Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,339 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1104 Commits

Author SHA1 Message Date
Joe Grandja 55224b58e0 Polish gh-12853 2023-03-20 15:47:00 -04:00
Josh Cummings a7562ad950
Update io.spring.javaformat to 0.0.38 
Closes gh-12891
 2023-03-20 10:44:35 -06:00
Steve Riesenberg 8c17b978c8
Add support for device authorization response 
Closes gh-12852
 2023-03-08 17:07:56 -06:00
Geon Park 613b16c247 NimbusReactiveJwtDecoder support mono chain 
Supports reactive exception handling when using PublicKeyReactiveJwtDecoderBuilder and SecretKeyReactiveJwtDecoderBuilder
 2023-02-07 13:37:23 -07:00
Marcus Da Coregio b237d7ee38 Merge branch '6.0.x' 
Closes gh-12621
 2023-02-03 12:31:08 -03:00
luamas 7409d14504 fix javax.json.bind.Jsonb to jakarta.json.bind.Jsonb 
Closes gh-12616
 2023-02-03 12:30:17 -03:00
Josh Cummings e7fb6d2e14
Merge branch '6.0.x' 
Closes gh-12496
 2023-01-06 12:56:45 -07:00
Josh Cummings 748e912685
Merge branch '5.8.x' into 6.0.x 
Closes gh-12495
 2023-01-06 12:56:21 -07:00
Josh Cummings 5e1db6a771
Merge branch '5.7.x' into 5.8.x 
Closes gh-12494
 2023-01-06 12:55:43 -07:00
Jon Kjennbakken 225dc593a8 Polish NimbusJwtDecoderTests 
- Add missing mock

Closes gh-12238
 2023-01-06 12:53:36 -07:00
Josh Cummings e0e9455f78
Merge branch '6.0.x' 
Closes gh-12441
 2022-12-19 16:01:26 -07:00
Josh Cummings 7bd6deccc3
Revert "Disable Some R2dbc Tests" 
This reverts commit 813179931a.

Closes gh-12339
 2022-12-19 15:42:22 -07:00
ch4mpy 7ad4ebd07a
Allow authentication details to be set by converter 
Prevent JwtAuthenticationProvider from setting authentication details
when jwtAuthenticationConverter returned an authentication instance
with non null details.

Closes gh-11822
 2022-12-12 18:55:08 -06:00
Josh Cummings 7561a02cdd
Merge branch '6.0.x' 2022-12-05 11:13:43 -07:00
Josh Cummings 813179931a
Disable Some R2dbc Tests 
Issue gh-12339
 2022-12-05 11:13:15 -07:00
Josh Cummings cd0f02de49
Polish authorities claim delimiter 
PR gh-12074
 2022-12-02 14:30:31 -07:00
Patrick Walter 9c9fd9f4bd
Add configurable authorities split regex 
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.

Closes gh-12074
 2022-12-02 14:30:30 -07:00
Josh Cummings b22bc42bb0
Merge branch '5.8.x' into 6.0.x 
Closes gh-12325
 2022-11-30 14:50:51 -07:00
Josh Cummings 29c00905ce
Merge branch '5.7.x' into 5.8.x 
Closes gh-12324
 2022-11-30 14:49:26 -07:00
Josh Cummings 667cab6cda
Merge branch '5.6.x' into 5.7.x 
Closes gh-12323
 2022-11-30 14:38:16 -07:00
이경욱 52c7141aac
Save Request Before Response Is Committed 
Specifically important for cookie-based authorization request
repositories.

Closes gh-11602
 2022-11-30 14:33:08 -07:00
Steve Riesenberg bb3d92e33a
Update r2dbc-h2 to 1.0.0.RELEASE 
Closes gh-12251
 2022-11-18 23:04:38 -06:00
Steve Riesenberg 4e88623873
Polish gh-12087 in 6.0 2022-11-17 14:31:44 -06:00
Steve Riesenberg a3d35ecf3c
Merge branch '5.8.x' 
Closes gh-12234
 2022-11-17 14:27:41 -06:00
Michael Sosa 52888d6206
Warn when AuthorizationGrantType does not match 
Log a warning when AuthorizationGrantType does not exactly match a
pre-defined constant.

Closes gh-11905
 2022-11-17 14:17:54 -06:00
Steve Riesenberg ce065a87da
Merge branch '5.8.x' 
Closes gh-12207
 2022-11-14 12:25:05 -06:00
Steve Riesenberg 71eb71d185
Merge branch '5.7.x' into 5.8.x 
Closes gh-12206
 2022-11-14 12:11:59 -06:00
Steve Riesenberg 67a1f0836b
Merge branch '5.6.x' into 5.7.x 
Closes gh-12205
 2022-11-14 12:10:55 -06:00
Steve Riesenberg fde26e003a
Request user info when AS returns no scopes 
Closes gh-12144
 2022-11-10 16:29:43 -06:00
Josh Cummings 5fe59cc635
Revert "Add configurable authorities split regex" 
This reverts commit e93ed6d94c.

This can't be merged until after the 6.0 release
 2022-11-01 17:39:26 -06:00
Patrick Walter e93ed6d94c Add configurable authorities split regex 
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
 2022-11-01 17:38:47 -06:00
Josh Cummings cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Steve Riesenberg 801ceb0832
Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg 66f2f1cde7
Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg 2915a70bf7
Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg 26a51ee198
Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg e7fe778abc
Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg 3e2ac82612
Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg 5560bbaa80
Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg 75004587a4
Fix scope mapping 
Issue gh-12101
 2022-10-28 11:00:27 -05:00
Josh Cummings f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler 
Closes gh-9429
 2022-10-13 20:03:03 -06:00
Josh Cummings 5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Josh Cummings 099aaa33ff
Remove Deprecation Markers 
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.

Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.

At that time, BearerTokenAuthenticationFilter can change to use
the handler.

Closes gh-11932
 2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux 200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
 2022-10-13 19:25:04 -06:00
Josh Cummings 14584b0562
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-10-05 23:50:54 -06:00
Marcus Da Coregio 7f0140278e Add native hint for OAuth2 Client's schemas 
Closes gh-11920
 2022-09-29 10:01:51 -03:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00