Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,026 Commits 34 Branches 337 Tags
Commit Graph

1116 Commits

Author SHA1 Message Date
Joe Grandja
371221d729 Support anonymous Principal for OAuth2AuthorizedClient 
Fixes gh-5064
 2018-07-16 10:15:41 -05:00
Joe Grandja
779597af2a Add support for custom authorization request parameters 
Fixes gh-4911
 2018-07-16 09:39:06 -05:00
Rob Winch
a3210c96d9 Default Log Out Page 
Fixes: gh-5516
 2018-07-15 19:45:20 -05:00
Rob Winch
05ed028f9d Modernize Default Log In Page 
Fixes: gh-5515
 2018-07-15 19:43:42 -05:00
Rob Winch
a66b945ab7 Configuration for ReactiveUserDetailsPasswordService 
Issue: gh-2778
 2018-07-15 15:08:06 -05:00
Rob Winch
3ca5810bc8 Configuration Support for UserDetailsPasswordManager 
Issue: gh-2778
 2018-07-15 14:56:45 -05:00
Rob Winch
02b857d82a Add PasswordEncoder.upgradeEncoding 
Issue: gh-2778
 2018-07-14 22:52:15 -05:00
mhyeon.lee
2af69f08a9 Fix oauth2login loginProcessingUrl NPE for java config 
Java Config http.oauth2Login().loginProcessingUrl("url"); throws NPE.
Override loginProcessingUrl method and cached config url.
Then when the config is initialized,
it calls the super method to complete the configuration.

Fixes gh-5488
 2018-07-13 09:34:17 -04:00
Johnny Lim
522bfe9e05 Polish Javadoc in ServerHttpSecurity 2018-07-11 08:01:49 -05:00
Mahan Hashemizadeh
555512e1f0 HstsSpec methods return this 
HstsSpec methods maxAge and includeSubdomains use to return void
which broke using it as a fluent API.

The methods now return HstsSpec which fixes this issue.

Fixes: gh-5483
 2018-07-05 13:58:45 -05:00
Josh Cummings
1d0bb08398
InterceptUrlConfigTests groovy->java 
Issue: gh-4939
 2018-07-02 10:39:24 -06:00
Joe Grandja
ec970c9b8e Improve message for NoUniqueBeanDefinitionException in OAuth2ClientConfigurerUtils 2018-06-25 15:20:02 -04:00
Joe Grandja
b3a38fb0f6 OAuth2ClientWebMvcSecurityConfiguration handles multiple OAuth2AuthorizedClientService @Bean 
Fixes gh-5321
 2018-06-25 15:20:02 -04:00
Josh Cummings
b437ce03b0
HttpHeadersConfigTests groovy->java 
Also, slightly modified the approach when asserting headers. In the
previous incarnation, the tests would assert an exact match against
the list of headers, which is more brittle than confirming that the
expected headers are there and the unexpected ones are not.

Now, should Spring Security add other headers that are outside the
purview of the secure headers configuration, the assertions won't
break.

Issue: gh-4939
 2018-06-20 07:53:22 -06:00
Joe Grandja
6081451fa3 Polish OAuth2Configurer 2018-06-19 06:10:30 -04:00
Rob Winch
3573167d77 ServerHttpSecurity oauth leverages OidcReactiveAuthenticationManager 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Joe Grandja
4fc6d96073 Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient 
Fixes gh-5360
 2018-06-08 17:33:21 -04:00
Joe Grandja
81a73e1f55 Fix package tangle in OAuth2Configurer 
Fixes gh-5342
 2018-06-08 11:09:16 -04:00
Rob Winch
dd1b1b9cc3 Use Spring Framework 5.1.0 SNAPSHOT 
Fixes: gh-5408
 2018-06-05 12:28:51 -05:00
Josh Cummings
3332ccbe50
SecurityContextHolderAwareRequestConfig groovy->java 
Issue: gh-4939
 2018-05-30 17:37:45 -06:00
Rob Winch
73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Kazuki Shimizu
2c92496911 Polishing the OidcConfigurationProvider 
See gh-5355
 2018-05-21 12:20:58 -05:00
Rob Winch
9d55a64465 OidcConfigurationProvider validate returned issuer 
Validate the issuer that was returned matches the issuer that was
was requested.

Issue: gh-5355
 2018-05-18 13:15:27 -05:00
Rob Winch
db889973a8 OidcConfigurationProvider improve invalid issuer error 
Issue: gh-5355
 2018-05-18 11:21:45 -05:00
Rob Winch
18c8af8f0d Add OidcConfigurationProvider ClientAuthenticationMethod.POST support 
Issue: gh-5355
 2018-05-18 10:35:53 -05:00
Rob Winch
7853c759d9 OidcConfigurationProvider uses OidcScopes.OPENID 
Issue: gh-5355
 2018-05-18 10:03:36 -05:00
Rob Winch
cbf9a7b7a2 Polish OidcConfigurationProvider Javadoc 
Issue: gh-5355
 2018-05-18 10:02:07 -05:00
Rob Winch
9862c7bbef Move OidcConfigurationProvider to .oidc package 
Issue: gh-5355
 2018-05-18 09:57:12 -05:00
Rob Winch
0eedfc717a Revert "Revert "Add ClientRegistration from OpenID Connect Discovery"" 
This reverts commit 9fe0f50e3ced98357bfaceee88c4539f03d11e45.

The original commit was accidentally pushed prior to PR. We attempted
to revert the commit hoping the PR would open again. This did not work.
We are going to do a Polish commit instead.

Issue: gh-5355
 2018-05-18 09:40:43 -05:00
Rob Winch
9fe0f50e3c Revert "Add ClientRegistration from OpenID Connect Discovery" 
This reverts commit 0598d4773257d96ed323f98cbc7e78b55dfd516c.
 2018-05-18 09:20:51 -05:00
Rob Winch
0598d47732 Add ClientRegistration from OpenID Connect Discovery 
Fixes: gh-4413
 2018-05-16 12:30:04 -05:00
Josh Cummings
658acf0332
PlaceHolderAndELConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings
428b0e45aa
HttpCorsConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings
306e9ed91c
HttpConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Rob Winch
32e368d9b7 Single ClientRegistration redirects by default 
Fixes: gh-5339
 2018-05-14 16:38:13 -05:00
Rob Winch
f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch
7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Johnny Lim
b91ebf7090 Fix @since for MockEventListener 2018-05-07 16:53:26 -05:00
Denys Ivano
fed15f2b01 Add accessDeniedHandler method to ExceptionHandlingSpec 
This allows to configure accessDeniedHandler in ExceptionTranslationWebFilter through ServerHttpSecurity.

Issue: gh-5257
 2018-05-07 16:22:29 -05:00
Johnny Lim
2a0f529ee4 Use spring-projects for organization in GitHub URLs 2018-05-04 21:01:39 -05:00
Josh Cummings
2273839aad
FormLoginConfigTests groovy->java 
Issue: gh-4939
 2018-05-01 08:11:04 -06:00
Rob Winch
9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch
eb067bc3a1 DefaultWebSecurityExpressionHandler uses PermissionEvaluator Bean 
The default instance of DefaultWebSecurityExpressionHandler uses the
PermissionEvaluator Bean by default.

Fixes: gh-5272
 2018-04-30 12:15:50 -05:00
Josh Cummings
359a73eff2
Merge pull request #5260 from jzheaux/gh-4939-FormLoginBeanDefinitionParserTests 
FormLoginBeanDefinitionParserTests groovy->java
 2018-04-27 12:03:55 -06:00
Josh Cummings
3c1231efd3
CsrfConfigTests groovy->java 
Issue: gh-4939
 2018-04-25 11:41:32 -06:00
Josh Cummings
65326b1178
FormLoginBeanDefinitionParserTests groovy->java 
Issue: gh-4939
 2018-04-25 11:12:07 -06:00
Josh Cummings
9c0f2cc281
AccessDeniedConfigTests groovy->java 
Issue: gh-4939
 2018-04-24 08:11:47 -06:00
Joe Grandja
526e0fdd4f Add OAuth2 Client HandlerMethodArgumentResolver 
Fixes gh-4651
 2018-04-02 12:13:52 -04:00
Joe Grandja
982fc360b2 Add support for authorization_code grant 
Fixes gh-4928
 2018-04-02 12:13:06 -04:00
Rob Winch
234c20eb30 Polish XsdDocumentedTests 
- NicerNoce->XmlNode
- NicerXmlSupport->XmlSupport
- NicerXmlParser->XmlParser

Issue: gh-4939
 2018-03-29 16:36:41 -05:00