spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	2d8c65db56	Support port=0 for LDAP Servers Fixes gh-8138	2020-03-18 09:45:10 -06:00
Josh Cummings	4d99ee2896	Allow port=0 in XSD Issue gh-8138	2020-03-18 09:45:10 -06:00
Josh Cummings	f438bdfbcf	Add spring-security-5.4.xsd Issue gh-8138	2020-03-18 09:45:10 -06:00
Erik van Paassen	ad9bb7f230	Fix typo in Javadoc of HttpSecurity#csrf() `HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.	2020-03-17 12:42:11 -06:00
Eleftheria Stein	40b15f5a46	Rename to SessionFixationDslTests	2020-03-17 12:05:25 -04:00
Josh Cummings	bfd36d9a54	Remove Redundant ConcurrentSessionFilter Refs Fixes gh-8105	2020-03-13 16:27:30 -06:00
Markus Engelbrecht	d81321bc29	Fix typo 'properites' in documentation Fixes gh-8095	2020-03-11 10:54:14 -06:00
Josh Cummings	6eadf7b140	Unlock dependencies for 5.3.0.RELEASE This reverts commit `147d7dadd7`.	2020-03-04 12:02:48 -07:00
Josh Cummings	147d7dadd7	Lock dependencies for 5.3.0.RELEASE	2020-03-04 10:28:39 -07:00
Josh Cummings	c729fee7bc	Malformed Bearer Token Returns 401 for WebFlux Fixes gh-7668	2020-03-03 15:42:02 -07:00
Joe Grandja	c111099640	Polish client-registration xsd attributes Issue gh-4557	2020-03-02 15:02:46 -05:00
Josh Cummings	e97396b9c7	Add Resource Server XML Support Fixes gh-5185	2020-03-02 11:51:40 -07:00
Josh Cummings	f1a2d69968	Add AuthenticationProvider List Configurability Issue gh-5185	2020-03-02 11:51:40 -07:00
Josh Cummings	34b40deb38	Add By-RequestMatcher Exception Handling Issue gh-5185	2020-03-02 11:51:40 -07:00
Josh Cummings	98a2ca3bbc	Add Csrf Ignore Configurability Issue gh-5185	2020-03-02 11:51:40 -07:00
Josh Cummings	19584884b3	Register Authentication Provider in Init Phase Fixes gh-8031	2020-02-28 15:32:27 -07:00
Filip Hanik	3257349045	Support POST binding for AuthNRequest Has been tested with - Keycloak - SSOCircle - Okta - SimpleSAMLPhp This PR extends (builds on previous commits and adds user configuration options) https://github.com/spring-projects/spring-security/pull/7758	2020-02-28 09:15:26 -08:00
Rob Winch	727fee1e12	Polish HeaderWriterSpec Assert.notNull(Object,Supplier) is for when then message passed in requires concatenation and avoids doing extra work. Since this does not require concatenation, we can use Assert.notNull(Object,String) Issue gh-7636	2020-02-27 07:57:51 -06:00
Ankur Pathak	480c5bc87e	Custom ServerHttpHeadersWriter to HeaderSpec Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec Fixes gh-7636	2020-02-27 07:55:30 -06:00
Eleftheria Stein	2fb3d3d5a2	Add hasRole to authorizeRequests in Kotlin DSL Fixes: gh-8023	2020-02-25 08:29:26 -05:00
Joe Grandja	4cd89b584f	Polish gh-5184	2020-02-20 21:25:17 -05:00
Joe Grandja	8a4ff4452b	Add XML namespace support for oauth2-client Fixes gh-5184	2020-02-20 20:05:48 -05:00
Eleftheria Stein	171e0d048f	Fix typo in WebSecurityConfigurer Javadoc Fixes: gh-7876	2020-02-14 11:00:45 +01:00
Joe Grandja	ff8002eb2e	Polish gh-4557	2020-02-12 15:47:57 -05:00
Ruby Hartono	71a5c9521c	Add XML namespace support for oauth2-login Fixes gh-4557	2020-02-12 15:26:17 -05:00
Joe Grandja	40c0a452d7	Define oauth2-login xsd elements Issue gh-4557	2020-02-12 15:26:17 -05:00
Eleftheria Stein	fde3ccb8b3	Add marker to make Kotlin DSL type safe Fixes: gh-7971	2020-02-12 11:35:45 +01:00
Eleftheria Stein	1d6fdd249b	Add missing Javadoc to Kotlin class	2020-02-11 18:09:30 +01:00
Eleftheria Stein	f37a4557e6	Fix typo in Kotlin Javadoc	2020-02-11 18:09:30 +01:00
Josh Cummings	5bdf57d1e5	Remove Groovy and Spock Dependencies Fixes gh-4939	2020-02-10 10:38:40 -07:00
Eleftheria Stein	a5210aaf9b	Support custom filter in Kotlin DSL Fixes: gh-7951	2020-02-10 12:03:32 +01:00
Stephane Maldini	851be025e9	Don't force downcasting of RequestAttributes to ServletRequestAttributes Fixes gh-7952	2020-02-07 20:44:19 -05:00
Eleftheria Stein	8c0b754a49	Fix credentials precedence over introspector in Kotlin Fixes: gh-7878	2020-02-06 11:01:42 +01:00
Eleftheria Stein	1fed688f05	Fix JWK Set URI precedence over decoder in Kotlin Fixes: gh-7877	2020-02-06 10:48:42 +01:00
Eleftheria Stein	84b8a5abd7	Unlock dependencies for next development version This reverts commit `064616f1ef`.	2020-02-05 15:53:04 +01:00
Eleftheria Stein	064616f1ef	Lock dependencies for 5.3.0.RC1	2020-02-05 10:20:05 +01:00
Rob Winch	1d7208f8ef	Add RSocket Authentication Extension Support Fixes gh-7935	2020-02-04 23:36:47 -06:00
Josh Cummings	209c81d65d	Add BadOpaqueTokenException Updated NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to throw. Updated OpaqueTokenAuthenticationProvider and OpaqueTokenReactiveAuthenticationManager to catch. Fixes gh-7902	2020-02-04 17:33:08 -07:00
Josh Cummings	0c3754c811	Add BadJwtException Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw. Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager to catch. Fixes gh-7885	2020-02-04 17:33:08 -07:00
Josh Cummings	3e07b35611	Polish Bearer Token Error Handling Issue gh-7822 Issue gh-7823	2020-02-03 17:54:39 -07:00
James	ee6df1701b	Polish SessionManagementConfigurer	2020-01-31 11:24:36 -07:00
Josh Cummings	cb9fd09150	Change AuthenticationWebFilter's constructor Fixes gh-7872	2020-01-31 09:31:28 -07:00
Eleftheria Stein	a512789a93	Fix requiresAuthenticationMatcher not being used The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863	2020-01-27 16:12:27 +01:00
Eleftheria Stein	29377545d9	Fix authenticationFailureHandler not being used The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782	2020-01-27 13:10:03 +01:00
Johannes Edmeier	bdc60a9128	Don't cache requests with `Accept: text/event-stream` by default. The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..	2020-01-17 10:42:16 -08:00
Josh Cummings	f1f158b37e	AuthenticationEventPublisher DSL Lookup Fixes gh-4400	2020-01-14 12:07:46 -07:00
Josh Cummings	5579846263	AuthenticationEventPublisher Bean Lookup Issue gh-7793 Fixes gh-7515	2020-01-14 12:07:46 -07:00
James Howe	fc9b97c94a	Typo in doc	2020-01-14 08:32:26 -07:00
Vincent Ricard	f0856c83a9	Migrate LDAP integration tests groovy->java This commit also removes BaseSpringSpec Issue: gh-4939	2020-01-13 14:18:25 +01:00
Josh Cummings	a35ce77451	Add missing PowerMockIgnore annotation WebSecurityConfigurerAdapterPowermockTests needs to exclude javax.xml.transform.* from Powermock configuration.	2020-01-09 15:48:08 -07:00
Josh Cummings	ba21c156dd	Polish WebSecurityConfigurerAdapter tests Moved Powermock-dependent test over to WebSecurityConfigurerAdapterPowermockTests.	2020-01-09 13:51:19 -07:00
Eleftheria Stein	fcc6457bef	Unlock dependencies for next development version This reverts commit `93acf8f0f1`.	2020-01-08 22:15:17 +01:00
Eleftheria Stein	93acf8f0f1	Lock dependencies for 5.3.0.M1	2020-01-08 19:41:10 +01:00
Josh Cummings	de87675f6d	Add JwtIssuerAuthenticationManagerResolver Fixes gh-7724	2020-01-07 23:30:42 -07:00
Eleftheria Stein-Kousathana	2df1099da5	Idiomatic Kotlin DSL for configuring HTTP security Issue: gh-5558	2020-01-07 12:08:43 -05:00
Rob Winch	65981444f1	Use Version Ranges Fixes gh-7788	2020-01-06 14:46:48 -06:00
Rob Winch	06d7443946	Use Gradle platform and constraints This was largely generated from the following script wget `bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy` ./dsp.gradle cat gradle/dependency-management.gradle \| grep 'management "' \| cut -d ':' -f 2 \| xargs -I{} sh -c "rg {} -l -g '.gradle' -g '\!dependency-management.gradle' > /dev/null \|\| echo {}" \| xargs -I{} sed -iE '/.{}.*/d' gradle/dependency-management.gradle rm ./dps.gradle Fixes gh-7787	2020-01-06 14:46:36 -06:00
Eleftheria Stein	924b9e95a1	Polish MethodSecurityEvaluationContext Issue: gh-6224	2020-01-03 20:08:52 -05:00
Eleftheria Stein	8b8267e1fe	Fix typo in LDAP Javadoc	2020-01-02 10:58:44 -05:00
BELHAKEL Ammar	b4619f31ee	Fix return type AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to B, the type of SecurityBuilder, instead of O, the type of object being built. Without this change, calls like http.objectPostProcessor(...).getFilters() will fail with a ClassCastException.	2019-12-30 12:01:56 -07:00
Eleftheria Stein	2c7f2c2117	Fix Javadoc error in oauth2ResourceServer Fixes: gh-7670	2019-12-27 14:24:46 +01:00
Filip Hanik	af415948b1	Allow configuration of AuthenticationManagerResolver in saml2Login() Fixes gh-7654 https://github.com/spring-projects/spring-security/issues/7654	2019-12-17 13:34:27 -08:00
Filip Hanik	9aa333ca4d	Use the custom ServerRequestCache that the user configures on for the default authentication entry point and authentication success handler Fixes gh-7721 https://github.com/spring-projects/spring-security/issues/7721 Set RequestCache on the Oauth2LoginSpec default authentication success handler import static ReflectionTestUtils.getField Feedback incorporated per https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359	2019-12-17 13:33:56 -08:00
Josh Cummings	02f161aba7	Use OidcIdToken.Builder Issue gh-7592	2019-12-12 07:37:15 -07:00
Joe Grandja	c40a17b4d1	WebFlux oauth2Login() redirects on failed authentication Fixes gh-5562 gh-6484	2019-12-05 16:50:43 -05:00
Alexey Nesterov	d8d59e97ac	Correctly configure authorization requests repository for OAuth2 login To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is correctly configured, but the latter always uses default, WebSession based repository. So authorization code created before redirect to authorization endpoint will never be found to complete OAuth2 login when custom ServerAuthorizationRequestRepository is used. This change also makes OAuth2Client and OAuth2Login authentication converters consistent. Fixes gh-7675	2019-11-29 12:05:15 -05:00
Eleftheria Stein	b7cb93f671	Fix WebFlux logout disabling Fixes: gh-7682	2019-11-28 14:40:25 +01:00
Ruslan Stelmachenko	c38e57fa42	Fix class and variable names	2019-11-28 09:23:38 +01:00
Ruslan Stelmachenko	8ebc7ca0ea	Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc	2019-11-28 09:23:38 +01:00
Eleftheria Stein	8a95e5798d	Update @MessageMapping to match input/output cardinality	2019-11-22 15:07:38 -06:00
Pim Moerenhout	cd0bec48de	Fix typo in log message.	2019-11-21 15:55:27 -07:00
Paul Pazderski	0d35194b47	Add sessionFixation Javadoc	2019-11-15 12:17:05 +01:00
Adrian Pena	ca8877c8c5	Updates javadoc for InitializeUserDetailsBeanManagerConfigurer	2019-11-13 10:34:10 +01:00
Eleftheria Stein	1188a3bb5f	Polish RememberMeConfigurer Issue: gh-4140	2019-11-07 15:26:59 +01:00
邓超	b13f750646	Retrieve remember-me key from service as fallback Fixes: gh-4140	2019-11-07 13:55:39 +01:00
Yanming Zhou	9f6a36444a	Add missing schemas	2019-11-06 08:24:20 -06:00
Josh Cummings	925bf48ec0	Polish OAuth2ResourceServerConfigurerTests To confirm that resource server only produces SCOPE_<scope> authorities by default. Issue gh-7596	2019-11-04 11:39:54 -07:00
Filip Hanik	0cafcf37e2	Make the loginProcessingUrl configurable for saml2Login() Fixes gh-7565 https://github.com/spring-projects/spring-security/issues/7565	2019-10-31 08:20:12 -07:00
Josh Cummings	5f17032ffd	Restore Removed Throws Clauses In a recent clean-up, certain exceptions were removed from various throws clauses. This PR re-introduces throws clauses that are important for one of the following reasons: 1. It's a method on a public interface 2. It's a method clearly designed for inheritance, for example, a method stub, an abstract method, or indicated as such in the docs. Fixes gh-7541	2019-10-30 12:13:54 -06:00
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	2019-10-28 14:06:10 -05:00
Vitalii Mahas	0ac5f5456f	Fix typo 'is' -> 'if' in javadoc	2019-10-25 13:27:11 -06:00
Eleftheria Stein	de7cbc82b5	Clarify in Javadoc that expressionHandler should not be null Fixes: gh-2665	2019-10-23 15:10:39 -04:00
Rob Winch	3051a79188	Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access	2019-09-30 14:33:41 -05:00
Rob Winch	a911f3d52f	Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access	2019-09-30 14:14:59 -05:00
Rob Winch	3854afad61	Merge Add denyAll method in AuthorizePayloadsSpec.Access	2019-09-30 14:05:42 -05:00
Josh Cummings	758af54796	ObjectPostProcessor Tests groovy->java Issue gh-4939	2019-09-27 16:36:33 -06:00
Josh Cummings	a08be5bf6f	UrlAuthorizationsTests groovy->java Issue gh-4939	2019-09-27 16:23:33 -06:00
Josh Cummings	870d83eb3e	PermitAllSupportTests groovy->java Issue gh-4939	2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle	350bce761f	Add hasAuthority method to RSocketSecurity Fixes gh-7435	2019-09-27 16:48:25 -05:00
Josh Cummings	5f905232cb	Polish CurrentSecurityContextArgumentResolvers Fixes gh-7487	2019-09-27 13:19:08 -06:00
Joe Grandja	5ef6e7ed6f	Add author for SecurityReactorContextConfiguration Issue gh-7422	2019-09-27 15:17:20 -04:00
Joe Grandja	0fea57d6a1	Optimize SecurityReactorContextConfiguration Issue gh-7422	2019-09-27 14:46:39 -04:00
Josh Cummings	33ba292fed	Resource Server w/ SecurityReactorContextSubscriber Fixes gh-7423	2019-09-27 11:01:04 -06:00
Joe Grandja	5a67971375	WebFluxSecurityConfiguration configures oauth2Client() by default Fixes gh-7470	2019-09-27 10:04:19 -04:00
Joe Grandja	08d2c93713	Polish gh-7466	2019-09-26 22:11:53 -04:00
Roman Chigvintsev	9bae0a4dbd	Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec Fixes gh-7466	2019-09-26 17:19:32 -04:00
Joe Grandja	2a5bd6e719	Align Servlet ExchangeFilterFunction CoreSubscriber Fixes gh-7422	2019-09-26 16:17:17 -04:00
Joe Grandja	d3b7a47ef8	Polish gh-4442	2019-09-25 21:37:31 -04:00
Mark Heckler	da9f027fa4	Add nonce to OIDC Authentication Request Fixes gh-4442	2019-09-25 14:57:54 -04:00
Jesús Ascama	ceab56f764	Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrder.AUTHORIZATION Fixes gh-7434	2019-09-24 15:39:25 -05:00

1 2 3 4 5 ...

1577 Commits