Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,656 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

7656 Commits

Author SHA1 Message Date
Dongmin Shin 56eb658eae RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts 
Fixes: gh-4876
 2018-12-07 14:17:44 -06:00
Zhanwei Wang 12ab2cca31 Improve error message for Chinese. 2018-12-06 11:57:21 -06:00
shraiysh e25bea2cf7 Author: Shraiysh Vaishay cs17btech11050@iith.ac.in 
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient

Fixes gh-6182
 2018-12-06 11:18:39 -06:00
Josh Cummings 566bc6a6e1
Test OpenID Discovery with Trailing Slash 
Fixes gh-6234
 2018-12-05 10:54:30 -07:00
Josh Cummings f755580a91
Resource Server Static Key Sample 
Fixes: gh-5486
 2018-12-05 10:51:24 -07:00
Robbie Martinus 090000c3d2 SessionRegistryImpl uses computeIfAbsent 
Fixes: gh-5834
 2018-12-05 10:26:07 -06:00
Christopher Cuartas e995668d92 Update to nimbus-jose-jwt:6.3 
Fixes: gh-6095
 2018-12-04 23:07:32 -07:00
Ankur Pathak 8b3fb55aea Added methods to add filter relatively in ServerHttpSecurity 
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order

Fixes: gh-6138
 2018-12-04 13:29:53 -06:00
lmagyar 3c35f4cfab SecurityContextCallableProcessingInterceptor thread visibility fix 
Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile.

Fixes gh-6143
 2018-12-03 15:45:56 -06:00
Nicolas Le Bas ba8a337f9a Accept a case-insensitive "Bearer" keyword 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.

This is the reactive counterpart to commit
63f2b6094f .

Fixes gh-6195
 2018-12-02 09:32:27 -05:00
mibo 60fc5381fe Fixed Git SCM book link 2018-11-30 14:54:46 -06:00
Rafael Dominguez 2cb8794e35 Restored Jacoco default task dependence 
This commit ensures that the jacoco plugin is applied when calling
check and test tasks.
Also remoed the clean task that prevented sonarqube using coverage data

Fixes: gh-6199
 2018-11-30 14:25:21 -06:00
Rob Winch 1a80d4a66c Fix Generics in ReactorContextTestExecutionListenerTests for JDK 9+ 
Issue: gh-6075
 2018-11-30 12:07:58 -06:00
Aanuoluwapo Otitoola a28c677f88 ReactorContextTestExecutionListener should use named hooks 
Fixes: gh-6075
 2018-11-30 11:13:26 -06:00
Rob Winch 18594ef4e9 Update to spring-build-conventions:0.0.23.BUILD-SNAPSHOT 
Issue: gh-6148
 2018-11-30 10:54:46 -06:00
Daniel Bustamante Ospina 6bddb38cac Update to Gradle 5.0 
Change project's gradle version to 5.0, this requires to make some minor
adjustments.

Fixes: gh-6148
 2018-11-30 08:50:47 -06:00
Joe Grandja f808740c57 Update reference manual to use NimbusJwtDecoder 
Fixes gh-6188
 2018-11-30 06:53:35 -05:00
Joe Grandja b8f038e86a Polish OAuth2ResourceServerConfigurer 2018-11-30 06:37:00 -05:00
Bhavik Kumar 90b9cfaf55 Use SpringUtils to check scheme 
Fixes 6183
 2018-11-29 20:42:39 -06:00
Eric Deandrea be423debfd ServerAuthenticationConverter should be configurable 
Fixes gh-6186
 2018-11-29 14:37:22 -07:00
Nicolas Le Bas 63f2b6094f The "Bearer" keyword should be case-insensitive 
The Authorization header was matched for OAuth2
against the "Bearer" keyword in a case sensitive
fashion.
According to RFC 2617, it should be case insensitive
and some oauth clients (including some earlier
versions of spring-security) expect it so.
 2018-11-28 19:34:47 -07:00
jer051 fdc81822ec Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient 
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.

Fixes: gh-6051
 2018-11-28 15:44:36 -06:00
Nena Raab 918a4cd323
AclClassIdUtils Default GenericConversionService 
So that String, Long, and UUID conversions are automatically
supported.
 2018-11-28 10:21:42 -07:00
Rob Winch 0e5f1245a6 Remove Thymeleaf dependency management 
Fixes: gh-6161
 2018-11-28 08:23:01 -06:00
Rob Winch cbbf15b8cb Update to GAE 1.9.68 
Fixes: gh-6160
 2018-11-28 08:23:01 -06:00
Rob Winch 0b2f241038 Update to Mockito 2.23.4 
Fixes: gh-6159
 2018-11-28 08:23:01 -06:00
Rob Winch c0370039f6 Update to AspectJ 1.9.2 
Fixes: gh-6158
 2018-11-28 08:23:01 -06:00
Rob Winch 078df64c30 Update to unboundid 4.0.9 
Fixes: gh-6157
 2018-11-28 08:23:00 -06:00
Rob Winch 44dbcbdf4c Update to Powermock 2.0.0-RC.4 
Fixes: gh-6156
 2018-11-28 08:23:00 -06:00
Rob Winch fe13571f4c Update to cglib-nodep:3.2.9 
Fixes: gh-6155
 2018-11-28 08:23:00 -06:00
Rob Winch a5abbac398 Update to Spring Data Lovelace-SR3 
Fixes: gh-6154
 2018-11-28 08:23:00 -06:00
Rob Winch 38be0849cd Update to Spring 5.1.3 
Fixes: gh-6153
 2018-11-28 08:23:00 -06:00
Rob Winch be5a368dfd Update to Reactor Californium-SR3 
Fixes: gh-6152
 2018-11-28 08:23:00 -06:00
John Coyne 7618d236c4 CookieClearingLogoutHandler updates based on comments 
Changed the implementation to use an anonymous function
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne 14c2d96c86 Clean up code to conform to basic checkstyle 
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne d05ad19276 CookieClearingLogoutHandler enhancement 
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
Joe Grandja bcee22d2f9 Update com.squareup.okhttp3 deps to 3.12.0 
Fixes gh-6142
 2018-11-26 13:26:38 -05:00
Rafael Dominguez b8a96b1f21 Enable Code Coverage Reports in Sonar 
This commit ensures that jacocoTestReport task is called when running the Sonar stage.
Additionally, a variable is passed instructing Sonar where to find the test result data.

Fixes: gh-6092
 2018-11-26 09:06:30 -07:00
Valeriy.Vyrva 0a86ed8717 Add space in exception message 2018-11-26 09:04:55 -07:00
Rafael Dominguez 8e648deda0 Replace slf4j dependencies with logback-classic 
This commit removes explicit declaration of slf4j dependencies.
Instead, logback classic is declared that will pull them transitively.

Fixes: gh-6130
 2018-11-23 09:59:29 -05:00
Rafael Dominguez d1492afc0c
Replace deprecated Gradle Task method in AspectJPlugin.groovy 
This commit ensures that the method Task.deleteAllActions is not used

Fixes: gh-6128
 2018-11-22 23:18:14 -06:00
Rafael Dominguez e60e17109c Update to Gradle 4.10.2 
Fixes gh-6106
 2018-11-21 09:57:26 -06:00
Josh Cummings 2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings 9ee291e659
AesBytesEncryptorTests Check Key Strength 
Fixes: gh-6121
 2018-11-20 11:45:45 -07:00
Satish Sharma 7232dabd48
Update to oauth2-oidc-sdk:6.2 
Fixes: gh-6101
 2018-11-20 11:05:27 -07:00
Josh Cummings 3a43ed8f1c Register NullRequestCache When Disabled 
Fixes: gh-6102
 2018-11-20 07:15:09 -07:00
Josh Cummings 80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00
Josh Cummings 39933b10ff
Add scopes method to TestOAuth2AccessTokens 
Issue: gh-6025
 2018-11-19 18:06:40 -07:00
dperezcabrera f6414e9a52 Make InMemory*ClientRegistrationRepository Consistent 
The previous builders with the list argument were inconsistent with their
respective builders of var args.
 2018-11-19 15:09:30 -06:00
Rafael Dominguez e1d68e4f6b WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code 
This ensures that token response is only extracted when ClientResponse has a successful status

Fixes: gh-6089
 2018-11-19 10:50:33 -06:00