Johnny Lim
921157cdcd
Remove explicit super() calls
2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5
Use diamond type
2017-12-21 15:09:00 -06:00
Eddú Meléndez
c16456623f
Remove unused imports
2017-12-20 16:05:38 -06:00
Rob Winch
70be0f3619
Mono<CsrfToken> saveToken->Mono<Void>
...
Issue: gh-4856
2017-11-20 16:30:29 -06:00
Rob Winch
d55db837e1
CsrfWebFilter places Mono<CsrfToken>
...
Fixes: gh-4855
2017-11-20 16:30:29 -06:00
Johnny Lim
701933c7f7
Fix copyright start years
...
See gh-4655
See gh-4725
2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5
Apply Checkstyle EmptyStatementCheck module
...
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
2017-11-16 20:18:21 -06:00
Rob Winch
be397b8b33
WebSessionServerSecurityContextRepository Polish
...
- map(WebSession::getAttributes)
- use Mono.justOrEmpty
Issue: gh-4843
2017-11-16 15:54:33 -06:00
Rob Winch
8d30d6110b
WebSessionSecurityContextRepository custom session attribute name
...
Fixes: gh-4843
2017-11-16 15:54:21 -06:00
Rob Winch
b7529be3d0
WebSessionSecurityContextRepository changes session id
...
Fixes: gh-4842
2017-11-16 15:46:26 -06:00
Rob Winch
b19e14330f
WebSessionServerCsrfTokenRepository session fixation protection
...
Issue: gh-4842
2017-11-16 15:45:57 -06:00
Rob Winch
75a7c5268a
ServerRequestCache.removeMatchingRequest
...
Issue: gh-4789
2017-11-16 15:44:32 -06:00
Benedikt Ritter
fffd781b03
Add localization to error messages from ExceptionTranslationFilter
...
Fixes gh-4504
2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359
Apply Checkstyle WhitespaceAfterCheck module
2017-11-16 11:18:31 -06:00
Rob Winch
64ad08e96d
ServerRedirectCache.getRequest->getRedirectUri
...
Issue: gh-4789
2017-11-15 15:10:47 -06:00
Rob Winch
1d9b0760d5
ServerRequestCache uses URI
...
Issue: gh-4789
2017-11-15 12:54:05 -06:00
Rob Winch
942b51dba7
Reactive Basic does not create session by default
...
Fixes: gh-4825
2017-11-15 12:50:29 -06:00
Rob Winch
5f79fdd3eb
requiresLogoutMatcher naming polish
...
Issue: gh-4822
2017-11-14 16:42:41 -06:00
Rob Winch
c1f94156f9
serverWebExchange->exchange
...
Issue: gh-4822
2017-11-14 16:42:38 -06:00
Rob Winch
11f6e0477c
serverLogoutSuccessHandler->logoutSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:36 -06:00
Rob Winch
bf570854b8
serverLogoutHandler->logoutHandler
...
Issue: gh-4822
2017-11-14 16:42:33 -06:00
Rob Winch
1c977ca15f
serverRedirectStrategy->redirectStrategy
...
Issue: gh-4822
2017-11-14 16:42:30 -06:00
Rob Winch
2cbdb4ba02
serverCsrfTokenRepository->csrfTokenRepository
...
Issue: gh-4822
2017-11-14 16:42:27 -06:00
Rob Winch
3bfda6cff7
serverAccessDeniedHandler->accessDeniedHandler
...
Issue: gh-4822
2017-11-14 16:42:24 -06:00
Rob Winch
9e82fc0b83
serverAuthenticationEntryPoint->authenticationEntryPoint
...
Issue: gh-4822
2017-11-14 16:42:20 -06:00
Rob Winch
9cf0dc6b38
serverWebExchange->webExchange
...
Issue: gh-4822
2017-11-14 16:42:17 -06:00
Rob Winch
520e0a5a68
serverAuthenticationSuccessHandler->authenticationSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:14 -06:00
Rob Winch
5c83f92ddc
serverAuthenticationFailureHandler->authenticationFailureHandler
...
Issue: gh-4822
2017-11-14 16:42:10 -06:00
Rob Winch
692233e431
ServerSecurityContextRepository members to securityContextRepository
...
Issue: gh-4822
2017-11-14 16:42:06 -06:00
Johnny Lim
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
Rob Winch
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
2017-11-13 15:49:34 -06:00
Rob Winch
8f6491b281
Add RedirectServerAuthenticationFailureHandler
...
Fixes gh-4816
2017-11-13 15:49:20 -06:00
Rob Winch
060d8689fe
Make RedirectServer*Tests less specific
...
Issue: gh-4816
2017-11-13 15:49:06 -06:00
Johnny Lim
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
Rob Winch
676020321e
Add reactive CsrfRequestDataValueProcessor
...
Fixes gh-4762
2017-11-07 22:25:36 -06:00
Rob Winch
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
2017-11-07 22:25:23 -06:00
Rob Winch
776364d403
ServerCsrfTokenRepository.saveToken return Mono<CsrfToken>
...
Fixes gh-4800
2017-11-07 22:24:53 -06:00
Rob Winch
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
2017-11-07 22:24:42 -06:00
Frank Pavageau
35706ad60a
Deserialize the principal in a neutral way
...
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b
Map values directly from the JSON nodes
...
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
SignleMR
a1fdb7dcb3
Update AbstractRememberMeServices.java
...
this file`s file encode is unkown,maybe is "Eddu Melendez"
2017-10-30 00:50:23 -05:00
Jeremy Waters
832f5c39c1
SEC-3190: Add support for colons in remember-me token values
...
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons. so this
change urlencodes the individual tokens when creating the cookie
string; and urldecodes them decoding the cookie and extracting the
tokens. This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
2017-10-30 00:33:14 -05:00
Rob Winch
93ac706d86
Polish XFrameOptionsHeaderWriter
...
Issue: gh-4559
2017-10-29 23:32:53 -05:00
Nathan Wong
02a78b17b9
Add check to see if return value is DENY
...
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.
This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
2017-10-29 23:32:53 -05:00
Antoine
bed4ec7d18
Fix leading space characters reported by checkstyle
2017-10-29 22:22:34 -05:00
Antoine
0771778b81
Polish more AssertJ assertions
2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Rob Winch
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
Rob Winch
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
Rob Winch
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00