Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,071 Commits 34 Branches 334 Tags 115 MiB
Commit Graph

1138 Commits

Author SHA1 Message Date
Rob Winch 0eedfc717a Revert "Revert "Add ClientRegistration from OpenID Connect Discovery"" 
This reverts commit 9fe0f50e3c.

The original commit was accidentally pushed prior to PR. We attempted
to revert the commit hoping the PR would open again. This did not work.
We are going to do a Polish commit instead.

Issue: gh-5355
 2018-05-18 09:40:43 -05:00
Rob Winch 9fe0f50e3c Revert "Add ClientRegistration from OpenID Connect Discovery" 
This reverts commit 0598d47732.
 2018-05-18 09:20:51 -05:00
Rob Winch 0598d47732 Add ClientRegistration from OpenID Connect Discovery 
Fixes: gh-4413
 2018-05-16 12:30:04 -05:00
Josh Cummings 658acf0332
PlaceHolderAndELConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings 428b0e45aa
HttpCorsConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings 306e9ed91c
HttpConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Rob Winch 32e368d9b7 Single ClientRegistration redirects by default 
Fixes: gh-5339
 2018-05-14 16:38:13 -05:00
Rob Winch f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch 7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Johnny Lim b91ebf7090 Fix @since for MockEventListener 2018-05-07 16:53:26 -05:00
Denys Ivano fed15f2b01 Add accessDeniedHandler method to ExceptionHandlingSpec 
This allows to configure accessDeniedHandler in ExceptionTranslationWebFilter through ServerHttpSecurity.

Issue: gh-5257
 2018-05-07 16:22:29 -05:00
Johnny Lim 2a0f529ee4 Use spring-projects for organization in GitHub URLs 2018-05-04 21:01:39 -05:00
Josh Cummings 2273839aad
FormLoginConfigTests groovy->java 
Issue: gh-4939
 2018-05-01 08:11:04 -06:00
Rob Winch 9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch eb067bc3a1 DefaultWebSecurityExpressionHandler uses PermissionEvaluator Bean 
The default instance of DefaultWebSecurityExpressionHandler uses the
PermissionEvaluator Bean by default.

Fixes: gh-5272
 2018-04-30 12:15:50 -05:00
Josh Cummings 359a73eff2
Merge pull request #5260 from jzheaux/gh-4939-FormLoginBeanDefinitionParserTests 
FormLoginBeanDefinitionParserTests groovy->java
 2018-04-27 12:03:55 -06:00
Josh Cummings 3c1231efd3
CsrfConfigTests groovy->java 
Issue: gh-4939
 2018-04-25 11:41:32 -06:00
Josh Cummings 65326b1178
FormLoginBeanDefinitionParserTests groovy->java 
Issue: gh-4939
 2018-04-25 11:12:07 -06:00
Josh Cummings 9c0f2cc281
AccessDeniedConfigTests groovy->java 
Issue: gh-4939
 2018-04-24 08:11:47 -06:00
Joe Grandja 526e0fdd4f Add OAuth2 Client HandlerMethodArgumentResolver 
Fixes gh-4651
 2018-04-02 12:13:52 -04:00
Joe Grandja 982fc360b2 Add support for authorization_code grant 
Fixes gh-4928
 2018-04-02 12:13:06 -04:00
Rob Winch 234c20eb30 Polish XsdDocumentedTests 
- NicerNoce->XmlNode
- NicerXmlSupport->XmlSupport
- NicerXmlParser->XmlParser

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Josh Cummings 0c0abea3ad XsdDocumentedTests groovy->java 
Groovy has more extensive support for Xml parsing via XmlSlurper.
To replace it, this conversion also introduces a SAX wrapper,
NicerXmlParser, and a companion Node wrapper, NicerNode, that
allowed for less modification of the converted tests.

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Rob Winch fb7394c1de Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:57 -05:00
Rob Winch 6e1e977778 Polish HeadersSpec 
Fixes: gh-5187
 2018-03-29 15:33:57 -05:00
Rob Winch 7a204a5f58 Fixes for SPR-16624 
Fixes: gh-5164
 2018-03-27 22:35:08 -05:00
Josh Cummings ec46b7dbe1 WebSocketMessageBrokerConfigTests groovy->java 
Of note is that this commit unrolls three Spock @Unroll-parameterized
tests into a separate test for each parameter.

Issue: gh-4939
 2018-03-27 12:38:06 -05:00
Christoph Dreis d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch 018ab7d92c Fix Javadoc Typo uses->use 
Issue: gh-5113
 2018-03-19 15:36:31 -05:00
Rob Winch 01152ede41 Clarify HttpSecurity.registerFilterAt 
Fixes: gh-5113
 2018-03-19 14:41:03 -05:00
Rob Winch e86becc151 Relax assertions in HeaderSpecTests 
Fixes: gh-5116
 2018-03-15 08:30:37 -05:00
Rob Winch 4f709d47b9 Fix @since on GlobalAuthenticationConfigurerAdapter 
Fixes: gh-5106
 2018-03-13 14:23:36 -05:00
Rob Winch 452d855396 Fix appendix tests 2018-03-09 16:34:49 -06:00
Rob Winch a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Josh Cummings 3121f9c000 NamespaceGlobalMethodSecurity groovy->java 
Note that the `WhenUsingAspectJ` tests are still simply verifying structure instead of behavior. This is because the project appearsto be misconfigured in some way such that AspectJ advice isn't getting woven in at runtime. The original Groovy tests also only verified structure and they may be that way for a similar reason.

Either way, I will open up a ticket so we can review why that is the case and if there is a good fix.

Issue: gh-4939
 2018-03-08 16:53:54 -06:00
Josh Cummings c91ca0584c Sec2758Tests groovy->java 
Note that the old groovy test used a configuration of

```
http
    .authorizeRequests()
        .anyRequest().hasAnyAuthority("USER")
```

However, as I read the issue, gh-2984, the problem this issue
identifies is the non-passive change of defaulting to prefix
ROLE_ with all role-based configuration methods. So, the test now
does the following:

```
http
    .authorizeRequests()
        .anyRequest().access("hasAnyRole('USER')")
```

which demonstrates, given the configuration in this test, that
ROLE_ is correctly not prefixed in this expression, even though
it is a role-based configuration.

Issue: gh-4939
 2018-03-08 16:52:20 -06:00
Joe Grandja a5bd76b6ed Revert authorization_code grant support 
This reverts commit eae7afd9aa.
 2018-03-06 16:16:45 -05:00
Joe Grandja c922fe3be1 WebSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-03-06 09:24:52 -05:00
Joe Grandja b1f3d495d9 Sec2515Tests groovy->java 
Issue: gh-4939
 2018-03-05 15:16:52 -05:00
Joe Grandja 0aa87e8501 EnableWebSecurityTests groovy->java 
Issue: gh-4939
 2018-03-05 10:23:48 -05:00
Joe Grandja 5af1d1d936 Polish HttpConfigurationTests 2018-03-05 08:36:15 -05:00
Joe Grandja 2a678ebc6e Polish WebSecurityConfigurerAdapterTests 2018-03-05 06:20:27 -05:00
Joe Grandja eae7afd9aa Add support for authorization_code grant 
Fixes gh-4928
 2018-03-02 14:30:49 -05:00
Josh Cummings 1ed51033cc Migrate config-debug groovy->java 
All tests in `org.springframework.security.config.debug` are migrated.

Note that `SecurityDebugBeanFactoryPostProceessorTest` preserves the original structure-verifying strategy used in the Groovy test. Verifying debug behavior turns out to be fairly tricky since being behaviorally invisible is in its nature.

Issue: gh-4939
 2018-03-02 08:55:07 -06:00
Josh Cummings 1b69c62d20 PortMapperConfigurerTests groovy->java 
Issue: gh-4939
 2018-02-27 11:44:21 -05:00
Josh Cummings e08d4cc90c AnonymousConfigurerTests groovy->java 
This test now checks key and principal both, which differs from the original Groovy test

In order to keep from needing to execute logic internal to `AnonymousAuthenticationToken`, this test changed from the original Groovy test. In the Groovy test, `key` is tested; however in this new test, `principal` is tested instead.

A concern was raised that if `AnonymousAuthenticationProvider` were invoked in this test, then testing only `principal` would not confirm that `key` was correctly propagated to `AnonymousAuthenticationProvider`. So, the test now configures both `key` and `principal`. The former to confirm correct wiring of `AnonymousAuthenticationProvider` and the latter to confirm correct wiring of `AnonymousAuthenticationFilter`.

Issue: gh-4939
 2018-02-27 11:30:02 -05:00
Josh Cummings bb59733736 Sec2377Tests groovy->java 
Issue: gh-4939
 2018-02-22 10:48:18 -05:00
Joe Grandja dc9248e73c NamespaceHttpTests groovy->java 
Issue: gh-4939
 2018-02-22 10:29:48 -05:00
Joe Grandja fded710e04 HttpConfigurationTests groovy->java 
Issue: gh-4939
 2018-02-16 14:16:51 -05:00
Rob Winch 210a510bba Use HttpFirewall Bean 
Fixes: gh-5022
 2018-02-15 17:18:28 -06:00
Joe Grandja 52b5423b75 WebSecurityConfigurerAdapterTests groovy->java 
Issue: gh-4939
 2018-02-15 17:50:55 -05:00
Joe Grandja 7fc88a391f SampleWebSecurityConfigurerAdapterTests groovy->java 
Issue: gh-4939
 2018-02-14 15:40:46 -05:00
Joe Grandja c31c1a4616 AbstractConfiguredSecurityBuilderTests -> remove use of reflection 
Issue gh-4939
 2018-02-14 12:47:35 -05:00
Rob Winch 780c9dd455 Fix GlobalMethodSecurityConfigurationTests checkstyle 
Issue: gh-4939
 2018-02-13 09:41:07 -06:00
Rob Winch 8b6e77e5ab Fix SpringTestContext checkstyle 
Issue: gh-5015
 2018-02-13 09:40:47 -06:00
Rob Winch 6af1ac08db GlobalMethodSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-02-13 09:37:05 -06:00
Rob Winch 6c52eb6ee1 MethodSecurityService add additional methods 
Fixes: gh-5016
 2018-02-13 09:36:57 -06:00
Rob Winch ca5fb78ee1 Authz check(boolean result) 
Issue: gh-5016
 2018-02-13 09:36:48 -06:00
Rob Winch 1ad57adccc SpringTestContext allow setting Context 
Fixes: gh-5015
 2018-02-13 09:36:39 -06:00
Rob Winch 49e5b15ce2 Extract MockEventListener 
Fixes: gh-5014
 2018-02-13 09:36:27 -06:00
Rob Winch ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch 964a14b224 Document Reactive Method security requires Publisher return types 
Fixes: gh-4988
 2018-02-07 16:43:18 -06:00
Rob Winch ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch 2165cc72ef BaseAuthenticationConfig groovy->java 
Issue: gh-4939
 2018-02-07 14:40:55 -06:00
Rob Winch 2c519b7e74 NamespaceGlobalMethodSecurityTests groovy->java 
Issue: gh-4939
 2018-02-06 15:23:41 -06:00
Rob Winch 9587f3280e MethodSecurityServiceImpl groovy->java 
Issue: gh-4939
 2018-02-06 14:09:58 -06:00
Rob Winch 751130ba04 MethodSecurityService groovy->java 
Issue: gh-4939
 2018-02-06 14:08:43 -06:00
Rob Winch 9e23d684e7 Polish Imports in SpringTestRule 
Fixes: gh-5001
 2018-02-06 13:48:36 -06:00
Rob Winch 73f5e89e4c SpringTestRule clears SecurityContext 
Fixes: gh-5001
 2018-02-06 11:54:26 -06:00
Rob Winch 1efc7ef5d7 Issue50Tests groovy->java 
Issue: gh-4939
 2018-02-06 11:53:19 -06:00
Rob Winch d12d9ba538 SecurityConfig groovy->java 
Issue: gh-4939
 2018-02-06 11:53:07 -06:00
Rob Winch 9e3e7e9e29 ApplicationConfig groovy->java 
Issue: gh-4939
 2018-02-06 11:52:29 -06:00
Rob Winch 11c8d5ddfb UserRepository groovy->java 
Issue: gh-4939
 2018-02-06 11:51:58 -06:00
Rob Winch 1217547ebd User groovy->java 
Issue: gh-4939
 2018-02-06 11:51:38 -06:00
Rob Winch 12bd506ee7 AutowireBeanFactoryObjectPostProcessorTests groovy->java 
Issue: gh-4939
 2018-02-06 11:13:00 -06:00
Rob Winch eb6d84eb36 MyAdvisedBean groovy->java 
Issue: gh-4939
 2018-02-06 11:12:47 -06:00
Rob Winch 3cb06ec581 AroundMethodInterceptor groovy->java 
Issue: gh-4939
 2018-02-06 11:12:35 -06:00
Rob Winch 9df708dbba Add SpringTestRule.testConfigLocations 
Fixes: gh-5000
 2018-02-06 11:12:35 -06:00
Rob Winch 0d92adf1be PasswordEncoderConfigurerTests groovy->java 
Issue: gh-4939
 2018-02-05 17:13:21 -06:00
Rob Winch 886bfa3daa NamespacePasswordEncoderTests groovy->java 
Issue: gh-4939
 2018-02-05 16:46:42 -06:00
Rob Winch 70db508218 NamespaceJdbcUserServiceTests groovy->java 
Issue: gh-4939
 2018-02-05 15:27:28 -06:00
Rob Winch a0918dd6d4 NamespaceAuthenticationProviderTests groovy->java 
Issue: gh-4939
 2018-02-05 14:53:50 -06:00
Rob Winch 959f689e4e NamespaceAuthenticationManagerTests groovy->java 
Issue: gh-4939
 2018-02-02 16:56:45 -06:00
Joe Grandja 1cb581a0c6 AbstractConfiguredSecurityBuilderTests, AbstractRequestMatcherRegistryTests -> .java 
Issue gh-4939
 2018-02-02 16:45:44 -05:00
Rob Winch 87a216a6e6 AuthenticationManagerBuilderTests -> .java 
Issue: gh-4939
 2018-01-26 16:50:33 -06:00
Rob Winch 8d96e83767 Fix checkstyle 2018-01-26 15:31:24 -06:00
Rob Winch e5d40c0599 AuthenticationConfigurationTests -> java 
Issue: gh-4939
 2018-01-26 15:14:34 -06:00
Rob Winch 0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Joe Grandja 900ab1df81 Add javadoc for the OAuth 2.0 Security Configurer's 
Fixes gh-4972
 2018-01-24 06:18:08 -05:00
Joe Grandja 84679a5d64 Polish #4904 Support GrantedAuthoritiesMapper @Bean for oauth2Login 2018-01-23 12:14:57 -05:00
Kazuki Shimizu 444e2dade3 Support GrantedAuthoritiesMapper @Bean for oauth2Login 
Fixes gh-4880
 2018-01-23 09:51:14 -05:00
Rob Winch 91ef7ce1cf AuthenticationEventPublisher Bean used by Default 
Fixes: gh-4940
 2018-01-18 08:59:27 -06:00
Adolfo Eloy 196f02748d Migrate UserDetailsManagerConfigurerTests groovy->java 2018-01-10 16:13:08 -06:00
Johnny Lim f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Johnny Lim 921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Aygiz Shaymardanov cfe40358bd typo in java doc 2017-12-21 14:18:41 -06:00
Johnny Lim 316fd0572f Remove @Nullable annotations in UserDetailsMapFactoryBean 2017-12-21 14:08:05 -06:00
Eddú Meléndez c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00