Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,395 Commits 35 Branches 337 Tags
Commit Graph

276 Commits

Author SHA1 Message Date
Joe Grandja
010d99a7d0 Make ClientRegistration.clientSecret optional 
Fixes gh-5652
 2018-08-14 13:32:51 -04:00
Joe Grandja
8a0c6868cd Add additional parameters to OAuth2UserRequest 
Fixes gh-5368
 2018-08-14 05:14:45 -04:00
Joe Grandja
11984039c2 Add OidcUserService.setOauth2UserService() 
Fixes gh-5604
 2018-08-08 09:32:47 -04:00
Joe Grandja
952743269d Add support for client_credentials grant 
Fixes gh-4982
 2018-08-08 08:06:47 -05:00
Johnny Lim
3d1185df3b Add @Deprecation on removeAuthorizationRequest() (#5634) 2018-08-03 09:37:48 -04:00
Rob Winch
1a65abd781 Add defaultOAuth2AuthorizedClient flag 
Fixes: gh-5619
 2018-07-31 14:44:40 -05:00
Rob Winch
2cd2bab818 Use HttpHeaders.setBasicAuth 
Issue: gh-5612
 2018-07-30 15:34:48 -05:00
Rob Winch
afa2d9cbc7 Remove ExchangeFilterFunctions 
Issue: gh-5612
 2018-07-30 15:34:44 -05:00
Rob Winch
262c1a77c6 Remove SecurityHeaders 
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612
 2018-07-30 15:34:40 -05:00
Joe Grandja
e243f93eed Default to server_error when OAuth2Error.errorCode is null 
Fixes gh-5594
 2018-07-30 13:20:58 -04:00
Rob Winch
aea861e2f9 Fix Imports 
Issue: gh-5599
 2018-07-30 12:15:53 -05:00
Rob Winch
a01dc3a5f6 WebFlux Handles Undefined State Parameter 
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.

This commit handles the null value.

Fixes: gh-5599
 2018-07-30 12:02:42 -05:00
Rob Winch
f3c9cce56d Rename to WebClientAuthorizationCodeTokenResponseClient 
Rename NimbusReactiveAUthorizationCodeTokenResponseClient to
WebClientReactiveAuthorizationCodeTokenResponseClient

Fixes: gh-5529
 2018-07-26 15:14:11 -05:00
Rob Winch
1c8a931e33 Rename to OidcAuthorizationCodeReactiveAuthenticationManager 
Renamed OidcReactiveAuthenticationManager to
OidcAuthorizationCodeReactiveAuthenticationManager since it only handles
authorization code flow.

Fixes: gh-5530
 2018-07-26 15:14:11 -05:00
Joe Grandja
2c1c2c78c3 Add HttpServletResponse param to removeAuthorizationRequest 
Fixes gh-5313
 2018-07-26 14:15:56 -04:00
Johnny Lim
887db71333 Fix typo (#5580) 2018-07-26 10:04:21 -04:00
mhyeon.lee
ba29b363fc Fix OAuth2AuthorizationRequestRedirectWebFilter baseurl exclude querystring 
To create redirect_uri in OAuth2AuthorizationRequestRedirectWebFilter,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.

Fixed: gh-5520
 2018-07-23 15:42:15 -04:00
Joe Grandja
36cbdfe013 Fix NPE when null Authentication in authorization_code grant 
Fixes gh-5560
 2018-07-23 12:28:48 -04:00
Rob Winch
88975dad41 ServletOAuth2AuthorizedClientExchangeFilterFunction handles null authorized client 
Issue: gh-5545
 2018-07-22 12:01:42 -07:00
Rob Winch
67dd3f16e9 Add static methods for ServletOAuth2AuthorizedClientExchangeFilterFunction 
This will allow us to break up
ServletOAuth2AuthorizedClientExchangeFilterFunction into multiple
components if we decide to later.

Issue: gh-5545
 2018-07-20 11:48:20 -05:00
Rob Winch
9ababf4168 Rename to ServerOAuth2AuthorizedClientExchangeFilterFunction 
Rename OAuth2AuthorizedClientExchangeFilterFunction to
ServerOAuth2AuthorizedClientExchangeFilterFunction->

Issue: gh-5386
 2018-07-20 11:48:19 -05:00
Rob Winch
1b79bbed7f Add ServletOAuth2AuthorizedClientExchangeFilterFunction 
Fixes: gh-5545
 2018-07-20 11:48:19 -05:00
mhyeon.lee
3c461b704c Add AuthenticationMethod type 
This section defines three methods of sending bearer access tokens
in resource requests to resource servers.
Clients MUST NOT use more than
one method to transmit the token in each request.

RFC6750 Section 2 Authenticated Requests
https://tools.ietf.org/html/rfc6750#section-2

Add AuthenticationMethod in ClientRegistration UserInfoEndpoint.

Add AuthenticationMethod for OAuth2UserService to get User.

To support the use of the POST method.
https://tools.ietf.org/html/rfc6750#section-2.2

gh-5500
 2018-07-20 11:32:51 -04:00
Joe Grandja
9a144d742e Use OAuth2AuthorizedClientRepository in filters and resolver 
Fixes gh-5544
 2018-07-19 22:57:10 -04:00
mhyeon.lee
3f8e69211f Fix OAuth2 ClientRegistration scope can be null 
Allows scope of OAuth2 ClientRegistration to be null.

- The scope setting in the RFC document is defined as Optional.
https://tools.ietf.org/html/rfc6749#section-4.1.1

    > scope:  OPTIONAL.
    > The scope of the access request as described by Section 3.3.

- When the client omits the scope parameter,
validation is determined by the authorization server.
https://tools.ietf.org/html/rfc6749#section-3.3

    > If the client omits the scope parameter when requesting
   authorization, the authorization server MUST either process the
   request using a pre-defined default value or fail the request
   indicating an invalid scope.  The authorization server SHOULD
   document its scope requirements and default value (if defined).

Fixes gh-5494
 2018-07-18 16:17:14 -04:00
mhyeon.lee
191a4760f9 Fix DefaultOAuth2AuthorizationRequestResolver baseUrl excludes queryParams 
To create redirect_uri in DefaultOAuth2AuthorizationRequestResolver,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.

Fixes gh-5520
 2018-07-17 12:00:01 -04:00
Rob Winch
981d35a92c Add ClientRegistration.Builder.registrationId 
Fixes: gh-5527
 2018-07-17 01:27:39 -05:00
Joe Grandja
371221d729 Support anonymous Principal for OAuth2AuthorizedClient 
Fixes gh-5064
 2018-07-16 10:15:41 -05:00
Joe Grandja
779597af2a Add support for custom authorization request parameters 
Fixes gh-4911
 2018-07-16 09:39:06 -05:00
Rob Winch
ba489af354 Fix OAuth2AuthorizedClientExchangeFilterFunctionTests on JDK9 
Issue: gh-4371
 2018-07-02 16:16:16 -05:00
Rob Winch
127a32bd81 Fix checkstyle OAuth2AuthorizedClientExchangeFilterFunctionTests 
Issue: gh-4371
 2018-07-02 15:47:24 -05:00
Rob Winch
0116c65c0e OAuth2AuthorizedClientExchangeFilterFunction Refresh Support 2018-07-02 14:14:17 -05:00
Rob Winch
1f1fb1a801 Add MockExchangeFunction getResponse 
This allows setting up the mock

Issue: gh-5386
 2018-07-02 12:43:00 -05:00
Rob Winch
0910e04bdf MockExchangeFunction Support Multiple Requests 
Issue: gh-5386
 2018-07-02 12:42:54 -05:00
Rob Winch
e27e1cd637 Add OAuth2AccessTokenResponseBodyExtractor 
This externalizes converting a OAuth2AccessTokenResponse from a
ReactiveHttpInputMessage.

Fixes: gh-5475
 2018-07-02 12:41:44 -05:00
Rob Winch
8ef4a5ba92 Add NimbusReactiveJwtDecoder RSAPublicKey Support 
Fixes: gh-5460
 2018-06-25 21:30:49 -05:00
Joe Grandja
d32aa3c6d6 Validate sub claim in UserInfo Response 
Fixes gh-5447
 2018-06-25 16:44:04 -04:00
Rob Winch
d521d5e066 Add OidcReactiveAuthenticationManager 
Fixes: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
f7a2a41241 Add OidcReactiveOAuth2UserService 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
3ddde473f2 Extract OidcTokenValidator 
Issue: gh-5330
 2018-06-18 16:06:19 -05:00
Rob Winch
adb8c60173 Extract OidcUserRequestUtils 
This logic is shared by both reactive and non-reactive clients.

Issue: gh-5330
 2018-06-18 16:06:01 -05:00
Rob Winch
a3db6fc993 Polish OidcUserService 
Fixes: gh-5449
 2018-06-18 16:03:41 -05:00
Joe Grandja
02d29887fb Associate Refresh Token to OAuth2AuthorizedClient 
Fixes gh-5416
 2018-06-12 11:31:43 -04:00
Joe Grandja
4fc6d96073 Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient 
Fixes gh-5360
 2018-06-08 17:33:21 -04:00
Rob Winch
dd1b1b9cc3 Use Spring Framework 5.1.0 SNAPSHOT 
Fixes: gh-5408
 2018-06-05 12:28:51 -05:00
Joe Grandja
fe979aa996 OidcUserService leverages DefaultOAuth2UserService 
Fixes gh-5390
 2018-05-31 16:17:47 -04:00
Joe Grandja
82e4abdd32 OAuth2ClientArgumentResolver uses AnnotatedElementUtils 
Fixes gh-5335
 2018-05-29 21:29:33 -04:00
Rob Winch
b3ca598679 Add WebClient Bearer token support 
Fixes: gh-5389
 2018-05-25 15:17:08 -05:00
Rob Winch
c68cf991ae Add OAuth2AuthorizedClientExchangeFilterFunction 
Fixes: gh-5386
 2018-05-25 11:01:55 -05:00
Rob Winch
2658577396 OAuth2AuthorizationRequestRedirectWebFilter handles ClientAuthorizationRequiredException 
Fixes: gh-5383
 2018-05-24 16:40:41 -05:00