Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 08:58:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,153 Commits 34 Branches 337 Tags
Commit Graph

694 Commits

Author SHA1 Message Date
Steve Riesenberg
dc81e1c86b Revert "URL encode client credentials" 
This reverts commit 5243b1b8a82398c443c5fe563e39f4eacb540798.

Issue gh-9610 gh-9861
Closes gh-10018
 2021-07-20 13:29:29 -05:00
Steve Riesenberg
c17767883f Revert "Lock Dependencies for Release" 
This reverts commit d71be4ca28afa6e9ed9c0d30ee5dae74a5eb1987.
 2021-06-21 12:57:05 -05:00
Josh Cummings
d71be4ca28
Lock Dependencies for Release 2021-06-21 10:33:10 -06:00
Arnaud Mergey
1cd4ffeeb7
fix typo preventing full exception to be displayed in log 
closes gh-9901
 2021-06-17 08:40:55 -06:00
Steve Riesenberg
a108868529 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository 
Related to gh-9649
Closes gh-9857
Closes gh-9912
 2021-06-15 11:44:34 -05:00
Steve Riesenberg
5243b1b8a8 URL encode client credentials 
Closes gh-9610
 2021-06-03 09:29:25 -05:00
Josh Cummings
24c3c52254
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 13:58:28 -06:00
Hans Hosea Schaefer
499701e67a
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 13:58:23 -06:00
Steve Riesenberg
589eccc547 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 15:08:05 -05:00
Rob Winch
f3436f25fb Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 14:01:04 -04:00
Craig Andrews
e447a35cf2 HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 14:00:53 -04:00
Joe Grandja
8850ccb1c6 Revert "Lock Dependencies" 
This reverts commit 924ceac681eae11cabdf1af1d37ff4550b9d350d.
 2021-04-12 13:47:04 -04:00
Joe Grandja
924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
Josh Cummings
71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264e95f670503c63d6501eb5cc0aa4966.
 2021-02-17 15:59:48 -07:00
Josh Cummings
8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Josh Cummings
cf032d86d6
Revert "Lock Dependencies" 
This reverts commit 9535a41d5a5867a5766aebb72470587eb1c5be52.
 2021-02-11 18:38:07 -07:00
Josh Cummings
9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Josh Cummings
f449da8b78
Revert "Lock Dependencies" 
This reverts commit d17ebf53f95586a009bc9464a92dfcd4a283f6c7.
 2021-02-11 17:28:01 -07:00
Josh Cummings
d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings
e79141a188
Downgrade nimbus-jose-jwt to 8.+ 
Closes gh-9399
 2021-02-03 13:18:18 -07:00
Mayur Patel
fc24c7991c Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-01 17:26:56 -05:00
Benjamin Faal
f6b678f137 Make user info response status check error only 
Closes gh-9336
 2021-01-25 10:23:49 -05:00
tristanessquare
580b988e7f
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value

Closes gh-9364
 2021-01-21 16:22:29 -07:00
Ovidiu Popa
b8175bccd2 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject 
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
 2020-12-03 10:54:00 -05:00
Josh Cummings
1af21a9d02
Revert "Lock Dependencies for 5.4.2" 
This reverts commit 046bc9789f97804b04324b99a9c4f3a7041c68e9.
 2020-12-02 22:21:02 -07:00
Josh Cummings
046bc9789f
Lock Dependencies for 5.4.2 2020-12-02 17:36:26 -07:00
Josh Cummings
84737e7b23
Revert "Lock Dependencies for 5.4.1" 
This reverts commit 48ac47418d75f9ef46e63fca3f485475b6280d43.
 2020-10-07 16:38:48 -06:00
Josh Cummings
48ac47418d
Lock Dependencies for 5.4.1 2020-10-07 16:01:34 -06:00
Phillip Webb
c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb
20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Joe Grandja
6e6d382357 Adapt to WebClient's new exception wrapping 
See https://github.com/spring-projects/spring-framework/issues/23842

Closes gh-9031
 2020-09-17 12:21:51 -04:00
Joe Grandja
7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182868c94ea5967b1cd3a1a6b6ba24609.
 2020-09-09 18:14:12 -04:00
Joe Grandja
3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Josh Cummings
bf067d679f
Add Logging to Resource Server 
Closes gh-9000
 2020-09-08 13:09:33 -06:00
Rob Winch
2abf59b695 Merge Formatting Changes 
Issue gh-8945
 2020-08-24 17:33:23 -05:00
Rob Winch
36ae1fe3f9 Polish oauth2-resource-server format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch
d5ae4337e3 Polish oauth2-jose format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch
a729d24d47 Polish oauth2-core format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch
dc47a7575e Polish oauth-client format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
2f8e835b11 Use assertThatObject to save casting 
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
0a3eeb9c80 Remove incorrect AssertJ imports 
Fix a few tests that were accidentally importing incorrect AssertJ
classes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
ba19a9e4b6 Polish spring-security-oauth2-resource-server main code 
Manually polish `spring-security-oauth-resource-server`
following the formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
20aa8bef25 Polish spring-security-oauth2-jose main code 
Manually polish `spring-security-oauth-jose` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
a577871bca Polish spring-security-oauth2-core main code 
Manually polish `spring-security-oauth-core` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
7a715f9086 Polish spring-security-oauth2-client main code 
Manually polish `spring-security-oauth-cleint` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb
834dcf5bcf Use consistent ternary expression style 
Update all ternary expressions so that the condition is always in
parentheses and "not equals" is used in the test. This helps to bring
consistency across the codebase which makes ternary expression easier
to scan.

For example: `a = (a != null) ? a : b`

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb
8d3f039f76 Reduce method visibility when possible 
Reduce method visibility for package private classes when possible.

In the case of abstract classes that will eventually be made public,
the class has been made public and a package-private constructor has
been added.

Issue gh-8945
 2020-08-24 17:33:08 -05:00
Phillip Webb
612fb22a7f Remove unnecessary lambda blocks 
Remove lambda blocks that aren't needed and replace instead with a
simple expression.

Issue gh-8945
 2020-08-24 17:33:08 -05:00