3194 Commits

Author SHA1 Message Date
Phillip Webb
fd78d055aa Lazily initialize userNotFoundEncodedPassword
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes gh-4915
2018-01-24 11:06:08 -06:00
Johnny Lim
f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Rob Winch
803cdcf01e Test Jackson HashMap in Whitelist
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Chris Burrell
cf97e16379 Add HashMap to Jackson whitelist
Issue: gh-4889
2018-01-03 16:17:23 -06:00
Rob Winch
b9152701a6 Javadoc Polish 2017-12-21 16:43:11 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Rob Winch
c856c376df Fix UTF-8 in JdbcDaoImplTests 2017-12-20 15:50:23 -06:00
Joe Grandja
e19fdb6cc1 Remove AuthenticatedPrincipal from UserDetails
Issue gh-4877
2017-11-30 10:52:24 -05:00
Joe Grandja
50d1a81458 AbstractAuthenticationToken.getName() uses UserDetails.getUsername()
Fixes gh-4877
2017-11-30 09:17:42 -05:00
Rob Winch
ee1745b681 Update to Spring Framework 5.0.2.RELEASE 2017-11-27 11:57:03 -06:00
Rob Winch
691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder
Issue: gh-4873
2017-11-27 11:42:56 -06:00
Johnny Lim
701933c7f7 Fix copyright start years
See gh-4655
See gh-4725
2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
2017-11-16 20:18:21 -06:00
Oleg Zhuravlev
563139c469 Fix keys in messages bundle 2017-11-16 11:28:57 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter
Fixes gh-4504
2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623 Remove unused imports
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
Rob Winch
6d4b4bf2c7 Align Dependencies with Spring IO Cairo
Fixes gh-4821
2017-11-14 13:45:24 -06:00
Johnny Lim
99df632f24 Add missing @Override annotations
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
Rob Winch
d9abd2e443 User.UserBuilder only encodes once
Fixes gh-4794
2017-11-06 09:47:37 -06:00
Greg Turnquist
881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details
Resolves #4698
2017-10-31 16:34:07 -05:00
Rob Winch
e95430fa36 Polish Reactive Method Security reference
Issue gh-4757
2017-10-30 16:27:50 -05:00
Gajendra kumar
ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
2017-10-30 01:08:15 -05:00
Frank Pavageau
35706ad60a Deserialize the principal in a neutral way
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b Map values directly from the JSON nodes
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
Antoine
0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28 Polish AssertJ assertions
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Rob Winch
44320447fe Update to Spring 5.0.1.RELEASE
Issue gh-4739
2017-10-29 14:31:45 -05:00
Rob Winch
747473257f Use ReactorSecurityContextHolder
Issue gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
9ea4df5b5d ReactiveSecurityContextHolder
Fixes gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
399da1ecad SecurityContextImpl constructor
Fixes gh-4712
2017-10-26 20:11:42 -05:00
Rob Winch
38a8189a62 DelegatingApplicationListener uses CopyOnWriteArrayList
Fixes gh-4416
2017-10-24 15:35:04 -05:00
Rob Winch
8291f20796 DaoAuthenticationProvider uses DelegatingPasswordEncoder
This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch
d19b222b55 UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder
This means passwords will be encoded with BCrypt by default

Issue: gh-2775
2017-10-24 07:56:28 -05:00
Rob Winch
cdc992b132 Remove SaltSource
Fixes gh-4681
2017-10-24 07:56:28 -05:00
Rob Winch
4529e09339 Remove PasswordEncoder from core
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch
6c69333df6 Remove PasswordEncoderUtils from core
Issue: gh-4674
2017-10-24 07:56:28 -05:00
Rob Winch
3a4a32e654 Remove LdapShaPasswordEncoder from core
Issue: gh-4674
2017-10-24 07:56:20 -05:00
Rob Winch
6a3e981c80 Remove BaseDigestPasswordEncoder from core
Issue: gh-4674
2017-10-24 07:55:40 -05:00
Rob Winch
a8aa65b828 Remove Md4PasswordEncoder from core
Issue: gh-4674
2017-10-24 07:55:32 -05:00
Rob Winch
2dc4e326be Remove MessageDigestPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
12dbf2e961 Remove PlainTextPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
40fd8d7aa7 Remove ShaPasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
e98fc3556e Remove Md5PasswordEncoder from core
Issue: gh-4674
2017-10-23 22:27:16 -05:00
Rob Winch
52560b560d PasswordEncodedUser
Fixes gh-4680
2017-10-23 22:27:16 -05:00
Rob Winch
1ea10a1e89 Add User.withDefaultPasswordEncoder()
Fixes gh-4678
2017-10-23 22:27:16 -05:00
Rob Winch
a0fb324e1d Add passwordEncoder to UserBuilder
Fixes gh-4677
2017-10-23 22:27:16 -05:00
Rob Winch
7fd1cff3ce Fix PrePostAdviceReactiveMethodInterceptor tangle
Issue: gh-4636
2017-10-16 16:36:43 -05:00
Rob Winch
1dc49276f8 Fix P tangle
Issue: gh-4636
2017-10-16 16:36:15 -05:00