126e0bb82a
Update to Spring Framework 5.2.0.RC1
...
Fixes gh-7184
2019-08-05 09:33:08 -06:00
774a2e669c
Polish setAllowedHostnames
...
Added JavaDoc to method, including @since attribute
Issue gh-4310
2019-08-03 19:19:44 -06:00
f712c5598c
Add support for allowedHostnames in StrictHttpFirewall
...
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.
Fixes gh-4310
2019-08-03 21:16:45 -04:00
a5cfd9fdb9
Downgrade AuthenticationFilter modifier
...
Fixes gh-7177
2019-08-03 21:14:33 -04:00
f28681f41d
Remove the unused emma plugin
2019-08-03 12:37:27 -04:00
776a4c3760
Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers
2019-08-03 12:28:37 -04:00
d843818e48
Polish JwtGrantedAuthoritiesConverter
...
Rework the implementation so that it is clearer that authorities are
derived from a single claim.
Issue: gh-6273
2019-08-02 14:54:04 -06:00
09a119978c
Migrate VersionsResourceTasks groovy->java
...
Issue: gh-4939
2019-08-02 15:53:49 -04:00
522d118aca
Fix typo in SCryptPasswordEncoder Javadoc
...
Fixes: gh-4004
2019-08-02 13:48:46 -04:00
ad2f999c25
Polish BasicAuthenticationConverter
...
This reverts to the old behavior from BasicAuthenticationFilter.
Specifically, if a token has an empty password, it still parses a username
and an empty String password.
Issue gh-7025
2019-08-02 09:04:55 -05:00
d157125c8e
Polish AuthenticationFilter
...
Updated member variable references to be prefixed with "this.".
Fixed typo in authentication manager resolver error message.
Issue: gh-6506
2019-08-01 16:26:54 -06:00
50adb6abcb
Fix javadoc
2019-07-31 15:36:30 -04:00
e88c5c0eee
Fix CSRF session authentication strategy since version
2019-07-31 07:45:51 -05:00
0b4502b2c5
Remove exceptions from lambda security configuration
...
Fixes: gh-7128
2019-07-30 08:31:37 -05:00
b55322b2cb
Make basic authentication scheme case-insensitive
...
Fixes: gh-7163
2019-07-29 16:30:03 -04:00
8e6e975e86
Prevent authentication when user is inactive for reactive apps
...
Currently, reactive applications doesn't perform validation when user
is locked, disabled or expired. This commit introduces these validations.
Fixes gh-7113
2019-07-29 11:03:05 -04:00
4ca9e15595
Fix blocking in ServletOAuth2AuthorizedClientExchangeFilterFunction
...
Fixes gh-6589
2019-07-26 14:02:17 -04:00
c05b0765c1
Introduce OAuth2AuthorizedClient Manager/Provider
...
Fixes gh-6845
2019-07-25 11:12:54 -04:00
7e845409f1
Fix Javadoc for headers configurer methods
...
Fixes: gh-7123
2019-07-24 09:11:44 -04:00
f1187bdfc2
issue/6506: AuthenticationConverter implementation
2019-07-23 17:31:21 -05:00
e584207a85
Loggin Fix for printing the full stack trace, spring-projects/spring-security#7110
2019-07-23 16:48:37 -05:00
8f8329583a
Fix infinite loop in role hierarchy resolving ( #7106 )
...
Fix infinite loop in role hierarchy resolving
2019-07-23 16:40:35 -05:00
a288ce4b00
Support nested builder in DSL for reactive apps
...
Fixes: gh-7107
2019-07-23 15:57:10 -05:00
ab6440db10
Throws exception when passed IP address with too long mask
...
Fixes gh-2790
2019-07-19 06:25:58 -04:00
d5e5ac0503
Add JavaDoc to reactive oauth2ResourceServer
2019-07-18 10:48:47 -04:00
fbf6d22343
Add JavaDoc to reactive oauth2Login
2019-07-18 08:49:08 -04:00
e8dd1325fd
Fixed misleading OAuth2 error messages
...
Error messages sent by BearerTokenAccessDeniedHandler included
information about the scopes of the rejected token instead of
the scopes required by the resource.
* Removal of token scopes from error_description attribute.
* Removal of scope attribute from WWW-Authenticate response header.
Fixes gh-7089
2019-07-18 07:01:33 -04:00
b153d92b23
Fix JavaDoc for formLogin in ServerHttpSecurity
2019-07-18 06:23:04 -04:00
dc2705189f
Fix typo in documentation
...
Fixed typo in documentation.
2019-07-16 12:01:07 -05:00
09e8ae42ed
Allow configuration of SessionAuthenticationStrategy for CSRF
...
Closes gh-5300
2019-07-16 07:47:13 -05:00
ea54d9014d
DSL nested builder for HTTP security
...
DSL nested builder for HTTP security
Fixes gh-5557
2019-07-12 16:09:19 -05:00
a0ca45e4b8
Use http security nested builder in samples
...
Issue: gh-5557
2019-07-12 14:00:07 -04:00
b004f9f677
Use http security nested builder in docs
...
Issue: gh-5557
2019-07-12 13:58:17 -04:00
7961b819aa
Allow configuration of session fixation and concurrency through nested builder
...
Issue: gh-5557
2019-07-12 13:53:55 -04:00
be0ad673c2
Make RoleHierarchyImpl internals a bit simpler.
...
Issue: gh-7035
2019-07-12 18:42:44 +02:00
61f3e8cf3f
Update to Gradle 5.5.1
2019-07-11 22:15:42 -04:00
2e38e3bd46
Update to Gradle 5.5
2019-07-11 22:15:42 -04:00
d3eaef66fc
Fix infinite loop in role hierarchy resolving
...
Issue: gh-7035
2019-07-11 15:43:26 +02:00
2d36062846
Remove unnecessary authority comparison.
...
Issue: gh-7035
2019-07-11 15:37:34 +02:00
0fea2fb256
Add Chinese Traditional localized messages.
2019-07-10 12:01:22 -05:00
28855e9cd6
Changed docs to reflect that init should apply configurers
2019-07-10 11:54:56 -05:00
3d2542ce54
Migrate TrangPlugin groovy->java
...
Issue: gh-4939
2019-07-10 11:21:54 -05:00
3ea9d376b2
Cleanup explicit type arguments
2019-07-10 09:32:41 -05:00
c5b5cc507c
Cleanup redundant type casts
2019-07-10 09:31:09 -05:00
8948ba3a48
Fixed typo in documentation.
2019-07-09 23:41:40 +03:00
4b2539df10
Allow configuration of oauth2 resource server through nested builder
...
Issue: gh-5557
2019-07-09 16:11:26 -04:00
415760838f
Allow configuration of oauth2 client through nested builder
...
Issue: gh-5557
2019-07-09 16:03:46 -04:00
e47389e60b
Allow configuration of oauth2 login through nested builder
...
Issue: gh-5557
2019-07-09 15:37:28 -04:00
bf1bbd14e9
Allow configuration of openid login through nested builder
...
Issue: gh-5557
2019-07-09 15:37:28 -04:00
c3dad06ea6
Allow configuration of request matchers through nested builder
...
Issue: gh-5557
2019-07-09 15:37:28 -04:00
Josh Cummings
Eddú Meléndez
Khy
Lars Grefer
Eleftheria Stein
Rob Winch
Sam Simmons
Joe Grandja
sbespalov
matkocsis
Clement Ng
Édouard Hue
Michael Vitz
Pavel Horal
Karel Maxa
Pei-Tang Huang
George Sofianos