Commit Graph

7480 Commits

Author SHA1 Message Date
Joe Grandja 12f320851d Set openid scope in OAuth2LoginTests 2018-12-21 09:24:55 -06:00
Joe Grandja 8f4f52edb9 Support configurable JwtDecoder for IdToken verification
Fixes gh-5717
2018-12-21 09:24:55 -06:00
Joe Grandja be23ab8114 AuthenticationFailureEvent should publish once
Fixes gh-6281
2018-12-20 22:40:45 -05:00
finke-ba b838f7c7b7 Add WebFlux support for spring security web jackson module.
Fixes: gh-6303
2018-12-19 10:11:17 -06:00
Robbie Martinus e60ae4984a Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec
Fixes gh-6306
2018-12-19 09:55:47 -06:00
Shawn Biesan a919b4e916 Remove servlet getHeader check and test
Fixes: gh-6265
2018-12-18 13:25:10 -07:00
finke-ba 9c7cab835f Add conditionally servlet based support for spring security web jackson module. 2018-12-18 14:21:31 -06:00
Josh Cummings f0402df915
Split Branches Into Multiple Sonarqube Projects
Eliminate analysis collisions and simplify application of analysis
quite periods.

Fixes: gh-6091
2018-12-17 17:05:24 -07:00
Eric Deandrea 0f7dff3774 Introduce ReactiveJwtAuthenticationConverter
Some changes based on PR comments

Fixes gh-6273
2018-12-17 14:12:53 -07:00
Richard Valdivieso cb0ea0241b Spring Security provides a DelegatingSecurityContextRunnable
abstraction for Runnable that can be used for async and
scheduled tasks. The primary contract for task scheduling is
TaskScheduler and there's no such wrapper available at the moment.

The new DelegatingSecurityContextTaskScheduler class implements
TaskScheduler interface.

Fixes gh-6043
2018-12-17 14:30:55 -06:00
Dongmin Shin 3230cd653c Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository
Fixes: gh-6261
2018-12-17 12:56:33 -07:00
Dongmin Shin 733a380bc7 Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter
Fixes: gh-6260
2018-12-17 12:52:59 -07:00
Ankur Pathak 3bcb1d9458 Allow setting authenticationEntryPoint for Http Basic
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned

Fixes: gh-6270
2018-12-17 11:24:11 -06:00
Rob Winch a90c217446 Fix LoginPageGeneratingWebFilter Markup
Fixes: gh-6295
2018-12-17 11:15:59 -06:00
Ian He 9818da79fe Fix DefaultLoginPageGeneratingFilter Markup
the `</h3>` should be `</h2>`.
2018-12-17 10:50:03 -06:00
Nena Raab d1a754fcf2 JdbcAclService: fixes PostgreSql issue
When setup the acl tables as specified in the Spring.io documentation
I have faced the following error on a PostgreSql database:
org.postgresql.util.PSQLException: ERROR: operator does not exist:
bigint = character varying.
This is because the acl_object_identity.object_id_identity column is
of type varchar(36) but it is not necessarily accessed with a value
of type String.

- JdbcAclService / JdbcMutableAclService: SQL query must match
  object_id_identity column specification
- JdbcAclService: changed JdbcTemplate to JdbcOperations for testability
- JdbcAclServiceTest: Increased test coverage,
  the integration tests using embedded db relates to this commit
cd8d2079ed

Fixes gh-5508
2018-12-17 10:05:03 -06:00
Josh Cummings 1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder
Fixes: gh-6256
2018-12-14 10:41:29 -07:00
Dongmin Shin fc802e1a7c Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF
Fixes: gh-6263, Fixes: gh-6262
2018-12-14 06:47:21 -07:00
Dongmin Shin 0d2af416aa Add cookieDomain to CookieCsrfTokenRepository
Fixes: gh-4315
2018-12-13 15:01:24 -07:00
Ankur Pathak 2b369cfe98 Added support for Anonymous Authentication
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder

Fixes: gh-5934
2018-12-12 16:05:30 -06:00
mibo 60e3bf4093 Add Anonymous Support to AuthenticatedReactiveAuthorizationManager
Fixes: gh-6235
2018-12-12 15:48:17 -06:00
Nena Raab 1706a5cb83 Spring ACL uses deprecated Mockito methods
This change
- replaces anyListOf(Class<T> clazz).
  With Java 8 this method will be removed in Mockito 3.0.
  This method is only used for generic friendliness to avoid casting,
  this is not anymore needed in Java 8.
- replaces anyObject
  with any or any(Class<T> clazz)

Fixes gh-6212
2018-12-12 15:24:20 -06:00
ir73 9a357f8cb6 Moved CachingUserDetailsService to spring-core
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService

Fixes gh-4139
2018-12-11 13:22:08 -06:00
Eric Deandrea 4178c92741 Add Reactive Support for UserDetailsChecker
Integrate UserDetailsChecker into ReactiveAuthenticationManager and
OAuth2 resource server authentication converters.

Fixes gh-6219
2018-12-11 13:07:40 -06:00
Dongmin Shin 56eb658eae RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts
Fixes: gh-4876
2018-12-07 14:17:44 -06:00
Zhanwei Wang 12ab2cca31 Improve error message for Chinese. 2018-12-06 11:57:21 -06:00
shraiysh e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
2018-12-06 11:18:39 -06:00
Josh Cummings 566bc6a6e1
Test OpenID Discovery with Trailing Slash
Fixes gh-6234
2018-12-05 10:54:30 -07:00
Josh Cummings f755580a91
Resource Server Static Key Sample
Fixes: gh-5486
2018-12-05 10:51:24 -07:00
Robbie Martinus 090000c3d2 SessionRegistryImpl uses computeIfAbsent
Fixes: gh-5834
2018-12-05 10:26:07 -06:00
Christopher Cuartas e995668d92 Update to nimbus-jose-jwt:6.3
Fixes: gh-6095
2018-12-04 23:07:32 -07:00
Ankur Pathak 8b3fb55aea Added methods to add filter relatively in ServerHttpSecurity
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order

Fixes: gh-6138
2018-12-04 13:29:53 -06:00
lmagyar 3c35f4cfab SecurityContextCallableProcessingInterceptor thread visibility fix
Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile.

Fixes gh-6143
2018-12-03 15:45:56 -06:00
Nicolas Le Bas ba8a337f9a Accept a case-insensitive "Bearer" keyword
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.

This is the reactive counterpart to commit
63f2b6094f .

Fixes gh-6195
2018-12-02 09:32:27 -05:00
mibo 60fc5381fe Fixed Git SCM book link 2018-11-30 14:54:46 -06:00
Rafael Dominguez 2cb8794e35 Restored Jacoco default task dependence
This commit ensures that the jacoco plugin is applied when calling
check and test tasks.
Also remoed the clean task that prevented sonarqube using coverage data

Fixes: gh-6199
2018-11-30 14:25:21 -06:00
Rob Winch 1a80d4a66c Fix Generics in ReactorContextTestExecutionListenerTests for JDK 9+
Issue: gh-6075
2018-11-30 12:07:58 -06:00
Aanuoluwapo Otitoola a28c677f88 ReactorContextTestExecutionListener should use named hooks
Fixes: gh-6075
2018-11-30 11:13:26 -06:00
Rob Winch 18594ef4e9 Update to spring-build-conventions:0.0.23.BUILD-SNAPSHOT
Issue: gh-6148
2018-11-30 10:54:46 -06:00
Daniel Bustamante Ospina 6bddb38cac Update to Gradle 5.0
Change project's gradle version to 5.0, this requires to make some minor
adjustments.

Fixes: gh-6148
2018-11-30 08:50:47 -06:00
Joe Grandja f808740c57 Update reference manual to use NimbusJwtDecoder
Fixes gh-6188
2018-11-30 06:53:35 -05:00
Joe Grandja b8f038e86a Polish OAuth2ResourceServerConfigurer 2018-11-30 06:37:00 -05:00
Bhavik Kumar 90b9cfaf55 Use SpringUtils to check scheme
Fixes 6183
2018-11-29 20:42:39 -06:00
Eric Deandrea be423debfd ServerAuthenticationConverter should be configurable
Fixes gh-6186
2018-11-29 14:37:22 -07:00
Nicolas Le Bas 63f2b6094f The "Bearer" keyword should be case-insensitive
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
2018-11-28 19:34:47 -07:00
jer051 fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
2018-11-28 15:44:36 -06:00
Nena Raab 918a4cd323
AclClassIdUtils Default GenericConversionService
So that String, Long, and UUID conversions are automatically
supported.
2018-11-28 10:21:42 -07:00
Rob Winch 0e5f1245a6 Remove Thymeleaf dependency management
Fixes: gh-6161
2018-11-28 08:23:01 -06:00
Rob Winch cbbf15b8cb Update to GAE 1.9.68
Fixes: gh-6160
2018-11-28 08:23:01 -06:00
Rob Winch 0b2f241038 Update to Mockito 2.23.4
Fixes: gh-6159
2018-11-28 08:23:01 -06:00