e7fe778abc
Merge branch '5.4.x' into 5.5.x
2022-10-28 11:13:33 -05:00
3e2ac82612
Merge branch '5.3.x' into 5.4.x
2022-10-28 11:10:39 -05:00
5560bbaa80
Merge branch '5.2.x' into 5.3.x
2022-10-28 11:07:51 -05:00
75004587a4
Fix scope mapping
...
Issue gh-12101
2022-10-28 11:00:27 -05:00
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
...
Closes gh-9429
2022-10-13 20:03:03 -06:00
5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x'
2022-10-13 19:48:05 -06:00
099aaa33ff
Remove Deprecation Markers
...
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.
Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.
At that time, BearerTokenAuthenticationFilter can change to use
the handler.
Closes gh-11932
2022-10-13 19:47:22 -06:00
200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
...
Issue gh-11932, gh-9429
(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.
BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
14584b0562
Add SecurityContextHolderStrategy to OAuth2
...
Issue gh-11060
2022-10-05 23:50:54 -06:00
7f0140278e
Add native hint for OAuth2 Client's schemas
...
Closes gh-11920
2022-09-29 10:01:51 -03:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
7527fd811c
Merge branch '5.8.x'
2022-09-26 09:56:55 -05:00
bbac85e20b
Reduce severity of invalid registrationId to warn
...
This prevents filling the log file with error messages when routine
scans are being performed.
Closes gh-11344
2022-09-26 09:56:20 -05:00
ae6fb8c681
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 16:31:22 -06:00
37a160245f
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-23 16:31:21 -06:00
53dbcfd457
Add Deprecated Versions of Original Classes
...
Issue gh-7349
2022-09-23 12:06:59 -06:00
3c66ef6305
Change default SecurityContextRepository
...
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.
Closes gh-11026
2022-09-22 17:31:14 -05:00
70460ca009
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-20 17:44:05 -06:00
fee1ffa422
Fix JSONObject and JSONArray imports in tests
...
Issue gh-11858
2022-09-16 15:57:43 -03:00
67a00bcaa0
Fix JSONObject and JSONArray imports in tests
2022-09-16 13:38:57 -05:00
c6458c35aa
Merge branch '5.8.x'
2022-09-14 15:12:21 -05:00
bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts
2022-09-14 15:10:34 -05:00
2431dd1103
Merge branch '5.8.x'
2022-09-13 17:38:10 -05:00
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
f84f08c4b9
Default HttpSessionRequestCache.matchingRequestParameterName=continue
...
Closes gh-11757
2022-08-26 14:44:55 -05:00
32dbaceec5
Fix mockito 4.7.0 merge
...
Issue gh-11748
2022-08-24 08:58:00 -05:00
670b71363d
Merge branch '5.8.x'
...
Closes gh-11749
2022-08-23 16:03:50 -05:00
2fb625db84
Remove mockito deprecations
...
Issue gh-11748
2022-08-23 15:59:52 -05:00
7c7f9380c7
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:54:45 -05:00
888715bbb2
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:54:45 -05:00
53a3ff8932
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:53:45 -05:00
77d11a3f9f
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:53:44 -05:00
51dc672625
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:48:42 -05:00
d1c742d7aa
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:48:41 -05:00
9c02e835e8
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:42:57 -05:00
3e73fa6954
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:42:57 -05:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
b5b3ddd6b4
Deprecate Resource Owner Password Credentials grant
...
Closes gh-11590
2022-07-15 16:45:00 -04:00
95155ddb0c
Deprecate Resource Owner Password Credentials grant
...
Closes gh-11590
2022-07-15 16:28:47 -04:00
6ee1643bae
Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction
...
Closes gh-11589
2022-07-15 15:13:40 -04:00
054791c26c
Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction
...
Closes gh-11588
2022-07-15 15:12:39 -04:00
65db5fa028
Remove deprecations in JwtAuthenticationConverter
...
Closes gh-11587
2022-07-15 14:43:08 -04:00
1ac6054e6f
Remove deprecations in OidcUserInfo
...
Closes gh-11586
2022-07-15 14:42:54 -04:00
6b41faaf55
Remove deprecations in ClaimAccessor
...
Closes gh-11585
2022-07-15 14:42:33 -04:00
0859da5590
Remove deprecations in OAuth2AuthorizedClientArgumentResolver
...
Closes gh-11584
2022-07-15 14:42:03 -04:00
743b6a5bfe
Remove deprecations in OidcClientInitiatedLogoutSuccessHandler
...
Closes gh-11565
2022-07-15 14:04:09 -04:00
cae22867b2
Remove deprecated allowMultipleAuthorizationRequests
...
Closes gh-11564
2022-07-15 13:50:30 -04:00
0e291a3295
Remove deprecations in AuthorizationRequestRepository
...
Closes gh-11519
2022-07-15 08:15:52 -04:00
e12823095f
Remove deprecations in ClientRegistration
...
Closes gh-11518
2022-07-15 08:15:30 -04:00
61b034bf69
Remove deprecations in AbstractOAuth2AuthorizationGrantRequest
...
Closes gh-11517
2022-07-15 08:14:56 -04:00
be58e2ac49
Remove deprecations in ClientAuthenticationMethod
...
Closes gh-11516
2022-07-15 07:45:33 -04:00
8c12c3dad0
Remove deprecated converters in OAuth2AccessTokenResponseHttpMessageConverter
...
Closes gh-11513
2022-07-14 16:55:53 -04:00
746d27eab1
Remove deprecated NimbusAuthorizationCodeTokenResponseClient
...
Closes gh-11512
2022-07-14 16:32:21 -04:00
42683693c0
Remove deprecated CustomUserTypesOAuth2UserService
...
Closes gh-11511
2022-07-14 14:28:41 -04:00
67b27a41c3
Remove deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository
...
Closes gh-11508
2022-07-14 12:10:58 -04:00
f5a436df80
Remove deprecated NimbusJwtDecoderJwkSupport
...
Closes gh-11507
2022-07-14 12:09:59 -04:00
a3326fc0ee
Remove deprecated implicit authorization grant type
...
Closes gh-11506
2022-07-14 10:05:15 -04:00
7df9c6eba5
Use OAuth2Token instead of AbstractOAuth2Token
...
Closes gh-10959
2022-07-13 16:48:28 -04:00
f87df42500
Remove deprecated OAuth2IntrospectionClaimAccessor
...
Closes gh-11499
2022-07-13 15:51:58 -04:00
7b18336c6a
Change interface with constants to final class
...
Closes gh-10960
2022-07-13 15:51:58 -04:00
ecbfa84b39
Revert "Disable failing tests until r2dbc-h2 is upgraded"
...
This reverts commit 614065bb3b
2022-07-13 10:55:12 -03:00
8776f66fb9
Update io.r2dbc:r2dbc-h2 to 1.0.0.RC1
...
Closes gh-11479
2022-07-13 10:55:12 -03:00
614065bb3b
Disable failing tests until r2dbc-h2 is upgraded
...
Issue gh-11479
2022-07-11 10:32:38 -05:00
757fb38147
Fix typo
...
(cherry picked from commit 80c5ec459befd9292e08a43e30f4aae22f39eeed)
2022-06-27 16:05:50 -06:00
1d72a05c32
Add SecurityContextHolderStrategy to OAuth2
...
Issue gh-11060
2022-06-27 13:05:12 -06:00
539a11d0a4
Encode postLogoutRedirectUri query params
...
Closes gh-11379
2022-06-16 16:13:42 -06:00
f035c30edb
Encode postLogoutRedirectUri query params
...
Closes gh-11379
2022-06-16 16:12:13 -06:00
01513ab17e
Add placeholders to reactive post_logout_redirect_uri
...
Now also supports baseScheme, baseHost, basePort, and basePath
Issue gh-11229
2022-06-16 16:10:26 -06:00
6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId
...
Closes gh-11378
2022-06-16 16:09:57 -06:00
3f30de388a
Encode postLogoutRedirectUri query params
...
Closes gh-11379
2022-06-16 16:09:56 -06:00
e4505ed6c8
Add placeholders to post_logout_redirect_uri
...
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.
Closes gh-11229
2022-06-16 16:09:56 -06:00
a8ab432aea
Add placeholders to reactive post_logout_redirect_uri
...
Now also supports baseScheme, baseHost, basePort, and basePath
Issue gh-11229
2022-06-16 15:58:44 -06:00
ebb5746f6e
Reactive OAuth 2.0 logout handler resolves registrationId
...
Closes gh-11378
2022-06-16 15:58:44 -06:00
18f7cf5406
Encode postLogoutRedirectUri query params
...
Closes gh-11379
2022-06-16 15:58:43 -06:00
cb0ab49adc
Add placeholders to post_logout_redirect_uri
...
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.
Closes gh-11229
2022-06-16 15:58:35 -06:00
d18291676f
Update copyright year
...
Issue gh-11372
2022-06-15 13:14:07 -05:00
c7df39a3e6
Fix tests using root cause for exception messages
...
Closes gh-11372
2022-06-14 17:12:15 -05:00
ca0a6d9777
Treat URLs as String before equals/hashcode
...
java.net.URL performs DNS lookups whenever its equals/hashCode is
used. Thus attribute values of type java.net.URL need to be converted
to something else before they are used for equals/hashCode.
Closes gh-10673
2022-06-03 11:36:00 -04:00
e28fcbfbbe
Change phoneNumberVerified with type Boolean
...
Closes: gh-11315
2022-06-03 10:23:53 -05:00
759d799ddd
Change phoneNumberVerified with type Boolean
...
Closes: gh-11315
2022-06-03 09:46:00 -05:00
b8b0661d73
Lock Dependencies for Release
2022-05-16 14:01:51 -06:00
000b87f9aa
Revert "Use Spring Framework version 6.0.0-M3"
...
This reverts commit b803e845e7
2022-05-11 08:36:14 -03:00
806e05855c
Replace removed context-related operators
...
Closes gh-11194
2022-05-10 14:58:02 -03:00
b803e845e7
Use Spring Framework version 6.0.0-M3
...
Closes gh-11193
2022-05-10 14:49:02 -03:00
50f8df6f07
Use HttpStatusCode
...
Closes gh-11091
2022-04-11 09:19:56 -03:00
e1f649690b
Adapt to changes in R2DBC
2022-04-11 09:19:47 -03:00
8aa7029d07
Fix checkstyle errors
...
Issue gh-10989
2022-03-18 22:53:29 -05:00
e81990c44e
Update io.r2dbc to 0.9.1.RELEASE
...
Closes gh-10988
2022-03-18 18:11:49 -05:00
f0168c6c27
Add support for customizing claims in JWT Client Assertion
...
Closes gh-9855
2022-03-17 09:53:16 -05:00
428216b322
Add support for customizing claims in JWT Client Assertion
...
Closes gh-9855
2022-03-17 09:50:25 -05:00
50a3bcf728
Remove unused code
2022-03-17 05:08:39 -04:00
a88b8bf980
ClientAuthenticationMethod equals and hashCode is consistent
...
Closes gh-10559
2022-03-17 05:05:47 -04:00
50d315d833
Remove unused code
2022-03-17 04:23:44 -04:00
54b033078b
Allow configuring PKCE for confidential clients
...
Closes gh-6548
2022-03-16 13:36:10 -04:00
a2ffc88294
Allow configuring PKCE for confidential clients
...
Closes gh-6548
2022-03-16 13:33:12 -04:00
92a385ed05
OAuth 2.0 logout handler resolves uri placeholders
...
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri
Closes gh-7900
2022-03-15 14:05:26 -06:00
73003d59d6
OAuth 2.0 logout handler resolves uri placeholders
...
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri
Issue gh-7900
2022-03-15 12:54:39 -06:00
9b380582dc
BearerTokenAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:47:34 -06:00
Steve Riesenberg
Josh Cummings
Daniel Garnier-Moiroux
Marcus Da Coregio
Daniel Garnier-Moiroux
ch4mpy
Rob Winch
tinolazreg
Igor Bolic
Joe Grandja
Rivaldi
Michael
Jyri-Matti Lähteenmäki
Kuby
Jánoky László Viktor
Simone Giannino