7619556066
FormLoginBuilder->FormLoginSpec
...
Issue: gh-4822
2017-11-14 16:41:55 -06:00
83d4abb1c6
RequestCacheBuilder->RequestCacheSpec
...
Issue: gh-4822
2017-11-14 16:41:51 -06:00
eb7edf7092
HttpBasicBuilder->HttpBasicSpec
...
Issue: gh-4822
2017-11-14 16:41:47 -06:00
01154614d1
ExceptionHandlingBuilder->ExceptionHandlingSpec
...
Issue: gh-4822
2017-11-14 16:41:38 -06:00
903cbd7c35
CsrfBuilder->CsrfSpec
...
Issue: gh-4822
2017-11-14 16:41:31 -06:00
fd4726afaf
HeadersBuilder-HeadersSpec
...
Issue: gh-4822
2017-11-14 16:41:25 -06:00
53ddbfc0ab
AuthorizedExchangeBuilder->AuthorizedExchangeSpec
...
Issue: gh-4822
2017-11-14 16:41:08 -06:00
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
872a8f3189
Change constructor param order in oauth2 client filters
...
Fixes gh-4818
2017-11-13 17:32:22 -05:00
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
2017-11-13 15:49:34 -06:00
1ea66378f5
ServerHttpSecurity uses RedirectServerAuthenticationFailureHandler
...
Issue: gh-4816
2017-11-13 15:49:26 -06:00
3c7fb977fe
WebTestClientHtmlUnitDriverBuilder uses WebTestClient for localhost
...
Fixes gh-4815
2017-11-13 15:48:52 -06:00
aa9e057ba8
Fix CNF exception if oauth2-jose dependency not included
...
Fixes gh-4753
2017-11-12 12:27:18 -05:00
f2ccc53549
Add UserDetailsMapFactoryBean
...
Fixes gh-4804
2017-11-09 14:01:43 -06:00
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
adec62cdf2
EnableWebFluxSecurity creates CsrfRequestDataValueProcessor
...
Fixes gh-4762
2017-11-07 22:25:48 -06:00
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
2017-11-07 22:25:23 -06:00
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
2017-11-07 22:24:42 -06:00
c7c84e0996
Fix CustomLoginPage test
...
Fixes gh-4797
2017-11-07 22:24:21 -06:00
1506dcd413
SpringTestContext.getContext()
...
Add accessor method for SpringTestContext.getContext()
Fixes gh-4796
2017-11-07 22:24:15 -06:00
21aec19d42
Add FormLoginBuilder.serverAuthenticationSuccessHandler
...
Fixes: gh-4786
2017-11-03 08:47:59 -05:00
1d4c7da1e1
Fix WebTestClientWebConnection for redirects
2017-11-03 08:46:56 -05:00
06c4bffc5f
Use id field instead of name field for GitHub and Facebook providers.
...
Fixes gh-4764
2017-11-01 10:48:57 -04:00
d664ff2e26
Lookup HandlerMappingIntrospector from Bean
2017-10-30 16:27:50 -05:00
ef9cd76607
Polish oauth2
...
Fixes gh-4758
2017-10-30 16:49:01 -04:00
511d702ee0
Remove JwtDecoderRegistry
...
Fixes gh-4754
2017-10-30 12:52:42 -04:00
727098d6c0
Fix NPE when configuring oauth2Login.loginPage
...
Fixes gh-4752
2017-10-30 06:26:07 -04:00
5280ac40e9
WebMvcConfigurerAdapter->WebMvcConfigurer
...
Fixes gh-4612
2017-10-30 01:30:08 -05:00
3d5989dea4
Change a default realm name
...
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.
Fixes gh-4220
2017-10-30 00:59:39 -05:00
4295461830
ServerHttpSecurity extracts WebFilter from OrderedWebFilter
...
Fixes gh-4736
2017-10-30 00:45:26 -05:00
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
70165869b1
Add UnboundId LDAP inmemory support
...
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
2017-10-29 21:59:55 -05:00
9a4513356d
Configure default OAuth2AuthorizedClientService
...
Fixes gh-4751
2017-10-29 22:45:57 -04:00
4fa9b4dd15
Add ServerHttpSecurity.exceptionHandling()
...
Fixes gh-4750
2017-10-29 21:00:10 -05:00
5fa822d114
Expose custom config for OidcUserService
...
Fixes gh-4715
2017-10-29 21:33:51 -04:00
a261c9a047
Polish OAuth2LoginConfigurer
...
Fixes gh-4747
2017-10-29 21:33:51 -04:00
a3e38fec47
Remove AuthorizationRequestUriBuilder
...
Make this API private since we don't have concrete use cases for exposing
it yet.
Fixes gh-4742
2017-10-29 19:50:02 -05:00
c3d2effc1d
Polish OAuth2AuthorizedClientService
...
Fixes gh-4746
2017-10-29 20:25:03 -04:00
e4887057bc
Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient
...
Fixes gh-4741
2017-10-29 17:49:15 -04:00
e2dd037b4a
Default WebFlux headers and Logout
2017-10-29 15:06:06 -05:00
6fbd435bdf
OAuth2LoginAuthenticationFilter requires collaborators
...
Fixes gh-4661
2017-10-29 04:41:23 -04:00
5a7466512e
Expose default constructor in AbstractAuthenticationFilterConfigurer
...
Fixes gh-4737
2017-10-29 04:41:23 -04:00
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00
f040bd054d
Javadoc @EnableWebFluxSecurity
2017-10-28 22:59:24 -05:00
b394ae5d5e
Polish
...
Restructure WebFluxSecurityConfiguration for easier copy paste of
default ServerHttpSecurity Bean
2017-10-28 22:59:24 -05:00
77acb34bcd
Add spring-security-test to spring-security-config test dependencies
2017-10-28 22:58:55 -05:00
b471dd1c54
Remove OAuth2TokenRepository
...
Fixes gh-4727
2017-10-28 21:40:33 -04:00
83dc902ff7
Map CustomUserTypesOAuth2UserService using clientRegistrationId
...
Fixes gh-4692
2017-10-28 18:11:39 -04:00
ddf87b54f7
Polish OAuth2LoginConfigurer
...
Fixes gh-4731
2017-10-28 17:48:45 -04:00
0c68eb1821
Re-factor OAuth2AuthorizationCodeAuthenticationToken
...
Fixes gh-4730
2017-10-28 17:15:31 -04:00
64d8c8b8a9
Re-factor AuthorizationGrantTokenExchanger
...
Fixes gh-4728
2017-10-28 17:12:14 -04:00
16e69d06b4
Add OAuth2AuthorizedClientService
...
Fixes gh-4726
2017-10-28 17:12:14 -04:00
67bac28481
OAuth2UserService uses OAuth2UserRequest
...
Fixes gh-4724
2017-10-27 22:34:25 -04:00
3d319f7592
Make AuthorizationRequestRepository a Generic
...
Fixes gh-4723
2017-10-27 21:31:45 -04:00
9afefef3b9
Polish class names in oauth2-client
...
Fixes gh-4722
2017-10-27 21:00:52 -04:00
34668e05af
Polish class names in oauth2-core
...
Fixes gh-4720
2017-10-27 20:42:58 -04:00
2060125ebd
ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:52 -05:00
3281cea46a
Default use WebSessionServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:47 -05:00
faa0bd7143
Update WebFilter ordering
...
Issue: gh-4719
2017-10-27 18:17:44 -05:00
9c31041dce
EnableWebFluxSecurityTests fixes
...
Issue: gh-4719
2017-10-27 18:17:25 -05:00
437ba56415
ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter
...
Issue: gh-4719
2017-10-27 18:17:10 -05:00
8527daa22a
Make OAuth2UserService Generic using OAuth2AuthorizedClient and OAuth2User types
...
Fixes gh-4706
2017-10-27 11:49:29 -04:00
3b80b6ded8
Move AuthorizationRequestUriBuilder to oauth2-client
...
Fixes gh-4703
2017-10-26 21:23:06 -04:00
747473257f
Use ReactorSecurityContextHolder
...
Issue gh-4713
2017-10-26 20:11:42 -05:00
e23134c3ed
Add LogoutBuilder ServerLogoutSuccessHandler
...
Fixes gh-4714
2017-10-26 20:11:42 -05:00
ef197d8215
Move JwtDecoderRegistry to oauth2.client.jwt package
...
Fixes gh-4705
2017-10-26 21:06:28 -04:00
70543dcb30
Move oidc package in oauth2-core and oauth2-client
...
Fixes gh-4710
2017-10-26 21:06:28 -04:00
86875e117b
Prevent ServerHttpSecurity from being built twice
...
Issue: gh-4711
2017-10-26 19:48:38 -05:00
36501f4530
Remove ServerHttpSecurity duplicate build
...
WebFluxSecurityConfiguration invoked build twice
which caused each WebFilter to be added twice
Fixes gh-4711
2017-10-26 19:48:32 -05:00
ef83bc8dd7
Move package client.authentication.userinfo -> client.userinfo
...
Fixes gh-4708
2017-10-26 15:39:04 -04:00
027ea78dab
Revert "Move OAuth2LoginAuthenticationProvider into userinfo package"
...
This reverts commit 54547f35b7
2017-10-26 14:55:25 -04:00
942b647c0d
OAuth2LoginAuthenticationFilter processes uri /login/oauth2/code/*
...
Issue gh-4687
2017-10-26 14:20:19 -04:00
54547f35b7
Move OAuth2LoginAuthenticationProvider into userinfo package
...
Fix package tangles. OAuth2LoginAuthenticationProvider requires
OAuth2UserService which is in a child package. We should move
OAuth2LoginAuthenticationProvider to the same package.
Issue: gh-4614
2017-10-26 11:22:21 -05:00
875aae012b
Polish
2017-10-26 07:50:32 -05:00
d0a4e49870
Map custom OAuth2User types using String
...
Fixes gh-4691
2017-10-25 17:13:44 -04:00
9fbea5a11e
Refactor SecurityTokenRepository
...
Fixes gh-4650
2017-10-25 16:00:34 -04:00
44b41e78cd
Flux member variables in favor of Collections
...
Fix gh-4694
2017-10-25 07:41:37 -05:00
3b85512e48
Polish
...
Issue gh-4694
2017-10-25 07:41:29 -05:00
4dbbcabacf
Rename AuthorizationCodeAuthenticationProvider -> OAuth2LoginAuthenticationProvider
...
Fixes gh-4690
2017-10-24 15:24:26 -04:00
049080290e
Refactor OAuth2 AuthenticationProvider's
...
Fixes gh-4689
2017-10-24 15:24:26 -04:00
0fb32a052e
OAuth2LoginAuthenticationFilter processes uri /login/oauth2/*
...
Fixes gh-4687
2017-10-24 15:24:26 -04:00
4ae24f2fbe
Rename AuthorizationCodeAuthenticationFilter -> OAuth2LoginAuthenticationFilter
...
Fixes gh-4686
2017-10-24 15:24:25 -04:00
09a94a4ef4
Merge AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
...
Fixes gh-4684
2017-10-24 15:24:25 -04:00
8291f20796
DaoAuthenticationProvider uses DelegatingPasswordEncoder
...
This means that passwords will be encoded with BCrypt by default
Fixes: gh-2775
2017-10-24 07:56:28 -05:00
d19b222b55
UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder
...
This means passwords will be encoded with BCrypt by default
Issue: gh-2775
2017-10-24 07:56:28 -05:00
cdc992b132
Remove SaltSource
...
Fixes gh-4681
2017-10-24 07:56:28 -05:00
4529e09339
Remove PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:28 -05:00
3a4a32e654
Remove LdapShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:20 -05:00
6a3e981c80
Remove BaseDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:40 -05:00
a8aa65b828
Remove Md4PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:32 -05:00
12dbf2e961
Remove PlainTextPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
40fd8d7aa7
Remove ShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
e98fc3556e
Remove Md5PasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
7c95c88601
Add User/UserBuilder in UserDetailsManagerConfigurer
...
Fixes gh-4679
2017-10-23 22:27:16 -05:00
c5d4041ca8
Add 5.0.xsd
...
Fixes gh-4675
2017-10-23 22:27:16 -05:00
6d7d34c549
Move AuthorizationRequestUriBuilder and DefaultAuthorizationRequestUriBuilder
...
Fixes gh-4658
2017-10-23 10:19:31 -04:00
f0c9f85292
spring-security-jwt-jose -> spring-security-oauth2-jose
...
Fixes gh-4595
2017-10-23 09:04:01 -04:00
8e3a2a7123
Remove AuthorizationCodeAuthenticationFilter.AuthorizationResponseMatcher
...
Fixes gh-4654
2017-10-20 06:09:31 -04:00
eb82a79068
OAuth2 login url starts with /login/
...
Fixes gh-4659
2017-10-19 17:32:21 -04:00
d4dac21ca5
Make ClientRegistration.Builder constructor private
...
Fixes gh-4656
2017-10-19 14:15:59 -04:00
1f5edc98d5
ClientRegistration.Builder.scopes -> scope
...
Fixes gh-4663
2017-10-19 11:24:01 -04:00
1e891b38ab
Rename scope -> scopes for Set types
...
Fixes gh-4644
2017-10-18 17:56:39 -04:00
b81c1ce2c0
Move spring-security-webflux into spring-security-web
...
Fixes gh-4662
2017-10-18 16:20:09 -05:00
d231441cc0
EnableWebFluxSecurityTests uses SpringTestRule
...
This will hopefully resolve the periodic failures in
EnableWebFluxSecurityTests
2017-10-18 15:14:43 -05:00
9d46af3d7c
Introduce SpringTestContext
...
This adds support for testing different configurations per method.
2017-10-18 15:14:43 -05:00
7b8d131386
Fix package tangles -> OAuth2/Oidc AuthenticationProvider's
...
Fixes gh-4614
2017-10-16 20:56:32 -04:00
25052214ae
Polish
2017-10-16 18:33:27 -05:00
a74f7c6faa
Fix CSRF / DefaultLoginPageGeneratingFilter package tangle
...
Issue: gh-4636
2017-10-16 16:36:49 -05:00
7fd1cff3ce
Fix PrePostAdviceReactiveMethodInterceptor tangle
...
Issue: gh-4636
2017-10-16 16:36:43 -05:00
579282437b
Move GlobalAuthenticationConfigurerAdapter
...
Issue: gh-4636
2017-10-16 16:36:33 -05:00
a7d054c9f3
Remove AuthorizationGrantAuthenticator
2017-10-16 13:43:11 -04:00
3c824dc44b
Fix package tangles -> OAuth2UserService
...
Fixes gh-4614
2017-10-13 18:59:41 -04:00
cfa4858b04
Fix package tangles -> AuthorizationGrantTokenExchanger
...
Fixes gh-4614
2017-10-13 16:35:48 -04:00
c441f99567
Polish oauth2-client
2017-10-13 07:09:00 -04:00
211e8eae90
Remove formLogin() and httpBasic() from defaults
2017-10-12 16:41:01 -05:00
5fae710d69
Polish ServerHttpSecurityConfigurationBuilder
...
Fix copyright
2017-10-12 16:20:18 -05:00
30487c3b4b
Polish ServerHttpSecurity testing
2017-10-12 15:54:54 -05:00
015cc2203e
Fix ServerHttpSecurity
2017-10-12 15:54:54 -05:00
91d9404828
Fixed typo in HttpSecurity.authorizeRequests javadoc
2017-10-12 07:36:37 -05:00
18df9a869e
Move config AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
2017-10-11 17:39:21 -04:00
247f737bc8
Move HttpBasicServerAuthenticationEntryPoint
...
Move it up a package as www is too sparse. This is different than servlet
based support, but we also are now using a generic AuthenticationWebFilter
Fixes gh-4617
2017-10-11 16:24:14 -05:00
7271a427e8
SecurityContextServerRepository->ServerSecurityContextRepository
...
Issue gh-4615
2017-10-11 13:58:28 -05:00
792944eee7
HttpSecurity->ServerHttpSecurity
...
Issue gh-4615
2017-10-11 13:58:24 -05:00
185d3032f5
LogoutHandler->ServerLogoutHandler
...
Issue gh-4615
2017-10-11 13:58:21 -05:00
c9ce528206
AuthenticationFailureHandler->ServerAuthenticationFailureHandler
...
Issue gh-4615
2017-10-11 13:58:18 -05:00
897e7111e3
AccessDeniedHandler->ServerAccessDeniedHandler
...
Issue gh-4615
2017-10-11 13:58:14 -05:00
a5af2a07d7
HttpHeadersWriter->ServerHttpHeadersWriter
...
Issue gh-4615
2017-10-11 13:58:09 -05:00
2982b82b2d
AuthenticationSuccessHandler->ServerAuthenticationSuccessHandler
...
Issue gh-4615
2017-10-11 13:58:06 -05:00
b858985b0e
AuthenticationReactorContextFilter->AuthenticationReactorContextWebFilter
...
Issue gh-4615
2017-10-11 13:58:02 -05:00
bfcc2a602d
SecurityContextRepository->SecurityContextServerRepository
...
Issue gh-4615
2017-10-11 13:57:59 -05:00
e99e2a9f09
PrePostAdviceMethodInterceptor->PrePostAdviceReactiveMethodInterceptor
...
Issue gh-4615
2017-10-11 13:57:54 -05:00
d0de8d40dd
WebFilterChainFilter -> WebFilterChainProxy
...
Issue gh-4615
2017-10-11 13:57:50 -05:00
cfc5572b7a
AuthenticationEntryPoint->ServerAuthenticationEntryPoint
...
Issue gh-4615
2017-10-11 13:57:46 -05:00
8d4a73cf3f
Use Server<Description>AuthenticationConverter
...
Issue gh-4615
2017-10-11 13:57:43 -05:00
5502856095
UserDetailsRepositoryAuthenticationManager->UserDetailsRepositoryReactiveAuthenticationManager
...
Issue gh-4615
2017-10-11 13:57:35 -05:00
4681697581
UserDetailsRepository->ReactiveUserDetailsService
...
Issue gh-4615
2017-10-11 13:57:30 -05:00
f1bc82dcef
AuthenticatedAuthorizationManager->AuthenticatedReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:26 -05:00
866ce5eaec
AuthorityAuthorizationManager->AuthorityReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:08 -05:00
d840090cb0
Add support for implicit grant type
...
Fixes gh-4500
2017-10-11 13:54:59 -04:00
6963b3c5d5
Expose login page config for oauth2Login
...
Fixes gh-4570
2017-10-10 19:05:57 -04:00
da0a7afa38
Polish AuthorizationCodeAuthenticationFilter
...
Fixes gh-4599
2017-10-10 14:39:47 -04:00
efa4bf409c
Remove AuthorizationCodeRequestRedirectFilter. setAuthorizationRequestMatcher
2017-10-10 14:38:06 -04:00
6b16fa0d8c
Polish OAuth Security Configurers
2017-10-10 14:38:06 -04:00
23f56f568c
Update MockitJunitRunner import
...
Issue: gh-4608
2017-10-09 16:13:33 -05:00
445834784a
Update to Mockito 2.10.0
...
Issue: gh-4608
2017-10-09 16:13:11 -05:00
370fc48afe
Polish LogoutBuilder
...
Issue gh-4603
2017-10-06 16:37:11 -05:00
79e749790f
Add Reactive LogoutBuilder
...
Fixes gh-4541
2017-10-06 16:36:19 -05:00
c77cc72cd3
Fix EnableWebFluxSecurityTests
...
Fixes gh-4604
2017-10-06 16:28:57 -05:00
926ad45f21
Add default config for common OAuth2 Providers
...
Fixes gh-4597
2017-10-06 10:17:32 -04:00
29d36e4d16
Remove OAuth2ClientTemplatePropertiesLoader
...
Fixes gh-4598
2017-10-05 20:15:28 -04:00
1b7e761be4
Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor
...
Fixes gh-4591
2017-10-05 17:05:56 -04:00
eb320bfed4
AuthorizationCodeAuthenticationProcessingFilter -> AuthorizationCodeAuthenticationFilter
2017-10-05 16:40:12 -04:00
5c14e48b18
Add OAuth2UserAuthenticationProvider
...
Moved logic from AuthorizationCodeAuthenticationProvider
to OAuth2UserAuthenticationProvider (new) related to
loading user attributes via OAuth2UserService.
This re-factor is part of the work required for Issue gh-4513
2017-10-05 15:15:35 -04:00
f8a9077d5a
Generalize AuthorizationCodeAuthenticationProvider
...
The AuthorizationCodeAuthenticationProvider implements part of the
Authorization Code Grant flow as defined in
OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0.
The implementation needs to be de-coupled to allow for better re-use and readability.
This commit introduces the AuthorizationGrantAuthenticator and extracts logic from
AuthorizationCodeAuthenticationProvider and provides different implementations
for OAuth 2.0 and OpenID Connect 1.0.
This re-factor is part of the work required for Issue gh-4513
2017-10-05 05:02:22 -04:00
fb57111ecd
redirect-uri property supports 'baseRedirectUrl' uri variable
...
Fixes gh-4589
2017-10-02 15:29:03 -04:00
66647070ab
Default login page supports Iterable<ClientRegistration>
...
Fixes gh-4596
2017-09-29 19:54:17 -04:00
99f06ca58c
HttpSecurity invokes configure(this)
...
Issue gh-4542
2017-09-29 16:04:47 -05:00
b3bd5ba946
Add Reactive HttpSecurity.addWebFilterAt
...
Fixes gh-4542
2017-09-29 16:04:35 -05:00
737c48de06
Polish
2017-09-29 14:13:02 -05:00
b9258aa6ee
Make AuthorizationRequestUriBuilder optional
...
Fixes gh-4577
2017-09-28 16:43:11 -04:00
9a8ddebc94
Use param matching for Authorization Response
...
Fixes gh-4576
2017-09-28 10:21:01 -04:00
8448a54678
Remove ClientRegistrationRepository.getRegistrations()
...
Fixes gh-4582
2017-09-28 07:02:59 -04:00
b463f8e6b5
Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()
...
Related gh-4580
2017-09-27 15:39:39 -04:00
814742fef6
Rename ClientRegistration.clientAlias -> registrationId
...
Fixes gh-4575
2017-09-27 09:14:55 -04:00
38be35677d
Add userNameAttributeName to ClientRegistration
...
Fixes gh-4580
2017-09-26 21:55:19 -04:00
0e9b2807bf
Split up NimbusOAuth2UserService
...
Fixes gh-4447
2017-09-26 11:32:49 -04:00
6d26b86792
Add UserDetailsRepositoryResourceFactoryBean.fromString
...
Fixes gh-4566
2017-09-22 20:18:59 -05:00
a4c2073bcd
Add UserDetailsManagerResourceFactoryBean.fromString
...
Fixes gh-4567
2017-09-22 20:18:59 -05:00
bc99f8aff3
Add UserDetailsResourceFactoryBean.fromString
...
Fixes gh-4568
2017-09-22 20:18:59 -05:00
9e719bc313
Drop the `aopalliance:aopalliance` dependency
...
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.
This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)
The documentation is updated accordingly.
[1] https://jira.spring.io/browse/SPR-13984
2017-09-22 11:11:04 -05:00
8521ca8f94
Polish gh-4560
2017-09-21 17:21:41 -04:00
baa3b6f258
Add utility for loading properties of client types
...
Fixes gh-4560
2017-09-20 22:50:19 -04:00
8a66d0c78d
Polish PermissionEvaluator Autowired into Web Security
...
Issue gh-4077
2017-09-18 16:53:19 -05:00
3bf6bf10de
Configure permissionEvaluator and roleHierarchy by default
...
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).
Issue gh-4077
2017-09-18 16:35:16 -05:00
f8ee9944ff
Copyright date range
2017-09-18 11:18:46 -05:00
1f4082e754
Fix copyright lines
2017-09-18 11:11:25 -05:00
01d4387f56
Fix empty lines in copyright
2017-09-18 10:53:04 -05:00
3ecf3ea034
Fix double * in Copyright headers
2017-09-18 10:47:26 -05:00
e14af37775
Add LogoutWebFilter
...
Fixes gh-4539
2017-09-13 16:43:04 -05:00
426e24c18e
Polish
...
Formatting changes
2017-09-13 15:31:32 -05:00
65b968f04a
Move servlet-specific classes to 'web' package
...
Fixes gh-4366
2017-09-13 16:13:32 -04:00
0a36359f11
WebFlux HTTP Basic & Form Login Sessions
...
By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
2017-09-13 14:47:44 -05:00
3d745e63f6
HttpSecurityConfiguration applies all defaults
...
HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
2017-09-12 22:07:12 -05:00
b5edb58050
Polish reactive config
...
Code Checkstyle fixes
2017-09-12 21:56:09 -05:00
8b32b8db74
Polish
...
HeadersBuilder build is protected
2017-09-12 21:51:26 -05:00
d93c774691
Add FormLogin Configuration
...
Fixes gh-4537
2017-09-12 20:40:56 -05:00
a0a0a32bda
Add WebTestClient HtmlUnit Support
...
Fixes gh-4534
2017-09-12 20:40:56 -05:00
8d997fd079
Remove DefaultAuthenticationSuccessHandler
...
We always need to save the user after authentication, so it should be
part of AuthenticationWebFilter
Fixes gh-4524
2017-09-12 20:40:56 -05:00
4ff0b52f74
Remove HttpClientConfig
...
Issue gh-4478
2017-09-12 21:03:40 -04:00
d9bad2bc9d
Mono.currentContext()->subscriberContext()
...
Fixing refactoring by Reactor
2017-09-01 17:20:47 -05:00
be0081290b
EnableWebFluxSecurity uses PasswordEncoder Bean
2017-08-30 10:02:00 -05:00
9f2ea90f0d
Polish HttpSecurity
...
Code Style fixes
2017-08-29 20:34:20 -05:00
51ad53f76a
Remove Optional from Reactive HttpSecurity
2017-08-29 20:30:04 -05:00
20befc3702
Support .and() in Reactive HttpBasic & HeaderBuilder
2017-08-29 20:17:56 -05:00
c4917f359a
Fix for Reactor Refactor
...
- contextStart -> subscriberContext
2017-08-29 08:24:55 -05:00
bc6be86aec
Add in-memory AccessTokenRepository
...
Fixes gh-4508
2017-08-23 17:18:35 -04:00
91b0bd4ba5
Provide oauth2login.tokenEndpoint config
...
Fixes gh-4506
2017-08-23 17:18:01 -04:00
c06975080f
Allow configuring oauth2 authentication handlers
...
Fixes gh-4472
2017-08-23 17:17:34 -04:00
93c2b2533e
Allow configuring request paths for oauth2 filters
...
Fixes gh-4473
2017-08-23 17:17:01 -04:00
416ff3c77a
Add EnableReactiveMethodSecurity
...
Issue gh-4496
2017-08-17 16:42:01 -05:00
b0b9b32c0c
Add AuthenticationReactorContextFilter
...
Fixes gh-4501
2017-08-17 16:42:01 -05:00
e16b8e7976
Fix logback-test.xml
2017-08-17 16:42:01 -05:00
f3737b61e8
Add logback-classic as test dependency
2017-08-17 15:42:39 -05:00
efc3cadd43
Fixed Circular Bean References in Java Config
...
Fixes gh-4489
2017-08-09 16:24:01 -05:00
bfaead6f68
Removal of ParsingPathMatcher
...
Changes needed for the removal of ParsingPathMatcher in Spring Framework
b1440b6816 (diff-972650c759c249004b9725f94b570db3R156)
2017-08-02 11:11:11 -05:00
c872499eee
Enable custom configuration for HTTP client
...
Fixes gh-4477
2017-07-28 16:43:44 -04:00
9b7883fe10
Add WEB_FILTER_CHAIN_FILTER_ORDER
...
Fixes gh-4475
2017-07-27 21:02:38 -05:00
96ae0fe8f8
Expose configuration for authorities mapping
...
Fixes gh-4409
2017-07-12 17:35:16 -04:00
9cfb890207
Use id_token for user authentication
...
Fixes gh-4410
2017-07-07 12:44:26 -04:00
0e100be333
Fix Groovy 2.5 Compile Errors
...
Fixes gh-4415
2017-06-22 13:31:21 -05:00
8130965259
Fixes for changes in SPR-15657
...
Fixes gh-4408
2017-06-20 16:42:24 -05:00
ca6348800e
HttpSecurity.authorizeExchange() allows Method Chaining
...
Fixes gh-4397
2017-06-15 15:50:30 -05:00
9d19b7337e
Ensure Unique Names
...
Issue: gh-4394
2017-06-15 13:00:59 -05:00
fda0220fad
Provide default reactive HttpSecurity
...
Fixes gh-4396
2017-06-15 13:00:19 -05:00
9141a8a7c0
Add Multiple Reactive HttpSecurity
...
Fixes gh-4395
2017-06-15 13:00:19 -05:00
406e1e6951
Extract out HttpSecurityConfiguration
...
Fixes gh-4394
2017-06-15 13:00:19 -05:00
335a01577a
Typo "he" -> "the"
2017-06-15 12:47:41 -05:00
30132892a0
Polish UserDetailsResourceFactoryBean Support
...
Issues: gh-4380 gh-4381 gh-4382
2017-06-13 15:15:21 -05:00
337317a060
WebFlux now uses ParsingPathMatcher
...
Fixes gh-4388
2017-06-09 22:25:45 -05:00
6428cb411e
Add UserDetailsRepositoryResourceFactoryBean
...
Add the ability to easily create a UserDetailsRepository from a Properties
in the standard Spring Security user format.
Fixes gh-4382
2017-06-09 16:07:18 -05:00
4cb77e5386
Add UserDetailsManagerResourceFactoryBean
...
Add the ability to easily create a UserDetailsManager from a Properties
in the standard Spring Security user format.
Fixes gh-4381
2017-06-09 16:07:18 -05:00
256d14ede0
Add UserDetailsResourceFactoryBean
...
Add the ability to create a Collection<UserDetails> from a Properties
Resource using the standard Spring Security user format.
Fixes gh-4380
2017-06-09 16:07:18 -05:00
d09fb5b500
Move UserDetailsRepository to core.userdetails
...
Fixes gh-4383
2017-06-09 16:07:09 -05:00
6c0ecea494
Use java.util.Function instead of Converter
...
Fixes gh-4323
2017-06-01 17:25:39 -04:00
e5eda24054
Add ServerWebExchangeMatcherEntry
2017-05-31 16:13:20 -05:00
68368c87ca
Resolve compile errors -> WebTestClient methods removed
...
Fixes gh-4355
2017-05-25 11:14:29 -04:00
bc141febdb
Demo mock support with RouterFunction
2017-05-23 16:29:30 -05:00
9e6b10ce46
Fix JavaDoc for HeadersConfigurer
...
Corrected copy-paste error.
2017-05-22 00:32:19 +02:00
247635ed92
WebFluxSecurityConfiguration defaults HTTP Basic
...
Fixes gh-4346
2017-05-19 21:50:06 -05:00
1cec497a50
Add method chaining for AuthorizeExchangeBuilder
...
Fixes gh-4345
2017-05-19 21:25:50 -05:00
0428cdd934
Add @EnableWebFluxSecurity
...
Fixes gh-4344
2017-05-19 21:11:42 -05:00
d81b436e5d
Remove pom.xml from build
...
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.
This commit removes the pom.xml files from the build.
Fixes gh-4283
2017-05-11 14:32:36 -05:00
85719fcd64
Use Base64 implementation provided by Java 8
2017-05-10 00:27:36 -05:00
b4f2777755
Add WebFlux
...
Fixes gh-4128
2017-05-10 00:13:02 -05:00
829c386756
Add support for OAuth 2.0 Login
...
Fixes gh-3907
2017-04-28 10:58:59 -04:00
dd6fc48dd8
Standardize Build
...
The build now uses spring build conventions to simplify the build
Fixes gh-4284
2017-04-21 10:55:05 -05:00
5a65da400d
Use ReflectionTestUtils rather than Whitebox
...
This is better because it no longer uses Mockito's internal API
Fixes gh-4305
2017-04-21 10:54:58 -05:00
2ce174dbf0
Update poms to 5.0.0.BUILD-SNAPSHOT
2017-04-07 16:49:50 -04:00
d2524eadfc
Update poms to new to SNAPSHOT version
2017-03-02 09:20:34 -06:00
081f0c4d94
Release version 4.2.2.RELEASE
2017-03-02 07:29:42 +00:00
f3edaa673a
Fix SecurityNamespaceHandler Version Error Message
...
Fixes gh-4210
2017-03-02 00:25:51 -06:00
546d44d6e7
Fix NPE in WebSocketMessageBrokerSecurityBeanDefinitionParser
...
Fixes gh-4112
Closes gh-4194
2017-03-01 23:58:02 -06:00
2ac51c9c7f
Fix class name in comment
2017-03-01 23:31:32 -06:00
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
7a7ce11ebb
Release version 4.2.1.RELEASE
2016-12-21 17:23:28 +00:00
fc516b55a6
Fix Build Against Spring 5.0.0.BUILD-SNAPSHOT
...
Change Bean definition to static to avoid SPR-12646
Fixes gh-4150
2016-12-08 15:54:46 -06:00
f94399cff9
Polish
2016-11-17 09:49:41 -06:00
24fcb6c45a
Release version 4.2.0.RELEASE
2016-11-09 23:42:11 +00:00
23294c4c57
Add Referrer-Policy header support
...
Fixes gh-4110
2016-11-08 13:21:35 -06:00
97b4cb0b73
Release version 4.2.0.RC1
2016-10-26 02:49:23 +00:00
df3b8bc284
Add Spring MVC test for override cache control
...
Issue gh-3975
2016-10-24 15:57:32 -05:00
f432c04111
Create UserBuilder
...
This commit creates a UserBuilder and updates samples to use it. We do not
leverate it for JdbcUserDetailsManager because it requires the schema to
be created which is difficult with a single bean definition and
unpredicatble ordering. For this, it is still advised to use
AuthenticationManagerBuilder
Fixes gh-4095
2016-10-21 16:42:03 -05:00
94e580fe64
Add Support for Custom Default Configuration in Web Security
...
Fixes gh-4102
2016-10-19 16:15:56 -05:00
af9139b613
Add intercept-url@request-matcher-ref
...
Fixes gh-4097
2016-10-18 22:27:31 -05:00
f019ea89e7
Remove unused lowercase-comparisons from XSD
...
Fixes gh-3932
2016-10-18 22:27:28 -05:00
0d700628dc
Add spring-security-4.2.xsd to spring.schemas
...
Fixes gh-4098
2016-10-18 22:27:22 -05:00
aaa9708b95
Add BeanResolver to AuthenticationPrincipalArgumentResolver
...
Previously @AuthenticationPrincipal's expression attribute didn't support
bean references because the BeanResolver was not set on the SpEL context.
This commit adds a BeanResolver and ensures that the configuration
sets a BeanResolver.
Fixes gh-3949
2016-10-18 19:45:54 -05:00
badb466cc5
AuthenticationConfiguration imports ObjectPostProcessor
...
Fixes gh-4086
2016-10-17 20:00:27 -05:00
1222fc5f10
XML ref to bean
...
Spring 5 removes ref XML attribute in favor of bean XML attribute. This
commit updates all the samples and tests to use bean instead of ref.
Issue gh-4080
2016-10-17 17:00:17 -05:00
08c1f500a7
Version bumps for Spring 5
...
Issue gh-4080
2016-10-17 17:00:17 -05:00
c1b8150439
Release version 4.2.0.M1
2016-09-23 19:39:33 +00:00
b443baef04
Polish GrantedAuthorityDefaults
...
* Move GrantedAuthorityDefaults to config module
* Move setting of default role into config module vs
ApplicationContextAware
Issue gh-3701
2016-09-22 15:13:05 -05:00
eabeaf35d6
Make single definition of `defaultRolePrefix` and `rolePrefix`
...
Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.
Fixes gh-3701
2016-09-21 14:55:41 -05:00
49f7c98c3e
Fix headers@defaults-disabled=true with no children
...
Previously <headers defaults-disabled="true"/> would fail if there were
no children with an IllegalArgumentException. This allows using
defaults-disabled="true" and no children as an alias for disabled="true".
Fixes gh-3986
2016-09-19 14:53:51 -05:00
4cc899feab
Fix Typo in Javadoc
...
Issue gh-4063
2016-09-19 10:09:48 -05:00
6650429283
Polish SessionInformationExpiredStrategy
...
* Fix passivity and add tests
* Introduce SessionInformationExpiredEvent as a value object
* Rename ExpiredSessionStrategy to SessionInformationExpiredStrategy
to account for the need of SessionInformation
* Switch to Constructor Injection
* Move the changes to the xsd to 4.2 xsd instead of 4.1
Issue gh-3808
2016-09-15 14:30:52 -05:00
67c9f12964
Configuration of session management strategies
...
This commit adds the possibility to configure the AuthenticationFailureHandler
of the SessionManagementFilter.
Fixes gh-3794
2016-09-15 11:10:36 -05:00
b88418b94a
Configuration of session management strategies
...
This commit adds an ExpiredSessionStrategy for the ConcurrentSessionFilter
analogous to the InvalidSessionStrategy for the SessionManagementFilter. It also
adds a configuration option for both the InvalidSessionStrategy and
ExpiredSessionStrategy to the XML namespace and Java configuration.
Fixes gh-3794
Fixes gh-3795
2016-09-15 11:10:17 -05:00
4d02a5c0a0
Update pom.xml dependencies
2016-08-30 11:27:29 -05:00
c6366baee2
Remove MvcRequestMatcher.afterPropertiesSet()
...
The validation does not work due to restrictions within the servlet
container. Specifically we cannot access the servlets that are registered.
This commit reverts the validation logic for MvcRequestMatcher to determine
if servletPath is required.
Fixes gh-4027
2016-08-19 14:18:07 -04:00
f8bfe19a98
Fix typo in autowiring warning ( #4026 )
...
Fixes a misleading message that warns about
PermissionEvaluator when MethodSecurityExpressionHandler
should be mentioned instead.
Fixes gh-3402
2016-08-16 08:39:49 -05:00
bb997eecde
Fix defaultMethodExpressionHandler autowiring
...
Previously if a Bean for GlobalMethodSecurityConfiguration's
defaultMethodExpressionHandler was found on a Configuration that also
@Autowired a Bean that enabled method security, the Bean that was
@Autowired would not have security enabled.
This fixes the issue by delaying the lookup of Beans populated on
GlobalMethodSecurityConfiguration's defaultMethodExpressionHandler.
Fixes gh-4020
2016-08-10 23:48:07 -05:00
e080905a79
MvcRequestMatcher servletPath Polish / XML Config
...
Fixes gh-4014
2016-08-09 16:29:30 -05:00
3befb1c8a6
MvcRequestMatcher servletPath / JavaConfig
...
Issue: gh-3987
2016-08-09 16:29:30 -05:00
519c15efb3
Logout is 204 for XMLHttpRequest
...
Fixes gh-3997
2016-08-02 11:26:52 -07:00
c23c7982ca
Add ObjectPostProcessor support for SmartInitializingSingleton
2016-07-21 08:59:17 -05:00
ca170f8479
DummyRequest supports methods for MvcRequestMatcher
...
To support MvcRequestMatcher DummyRequest needs to support
getCharacterEncoding() and getAttribute(String)
2016-07-14 14:18:31 -05:00
ada146244e
Add HttpSecurity.mvcMatcher
...
Fixes gh-3970
2016-07-14 10:50:49 -04:00
945e2e2ad4
Fix NPE requestMatchers().mvcMatchers
...
Fixes gh-3969
2016-07-14 10:50:49 -04:00
80ff267749
Check RememberMe in ExceptionTranslationFilter
...
This commit adds a check for rememberme to the ExceptionTranslationFilter.
Using this when someone isn't fully authenticated he will be prompted with a
login screen and after that will be redirected to the original requested URI.
Fixes gh-2427
2016-07-13 16:58:00 -04:00
1effc1882a
Add CompositeLogoutHandler
...
Fixes gh-3895
2016-07-08 13:30:38 -05:00
885f074ddf
Fix XsdDocumentedTests
2016-07-07 15:05:04 -05:00
e297706e8b
Polish allow unlimitted sessions
...
Update the rnc file
Issue gh-3900
2016-07-07 14:31:40 -05:00
e3ff4130a5
Allow negative values to configure unlimited sessions
2016-07-07 14:29:18 -05:00
50d7d3287f
Add spring-security-4.2.xsd
2016-07-07 14:19:01 -05:00
13b0ddb7e6
Fix test assertions
2016-07-07 13:29:00 -05:00
919f000c80
Release version 4.1.1.RELEASE
2016-07-07 00:57:35 +00:00
310bb39a0d
Fix typo
2016-07-06 16:22:33 -05:00
764a4d8414
Fix Error Message typo
...
Fixes gh-3953
2016-07-06 16:19:29 -05:00
b17870ee07
LogoutConfigurer: only allow suitable http methods
2016-07-06 16:17:11 -05:00
e4c13e3c0e
Add MvcRequestMatcher
...
Fixes gh-3964
2016-07-06 15:47:23 -05:00
13bc70f693
Add CorsFilter support
2016-07-05 14:28:04 -05:00
c935d857eb
Add mvc namespace to XmlApplicationContext
2016-07-01 22:04:55 -05:00
7f3b3a8b59
Polish
...
Issue gh-180
2016-07-01 13:17:52 -05:00
bd5f71bb0d
Polish
...
Fix checkstyle for LDAP JavaConfig Authority mapping
Issue gh-2768
2016-06-21 17:08:37 -05:00
b76e3be822
LDAP Java Config supports GrantedAuthoritiesMapper
...
Fixes gh-2768
2016-06-21 16:43:13 -05:00
26ad1cb4a5
Polish RememberMe Validation
...
Issue gh-3909
2016-06-21 14:57:15 -05:00
87224f62e4
RememberMe JavaConfig Validation
...
Add validation when rememberMeServices and rememberMeCookieName are
provided
Fixes gh-3909
2016-06-21 14:57:01 -05:00
Rob Winch
Johnny Lim
Joe Grandja
Craig Walls
Kazuki Shimizu
Antoine
Eddú Meléndez
bbelovic
shazin.sadakath@gmail.com
Stephan Schroevers
Craig Andrews
stonio
Thomas Darimont
Vedran Pavic
Rob Winch
Spring Buildmaster
Joris Kuipers
Kazuki Miyahara
Fred Cooke
Marten Deinum
novotnyr
Michael J. Simons
Jakob Englisch
Tony Dalbrekt