Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,869 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8869 Commits

Author SHA1 Message Date
Markus Gabriel 97ee6d66f1 Fix SecurityContext creation for TEST_EXECUTION 
Currently, there is support for setting up a SecurityContext after @Before by
using TestExecutionEvent.TEST_EXECUTION. The current implementation, however,
already creates the SecurityContext in @Before and just does not set it yet.
This leads to issues like #6591. For the case of @WithUserDetails, the
creation of the SecurityContext already looks up a user from the repository.
If the user was inserted in @Before, the user is not found despite using
TestExecutionEvent.TEST_EXECUTION. This commit changes the creation of the
SecurityContext to happen after @Before if using
TestExecutionEvent.TEST_EXECUTION.

Closes gh-6591
 2020-06-24 16:40:08 -05:00
Craig Andrews c71352c548 Validate headers and parameters in StrictHttpFirewall 
Adds methods to configure validation of header names and values and
parameter names and values:
 * setAllowedHeaderNames(Predicate)
 * setAllowedHeaderValues(Predicate)
 * setAllowedParameterNames(Predicate)
 * setAllowedParameterValues(Predicate)

By default, header names, header values, and parameter names that
contain ISO control characters or unassigned unicode characters are
rejected. No parameter value validation is performed by default.

Issue gh-8644
 2020-06-24 14:15:46 -06:00
Dávid Kovács 88028d82ed formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:54:32 -05:00
Joe Grandja 659b25a4e5 Fix typo in OAuth2AccessTokenResponse 
Closes gh-8746
 2020-06-22 08:21:59 -04:00
Eleftheria Stein 12d20f99a1 Fix incorrect Javadoc 
Closes gh-8744
 2020-06-22 13:14:34 +02:00
Eleftheria Stein c854f6b190 Add missing Javadoc 
Closes gh-8743
 2020-06-22 13:13:32 +02:00
Rob Winch 6e0d2f3324 Use reactorVersion 20+ for snapshot tests 2020-06-19 10:41:00 -05:00
Josh Cummings a344dbdb8c
Use AssertJ 
Issue gh-3384
 2020-06-18 11:54:33 -06:00
Josh Cummings 8cbdcfe756
Document SAML Attribute Support 
Issue gh-8661
 2020-06-18 11:42:49 -06:00
Josh Cummings 360db53dd2
Polish SAML Attribute Support 
Issue gh-8661
 2020-06-18 11:42:49 -06:00
Nikola Kostic eed33228f4
Add SAML Attribute Support 
Closes gh-8661
 2020-06-18 11:42:48 -06:00
Craig Andrews efb6953017 Reject the NULL character in paths in StrictHttpFirewall 
Adds `setAllowNull`
By default, denies null in paths
 2020-06-18 10:19:37 -06:00
Rob Winch 406cde8798 Use Spring Snapshots Again 
Closes gh-8712
 2020-06-18 09:32:11 -05:00
Ellie Bahadori ca63af4a28 Remove Travis pipeline and README badge 2020-06-17 16:07:32 -05:00
Ellie Bahadori 7319e81701 Change pipeline to run for all base branches 
Issue gh-8680
 2020-06-17 16:05:41 -05:00
Josh Cummings 9895d01257
Simplify Multitenancy Example 
Closes gh-8713
 2020-06-17 14:04:58 -06:00
Rob Winch 145bb89394 Use Spring Releases for Now 
Works around https://github.com/spring-projects/spring-framework/issues/25271
 2020-06-17 14:39:48 -05:00
yukihane c177b391d4
Polish ProviderManagerTests 
- Renamed test to follow naming convention
- Simplified mock with Mockito
- Added note regarding related ticket

Issue gh-8689
 2020-06-16 15:56:04 -06:00
yukihane 5302fb776c
ProviderManager Uses CollectionUtils#contains 
Closes gh-8689
 2020-06-16 15:56:04 -06:00
Ellie Bahadori 27e1c582b9
Merge pull request #8680 from elliedori/github-actions-pr-pipeline 
Set up Github Actions pipeline for PRs
 2020-06-16 11:19:37 -07:00
Eleftheria Stein 224361cb4a Fix typo in Javadoc 2020-06-16 09:38:09 -04:00
Rob Winch eb351f455b
Use `Closes gh-<number>` 
We now use Closes because it makes sense for enhancements and bugs
 2020-06-11 15:34:35 -05:00
Ellie Bahadori e213e6430a Create Github Actions pipeline for PR build workflow 2020-06-11 11:07:34 -07:00
Evgeniy Cheban 4e7be2078f DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:43:01 -04:00
Rob Winch ccbad61ae8 Change blacklist to blocklist 
Closes gh-8676
 2020-06-10 11:49:49 -05:00
Rob Winch ca1252be94 Replace whitelist with allowlist 
Issue gh-8676
 2020-06-10 11:49:21 -05:00
Rob Winch a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Rob Winch 6fbe58e624 Update RSocket Sample to use RSocket 1.0.1 
Fixes the integration tests from hanging.

Issue gh-8664
 2020-06-10 11:44:10 -05:00
Joe Grandja da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja 4c902bb857 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:28:21 -04:00
Robin Dupret bb0fac66d6 Fix a few typos in the documentation 2020-06-09 14:40:39 -05:00
Josh Cummings 1d821a2664
Add Ticket Number to Test 
Issue gh-8650
 2020-06-05 14:24:49 -06:00
Erik Bakker cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Rob Winch 24a04f9c5f Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:22:19 -05:00
Parikshit Dutta 28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Josh Cummings aa84c79e87
Use Nimbus Multiple Algorithm Support 
Closes gh-8623
 2020-06-02 12:49:21 -06:00
Dayan d8aa208a9f Fix broken link in spring security reference document 
Fixes:#8593
 2020-06-02 05:36:19 -06:00
Rob Winch 748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Eleftheria Stein a63a0e3765 Add reactive CSRF samples to docs 
Issue gh-8172
 2020-05-28 13:16:35 -04:00
Josh Cummings da05543ef6
Update OAuth 2.0 Client Testing Docs 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 42a8635cde
Remove @MockBean ClientRegistrationRepository 
Fixes gh-8606
 2020-05-28 10:33:02 -06:00
Josh Cummings d5b8981678
Polish OAuth 2.0 Samples 
- Favor @TestConfiguration so as to not disable Spring Boot's
auto-configuration of ClientRegistrationRepository and
OAuth2AuthorizedClientRepository
 2020-05-28 10:33:02 -06:00
Josh Cummings 8d84bc58f6
Remove Unneeded OAuth2AuthorizedClientRepository 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 900f551890
Inject TestOAuth2AuthorizedClientRepository 
Fixes gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings d014d29199
Update to Spring Boot 2.3.0 
Fixes gh-8605
 2020-05-27 16:12:23 -06:00
Josh Cummings b6f5464fb4
Update to Latest rsocket-core 
Now that the RSocket Authentication Extension is GA, it's no longer
necessary to override the version locally in the sample.

Issue gh-7935
 2020-05-27 16:12:23 -06:00
Josh Cummings 23db372962
Update to Gradle 6.4.1 
Fixes gh-8604
 2020-05-27 16:12:23 -06:00
Eleftheria Stein 61060b3a4f Add multipart configuration to CSRF Kotlin DSL 
Fixes gh-8602
 2020-05-27 17:01:12 -04:00
Eleftheria Stein 6f5947cab7 Fix test warnings 2020-05-27 17:00:48 -04:00
Eleftheria Stein fa11ae3c33 Remove unused import 2020-05-27 14:27:29 -04:00