Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,767 Commits 32 Branches 333 Tags 110 MiB
Commit Graph

8767 Commits

Author SHA1 Message Date
Eleftheria Stein 146e43aeb2 Update to Google App Engine 1.9.93 
Closes gh-10644
 2021-12-20 20:24:21 +02:00
Eleftheria Stein a6cd8ba142 Make gretty samples compatible with logback 1.2.9 
Closes gh-10643
 2021-12-20 20:22:43 +02:00
Steve Riesenberg fa5b8c6090 Update copyright year 
Issue gh-10557
 2021-12-01 17:37:56 -06:00
Steve Riesenberg 3aa2a60f97 Fix case sensitive headers comparison 
Closes gh-10557
 2021-12-01 16:04:22 -06:00
Jonas Erbe 606bf6b38d Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request
error on claim validation failure.

But validators have to return invalid_token errors on failure
according to:

https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.

Closes gh-10337
 2021-11-29 13:30:38 -07:00
Marcus Da Coregio 5a47e17a0d Improve log message when no CSRF token found 
Closes gh-10436
 2021-11-19 09:00:29 -03:00
Josh Cummings 6fcee07527 Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:35:22 -07:00
Josh Cummings 1b1c78f408 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:22:26 -07:00
Josh Cummings 7b03fb5321 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 18:17:33 -07:00
Joe Grandja 823c1ebca5 Next development version 2021-10-18 10:50:44 -04:00
Joe Grandja 5c8cd23a2d Revert "Lock dependencies" 
This reverts commit fc53f81d2e.
 2021-10-18 10:48:23 -04:00
Joe Grandja 8605350ed6 Release 5.3.12.RELEASE 2021-10-18 10:31:23 -04:00
Josh Cummings 9481122e02 Restructure SwitchUserFilter Logs 
Issue gh-6311
 2021-10-18 09:59:42 -04:00
Eleftheria Stein fc53f81d2e Lock dependencies 2021-10-14 15:44:09 +02:00
Eleftheria Stein 9f895708f7 Update to Google App Engine 1.9.88 
Closes gh-10381
 2021-10-14 12:02:59 +02:00
Eleftheria Stein 9f07593256 Update to nohttp 0.0.10 
Closes gh-10380
 2021-10-14 12:02:32 +02:00
Josh Cummings dc95d8d705 Fix OAuth2 Error Code 
Closes gh-10319
 2021-09-28 15:23:53 -06:00
heowc 31cc0b856e Fix typo 
Closes gh-10276
 2021-09-22 16:38:50 -06:00
Rob Winch 1eb64652a3 Remove finally block for junit 
Allow this to be gathered by Gradle enterprise since if build is up to
date there will be no tests ran which causes failure. Additionally,
Gradle Enterprise displays the tests better than Jenkins.
 2021-09-22 16:24:39 -05:00
Rob Winch e25052b987 Add jenkins user to Jenkinsfile 2021-09-22 16:20:29 -05:00
Anthony Lofton 1ca04ffc91 Updated test.adoc SecurityMockServerConfigurers method references 
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.

Issue gh-10254
 2021-09-14 16:25:38 -03:00
Derek Van Blerkom 2bdaa31f72 Fix return type to allow further security config 
Issue gh-10245
 2021-09-13 15:41:40 -03:00
Fabio Guenci f33598946f
Preserve Null Claim Values 
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
 2021-08-16 08:40:39 -06:00
Marcus Da Coregio 29a15a3c3a Next development version 2021-08-16 10:36:21 -03:00
Marcus Da Coregio c706a103f9 Revert "Lock Dependencies" 
This reverts commit 1533f098d2.
 2021-08-16 10:35:39 -03:00
Marcus Da Coregio 05319d2685 Release 5.3.11.RELEASE 2021-08-16 09:59:03 -03:00
Marcus Da Coregio 1533f098d2 Lock Dependencies 2021-08-16 09:42:34 -03:00
Steve Riesenberg f55247e28a Revert "URL encode client credentials" 
This reverts commit 6cafa48369.

Issue gh-9610 gh-9862
Closes gh-10018
 2021-07-20 14:05:55 -05:00
dmitrilc 1cf377c250
Update oauth2-resourceserver.adoc 
fix the name of the parameter, from failure to badCredentials

Replaces AuthenticationFailureEvent

Remove AuthenticationFailureEvent Reference

Closes gh-10062
 2021-07-16 12:03:59 -06:00
Rob Winch 56b1dfe0cf Update to use s01.oss.sonatype.org 
Closes gh-10015
 2021-06-29 16:51:00 -05:00
Rob Winch 99f72a0299 Remove -PdeployDocsHost=docs-ip.spring.io 
Closes gh-10021
 2021-06-29 16:51:00 -05:00
Rob Winch 8ea65ac68f Update to spring-build-conventions:0.0.38 
Closes gh-10020
 2021-06-29 16:50:43 -05:00
/usr/local/ΕΨΗΕΛΩΝ 5b1221a846 Improve AuthenticationManagerBeanDefinitionParser XML parsing 
Closes gh-7282
 2021-06-28 13:21:35 +02:00
Marcus Da Coregio cee42ec0bf Next development version 2021-06-22 10:20:51 -03:00
Marcus Da Coregio b0d22d1a03 Revert "Lock Dependencies" 
This reverts commit eb300c78bd.
 2021-06-22 10:20:07 -03:00
Marcus Da Coregio 01c1c192d1 Release 5.3.10.RELEASE 2021-06-22 09:38:32 -03:00
Marcus Da Coregio eb300c78bd Lock Dependencies 2021-06-21 09:23:19 -03:00
Eleftheria Stein 442c9cbf38 Disable default logout page when logout disabled 
Closes gh-9475
 2021-06-18 10:31:50 +02:00
Christian Frommeyer 7cf538cba6
Replace StringUtils from oauth2-oidc-sdk 
SecurityMockServerConfigurers.java previously used the StringUtils from
the optional oauth2-oidc-sdk dependency. Replacing this with the
StringUtils from the spring framework this should not force adding the
dependency in cases where it is not actually used.

Closes gh-9923
 2021-06-16 14:15:14 -06:00
Steve Riesenberg b6ae11295f Commit missing compile fix from cherry-pick conflict 2021-06-15 12:10:06 -05:00
Steve Riesenberg ee9c8e2fd0 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository 
Related to gh-9649
Closes gh-9857
 2021-06-15 12:06:22 -05:00
Marcus Hert da Coregio e16b88c9d5 Fix Adding Filter Relative to Custom Filter 
Closes gh-9787
 2021-06-14 16:56:33 -03:00
Josh Cummings 0ad2d90a72
Anonymous Authentication Argument Resolution Docs 
Closes gh-3338
 2021-06-08 16:23:50 -06:00
Josh Cummings ba9b4d8cc6
Fix Getting Started Link 
Closes gh-6502
 2021-06-08 13:51:35 -06:00
Josh Cummings b189e0370a
PayloadInterceptorRSocket retains all payloads 
Flux#skip discards its corresponding elements, meaning that they
aren't intended for reuse. When using RSocket's ByteBufPayloads,
this means that the bytes are releaseed back into RSocket's pool.

Since the downstream request may still need the skipped payload,
we should construct the publisher in a different way so as to
avoid the preemptive release.

Deferring Spring JavaFormat to clarify what changed.

Closes gh-9345
 2021-06-04 13:45:30 -06:00
Steve Riesenberg 6cafa48369 URL encode client credentials 
Closes gh-9610
 2021-06-03 09:39:00 -05:00
Eleftheria Stein 5b802a45f5 Fix Resource Server clock skew default value in docs 
Closes gh-6611
 2021-06-02 12:56:37 +03:00
Josh Cummings 6d816fbf85
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 14:38:20 -06:00
Hans Hosea Schaefer e52b104636
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 14:36:05 -06:00
Marcus Hert da Coregio 02285708eb Adjust createNewSessionIfAllowed to prevent NPE 
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
 2021-05-26 15:13:55 -03:00