some list punctuation and capitalization in docs 2021-09-15 10:49:02 -06:00
Dmitriy Bogdanov
31a8f8c4df Fix the use of "s" with code blocks in docs 2021-09-15 10:49:02 -06:00
Dmitriy Bogdanov
af4cc03dec Fix some typos and mistakes in docs 2021-09-15 10:49:02 -06:00
Josh Cummings
194993ad1a Add Saml2ParameterNames 
Closes gh-10270
 2021-09-14 17:40:12 -06:00
Anthony Lofton
1ca04ffc91 Updated test.adoc SecurityMockServerConfigurers method references 
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.

Issue gh-10254
 2021-09-14 16:25:38 -03:00
Anthony Lofton
7614346a6f Updated test.adoc SecurityMockServerConfigurers method references 
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.

Issue gh-10254
 2021-09-14 16:19:49 -03:00
Anthony Lofton
1653b7848d Updated test.adoc SecurityMockServerConfigurers method references 
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.

Issue gh-10254
 2021-09-14 15:22:32 -03:00
Anthony Lofton
8cba9fbf9d Updated test.adoc SecurityMockServerConfigurers method references 
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.
 2021-09-14 15:04:08 -03:00
Josh Cummings
4f06fc6ed1 Add Saml2LogoutConfigurer 
Closes gh-9497
 2021-09-13 16:39:48 -06:00
Josh Cummings
c63d618b26 Add Single Logout Support 
Closes gh-8731
 2021-09-13 16:39:48 -06:00
Josh Cummings
6488295cad Add RelyingPartyRegistrationResolver 
Closes gh-9486
 2021-09-13 16:39:48 -06:00
Josh Cummings
f5a525e740 Add Registration to Saml2Authentication 
Closes gh-9487
 2021-09-13 16:39:48 -06:00
Josh Cummings
822e59af45 useJUnitPlatform for SAML 2.0 Tests 
Issue gh-9467
 2021-09-13 16:39:48 -06:00
Josh Cummings
5da55448f9 Polish SecurityContextChangedEvent 
- Changed methods to getOldContext and getNewContext

Closes gh-10249
 2021-09-13 16:04:36 -06:00
Josh Cummings
3e87ef84ae Replace SecurityContextHolder#addListener 
Closes gh-10226
 2021-09-13 15:57:06 -06:00
Derek Van Blerkom
2bdaa31f72 Fix return type to allow further security config 
Issue gh-10245
 2021-09-13 15:41:40 -03:00
Derek Van Blerkom
9a1f04c08f Fix return type to allow further security config 
Issue gh-10245
 2021-09-13 15:41:25 -03:00
Derek Van Blerkom
c55f1f8bea Fix return type to allow further security config 
Issue gh-10245
 2021-09-13 15:41:04 -03:00
Derek Van Blerkom
58d50888df Fix return type to allow further security config 2021-09-13 15:31:02 -03:00
heqiang
3443eac829 Fix typo in index.adoc 2021-09-13 16:32:32 +02:00
Yanming Zhou
f2b2e6002f Replace static "ROLE_" with customized role prefix 
Fix gh-4134
 2021-09-09 11:48:25 -06:00
Eleftheria Stein
df6ed74303 Compile with parameter names 
Closes gh-10240
 2021-09-08 10:01:47 +02:00
Marcus Da Coregio
670cf99258 Update docs to point to ACL samples 
Closes gh-10110
 2021-09-06 11:30:38 -03:00
Marcus Da Coregio
6fae98a6f4 Update docs to point to ACL samples 
Closes gh-10110
 2021-09-06 11:14:57 -03:00
Josh Cummings
989c1419d5 Clarify OAuth 2.0 Resource Server Multitenancy Snippet 
Closes gh-10233
 2021-09-03 16:54:41 -06:00
Ayush Kohli
f1691370d6 Closes gh-10222 2021-09-03 10:58:01 -06:00
Ayush Kohli
1cfe84922c Add Java examples to session management docs 
Closes gh-8979
 2021-08-26 10:14:48 +02:00
Josh Cummings
41feec4766
Remove unused Sonar from Build 
Closes gh-10205
 2021-08-20 16:47:55 -06:00
/usr/local/ΕΨΗΕΛΩΝ
4302a86fad
Default principalClaimName to SUB 
Closes gh-10214
 2021-08-20 15:02:22 -06:00
Rujun Chen
9b4ddd7e0a Make AuthorizationGrantTypeConverter support custom grant type 
Closes gh-10155
 2021-08-19 13:13:20 -04:00
Marcus Da Coregio
d0fbe6b501 Update CI deployments to be dependent on Check Samples 
Closes gh-10207
 2021-08-19 10:13:38 -03:00
Marcus Da Coregio
be91a78781 Update Check Samples job to run in parallel 
Issue gh-9846
 2021-08-17 11:15:10 -03:00
YevheniiLutsyshyn
ac8e912ea1 Update a broken link to Spring Boot documentation 2021-08-17 11:33:49 +02:00
Fabio Guenci
8c1201ae49
Preserve Null Claim Values 
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
 2021-08-16 15:07:23 -06:00
Rob Winch
87ec94a321 Next Development Version 2021-08-16 15:24:29 -05:00
Rob Winch
b3cb7b388c Release 5.6.0-M2 5.6.0-M2 2021-08-16 15:24:14 -05:00
Rob Winch
71f1cf1e0b Remove Remaining Sonar Reference 
Issue gh-10205
 2021-08-16 14:45:33 -05:00
Rob Winch
829733896c Remove unused Sonar from Build 
Closes gh-10205
 2021-08-16 14:42:38 -05:00
Rob Winch
1d4859a7ee Update org.slf4j to 1.7.32 
Closes gh-10204
 2021-08-16 14:18:54 -05:00
Rob Winch
0a40ce6181 Update htmlunit-driver to 2.52.0 
Closes gh-10203
 2021-08-16 14:18:54 -05:00
Rob Winch
f8fad9d34d Update hibernate-entitymanager to 5.5.6 
Closes gh-10202
 2021-08-16 14:18:54 -05:00
Rob Winch
f45f0b32b2 Update htmlunit to 2.52.0 
Closes gh-10201
 2021-08-16 14:18:54 -05:00
Rob Winch
0b068b9b81 Update io.projectreactor to 2020.0.10 
Closes gh-10199
 2021-08-16 14:18:54 -05:00
Rob Winch
dd8048809b Update com.nimbusds to 9.12 
Closes gh-10198
 2021-08-16 14:18:54 -05:00
Rob Winch
ad9da129a8 Update nebula-project-plugin to 8.1.0 
Closes gh-10197
 2021-08-16 14:18:54 -05:00
Rob Winch
9677ef17f3 Update logback-classic to 1.2.5 
Closes gh-10196
 2021-08-16 14:18:54 -05:00
Rob Winch
2765cd58f1 Exclude rc without versions from dependencyUpdates 2021-08-16 14:18:54 -05:00
Josh Cummings
aed203f367
Docs for WebSessionServerLogoutHandler 
Issue gh-4838
 2021-08-16 13:09:42 -06:00
Bogdan Ilchyshyn
a4c088a3b3 Introducing WebSessionServerLogoutHandler 
Closes gh-4838
 2021-08-16 13:08:35 -06:00