Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,305 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

527 Commits

Author SHA1 Message Date
Josh Cummings 02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Phil Clay cffad1be02 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 13:59:51 -05:00
Ankur Pathak c29309d744 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 13:59:51 -05:00
Joe Grandja 24500fa3ca Remove redundant validation for redirect-uri 
Fixes gh-7706
 2019-12-06 11:55:31 -05:00
Josh Cummings bb8706977d
Polish DefaultOAuth2AuthorizedClientManager 2019-12-02 16:05:17 -07:00
Joe Grandja 65513f2e3b Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 09:48:01 -05:00
Joe Grandja 80f256e425 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-7544
 2019-11-28 09:48:01 -05:00
Joe Grandja 07b8aa0b1f DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange 
Issue gh-7544
 2019-11-28 09:48:01 -05:00
Josh Cummings 6ff71d8113
Add OidcUserInfo.Builder 
Fixes gh-7593
 2019-11-26 16:12:06 -07:00
Josh Cummings c76775159c
Add OidcIdToken.Builder 
Fixes gh-7592
 2019-11-26 16:12:06 -07:00
Josh Cummings 22ae3eb765
Polish Error-handling Tests 
Tests should assert the error message content that Spring Security
controls.

Fixes gh-7647
 2019-11-14 16:13:39 -07:00
Rafiullah Hamedy 58ca81d500 Make jwks_uri optional for RFC 8414 and Required for OpenID Connect 
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata 
response is expected to return a valid jwks_uri, however, this field is 
optional in the Authorization Server Metadata response as per RFC 8414
specification.

Fixes gh-7512
 2019-11-11 10:34:06 -07:00
Josh Cummings ed02ef9773
Add Test for Malformed Scope 
Fixes gh-7563
 2019-10-28 16:55:56 -06:00
Josh Cummings 387f765595
Catch Malformed BearerTokenError Descriptions 
Fixes gh-7549
 2019-10-28 12:30:27 -06:00
Phil Clay 8584b12c8d Make saveAuthorizedClient save the authorized client 
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.

Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.

Fixes gh-7546
 2019-10-23 12:12:23 -04:00
Joe Grandja 1c53a7859b Fix access token expiry check with clock skew 
Fixes gh-7511
 2019-10-22 21:54:55 -04:00
Everett Irwin 6ad328f909 Add Clock Skew Tests 
Fixes gh-7511

Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
 2019-10-17 20:19:47 -06:00
Josh Cummings adf9769eed
Add ClientRegistration.withClientRegistration 
Fixes gh-7486
 2019-09-27 14:17:50 -06:00
Josh Cummings 33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja 7217bb5eb0 Remove FIXME in OAuth2LoginReactiveAuthenticationManager 2019-09-27 12:13:13 -04:00
Joe Grandja 2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Joe Grandja 9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Rob Winch ff54eb878a Use Schedulers.boundedElastic() 
Fixes gh-7457
 2019-09-19 13:51:06 -05:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Josh Cummings 05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings 40901fe072
Jwt.Builder#notBefore Value Is Instant 
Fixes gh-7442
 2019-09-16 14:00:25 -06:00
Joe Grandja 88c749263b Polish javadoc for OAuth2AuthorizedClientManager 2019-09-12 19:25:49 -04:00
Josh Cummings 101e0a21a8 Bearer WebClient Filter Authentication Propagation 
Fixes: gh-7418
 2019-09-11 16:27:21 +01:00
Joe Grandja dcdeab596d DefaultReactiveOAuth2AuthorizedClientManager defaults ServerWebExchange 
Fixes gh-7390
 2019-09-10 11:40:28 -04:00
Eddú Meléndez 91bf1c782a Make OAuth2User extends OAuth2AuthenticatedPrincipal 
Fixes gh-7378
 2019-09-09 14:36:35 +01:00
Joe Grandja 93cda94969 Add attributes Consumer to OAuth2AuthorizationContext 
Fixes gh-7385
 2019-09-06 08:01:59 -04:00
Joe Grandja f7d03858f1 OAuth2AuthorizedClientManager implementation works outside of request 
Fixes gh-6780
 2019-09-06 06:10:36 -04:00
Joe Grandja a60446836b OAuth2AuthorizeRequest supports attributes 
Fixes gh-7341
 2019-09-05 21:04:25 -04:00
Rob Winch 2a3bf9b6bb DefaultReactiveOAuth2UserService IOException 
Improve handling of IOException to report an
AuthenticationServiceExceptionThere are many reasons that a
DefaultReactiveOAuth2UserService might fail due to an IOException
(i.e. SSLHandshakeException). In those cases we should use a
AuthenticationServiceException so that users are aware there is likely
some misconfiguration.

Fixes gh-7370
 2019-09-05 13:31:30 -05:00
Andreas Kluth c46b224ec4 Remove OAuth2AuthorizationRequest when a distributed session is used 
Dirties the WebSession by putting the amended AUTHORIZATION_REQUEST map into
the WebSession even it was already in the map. This causes common SessionRepository
implementations like Redis to persist the updated attribute.

Fixes gh-7327

Author: Andreas Kluth <mail@andreaskluth.net>
 2019-09-05 09:31:32 -04:00
Josh Cummings 099d49aa40 Simplify currentAuthentication() 2019-09-04 15:33:41 -06:00
Josh Cummings 40ff837713 Polish Server|ServletBearerExchangeFilterFunction 
Fixes gh-7353
 2019-09-04 15:33:41 -06:00
Joe Grandja e6618d4d50 Removed unused OAuth2AuthorizedClientResolver 
Fixes gh-7357
 2019-09-04 16:56:40 -04:00
Josh Cummings 833bfd0c22 Add Authorities from Access Token 2019-09-04 14:15:28 -06:00
Josh Cummings aa1c80c801 Grant Individual Authorities From Claims 
Fixes gh-7339
 2019-09-04 14:15:28 -06:00
Joe Grandja 409285fb3d Fix test 
Issue gh-7350
 2019-09-04 14:27:01 -04:00
Joe Grandja 0ac8618eac Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper 
Fixes gh-7350
 2019-09-04 14:07:45 -04:00
Joe Grandja dcd997ea43 Add support for Resource Owner Password Credentials grant 
Fixes gh-6003
 2019-09-04 14:07:45 -04:00
Josh Cummings d7f7e9d4b7 Add Jwt to BearerTokenAuthentication Converter 
Fixes gh-7346
 2019-09-03 15:58:05 -06:00
Josh Cummings 068f4f0147 Polish Opaque Token 
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.

Fixes gh-7344
Fixes gh-7345
 2019-09-03 15:58:05 -06:00
Josh Cummings c019507770 Add BearerTokenAuthentication 
Fixes gh-7343
 2019-09-03 15:58:05 -06:00
Josh Cummings 346b8c2cff Add OAuth2AuthenticatedPrincipal 
Fixes gh-7342
 2019-09-03 15:58:05 -06:00
Josh Cummings f350988285 Add Servlet and ServerBearerExchangeFilterFunction 
Fixes gh-5334
Fixes gh-7284
 2019-09-03 15:29:06 -06:00