spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 08:58:57 +00:00

Author	SHA1	Message	Date
David Kirstein	2b6bc5dd0b	Use configurable charset in ServerHttpBasicAuthenticationConverter Closes gh-10903	2022-03-17 12:34:16 -05:00
Steve Riesenberg	428216b322	Add support for customizing claims in JWT Client Assertion Closes gh-9855	2022-03-17 09:50:25 -05:00
Joe Grandja	50a3bcf728	Remove unused code	2022-03-17 05:08:39 -04:00
Jánoky László Viktor	a88b8bf980	ClientAuthenticationMethod equals and hashCode is consistent Closes gh-10559	2022-03-17 05:05:47 -04:00
Joe Grandja	54b033078b	Allow configuring PKCE for confidential clients Closes gh-6548	2022-03-16 13:36:10 -04:00
Steve Riesenberg	d7ac254b3d	Do not run CI on tags Issue gh-10457	2022-03-16 11:47:14 -05:00
ShinDongHun1	90fe1b3a69	Polish UsernamePasswordAuthenticationFilter method Closes gh-10970	2022-03-16 16:41:03 +01:00
Simone Giannino	92a385ed05	OAuth 2.0 logout handler resolves uri placeholders - OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri Closes gh-7900	2022-03-15 14:05:26 -06:00
Josh Cummings	070514b9dd	Polish InResponseTo support - Moved methods so methods are listed before the methods they call - Adjusted exception handling so no exceptions are eaten - Adjusted so that malformed_request_data is returned with request data is malformed - Refactored methods to have only immutable method parameters - Removed usage of Stream API - Moved AuthnRequestUnmarshaller into static block so that only looked up once Issue gh-9174	2022-03-15 13:06:32 -06:00
Elias Lousseief	4aa9420047	Add support for validation of InResponseTo Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that). Closes gh-9174	2022-03-15 13:06:32 -06:00
Elias Lousseief	a17cf9e814	Refactored OpenSaml4AuthenticationProviderTests Factored out repeatedly used code for signing a request.	2022-03-15 13:06:31 -06:00
Rob Winch	c49d47d9fa	Fix docs SecurityContextHolder Diagram Issue gh-9635	2022-03-12 13:44:12 -06:00
Rob Winch	972039e65c	Add SecurityContextHolderFilter Closes gh-9635	2022-03-12 13:31:04 -06:00
Rob Winch	f9619cef68	Extract createSecurityContextRepository() Extract out method in preparation for adding SecurityContextHolderFilter configuration. Issue gh-9635	2022-03-12 13:23:47 -06:00
Rob Winch	cbba7ea4de	AbstractAuthenticationProcessingFilter.securityContextRepository Issue gh-10953	2022-03-12 13:23:47 -06:00
Rob Winch	ae7d56d65b	Add Persistence to documentation Closes gh-10962	2022-03-11 13:43:11 -06:00
Norbert Nowak	abd33389be	Add UsernamePasswordAuthenticationToken factory methods - unauthenticated factory method - authenticated factory method - test for unauthenticated factory method - test for authenticated factory method - make existing constructor protected - use newly factory methods in rest of the project - update copyright dates Closes gh-10790	2022-03-09 15:49:29 -07:00
Rob Winch	28c7a4be11	Add SecurityContextRepository to all Authentication Filters Closes gh-10949	2022-03-09 15:48:03 -06:00
Rob Winch	9b380582dc	BearerTokenAuthenticationFilter.securityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Rob Winch	4462b73fd9	AbstractPreAuthenticatedProcessingFilter.securityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Rob Winch	ba7fb0cb14	DigestAuthenticationFilter.securityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Rob Winch	09e730734b	BasicAuthenticationFilter.setSecurityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Rob Winch	d909d3bc40	RememberMeAuthenticationFilter.securityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Rob Winch	7c5b939bbd	AuthenticationFilter.securityContextRepository Issue gh-10953	2022-03-09 15:47:34 -06:00
Marcus Da Coregio	8c94c2e15a	AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains Closes gh-10950	2022-03-09 15:21:14 -03:00
Lijamaija	660da6f4a0	Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket Closes gh-10932	2022-03-09 17:49:43 +01:00
Steve Riesenberg	5f37ee2f64	Add missing output and checkout Issue gh-10928	2022-03-09 10:47:48 -06:00
Rob Winch	2abeff2089	HttpSessionSecurityContextRepository saves with original response Previously, the HttpSessionSecurityContextRepository unnecessarily required the HttpServletResponse from the HttpReqeustResponseHolder passed into loadContext. This meant code that wanted to save a SecurityContext had to have a reference to the original HttpRequestResponseHolder. Often that implied that the code that saves the SecurityContext must also load the SecurityContext. This change allows any request / response to be used to save the SecurityContext which means any code can save the SecurityContext not just the code that loaded it. This sets up the code to be permit requiring explicit saves. Using the request/response from the HttpRequestResponseHolder is only necessary for implicit saves. Closes gh-10947	2022-03-09 10:21:51 -06:00
Marcus Da Coregio	1762a4ce70	Add SAML 2.0 Single Logout XML Support Closes gh-10842	2022-03-09 10:48:34 -03:00
Marcus Da Coregio	1cbe7a75d3	Add SAML 2.0 Login XML Support Closes gh-9012	2022-03-09 10:40:26 -03:00
Steve Riesenberg	aa0005b1e1	Update CI process to create GitHub releases with release notes Closes gh-10928	2022-03-08 17:41:57 -06:00
Rob Winch	bab5d252a2	Add RequestAttributeSecurityContextRepository Closes gh-10918	2022-03-08 15:00:22 -06:00
Josh Cummings	87828df9d5	Polish EntityDescriptor Customizer Issue gh-10839	2022-03-04 10:40:30 -07:00
Ulrich Grave	3602eff1ac	Add method to customize EntityDescriptor Closes gh-10839	2022-03-04 10:40:30 -07:00
Josh Cummings	346038d66c	Polish Formatting Issue gh-10799	2022-03-02 16:36:23 -07:00
Sander van Schouwenburg	c734b4b39e	Preserve order of RelyingPartRegistration credentials Issue gh-10799	2022-03-02 16:36:23 -07:00
Josh Cummings	5b9a45de01	Replace Apache Commons Base64 Decoding Issue gh-10923	2022-03-02 16:30:21 -07:00
Josh Cummings	0b59e7797d	Use RFC2045 Encoding for SAML 2.0 Logout Closes gh-10923	2022-03-02 16:30:21 -07:00
Josh Cummings	68e2586f06	Move UnmodifiableMapDeserializer Issue gh-10905	2022-03-01 14:17:17 -07:00
Josh Cummings	4ede1feae5	Polish Saml2 Jackson Support Issue gh-10905	2022-03-01 14:17:17 -07:00
Ulrich Grave	2334610fa9	Add Jackson Support for Saml2 Module Closes gh-10905	2022-03-01 14:17:17 -07:00
Eleftheria Stein	8c95ed6568	Update release pipeline to push next milestone - Check that all associated issues are closed - Update gradle.properties and push change Issue gh-10451	2022-03-01 16:10:25 +01:00
Talerngpong Virojwutikul	acda921fe9	Update PasswordEncoder declaration Closes gh-10910	2022-03-01 07:49:25 -07:00
Eleftheria Stein	6f35364c5d	Default next milestone when checking for open issues Closes gh-10921	2022-03-01 15:38:03 +01:00
Eleftheria Stein	eb31913b2b	Rearrange env variables in release pipeline Issue gh-10451	2022-03-01 15:37:25 +01:00
Eleftheria Stein	e472cc1cc8	Update release time to 1pm UTC Issue gh-10451	2022-03-01 15:37:05 +01:00
Eleftheria Stein	d644f32baa	Add gradle task to update project version Closes gh-10455	2022-03-01 09:48:35 +01:00
Eleftheria Stein	f8675343e6	Extract IO Utils in buildSrc Issue gh-10455	2022-03-01 09:48:35 +01:00
m0k045e	8cc18fa9dc	OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager Closes gh-10846	2022-02-28 15:31:22 -07:00
Filip Hanik	6e5bb71466	Change HashSet to LinkedHashSet For various RelyingPartyRegistration.credentials to preserve order of insertion. Issue gh-10799	2022-02-28 15:01:58 -07:00

1 2 3 4 5 ...

10106 Commits