Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,264 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

9264 Commits

Author SHA1 Message Date
Aditya Sekhar 4cc3c25a0e removed whitespace formatting 2020-11-13 15:01:17 -06:00
Aditya Sekhar a26975f780 cleanup compatibility method based on spring-projects#8868 2020-11-13 15:01:17 -06:00
Josh Cummings 4602e9a661
Use HttpBasicConfigurer's Conneg Strategy 
Closes gh-9100
 2020-11-12 16:26:10 -07:00
Josh Cummings af669a2166
Remove Reliance on BearerTokenResolver 
Closes gh-9186
 2020-11-12 15:40:55 -07:00
Loic Guibert ad489495dc Make salt length configurable in Pbkdf2PasswordEncoder 
Add constructors with a salt length input parameter.
Default salt length is still 8-byte long like before when
saltGenerator was initialized with call to
KeyGenerators#secureRandom() which use
SecureRandomBytesKeyGenerator#DEFAULT_KEY_LENGTH.

Closes gh-4372
 2020-11-11 10:12:17 -06:00
Angel Aguilera d7612e346e
Fix typo in Javadoc 2020-11-11 06:48:22 -05:00
Ellie Bahadori 649443f67e
Build GitHub Actions CI pipeline 2020-11-10 10:25:16 -05:00
zhuang ff58ac836e
Decode cookie once in AbstractRememberMeServices 
Issue gh-9192
 2020-11-09 08:14:20 -05:00
Eleftheria Stein 34a21cd80c Fix formatting 2020-11-09 13:46:09 +01:00
Eleftheria Stein 5661e06e9c Fix typo UserDetailService -> UserDetailsService 2020-11-09 13:13:32 +01:00
Rob Winch 4515c86beb WithSecurityContextTestExecutionListener Respects @NestedTestConfiguration 
Previously WithSecurityContextTestExecutionListener did not respect
@NestedTestConfiguration.

This commit switches to using TestContextAnnotationUtils to ensure that
@NestedTestConfiguration is respected.

Closes gh-9193
 2020-11-06 15:11:50 -06:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing 
Closes gh-8951
 2020-11-05 10:57:33 -07:00
Joe Grandja 61550f8a48 Add convenience constructor in OAuth2AuthenticationException 
Closes gh-9190
 2020-11-04 13:37:14 -05:00
Joe Grandja f0a3f91f86 Next development version 2020-11-03 19:54:28 -05:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1" 
This reverts commit 25a7482c8c.
 2020-11-03 19:53:28 -05:00
Joe Grandja 3cba4eccdc Release 5.5.0-M1 2020-11-03 19:06:19 -05:00
Rob Winch 4e1f97a525 Document WithSecurityContextTestExecutionListener Nested Support 
Issue gh-9179
 2020-11-03 17:53:59 -06:00
Rob Winch 87d8741730 WithSecurityContextTestExecutionListener Supports Nested Classes 
WithSecurityContextTestExecutionListener now supports nested classes. If
the class is nested WithSecurityContext is not found, then the enclosing
class is looked at until there is no enclosing class.

Closes gh-9179
 2020-11-03 17:36:37 -06:00
Arvid Ottenberg d0d655e18d
Allow Customization of Bearer Token Resolution 
Closes gh-8535
 2020-11-03 14:34:46 -07:00
Joe Grandja 9d1637d2cd Add unsupported_token_type to OAuth2ErrorCodes 
Closes gh-9184
 2020-11-03 14:11:01 -05:00
Joe Grandja dafedf93fa Fix format gh-9183 2020-11-03 14:00:07 -05:00
Joe Grandja aeb999eae2 Add token and token_type_hint to OAuth2ParameterNames 
Closes gh-9183
 2020-11-03 13:42:28 -05:00
Joe Grandja 0c25b8c1f9 Introduce JwaAlgorithm 
Closes gh-9182
 2020-11-03 13:03:50 -05:00
Joe Grandja c069692ab9 Extract OAuth2Token from AbstractOAuth2Token 
Closes gh-5502
 2020-11-02 20:35:08 -05:00
Josh Cummings 8b7751f5f4
Polish Multiple Filter Chains Docs 
Issue gh-9178
 2020-11-02 13:49:24 -07:00
Guillaume Berche 69336fb3ec
Add Multiple Filter Chains Docs 
Closes gh-9178
 2020-11-02 13:45:04 -07:00
Guillaume Berche ab9a310485
Add Link to WebFlux Unit Tests 2020-11-02 13:45:04 -07:00
Josh Cummings b8f8fab54f
Document SigningMethod Support 
Issue gh-8952
Issue gh-9177
 2020-11-02 11:27:23 -07:00
Josh Cummings aba0e904f0
Read SigningMethod Elements 
Closes gh-9177
 2020-11-02 11:27:23 -07:00
Josh Cummings e1826a0bd8
Polish Signature Algorithm Support 
- Changed name to signatureAlgorithms since method and algorithm are
synonymous
- Re-ordered methods to follow typical IDPSSODescriptor order
- Adjusted JavaDoc to refer to IDPSSODescriptor terminology

Issue gh-8952
 2020-11-02 11:27:23 -07:00
Arnaud Mergey 9900658c92
support configurable signature algorithm 
Closes gh-8952
 2020-11-02 11:27:23 -07:00
Eleftheria Stein 5c8972b7d5 Add test for ordered WebSecurityCustomizers 
Issue gh-9154
 2020-11-02 14:19:14 +01:00
Rob Winch 25a7482c8c Lock dependencies for 5.5.0-M1 2020-10-30 17:52:03 -05:00
Hideaki Matsunami 6d9ee5a354 add white space before strong notation. 2020-10-30 15:44:49 -06:00
Ovidiu Popa 6724e3e514 Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService 
Implement R2dbcReactiveOuath2AuthorizedClientService which persists the
Oauth2AuthorizedClient in a sql database

R2dbcReactiveOuath2AuthorizedClientService is using the spring-r2dbc
module to persist/load Oauth2AuthorizedClient to/from a sql database

Add optional depedency to the spring-r2dbc module
Add test compile dependencies to r2dbc-h2 and r2dbc-test

Closes gh-7890
 2020-10-29 15:44:12 -04:00
Joe Grandja f8cc48fe2b Set rsocketVersion to 1.1.0 
Closes gh-9167
 2020-10-29 15:43:52 -04:00
Joe Grandja 3618cbd3eb Revert "Use reactor-netty-http for snapshot build" 
This reverts commit 1361cb8790.
 2020-10-29 15:43:52 -04:00
Joe Grandja 4ff53c924d Set reactorVersion to 2020.0.+ 
Closes gh-9166
 2020-10-29 15:43:39 -04:00
Joe Grandja c0327adecb Set springVersion to 5.3.+ 
Closes gh-9165
 2020-10-29 15:43:20 -04:00
Ayush Kohli ea68989421 Closes gh-8196 
Add leveloffset
 2020-10-28 14:55:30 -06:00
Christian Mouttet 6486857462 JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs 
- NimbusJwtDecoder uses claim set converters: issuer claim is converted to an URL object
- JwtIssuerValidator (created by JwtValidators.createDefaultWithIssuer(String)) wraps a JwtClaimValidator<String>
- because of different data types, equal() is always false

This change allows both Strings and URLs as values of the issuer

Closes gh-9136
 2020-10-28 14:20:27 -06:00
Alexander Polozov a362ab53bc Change guard expressions order 
Check of allowed user sessions count moved to head for avoid unnecessary fetching all user sessions.
 2020-10-27 09:49:29 -04:00
Eleftheria Stein 9cf3129d7a Update Kotlin MockMvc result matchers in sample 
Issue gh-9155

The "style" parameter is no longer supported
 2020-10-27 11:20:16 +01:00
Eleftheria Stein aac6d2f56b Kotlin MockMvc result matchers use parentheses 
Closes gh-9155
 2020-10-27 10:57:49 +01:00
Eleftheria Stein 9b66929358 Remove unused import in sample 2020-10-27 10:09:51 +01:00
Ellie Bahadori d69032a68d Prevent PR builds from running on forks 2020-10-26 11:07:25 -05:00
Joe Grandja b182d9def1 Fix code formatting 
Issue gh-9146
 2020-10-22 13:30:48 -04:00
Alexey Nesterov 339da36878 Add refresh token expiration support 
Closes gh-9146
 2020-10-22 12:41:48 -04:00
Craig Andrews 42a787d1f6 Add Postgres sql for JDBC implementation of OAuth2AuthorizedClientService 
Postgres doesn't have a BLOB type, but it does have an equivalent BYTEA
type.
This approach and naming convention follows the convention established
in Spring Session JDBC which has sql for each RDBMS with files names in
the pattern *-{dbname}.sql, for example:
schema-db2.sql
schema-derby.sql
schema-h2.sql
schema-mysql.sql
schema-postgresql.sql

See https://github.com/spring-projects/spring-session/tree/2.3.1.RELEASE/spring-session-jdbc/src/main/resources/org/springframework/session/jdbc

Issue gh-9070
 2020-10-22 09:56:20 -04:00
Craig Andrews 05dc326389 Use LobHandler in JdbcOAuth2AuthorizedClientService 
LobHandler provides an abstraction for handling large binary fields and large text
fields in specific databases, no matter if represented as simple types or
Large OBjects.

Its use provides compatibility with many databases eliminating the need
for custom OAuth2AuthorizedClientParametersMapper and
OAuth2AuthorizedClientRowMapper implementations.

Closes gh-9070
 2020-10-22 09:56:20 -04:00