Commit Graph

7206 Commits

Author SHA1 Message Date
Josh Cummings 1c74706232 Delegating ServerAccessDeniedHandler by exchange
Fixes: gh-5747
2018-08-31 10:33:11 -05:00
Joe Grandja 8e615d0fee Re-factor DefaultClientCredentialsTokenResponseClient
Fixes gh-5735
2018-08-27 15:10:17 -05:00
Rob Winch 713e1e3356 BearerTokenServerAuthenticationEntryPoint waits for subscriber
Fixes: gh-5742
2018-08-27 14:26:45 -05:00
Vedran Pavic 362c2ef1f2 Force snapshot repo in snapshot stage build 2018-08-27 13:35:58 -05:00
Joe Grandja 229b69dd35 Add DefaultAuthorizationCodeTokenResponseClient
Fixes gh-5547
2018-08-27 12:44:19 -04:00
Vedran Pavic f7cb53e9bd Upgrade spring-build-conventions to 0.0.18.RELEASE 2018-08-27 10:45:35 -05:00
Vedran Pavic cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Jason Zhekov 439538477a Add missing space in namespace.adoc 2018-08-27 10:43:53 -05:00
Johnny Lim 88181c31f1 Polish ActiveDirectoryLdapAuthenticationProviderTests
This commit polishes ActiveDirectoryLdapAuthenticationProviderTests.contextEnvironmentPropertiesUsed() by:

- Adding fail() to prevent from going through an unexpected path.
- Asserting that the root cause is an instance of ClassNotFoundException as the current code doesn't seem to right.
2018-08-26 21:31:39 -05:00
Rob Winch f5ad4ba0fa ServletOAuth2AuthorizedClientExchangeFilterFunction support client_credentials
Fixes: gh-5639
2018-08-24 11:33:02 -05:00
Rob Winch 2d497c7b0f Remove OAuth2ExchangeFilterFunctions
Fixes: gh-5734
2018-08-24 11:27:59 -05:00
Rob Winch 1640a1f462 Polish ServerAuthenticationConverter
Fix package tangles

Issue: gh-5338
2018-08-24 09:44:27 -05:00
Josh Cummings 68d836d508 Reactive Resource Server Csrf Bypass
This makes requests identified as bearer token requests skip the csrf
filter.

Fixes: gh-5710
2018-08-24 09:44:01 -05:00
Rob Winch 820fb7d828 Polish formatting ServerHttpSecurity JwtSpec
Fixes: gh-5728
2018-08-23 15:12:19 -05:00
Josh Cummings cba2444e1a ServerHttpSecurity ReactiveJwtDecoder discovery
This makes so that WebFlux OAuth 2.0 Resource Server configuration
will pick up a ReactiveJwtDecoder exposed as a bean.

Fixes: gh-5720
2018-08-23 15:12:14 -05:00
Josh Cummings 0fdc081ab5 Add unit tests
Added some unit tests around some untested parts of the code that I
will be touching for this issue.

Issue: gh-5720
2018-08-23 15:11:40 -05:00
Rob Winch 7c14c6e48f Update to Spring Boot 2.1.0.M2
Fixes: gh-5727
2018-08-23 13:00:22 -05:00
Josh Cummings 416a276436
Expose Default Reactive CsrfProtectionMatcher
Make so that users can augment the default protection logic with
their own.

Fixes: gh-5725
2018-08-22 13:02:02 -06:00
Rob Winch 4ddaac3b8e Fix settings.gradle on Windows
Fixes: gh-5724
2018-08-22 10:21:41 -05:00
Joe Grandja d7bd5c0acc Remove spring.factories from oauth2login-webflux sample
Fixes gh-5723
2018-08-22 10:21:36 -04:00
Joe Grandja ff6e1232c8 Flatten HttpSecurity.oauth2()
Fixes gh-5715
2018-08-22 05:58:04 -04:00
Joe Grandja 0f89e59707 Simplified oauth2().client() DSL
Fixes gh-5662
2018-08-22 04:45:35 -04:00
Rob Winch d7dde707a2 Jenkinsfile uses Spring 5.1.0.BUILD-SNAPSHOT
Previously 5.+ was used. This caused problems because Spring Framework
does not use semantic versioning for milestone and rc snapshots. For
example, Spring uses 5.1.0.BUILD-SNAPSHOT, 5.1.0.M1, and then goes back
to 5.1.0.BUILD-SNAPSHOT.

Fixes: gh-5721
2018-08-21 15:59:03 -05:00
Rob Winch 0dc80aed40 Flatten ServerHttpSecurity.oauth2()
Fixes: gh-5712
2018-08-21 15:48:41 -05:00
Josh Cummings 59cdfc7d6e ReactiveJwtDecoder via OIDC Provider Configuration
A reactive static builder for constructing and configuring a
ReactiveJwtDecoder via an issuer that supports the OIDC Provider
Configuration spec.

Fixes: gh-5649
2018-08-21 15:09:18 -05:00
Josh Cummings 01443e35b4 Reactive Jwt Validation
This allows a user to customize the Jwt validation steps that
NimbusReactiveJwtDecoder will take for each Jwt.

Fixes: gh-5650
2018-08-21 15:06:05 -05:00
Rob Winch 53652584b2 ResourceServerSpec->OAuth2ResourceServerSpec
Fixes: gh-5713
2018-08-21 14:51:22 -05:00
Joe Grandja c3e19e29b5 Remove authorizationEndpoint.baseUri in OAuth2ClientConfigurer
Fixes gh-5661
2018-08-21 15:33:58 -04:00
Josh Cummings b11e9ed317
Fix Javadoc Typo
NimbusReactiveJwtDecoder incorrectly referred in its class-level doc
as being an implementation of JwtDecoder. This has been corrected to
say ReactiveJwtDecoder.

Fixes: gh-5711
2018-08-21 12:21:23 -06:00
Rob Winch ec01657625 Polish ActiveDirectoryLdapAuthenticationProvider custom environment
Fixes: gh-5674
2018-08-21 12:14:43 -05:00
Yuri Konotopov 669b0ba583 ActiveDirectoryLdapAuthenticationProvider custom environment
This change allows to inject custom environment properties for directory
context initialization.

Fixes: gh-2312
2018-08-21 12:14:36 -05:00
Rob Winch f5701b5fe0 Fix OptimizeAntPathRequestMatcher
Previously the logic for determining if the pathInfo should be appended
was inverted.

This correctly concatenates url + pathInfo if url is a non empty String.

Fixes: gh-5473
2018-08-21 11:52:55 -05:00
Christoph Dreis 4ccd2f7ebd Optimize AntPathRequestMatcher.getRequestPath() 2018-08-21 11:46:37 -05:00
Rob Winch a08fa22b27 Update to oauth2-oidc-sdk:5.64.4
Fixes: gh-5704
2018-08-20 14:03:56 -05:00
Rob Winch f38c3bfc94 Next Developement Version 2018-08-20 13:21:25 -05:00
Rob Winch a5acf9b834 Release 5.1.0.RC2 2018-08-20 13:20:53 -05:00
Josh Cummings 3cd0ebedc9
Polish ClientRegistrations
Class is now final

Issue: gh-5647
2018-08-20 10:54:53 -06:00
Vedran Pavic f382b69507 Add reactive support for Referrer-Policy security header 2018-08-20 10:10:59 -05:00
Vedran Pavic 10621a0f2c Add reactive support for Content-Security-Policy security header 2018-08-20 10:03:42 -05:00
Vedran Pavic 29cfc3dd1d Add reactive support for Feature-Policy security header
Closes gh-5672
2018-08-20 09:02:12 -05:00
Rob Winch eecb01abb2 Update to Spring Data Lovelace RC2
Fixes: gh-5700
2018-08-20 06:30:18 -05:00
Rob Winch 7c5c274854 Add authcodegrant-webflux sample
Issue: gh-5620
2018-08-19 21:28:08 -05:00
Rob Winch 85d5d4083f Add ServerOAuth2AuthorizationRequestResolver
Fixes: gh-5610
2018-08-19 21:13:54 -05:00
Rob Winch b9ab4929b7 Add OAuth2AuthorizationCodeGrantWebFilter
Issue: gh-5620
2018-08-19 21:12:41 -05:00
Rob Winch d0ebe47cd5 OAuth2LoginReactiveAuthenticationManager uses OAuth2AuthorizationCodeReactiveAuthenticationManager
Issue: gh-5620
2018-08-19 21:12:32 -05:00
Rob Winch 8b67154e77 Add OAuth2AuthorizationCodeReactiveAuthenticationManager
Issue: gh-5620
2018-08-19 21:12:06 -05:00
Rob Winch f843da1942 Add OAuth2LoginAuthenticationWebFilter
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.

Issue: gh-5621
2018-08-19 21:11:43 -05:00
Rob Winch dd7925cb63 OAuth2AuthorizedClientArgumentResolver Uses ServerOAuth2AuthorizedClientRepository
Issue: gh-5621
2018-08-19 21:11:24 -05:00
Rob Winch 1d57a084aa Add ServerOAuth2AuthorizedClientRepository
Fixes: gh-5621
2018-08-19 21:10:15 -05:00
Rob Winch 3a7083c7e9 Add Test<DomainObject>s For OAuth2
Fixes: gh-5699
2018-08-19 21:08:28 -05:00