Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 23:10:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,735 Commits 49 Branches 376 Tags
Commit Graph

714 Commits

Author SHA1 Message Date
Parikshit Dutta
28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Rob Winch
748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Craig Andrews
dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Josh Cummings
51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Rob Winch
d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Rob Winch
4a9fa0337a Allow Configure RequestRjectedHandler in XML 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Evgeniy Cheban
a70d55552b
Resource Server Finds JwtAuthenticationConverter Beans 
Fixes gh-8185
 2020-04-13 22:47:20 -06:00
Rob Winch
9a42a028e7 Logout defaults to use Global SecurityContextServerLogoutHandler 
Closes gh-8375
 2020-04-13 16:36:12 -05:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Rob Winch
b055f8bb25 SpringTestContext returns ConfigurableWebApplicationContext 
Closes gh-8233
 2020-03-30 17:46:25 -05:00
Joe Grandja
e27e548215 oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 04:36:23 -04:00
Eleftheria Stein
97085ef310 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:27:14 -04:00
Josh Cummings
f438bdfbcf
Add spring-security-5.4.xsd 
Issue gh-8138
 2020-03-18 09:45:10 -06:00
Josh Cummings
c729fee7bc
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-03 15:42:02 -07:00
Josh Cummings
e97396b9c7 Add Resource Server XML Support 
Fixes gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
19584884b3
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 15:32:27 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Ankur Pathak
480c5bc87e Custom ServerHttpHeadersWriter to HeaderSpec 
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
 2020-02-27 07:55:30 -06:00
Joe Grandja
8a4ff4452b Add XML namespace support for oauth2-client 
Fixes gh-5184
 2020-02-20 20:05:48 -05:00
Joe Grandja
ff8002eb2e Polish gh-4557 2020-02-12 15:47:57 -05:00
Ruby Hartono
71a5c9521c Add XML namespace support for oauth2-login 
Fixes gh-4557
 2020-02-12 15:26:17 -05:00
Joe Grandja
40c0a452d7 Define oauth2-login xsd elements 
Issue gh-4557
 2020-02-12 15:26:17 -05:00
Josh Cummings
5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Stephane Maldini
851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7952
 2020-02-07 20:44:19 -05:00
Rob Winch
1d7208f8ef Add RSocket Authentication Extension Support 
Fixes gh-7935
 2020-02-04 23:36:47 -06:00
Josh Cummings
209c81d65d
Add BadOpaqueTokenException 
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
 2020-02-04 17:33:08 -07:00
Josh Cummings
0c3754c811
Add BadJwtException 
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
 2020-02-04 17:33:08 -07:00
Josh Cummings
3e07b35611
Polish Bearer Token Error Handling 
Issue gh-7822
Issue gh-7823
 2020-02-03 17:54:39 -07:00
Josh Cummings
cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Eleftheria Stein
a512789a93 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:12:27 +01:00
Eleftheria Stein
29377545d9 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:10:03 +01:00
Johannes Edmeier
bdc60a9128 Don't cache requests with Accept: text/event-stream by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:42:16 -08:00
Josh Cummings
f1f158b37e AuthenticationEventPublisher DSL Lookup 
Fixes gh-4400
 2020-01-14 12:07:46 -07:00
Josh Cummings
5579846263 AuthenticationEventPublisher Bean Lookup 
Issue gh-7793
Fixes gh-7515
 2020-01-14 12:07:46 -07:00
Josh Cummings
a35ce77451
Add missing PowerMockIgnore annotation 
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
 2020-01-09 15:48:08 -07:00
Josh Cummings
ba21c156dd
Polish WebSecurityConfigurerAdapter tests 
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
 2020-01-09 13:51:19 -07:00
Josh Cummings
de87675f6d Add JwtIssuerAuthenticationManagerResolver 
Fixes gh-7724
 2020-01-07 23:30:42 -07:00
Rob Winch
65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Eleftheria Stein
924b9e95a1 Polish MethodSecurityEvaluationContext 
Issue: gh-6224
 2020-01-03 20:08:52 -05:00
Filip Hanik
af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Filip Hanik
9aa333ca4d Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-17 13:33:56 -08:00
Josh Cummings
02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Joe Grandja
c40a17b4d1 WebFlux oauth2Login() redirects on failed authentication 
Fixes gh-5562 gh-6484
 2019-12-05 16:50:43 -05:00
Alexey Nesterov
d8d59e97ac Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 12:05:15 -05:00
Eleftheria Stein
b7cb93f671 Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-11-28 14:40:25 +01:00