ec46b7dbe1
WebSocketMessageBrokerConfigTests groovy->java
...
Of note is that this commit unrolls three Spock @Unroll-parameterized
tests into a separate test for each parameter.
Issue: gh-4939
2018-03-27 12:38:06 -05:00
d07cfe655d
Use Supplier variants of Assert methods
2018-03-27 10:58:55 -05:00
b1d013e8f0
Fix JDK 9
...
Issue: gh-5160
2018-03-27 09:30:56 -05:00
018ab7d92c
Fix Javadoc Typo uses->use
...
Issue: gh-5113
2018-03-19 15:36:31 -05:00
01152ede41
Clarify HttpSecurity.registerFilterAt
...
Fixes: gh-5113
2018-03-19 14:41:03 -05:00
e86becc151
Relax assertions in HeaderSpecTests
...
Fixes: gh-5116
2018-03-15 08:30:37 -05:00
4f709d47b9
Fix @since on GlobalAuthenticationConfigurerAdapter
...
Fixes: gh-5106
2018-03-13 14:23:36 -05:00
452d855396
Fix appendix tests
2018-03-09 16:34:49 -06:00
a2073b2b91
Support BeanResolver for Reactive AuthenticationPrincipal
...
Fixes: gh-4326
2018-03-09 12:05:55 -06:00
3121f9c000
NamespaceGlobalMethodSecurity groovy->java
...
Note that the `WhenUsingAspectJ` tests are still simply verifying structure instead of behavior. This is because the project appearsto be misconfigured in some way such that AspectJ advice isn't getting woven in at runtime. The original Groovy tests also only verified structure and they may be that way for a similar reason.
Either way, I will open up a ticket so we can review why that is the case and if there is a good fix.
Issue: gh-4939
2018-03-08 16:53:54 -06:00
c91ca0584c
Sec2758Tests groovy->java
...
Note that the old groovy test used a configuration of
```
http
.authorizeRequests()
.anyRequest().hasAnyAuthority("USER")
```
However, as I read the issue, gh-2984, the problem this issue
identifies is the non-passive change of defaulting to prefix
ROLE_ with all role-based configuration methods. So, the test now
does the following:
```
http
.authorizeRequests()
.anyRequest().access("hasAnyRole('USER')")
```
which demonstrates, given the configuration in this test, that
ROLE_ is correctly not prefixed in this expression, even though
it is a role-based configuration.
Issue: gh-4939
2018-03-08 16:52:20 -06:00
a5bd76b6ed
Revert authorization_code grant support
...
This reverts commit eae7afd9aa
2018-03-06 16:16:45 -05:00
c922fe3be1
WebSecurityConfigurationTests groovy->java
...
Issue: gh-4939
2018-03-06 09:24:52 -05:00
b1f3d495d9
Sec2515Tests groovy->java
...
Issue: gh-4939
2018-03-05 15:16:52 -05:00
0aa87e8501
EnableWebSecurityTests groovy->java
...
Issue: gh-4939
2018-03-05 10:23:48 -05:00
5af1d1d936
Polish HttpConfigurationTests
2018-03-05 08:36:15 -05:00
2a678ebc6e
Polish WebSecurityConfigurerAdapterTests
2018-03-05 06:20:27 -05:00
eae7afd9aa
Add support for authorization_code grant
...
Fixes gh-4928
2018-03-02 14:30:49 -05:00
1ed51033cc
Migrate config-debug groovy->java
...
All tests in `org.springframework.security.config.debug` are migrated.
Note that `SecurityDebugBeanFactoryPostProceessorTest` preserves the original structure-verifying strategy used in the Groovy test. Verifying debug behavior turns out to be fairly tricky since being behaviorally invisible is in its nature.
Issue: gh-4939
2018-03-02 08:55:07 -06:00
1b69c62d20
PortMapperConfigurerTests groovy->java
...
Issue: gh-4939
2018-02-27 11:44:21 -05:00
e08d4cc90c
AnonymousConfigurerTests groovy->java
...
This test now checks key and principal both, which differs from the original Groovy test
In order to keep from needing to execute logic internal to `AnonymousAuthenticationToken`, this test changed from the original Groovy test. In the Groovy test, `key` is tested; however in this new test, `principal` is tested instead.
A concern was raised that if `AnonymousAuthenticationProvider` were invoked in this test, then testing only `principal` would not confirm that `key` was correctly propagated to `AnonymousAuthenticationProvider`. So, the test now configures both `key` and `principal`. The former to confirm correct wiring of `AnonymousAuthenticationProvider` and the latter to confirm correct wiring of `AnonymousAuthenticationFilter`.
Issue: gh-4939
2018-02-27 11:30:02 -05:00
bb59733736
Sec2377Tests groovy->java
...
Issue: gh-4939
2018-02-22 10:48:18 -05:00
dc9248e73c
NamespaceHttpTests groovy->java
...
Issue: gh-4939
2018-02-22 10:29:48 -05:00
fded710e04
HttpConfigurationTests groovy->java
...
Issue: gh-4939
2018-02-16 14:16:51 -05:00
210a510bba
Use HttpFirewall Bean
...
Fixes: gh-5022
2018-02-15 17:18:28 -06:00
52b5423b75
WebSecurityConfigurerAdapterTests groovy->java
...
Issue: gh-4939
2018-02-15 17:50:55 -05:00
7fc88a391f
SampleWebSecurityConfigurerAdapterTests groovy->java
...
Issue: gh-4939
2018-02-14 15:40:46 -05:00
c31c1a4616
AbstractConfiguredSecurityBuilderTests -> remove use of reflection
...
Issue gh-4939
2018-02-14 12:47:35 -05:00
780c9dd455
Fix GlobalMethodSecurityConfigurationTests checkstyle
...
Issue: gh-4939
2018-02-13 09:41:07 -06:00
8b6e77e5ab
Fix SpringTestContext checkstyle
...
Issue: gh-5015
2018-02-13 09:40:47 -06:00
6af1ac08db
GlobalMethodSecurityConfigurationTests groovy->java
...
Issue: gh-4939
2018-02-13 09:37:05 -06:00
6c52eb6ee1
MethodSecurityService add additional methods
...
Fixes: gh-5016
2018-02-13 09:36:57 -06:00
ca5fb78ee1
Authz check(boolean result)
...
Issue: gh-5016
2018-02-13 09:36:48 -06:00
1ad57adccc
SpringTestContext allow setting Context
...
Fixes: gh-5015
2018-02-13 09:36:39 -06:00
49e5b15ce2
Extract MockEventListener
...
Fixes: gh-5014
2018-02-13 09:36:27 -06:00
ce5fb51b20
Remove Mono.defer in ReactorContextWebFilter
...
Fixes: gh-5010
2018-02-08 16:19:10 -06:00
964a14b224
Document Reactive Method security requires Publisher return types
...
Fixes: gh-4988
2018-02-07 16:43:18 -06:00
ea3dd336aa
Cache headers only if no cache headers set
...
Fixes: gh-5004
2018-02-07 14:56:34 -06:00
2165cc72ef
BaseAuthenticationConfig groovy->java
...
Issue: gh-4939
2018-02-07 14:40:55 -06:00
2c519b7e74
NamespaceGlobalMethodSecurityTests groovy->java
...
Issue: gh-4939
2018-02-06 15:23:41 -06:00
9587f3280e
MethodSecurityServiceImpl groovy->java
...
Issue: gh-4939
2018-02-06 14:09:58 -06:00
751130ba04
MethodSecurityService groovy->java
...
Issue: gh-4939
2018-02-06 14:08:43 -06:00
9e23d684e7
Polish Imports in SpringTestRule
...
Fixes: gh-5001
2018-02-06 13:48:36 -06:00
73f5e89e4c
SpringTestRule clears SecurityContext
...
Fixes: gh-5001
2018-02-06 11:54:26 -06:00
1efc7ef5d7
Issue50Tests groovy->java
...
Issue: gh-4939
2018-02-06 11:53:19 -06:00
d12d9ba538
SecurityConfig groovy->java
...
Issue: gh-4939
2018-02-06 11:53:07 -06:00
9e3e7e9e29
ApplicationConfig groovy->java
...
Issue: gh-4939
2018-02-06 11:52:29 -06:00
11c8d5ddfb
UserRepository groovy->java
...
Issue: gh-4939
2018-02-06 11:51:58 -06:00
1217547ebd
User groovy->java
...
Issue: gh-4939
2018-02-06 11:51:38 -06:00
12bd506ee7
AutowireBeanFactoryObjectPostProcessorTests groovy->java
...
Issue: gh-4939
2018-02-06 11:13:00 -06:00
eb6d84eb36
MyAdvisedBean groovy->java
...
Issue: gh-4939
2018-02-06 11:12:47 -06:00
3cb06ec581
AroundMethodInterceptor groovy->java
...
Issue: gh-4939
2018-02-06 11:12:35 -06:00
9df708dbba
Add SpringTestRule.testConfigLocations
...
Fixes: gh-5000
2018-02-06 11:12:35 -06:00
0d92adf1be
PasswordEncoderConfigurerTests groovy->java
...
Issue: gh-4939
2018-02-05 17:13:21 -06:00
886bfa3daa
NamespacePasswordEncoderTests groovy->java
...
Issue: gh-4939
2018-02-05 16:46:42 -06:00
70db508218
NamespaceJdbcUserServiceTests groovy->java
...
Issue: gh-4939
2018-02-05 15:27:28 -06:00
a0918dd6d4
NamespaceAuthenticationProviderTests groovy->java
...
Issue: gh-4939
2018-02-05 14:53:50 -06:00
959f689e4e
NamespaceAuthenticationManagerTests groovy->java
...
Issue: gh-4939
2018-02-02 16:56:45 -06:00
1cb581a0c6
AbstractConfiguredSecurityBuilderTests, AbstractRequestMatcherRegistryTests -> .java
...
Issue gh-4939
2018-02-02 16:45:44 -05:00
87a216a6e6
AuthenticationManagerBuilderTests -> .java
...
Issue: gh-4939
2018-01-26 16:50:33 -06:00
8d96e83767
Fix checkstyle
2018-01-26 15:31:24 -06:00
e5d40c0599
AuthenticationConfigurationTests -> java
...
Issue: gh-4939
2018-01-26 15:14:34 -06:00
0eef5b4b42
Add StrictHttpFirewall
2018-01-24 11:06:08 -06:00
900ab1df81
Add javadoc for the OAuth 2.0 Security Configurer's
...
Fixes gh-4972
2018-01-24 06:18:08 -05:00
84679a5d64
Polish #4904 Support GrantedAuthoritiesMapper @Bean for oauth2Login
2018-01-23 12:14:57 -05:00
444e2dade3
Support GrantedAuthoritiesMapper @Bean for oauth2Login
...
Fixes gh-4880
2018-01-23 09:51:14 -05:00
91ef7ce1cf
AuthenticationEventPublisher Bean used by Default
...
Fixes: gh-4940
2018-01-18 08:59:27 -06:00
196f02748d
Migrate UserDetailsManagerConfigurerTests groovy->java
2018-01-10 16:13:08 -06:00
f3830eec7d
Rename userDetailsRepository to userDetailsService
2018-01-10 16:04:48 -06:00
921157cdcd
Remove explicit super() calls
2017-12-21 15:11:51 -06:00
57353d18e5
Use diamond type
2017-12-21 15:09:00 -06:00
cfe40358bd
typo in java doc
2017-12-21 14:18:41 -06:00
316fd0572f
Remove @Nullable annotations in UserDetailsMapFactoryBean
2017-12-21 14:08:05 -06:00
c16456623f
Remove unused imports
2017-12-20 16:05:38 -06:00
9f6af4f3b8
Remove address and phone from default scope for Google
...
Fixes gh-4895
2017-12-12 16:05:02 -05:00
bd5d0bc6fd
Change default scope to 'read:user' for GitHub
...
Fixes gh-4893
2017-12-12 15:31:25 -05:00
ab6df7d154
Format security ilters enums for readability
2017-11-28 14:06:55 -06:00
3f1b09c248
Update javadoc for HttpSecurity.oauth2Login()
...
Fixes gh-4875
2017-11-27 13:17:19 -05:00
691bf2e11d
PasswordEncoder Bean for AuthenticationManagerBuilder
...
Issue: gh-4873
2017-11-27 11:42:56 -06:00
9afee9e4e2
PasswordEncoder as Bean default for XML
...
Issue: gh-4873
2017-11-27 11:42:56 -06:00
e377dcf81b
Make SessionManagementConfigTests deterministic
...
Fixes: gh-4871
2017-11-27 11:42:56 -06:00
5cf2883afc
AuthenticationManagerBeanDefinitionParserTests uses SpringTestContext
...
Issue: gh-4870
2017-11-27 11:42:56 -06:00
4d8f11a5a9
SpringTestContext improvements
...
Fixes gh-4870
2017-11-27 11:42:56 -06:00
d55db837e1
CsrfWebFilter places Mono<CsrfToken>
...
Fixes: gh-4855
2017-11-20 16:30:29 -06:00
701933c7f7
Fix copyright start years
...
See gh-4655
See gh-4725
2017-11-17 10:14:32 -06:00
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
2017-11-16 11:18:31 -06:00
cf3cba8f5f
Ensure Chrome Still SC_MOVED_TEMPORARILY
...
Issue: gh-4831
2017-11-16 10:33:51 -06:00
3e7e80a836
Accept */* triggers 401 by Default
...
Fixes gh-4831
2017-11-16 09:58:29 -06:00
dd33f0a7de
ClientRegistration.redirectUri -> redirectUriTemplate
...
Fixes gh-4827
2017-11-15 14:51:35 -05:00
e098c3707e
Update default redirect-uri to use 'baseUrl' template variable
...
Fixes gh-4826
2017-11-15 14:51:35 -05:00
0b1618d8b4
Fix RequestCache
...
Issue: gh-4789
2017-11-15 12:50:54 -06:00
a6733fae50
Polish
2017-11-15 12:50:54 -06:00
942b51dba7
Reactive Basic does not create session by default
...
Fixes: gh-4825
2017-11-15 12:50:29 -06:00
5f79fdd3eb
requiresLogoutMatcher naming polish
...
Issue: gh-4822
2017-11-14 16:42:41 -06:00
11f6e0477c
serverLogoutSuccessHandler->logoutSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:36 -06:00
bf570854b8
serverLogoutHandler->logoutHandler
...
Issue: gh-4822
2017-11-14 16:42:33 -06:00
2cbdb4ba02
serverCsrfTokenRepository->csrfTokenRepository
...
Issue: gh-4822
2017-11-14 16:42:27 -06:00
3bfda6cff7
serverAccessDeniedHandler->accessDeniedHandler
...
Issue: gh-4822
2017-11-14 16:42:24 -06:00
9e82fc0b83
serverAuthenticationEntryPoint->authenticationEntryPoint
...
Issue: gh-4822
2017-11-14 16:42:20 -06:00
520e0a5a68
serverAuthenticationSuccessHandler->authenticationSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:14 -06:00
5c83f92ddc
serverAuthenticationFailureHandler->authenticationFailureHandler
...
Issue: gh-4822
2017-11-14 16:42:10 -06:00
692233e431
ServerSecurityContextRepository members to securityContextRepository
...
Issue: gh-4822
2017-11-14 16:42:06 -06:00
9956de8f29
LogoutBuilder->LogoutSpec
...
Issue: gh-4822
2017-11-14 16:41:58 -06:00
7619556066
FormLoginBuilder->FormLoginSpec
...
Issue: gh-4822
2017-11-14 16:41:55 -06:00
83d4abb1c6
RequestCacheBuilder->RequestCacheSpec
...
Issue: gh-4822
2017-11-14 16:41:51 -06:00
eb7edf7092
HttpBasicBuilder->HttpBasicSpec
...
Issue: gh-4822
2017-11-14 16:41:47 -06:00
01154614d1
ExceptionHandlingBuilder->ExceptionHandlingSpec
...
Issue: gh-4822
2017-11-14 16:41:38 -06:00
903cbd7c35
CsrfBuilder->CsrfSpec
...
Issue: gh-4822
2017-11-14 16:41:31 -06:00
fd4726afaf
HeadersBuilder-HeadersSpec
...
Issue: gh-4822
2017-11-14 16:41:25 -06:00
53ddbfc0ab
AuthorizedExchangeBuilder->AuthorizedExchangeSpec
...
Issue: gh-4822
2017-11-14 16:41:08 -06:00
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
872a8f3189
Change constructor param order in oauth2 client filters
...
Fixes gh-4818
2017-11-13 17:32:22 -05:00
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
2017-11-13 15:49:34 -06:00
1ea66378f5
ServerHttpSecurity uses RedirectServerAuthenticationFailureHandler
...
Issue: gh-4816
2017-11-13 15:49:26 -06:00
3c7fb977fe
WebTestClientHtmlUnitDriverBuilder uses WebTestClient for localhost
...
Fixes gh-4815
2017-11-13 15:48:52 -06:00
aa9e057ba8
Fix CNF exception if oauth2-jose dependency not included
...
Fixes gh-4753
2017-11-12 12:27:18 -05:00
f2ccc53549
Add UserDetailsMapFactoryBean
...
Fixes gh-4804
2017-11-09 14:01:43 -06:00
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
adec62cdf2
EnableWebFluxSecurity creates CsrfRequestDataValueProcessor
...
Fixes gh-4762
2017-11-07 22:25:48 -06:00
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
2017-11-07 22:25:23 -06:00
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
2017-11-07 22:24:42 -06:00
c7c84e0996
Fix CustomLoginPage test
...
Fixes gh-4797
2017-11-07 22:24:21 -06:00
1506dcd413
SpringTestContext.getContext()
...
Add accessor method for SpringTestContext.getContext()
Fixes gh-4796
2017-11-07 22:24:15 -06:00
21aec19d42
Add FormLoginBuilder.serverAuthenticationSuccessHandler
...
Fixes: gh-4786
2017-11-03 08:47:59 -05:00
1d4c7da1e1
Fix WebTestClientWebConnection for redirects
2017-11-03 08:46:56 -05:00
06c4bffc5f
Use id field instead of name field for GitHub and Facebook providers.
...
Fixes gh-4764
2017-11-01 10:48:57 -04:00
d664ff2e26
Lookup HandlerMappingIntrospector from Bean
2017-10-30 16:27:50 -05:00
ef9cd76607
Polish oauth2
...
Fixes gh-4758
2017-10-30 16:49:01 -04:00
511d702ee0
Remove JwtDecoderRegistry
...
Fixes gh-4754
2017-10-30 12:52:42 -04:00
727098d6c0
Fix NPE when configuring oauth2Login.loginPage
...
Fixes gh-4752
2017-10-30 06:26:07 -04:00
5280ac40e9
WebMvcConfigurerAdapter->WebMvcConfigurer
...
Fixes gh-4612
2017-10-30 01:30:08 -05:00
3d5989dea4
Change a default realm name
...
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.
Fixes gh-4220
2017-10-30 00:59:39 -05:00
4295461830
ServerHttpSecurity extracts WebFilter from OrderedWebFilter
...
Fixes gh-4736
2017-10-30 00:45:26 -05:00
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
70165869b1
Add UnboundId LDAP inmemory support
...
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
2017-10-29 21:59:55 -05:00
9a4513356d
Configure default OAuth2AuthorizedClientService
...
Fixes gh-4751
2017-10-29 22:45:57 -04:00
4fa9b4dd15
Add ServerHttpSecurity.exceptionHandling()
...
Fixes gh-4750
2017-10-29 21:00:10 -05:00
5fa822d114
Expose custom config for OidcUserService
...
Fixes gh-4715
2017-10-29 21:33:51 -04:00
a261c9a047
Polish OAuth2LoginConfigurer
...
Fixes gh-4747
2017-10-29 21:33:51 -04:00
a3e38fec47
Remove AuthorizationRequestUriBuilder
...
Make this API private since we don't have concrete use cases for exposing
it yet.
Fixes gh-4742
2017-10-29 19:50:02 -05:00
c3d2effc1d
Polish OAuth2AuthorizedClientService
...
Fixes gh-4746
2017-10-29 20:25:03 -04:00
e4887057bc
Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient
...
Fixes gh-4741
2017-10-29 17:49:15 -04:00
e2dd037b4a
Default WebFlux headers and Logout
2017-10-29 15:06:06 -05:00
6fbd435bdf
OAuth2LoginAuthenticationFilter requires collaborators
...
Fixes gh-4661
2017-10-29 04:41:23 -04:00
5a7466512e
Expose default constructor in AbstractAuthenticationFilterConfigurer
...
Fixes gh-4737
2017-10-29 04:41:23 -04:00
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00
f040bd054d
Javadoc @EnableWebFluxSecurity
2017-10-28 22:59:24 -05:00
b394ae5d5e
Polish
...
Restructure WebFluxSecurityConfiguration for easier copy paste of
default ServerHttpSecurity Bean
2017-10-28 22:59:24 -05:00
Josh Cummings
Christoph Dreis
Rob Winch
Joe Grandja
Kazuki Shimizu
Adolfo Eloy
Johnny Lim
Aygiz Shaymardanov
Eddú Meléndez
Filip Hanik
Craig Walls
Antoine