Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,305 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8305 Commits

Author SHA1 Message Date
Filip Hanik adde18b873 Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception" 
This reverts commit e9619fb0e7, reversing
changes made to 45a1490d5d.
 2019-09-24 16:05:09 -07:00
Filip Hanik e9619fb0e7
Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception 
Propagate saml authentication exception #7375

Fixes gh-7375
 2019-09-24 15:26:38 -07:00
Filip Hanik d472e99528 SAML Assertion validation should propagate errors: #7375 and #7375 
Fixes gh-7377
Fixes gh-7375

https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
 2019-09-24 14:40:39 -07:00
Filip Hanik 20033ffd4a OpenSAML expects type `long` representing millis for response time validation skew 
Fixes gh-7448

https://github.com/spring-projects/spring-security/issues/7448
 2019-09-24 14:40:39 -07:00
Rob Winch 45a1490d5d Fix ClassCastException for JDK 9+ 
AuthenticationPrincipalArgumentResolverTests failed in JDK 9+ due to
its improved generic support and a ClassCastException.

Issue gh-7363
 2019-09-24 15:45:44 -05:00
Jesús Ascama ceab56f764 Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrder.AUTHORIZATION 
Fixes gh-7434
 2019-09-24 15:39:25 -05:00
Rob Winch b09e9f1896 Add Reactive Messaging AuthenticationPrincipalArgumentResolver 
Fixes gh-7363
 2019-09-24 15:11:23 -05:00
Joe Grandja 9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
evfool 6f6f5a12da Fixed typo in comment 2019-09-23 10:13:49 -06:00
Eleftheria Stein 98e75eb51a Fix Javadoc for anonymous 2019-09-23 11:06:28 -04:00
Josh Cummings 4fa1d08e20
Restructure Docs 
Issue gh-5935
 2019-09-22 01:16:55 -06:00
Joe Grandja c5fd646afc Update ref doc for OAuth2AuthorizationRequestResolver 
Fixes gh-7405
 2019-09-20 20:56:51 -04:00
Joe Grandja 324e066717 Polish ref doc for RegisteredOAuth2AuthorizedClient 2019-09-20 16:18:29 -04:00
Joe Grandja 076692ceef Polish ref doc for oauth2-client 2019-09-20 16:18:29 -04:00
Joe Grandja 52f0e5287b Update ref doc for oauth2-client WebClient integration 
Fixes gh-7404
 2019-09-20 16:18:29 -04:00
Josh Cummings 38e87568a6
Document Clear Site Data 
Fixes gh-7463
 2019-09-20 13:02:06 -06:00
Josh Cummings 124d9964d7
Document Bearer Token Propagation 
Fixes gh-7461
 2019-09-20 12:05:24 -06:00
Josh Cummings 3a9ee46719
Document RFC 8414 Support 
Fixes gh-7462
 2019-09-20 10:53:53 -06:00
Josh Cummings b91668a34d
Break Out Resource Server Documentation 
Issue gh-5935
 2019-09-20 09:52:29 -06:00
Josh Cummings f22fdf1bc0
Align OAuth Reactive/Servlet Resource Server Docs 
Fixes gh-7430
Fixes gh-7425
Fixes gh-7460
 2019-09-19 17:15:01 -06:00
Joe Grandja c1ae997adc Update ref doc for OAuth2AuthorizedClientManager 
Issue gh-7403
 2019-09-19 15:33:42 -04:00
Rob Winch ff54eb878a Use Schedulers.boundedElastic() 
Fixes gh-7457
 2019-09-19 13:51:06 -05:00
Rob Winch cb5c58eeaa AbstractUserDetailsReactiveAuthenticationManager uses newParallel 
It is recommended to use newParallel to avoid impacting the timed
operations which all use parallel()

Fixes gh-7456
 2019-09-19 13:43:25 -05:00
Joe Grandja eeb0f56bac Add ref doc for password grant 
Fixes gh-7397
 2019-09-19 14:00:45 -04:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Ebert Toribio 3a66191756 Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 
See Fixes gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-18 21:17:09 -05:00
Joe Grandja 3425db6d16 Fix typo 2019-09-18 19:54:37 -04:00
Joe Grandja e8d98a54b7 Add ref doc for refresh_token grant 
Fixes gh-7398
 2019-09-18 19:54:37 -04:00
Onur Kagan Ozcan 034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Manuel Tejeda 9926ad68b8 add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-18 07:59:20 -05:00
Jesús Ascama daf6b53e3a Add denyAll method in AuthorizePayloadsSpec.Access 
See gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-17 20:17:10 -05:00
Josh Cummings 7576dc44d7
AuthenticationFilter Session Fixation Protection 
Fixes gh-7446
 2019-09-17 08:17:09 -06:00
Josh Cummings 496a2cdc60
Make AuthenticationFilter methods private 
Fixes gh-7447
 2019-09-17 08:06:21 -06:00
Josh Cummings 05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings 40901fe072
Jwt.Builder#notBefore Value Is Instant 
Fixes gh-7442
 2019-09-16 14:00:25 -06:00
Josh Cummings 1176d0cfdb
Polish DefaultFilters,Issue55Tests 
Formatted HttpSecurity and WebSecurity configuration stacks
Removed unnecessary code

Issue gh-4939
 2019-09-16 13:56:17 -06:00
kostya05983 950e6422a1
Migrate DefaultFilters,Issue55Tests groovy->java 
Issue gh-4939
 2019-09-16 13:37:22 -06:00
Joe Grandja 5aa37722b9 Add ref doc for client_credentials grant 
Fixes gh-6206
 2019-09-16 15:14:34 -04:00
Joe Grandja 8aa55fe81b Update auth_code ref doc for oauth2-client 2019-09-16 09:37:37 -04:00
Josh Cummings 338b637ab5
Document Mock Jwt Testing 
Fixes gh-7242
 2019-09-16 07:34:37 -06:00
Josh Cummings bdaf530511
Remove Stray @MockBean 
Issue gh-7170
 2019-09-16 06:56:58 -06:00
Andreas Falk a085a12c99 Fix wrong java runtime version mentioned in reference doc 
The reference documentation still referred to Java 5.0 as minimum
runtime version which is wrong.
This commit changes this to the correct
Java 8 runtime version as required minimum version.
In addition it corrects a fuzzy wording regarding stripping down the
`spring-security-core` jar.

Fixes gh-7440
 2019-09-16 13:09:57 +01:00
Joe Grandja 1c257afa79 Update ref doc for oauth2-client 2019-09-13 21:07:26 -04:00
Josh Cummings b55b2914c2 Mock Jwt Disables CSRF 
Fixes gh-7170
 2019-09-13 19:04:05 +01:00
Josh Cummings aa12748c9b Add Request-level CSRF Skip 
Fixes gh-7367
 2019-09-13 19:04:05 +01:00
Joe Grandja 9920cb41d1 Update ref doc copyright year 2019-09-12 19:28:01 -04:00
Joe Grandja 88c749263b Polish javadoc for OAuth2AuthorizedClientManager 2019-09-12 19:25:49 -04:00
Joe Grandja 33837d21be Polish oauth2-client ref doc 2019-09-12 18:57:57 -04:00
Joe Grandja cb5f9856fe Reorganize ref doc sections for oauth2-client 
Fixes gh-7428
 2019-09-12 18:42:23 -04:00
Joe Grandja 810e4cbbef Document OAuth2AuthorizedClientManager/Provider 
Fixes gh-7403
 2019-09-12 18:42:23 -04:00