Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,672 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

601 Commits

Author SHA1 Message Date
Josh Cummings a153012056
Lock Dependencies for 5.3.6 2020-12-02 16:31:52 -07:00
Josh Cummings 2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE" 
This reverts commit 846a5a962c.
 2020-10-07 16:39:28 -06:00
Josh Cummings 846a5a962c
Lock Dependencies for 5.3.5.RELEASE 2020-10-07 13:18:01 -06:00
Eleftheria Stein d8bef76a0f Unlock dependencies 
This reverts commit b619d298aa.
 2020-08-05 18:18:02 +02:00
Eleftheria Stein b619d298aa Lock Dependencies for 5.3.4.RELEASE 2020-08-05 12:33:31 +02:00
Dávid Kováč d104490cb8 Resolve Bearer token after subscribing to publisher 
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.

Closes gh-8865
 2020-08-03 11:09:48 -05:00
Josh Cummings c2612a2f41
Remove unused import 
Issue gh-8589
 2020-07-31 08:45:17 -06:00
Josh Cummings f3695932de
Polish to Avoid NPE 
Issue gh-5648

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:28:07 -06:00
Josh Cummings 950769fa00
Additional Jwt Validation Debug Messages 
Closes gh-8589

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:21:58 -06:00
Dennis Neufeld 57db8e5d4a Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:15:44 -04:00
Josh Cummings 9045636a4b
Polish Bearer Token Padding 
Issue gh-8502
 2020-07-16 11:56:55 -06:00
kothasa 09e154d8f2
Bearer Token Padding 
Closes gh-8502
 2020-07-16 11:53:36 -06:00
Julian Müller 4fec451196 Enables empty authorityPrefix 
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`

Fixes gh-8421
 2020-07-07 15:24:38 +02:00
Eleftheria Stein 7af5804d56 Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:30:27 +02:00
Joe Grandja 38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Joe Grandja acf56f24a6 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 15:21:07 -04:00
Josh Cummings bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE" 
This reverts commit 116bfe01e6.
 2020-06-03 16:11:59 -06:00
Josh Cummings 116bfe01e6
Lock Dependencies for 5.3.3.RELEASE 2020-06-03 13:14:07 -06:00
Joe Grandja 413dfc8679 Unlock dependencies 
This reverts commit a61145f74c.
 2020-05-06 15:29:45 -04:00
Joe Grandja a61145f74c Lock dependencies for 5.3.2.RELEASE 2020-05-06 15:06:08 -04:00
Stav Shamir 6f2359ccae Support update when saving with JdbcOAuth2AuthorizedClientService 
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.

This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.

Fixes gh-8425
 2020-04-29 09:18:54 -04:00
Joe Grandja a78872f268 Unlock dependencies for 5.3.1.RELEASE 
This reverts commit 88c02684bb.
 2020-03-31 17:53:13 -04:00
Joe Grandja 88c02684bb Lock dependencies for 5.3.1.RELEASE 2020-03-31 17:28:36 -04:00
Ruby Hartono 45eb34c9a6 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 21:08:59 -04:00
Martin Nemec dfc25dc245 OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 06:13:50 -04:00
Joe Grandja 044c30c3bc OAuth2ErrorHttpMessageConverter handles JSON object parameters 
Fixes gh-8157
 2020-03-24 14:56:51 -04:00
Joe Grandja a1bcd4ed00 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer 
Fixes gh-8177
 2020-03-24 13:59:36 -04:00
Joe Grandja 2d8242c5c1 Assign sensible default for OAuth2AuthorizedClientProvider 
Fixes gh-8150
 2020-03-19 11:50:48 -04:00
Joe Grandja 5e0e5b6ed4 Fix NPE when token response contains a null value 
Fixes gh-8108
 2020-03-16 15:59:19 -04:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Roman Matiushchenko 9d66f2ccce polish gh-7996 
Make defensive collection copy as Collections.unmodifiableCollection
does not protect from the source collection direct modification.
Use Mono#map instead of Mono#flatMap as it allocates less.
Use less operators to reduce allocations.
Use lambda parameter instead of outer method parameter
in authenticationManagers#computeIfAbsent()
to make it non capturing so it could be cached by JVM.
Propagate cause for InvalidBearerTokenException.
 2020-02-27 09:29:43 -07:00
Roman Matiushchenko 04e671fb4d Instantiate exceptions lazily 
Add lazy Exception instantiation to reduce allocations

Fixes gh-7995
 2020-02-27 09:29:43 -07:00
Josh Cummings 968ebb194b
baseUrl placeholder for OidcLogoutSuccessHandlers 
Fixes gh-7842
 2020-02-25 13:35:50 -07:00
Josh Cummings 283e451cad
Update JwtDecoders tests 
Issue gh-7860
 2020-02-25 13:33:20 -07:00
Zeeshan Adnan 431cd6000b
Add JwtClaimValidator 
Fixes gh-7860
 2020-02-25 13:32:41 -07:00
Joe Grandja fb2bbd74dc OAuth2AccessTokenResponseHttpMessageConverter handles JSON object parameters 
Fixes gh-6463
 2020-02-24 15:36:53 -05:00
Joe Grandja fa73b1397a Add missing @FunctionalInterface in oauth2 modules 
Fixes gh-8020
 2020-02-24 11:53:30 -05:00
Joe Grandja 3e5600f83f Add configurable Clock in OidcIdTokenValidator 
Fixes gh-8019
 2020-02-24 11:21:03 -05:00
Joe Grandja 7734d049eb Polish javadoc gh-7511 2020-02-24 10:35:58 -05:00
Joe Grandja d32c98b1c5 Add OAuth2AuthorizeRequest.Builder.principal(String) 
Fixes gh-8018
 2020-02-24 09:58:38 -05:00
Joe Grandja c6da7b2dd6 Polish gh-7840 2020-02-24 09:28:00 -05:00
Joe Grandja 65b5d468fb Deprecate UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-8016
 2020-02-24 06:50:58 -05:00
Joe Grandja 4e2f1988f2 Polish Fix package tangles 
Issue #7699 #7840
 2020-02-24 06:42:00 -05:00
Joe Grandja 82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Joe Grandja 204a612be1 Deprecate Implicit Grant 
Fixes gh-8013
 2020-02-23 19:34:52 -05:00
Joe Grandja c8cc9717c9 Fix package tangles 
Issue #7699 #7840
 2020-02-23 07:24:36 -05:00
Joe Grandja f2da2c56be Resolve OAuth2Error from WWW-Authenticate header 
Issue gh-7699
 2020-02-21 15:12:58 -05:00
Joe Grandja 69156b741d Add OAuth2Authorization success/failure handlers 
Fixes gh-7840
 2020-02-21 15:12:58 -05:00
Joe Grandja 23ce717380 Simplify customizing OAuth2AuthorizationRequest 
Fixes gh-7696
 2020-02-19 06:22:07 -05:00