Commit Graph

8303 Commits

Author SHA1 Message Date
Clement Stoquart 32c02fbedb
Remove empty relay state from redirect url 2020-03-04 12:47:03 -07:00
AmitB 96ff3a54a9 Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:16:07 -06:00
Josh Cummings 9092115b8a
Register Authentication Provider in Init Phase
Fixes gh-8031
2020-02-28 18:43:54 -07:00
Joe Grandja 3dbfef9ef1 OAuth2AccessTokenResponseHttpMessageConverter handles JSON object parameters
Fixes gh-6463
2020-02-24 15:58:25 -05:00
Joe Grandja 8acdb82e6a OAuth2AuthorizationCodeGrantWebFilter matches on query parameters
Fixes gh-7966
2020-02-10 15:28:06 -05:00
Rafael Renan Pacheco 5ce0ce3f38
Fix var typo and code readability 2020-02-10 12:06:30 -07:00
Joe Grandja 6141132cfa Fix test gh-7963 2020-02-10 05:53:00 -05:00
Joe Grandja cc7ea4acd3 OAuth2AuthorizationCodeGrantFilter matches on query parameters
Fixes gh-7963
2020-02-10 05:24:14 -05:00
Manuel Bleichenbacher 1e4736f9b3 Prevent double-escaping of authorize URL parameters
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.

It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Fixes gh-7871
2020-02-08 16:59:01 -05:00
Stephane Maldini 0012e24c46 Don't force downcasting of RequestAttributes to ServletRequestAttributes
Fixes gh-7953
2020-02-07 20:18:50 -05:00
Joe Grandja 2dc8147106 Add release-notes-sections.yml 2020-02-05 15:18:32 -05:00
Joe Grandja 1da8e9df13 Next Development Version 2020-02-05 11:03:09 -05:00
Joe Grandja 9a2b71d931 Release 5.2.2.RELEASE 2020-02-05 10:56:00 -05:00
Josh Cummings c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors 2020-02-05 07:16:37 -07:00
Joe Grandja 6c310213a8 Update to Spring Boot 2.2.4
Fixes gh-7909
2020-02-04 15:07:16 -05:00
Joe Grandja a5b6b9a398 Update to org.slf4j 1.7.30
Fixes gh-7908
2020-02-04 15:04:46 -05:00
Joe Grandja 9e6910273c Update to org.powermock 2.0.5
Fixes gh-7907
2020-02-04 14:56:28 -05:00
Joe Grandja ea809b01a6 Update to hibernate-validator 6.1.2.Final
Fixes gh-7906
2020-02-04 14:53:08 -05:00
Joe Grandja 8054239a12 Update to hibernate-entitymanager 5.4.10.Final
Fixes gh-7905
2020-02-04 14:51:05 -05:00
Joe Grandja 46486194c2 Update to org.aspectj 1.9.5
Fixes gh-7904
2020-02-04 14:44:05 -05:00
Joe Grandja 00b08bc725 Update to httpclient 4.5.11
Fixes gh-7903
2020-02-04 14:39:27 -05:00
Joe Grandja 6e0fbfcccd Update to commons-codec 1.14
Fixes gh-7899
2020-02-04 14:31:31 -05:00
Joe Grandja 87ea083520 Update to com.squareup.okhttp3 3.14.6
Fixes gh-7898
2020-02-04 14:24:11 -05:00
Joe Grandja 9db3f51f2a Update to Jackson 2.10.2
Fixes gh-7897
2020-02-04 14:06:11 -05:00
Joe Grandja 3cc4a945c6 Update to Reactor Dysprosium SR4
Fixes gh-7896
2020-02-04 14:03:06 -05:00
Joe Grandja dbc43fb47d Update to Spring Data Moore SR3
Fixes gh-7895
2020-02-04 14:02:57 -05:00
Joe Grandja ce6a0368bd Update to Spring Framework 5.2.3
Fixes gh-7894
2020-02-04 13:38:17 -05:00
Eleftheria Stein 9dd3dfe718 Fix requiresAuthenticationMatcher not being used
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
2020-01-27 16:56:59 +01:00
Eleftheria Stein edb6cd3729 Fix authenticationFailureHandler not being used
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
2020-01-27 13:52:01 +01:00
Peter Keller 2dbedf7af5 Set charset of BasicAuthenticationFilter converter
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
2020-01-23 16:24:03 +01:00
Eleftheria Stein 630eb10704 Load LDIF file from classpath in unboundId mode
Fixes: gh-7833
2020-01-21 17:12:18 +01:00
Eleftheria Stein f4d4c08329 Fix LDIF file example in LDAP docs
Fixes: gh-7832
2020-01-20 11:32:53 +01:00
Johannes Edmeier cc956a66df Don't cache requests with `Accept: text/event-stream` by default.
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:37:34 -08:00
Rob Winch 29182abb34 Fix HttpHeaderWriterWebFilterTests
Ensure setComplete() is subscribed to
2020-01-10 08:46:47 -06:00
Filip Hanik b754a3d635 Use the custom ServerRequestCache that the user configures
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-18 08:44:27 -08:00
Eleftheria Stein 0d24e2b8cf Fix WebFlux logout disabling
Fixes: gh-7682
2019-12-13 11:53:20 +01:00
Rob Winch b00999deed Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name

Fixes gh-7737
2019-12-12 15:30:56 -06:00
Eleftheria Stein 59ca2ddf65 Polish SAML2 principal classes
Update @since

Issue: gh-7681
2019-12-12 20:27:24 +01:00
Clement Stoquart 0782228914 fix: make Saml2Authentication serializable 2019-12-12 20:25:26 +01:00
Rob Winch 29eb8b9177 CompositeServerHttpHeadersWriter Executes Sequentially
Fixes gh-7731
2019-12-12 11:28:23 -06:00
Rob Winch bd6ff1f319 DelegatingServerAuthenticationSuccessHandler Executes Sequentially
Fixes gh-7728
2019-12-12 08:33:14 -06:00
Rob Winch 6db7b457b7 DelegatingServerLogoutHandler Executes Sequentially
Fixes gh-7723
2019-12-11 15:39:56 -06:00
Phil Clay 840d3aa986 Polish #7589
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
2019-12-10 14:37:34 -05:00
Ankur Pathak 4c5c4f6cce Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
2019-12-10 14:37:25 -05:00
Joe Grandja 148b570a98 Remove redundant validation for redirect-uri
Fixes gh-7706
2019-12-06 12:01:19 -05:00
Joe Grandja 752d5f29aa Display general error message when WebFlux oauth2Login() fails
Issue gh-5562 gh-6484
2019-12-05 20:12:38 -05:00
Joe Grandja e4aa3be4c5 WebFlux oauth2Login() redirects on failed authentication
Fixes gh-5562 gh-6484
2019-12-05 20:12:09 -05:00
Alexey Nesterov 0babe7d930 Correctly configure authorization requests repository for OAuth2 login
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
2019-11-29 13:58:27 -05:00
Joe Grandja b905cb8aaa Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 10:31:29 -05:00
Joe Grandja 19c2209a12 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository
Fixes gh-7544
2019-11-28 10:31:18 -05:00