Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,331 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

8331 Commits

Author SHA1 Message Date
Rob Winch 3fb87d10e9 Add role=primary/secondary example 
Issue gh-7801
 2020-01-09 12:05:20 -06:00
Rob Winch b85b4b8643 spring-build-conventions:0.0.28.BUILD-SNAPSHOT 
Fixes gh-7801
 2020-01-09 12:05:06 -06:00
Rob Winch 04b6096d19 Fix Asciidoctor Warnings 
Issue gh-7801
 2020-01-09 12:04:58 -06:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein d68a82e716 Next Development Version 2020-01-08 22:10:35 +01:00
Eleftheria Stein 7af26f12dc Release 5.3.0.M1 2020-01-08 21:42:46 +01:00
Eleftheria Stein 3cc9dfcd9f Disable locks in snapshot pipeline task 
Fixes: gh-7798
 2020-01-08 21:12:19 +01:00
Eleftheria Stein c0d78a32f1 Allow disabling dependency locking 
Fixes: gh-7799
 2020-01-08 21:11:00 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Eleftheria Stein 2cf9e57fa4 Restrict cas-server version 
Issue: gh-7788
 2020-01-08 17:18:30 +01:00
Eleftheria Stein 20483c2314 Update to Spring Boot 2.2.2.RELEASE 
Fixes: gh-7797
 2020-01-08 17:01:23 +01:00
Josh Cummings de87675f6d Add JwtIssuerAuthenticationManagerResolver 
Fixes gh-7724
 2020-01-07 23:30:42 -07:00
Josh Cummings 09810b8df9
oidcLogin Test Configuration Flow 
Fixes gh-7794
 2020-01-07 17:37:48 -07:00
Josh Cummings 84ba3ddf26
Add oauth2Login MockMvc Support 
Fixes gh-7789
 2020-01-07 14:09:36 -07:00
Eleftheria Stein-Kousathana 2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security 
Issue: gh-5558
 2020-01-07 12:08:43 -05:00
artmiar e306482a96 Fix description of PasswordEncoder 2020-01-07 06:17:39 -05:00
Rob Winch f639e17491 Resolve Current Spring Version 
Issue gh-7788
 2020-01-06 15:12:04 -06:00
Rob Winch 65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch 1bb1e74a9d Add Gradle Lock Plugin 
Issue gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch 06d7443946 Use Gradle platform and constraints 
This was largely generated from the following script

wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy ./dsp.gradle
cat gradle/dependency-management.gradle | grep 'management "' | cut -d ':' -f 2 | xargs -I{} sh -c "rg {} -l -g '*.gradle' -g '\!dependency-management.gradle' > /dev/null || echo {}" | xargs -I{} sed -iE '/.*{}.*/d' gradle/dependency-management.gradle
rm ./dps.gradle

Fixes gh-7787
 2020-01-06 14:46:36 -06:00
Eleftheria Stein 924b9e95a1 Polish MethodSecurityEvaluationContext 
Issue: gh-6224
 2020-01-03 20:08:52 -05:00
Daniel Bustamante Ospina 150b66824d Make MethodSecurityEvaluationContext Delegate to MethodBasedEvaluationContext 
Spring Security's MethodSecurityEvaluationContext should delegate to Spring Framework's
MethodBasedEvaluationContext

Fixes: gh-6224
 2020-01-03 19:49:41 -05:00
Rafael Renan Pacheco 96d82ecbf2 Fix docs that cause unchecked assignment and NPE 2020-01-02 11:29:05 -05:00
Eleftheria Stein 8b8267e1fe Fix typo in LDAP Javadoc 2020-01-02 10:58:44 -05:00
Matthias Stock 5fde3044f7 Resolve JavaType only once for whitelisted class 2020-01-02 10:30:51 -05:00
Filip Hanik 9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64 
Revert usage to Apache Commons Codec (dependency by OpenSaml)
 2020-01-01 15:45:10 -08:00
Eleftheria Stein 22c222005b Add custom release notes configuration file 2019-12-31 14:19:40 -05:00
BELHAKEL Ammar b4619f31ee
Fix return type 
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.

Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
 2019-12-30 12:01:56 -07:00
Eleftheria Stein f109388211 Use lambda DSL in all samples in documentation 
Issue: gh-7774
 2019-12-30 17:49:35 +01:00
Rafael Renan Pacheco 0295b51e78 Fix var typo and code readability 2019-12-27 15:25:04 +01:00
Eleftheria Stein 2c7f2c2117 Fix Javadoc error in oauth2ResourceServer 
Fixes: gh-7670
 2019-12-27 14:24:46 +01:00
Josh Cummings e1fdb24b5d
Add opaqueToken MockMvc Test Support 
Fixes gh-7712
 2019-12-20 15:34:11 -07:00
Onur Kağan Özcan 2015f392ef Set secure when cancelling remember-me cookie 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
 2019-12-20 16:04:31 +01:00
Josh Cummings 40d4dce329
Polish Documentation 
Changed indentation on saml2Login() snippets to align more closely
with surrounding documentation.

Also removed call to super.configure as this would enable formLogin as
well as httpBasic. Replaced with default endpoint authorization
statement.

Issue gh-7654
 2019-12-18 10:53:59 -07:00
Josh Cummings c745889ae7
Update to nimbus-jose-jwt:8.3 
Fixes gh-7720
 2019-12-18 10:23:51 -07:00
Tao Sun f18d0fd1a7 Test details using isEqualTo 2019-12-18 17:35:51 +01:00
Tao Sun 6b0981549b Add test for details deserialization 2019-12-18 17:35:51 +01:00
Tao Sun 156fc294bf Deserialize details field in UsernamePasswordAuthenticationToken 
Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482
 2019-12-18 17:35:51 +01:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Filip Hanik b7eebabce6 Ensure that both matchers carry the same pattern. 
AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final,
so there is a risk that the underlying matcher can become different if one is not careful.
 2019-12-17 13:34:27 -08:00
Filip Hanik 9aa333ca4d Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-17 13:33:56 -08:00
Rafael Garcia 65f5c29316 Check hashes of byte array passwords 
Fixes gh-7661
 2019-12-13 17:57:49 +01:00
Rob Winch 83d796cf1a Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor 
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name

Fixes gh-7737
 2019-12-12 15:30:33 -06:00
Eleftheria Stein da3f18017d Polish SAML2 principal classes 
Update @since

Issue: gh-7681
 2019-12-12 20:22:58 +01:00
Rob Winch a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:23:56 -06:00
Clement Stoquart 31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Josh Cummings 02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
David Herberth 64e063d948 switches web authentication principal resolver to use reactive context 
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
 2019-12-12 15:33:23 +01:00
Rob Winch 8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:32:44 -06:00
Rafael Garcia c71e84bdac Replace test vectors with list of objects 2019-12-12 12:42:44 +01:00