Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,869 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8869 Commits

Author SHA1 Message Date
Markus Engelbrecht 7463583c1b Fix typos in BCryptPasswordEncoder documentation 
Resolves gh-8585
 2020-05-27 10:35:49 -05:00
Spencer Gilson 551f9114a9 Fixing typo in README 
@pivotal-issuemaster This is an Obvious Fix
 2020-05-27 07:50:33 -05:00
Eleftheria Stein 67d2efde1c Resolve package tangles with security marker annotation 2020-05-27 07:33:24 -05:00
Eleftheria Stein bc272ddf73 Resolve package tangles in Kotlin server package 2020-05-27 07:33:24 -05:00
Eleftheria Stein 0a42aa26c8 Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 10:16:56 -04:00
Craig Andrews f1db7167cb Polish 
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.

This change does not alter behavior.
 2020-05-22 20:33:32 -05:00
Craig Andrews dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Evgeniy Cheban 0fa339f75b Allow port=0 for ApacheDSContainer 
Fixes gh-8144
 2020-05-21 16:14:01 -05:00
justmehyp 06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
 2020-05-21 11:19:03 -05:00
Mazharul Islam bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft 014df98ebb Polish 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
 2020-05-21 11:09:31 -05:00
Maksim Vinogradov 4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 09:53:35 -05:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00
Andreas Volkmann 16b0a268d9 Update index.adoc 2020-05-20 08:01:56 -05:00
Josh Cummings 9a72654b8d
Update to jQuery 3.5.1 
Fixes gh-8557
 2020-05-19 13:02:04 -06:00
Josh Cummings c519d726ed
Polish hellojs Sample 
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password

Fixes gh-8555
Fixes gh-8556
 2020-05-19 13:02:04 -06:00
Josh Cummings b04b34ba85
Fix Logout in OpenID Sample 
Fixes gh-8554
 2020-05-19 13:02:04 -06:00
Dávid Kovács 4ab9da1c53 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:43:00 -05:00
Josh Cummings 51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts 
Issue gh-8552
 2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials 
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
 2020-05-18 10:08:27 -06:00
cbornet bfb401eeed Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:04:54 -05:00
Parikshit Dutta 1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale 78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Dávid Kovács db4ca1f756 Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:13 -05:00
Rob Winch bb05603b3c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:07:24 -05:00
Rob Winch e5d2aaf6fe
Deprecate OpenID 2.0 support 
Deprecate OpenID 2.0 support
 2020-05-12 09:37:56 -05:00
Mathieu Ouellet cd08102b93 Add debug logging 
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
 2020-05-12 09:03:24 -05:00
Rob Winch 8d447633f4 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:20:27 -05:00
Rob Winch 4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed 
Issue gh-8149
 2020-05-11 17:20:16 -05:00
Parikshit Dutta 0f92415395 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8149
 2020-05-11 17:19:57 -05:00
Artyom Tarynin 6db514a4e2 Update AntPathRequestMatcher.java 
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
 2020-05-11 17:11:22 -04:00
Eleftheria Stein 1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Jean-Pierre Bergamin fbd3cfa40e
Fix code snippets to configure timeouts 
Issue: gh-8487
 2020-05-11 15:59:11 -04:00
Dávid Kovács f2a2b469c4 Deprecate openID 2.0 support 
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.

Fixes gh-7153
 2020-05-09 12:04:13 +02:00
Rob Winch d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Jean-Pierre Bergamin 6d5d883518 Use Opaquetoken properties to configure timeouts 
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
 2020-05-07 15:20:50 -04:00
Rob Winch e1fd0b3859 Update to spring-build-conventions:0.0.32.RELEASE 
Closes gh-8499
 2020-05-06 17:39:22 -05:00
Pei-Tang Huang 9dcdae3269 Update Traditional Chinese translation. 
Align with commit f7b33da577.
 2020-05-06 17:07:57 -05:00
Joe Grandja f92ab34ca0 Next development version 2020-05-06 17:37:30 -04:00
Joe Grandja 86ca6b013c Unlock dependencies 
This reverts commit 206960cf44.
 2020-05-06 17:27:35 -04:00
Joe Grandja c506ee6b69 Release 5.4.0-M1 2020-05-06 17:19:22 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Eleftheria Stein 07f8154a06 Temporarily build against Framework 5.2.x snapshot 
Issue: gh-8489
 2020-05-06 12:55:50 -04:00
Eleftheria Stein 545286188d Update SAML2 errors in integration tests 2020-05-06 11:46:54 -04:00
Eleftheria Stein 026a951d4f Remove JDK 9 and JDK 10 build from Jenkins pipeline 
Closes gh-8482
 2020-05-05 19:57:56 -04:00
Eleftheria Stein db155b3094 Clean up Javadoc 
Fixes gh-8480
 2020-05-05 17:31:54 -04:00