Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,545 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

7545 Commits

Author SHA1 Message Date
James 4742c18e4b remove an unused import 2019-02-05 11:34:43 -06:00
James ed545941c9 parameter 'pricipal' is never used 
parameter 'pricipal' is never used
 2019-02-05 11:34:43 -06:00
Josh Cummings 5c2ee09bc3
Favor RestOperations in Resource Server Configurer 
Also polished exposure of the JWK Set Uri for the tests where
MockWebServer is preferred.

Fixes: gh-6104
 2019-01-29 15:43:09 -07:00
Josh Cummings c4b17475d9
Improve LDAP snippet formatting 
Issue: gh-6486
 2019-01-28 14:25:27 -07:00
Ankur Pathak 8e6bcc1c35 No RequestMatcher After AnyRequest 
Don't allow any type of RequestMatchers
after any request by throwing IllegalStateException

Fixes: gh-6359
 2019-01-25 11:14:33 -07:00
Gerardo Roza 95e0e7243d Save original request on oauth2Client filter 
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
 2019-01-25 09:15:44 -06:00
Bryan Kelly 5abe6ca718 Missing spring: prefix on jwk-set-uri example 2019-01-25 08:31:13 -06:00
Nick Bromfield b581bb7eae Add new configuration options for OAuth2LoginSpec 
Fixes gh-5598
 2019-01-24 10:37:52 -05:00
Aanuoluwapo Otitoola 976e763acb Update to nimbus-jose-jwt:6.7 
Fixes: gh-6459
 2019-01-22 16:41:08 -07:00
Ankur Pathak 2e70d66063 Improve CsrfBeanDefinitionParser xml parsing 
1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests

Fixes: gh-6423
 2019-01-22 13:56:20 -06:00
Ankur Pathak ffe602fdbe HTML markup fixed in DefaultLoginPageGeneratingFilter 
Ending div moved  out of condition.

Fixes: gh-6417
 2019-01-22 13:20:35 -06:00
Josh Cummings c82440ee82 Polish CompositeHeaderWriterTests 
Changed test to favor mocks in order to provide a stronger
guarantee that the composite delegates to its components.

Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Josh Cummings bb1b9d9b86 Polish Javadoc and Whitespacing 
Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Ankur Pathak 718641a1e5 Added CompositeHeaderWriter 
1. Added new CompositeHeaderWriter
2. Improvement in HeaderWriterFilter using CompositeHeaderWriter.

Fixes: gh-6453
 2019-01-21 14:50:09 -07:00
Josh Cummings ca02d8a4f8
NamespaceLogoutTests groovy->java 
Issue: gh-4939
 2019-01-18 16:56:13 -07:00
Josh Cummings e68b6f17de
NamespaceHttpBasicTests groovy->java 
Issue: gh-4939
 2019-01-18 15:41:26 -07:00
Andy Wilkinson 95ff451193 Fix formatting in Implicit OAuth2AuthorizedClient section 2019-01-18 10:24:01 -07:00
Ankur Pathak b7ed919cee Add preload support to Strict-Transport-Security 
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
 2019-01-16 11:10:06 -06:00
Rob Winch 739594dee8 Next Development Version 2019-01-15 21:02:38 -06:00
Rob Winch fdd22e5082 Release 5.2.0.M1 2019-01-15 21:02:01 -06:00
Denis Washington 3be11a22cd Save query parameters in WebSessionServerRequestCache 
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.
 2019-01-15 13:44:29 -06:00
guo fei c0e66a9ba1 1. add customization support for double forwardslash in StrickHttpFirewall 
2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall

Fixes gh-6292
 2019-01-15 13:42:33 -06:00
Mohammad Sadeq Dousti d099a62a6f hasRole should not be called on a string with "ROLE_" prefix (#6353) 
Removed "ROLE_" from UrlAuthorizationConfigurer

This fixes IllegalArgumentException: ROLE_ANONYMOUS should not start
with ROLE_ since ROLE_
 2019-01-15 08:59:34 -06:00
Joe Grandja 5fbf9532e1 Update to spring-build-conventions 0.0.23.RELEASE 
Fixes gh-6440
 2019-01-15 05:44:41 -05:00
Joe Grandja 4e4321fb07 Update to htmlunit-driver 2.33.3 
Fixes gh-6434
 2019-01-15 05:40:54 -05:00
Joe Grandja 9721ee9d4e Update to Spring Data Lovelace SR4 
Fixes gh-6438
 2019-01-14 17:43:10 -05:00
Joe Grandja 9d7f141b86 Update to Spring Framework 5.1.4 
Fixes gh-6437
 2019-01-14 17:43:10 -05:00
Joe Grandja 68e3bbdd03 Update to Reactor Californium-SR4 
Fixes gh-6436
 2019-01-14 17:43:10 -05:00
Joe Grandja 08b7479f4c Update to Spring Boot 2.1.2 
Fixes gh-6435
 2019-01-14 17:43:10 -05:00
Joe Grandja e864e63760 Update to org.powermock 2.0.0 
Fixes gh-6433
 2019-01-14 16:59:11 -05:00
Joe Grandja 6e14418937 Update to hibernate-entitymanager 5.4.0.Final 
Fixes gh-6432
 2019-01-14 16:56:32 -05:00
Joe Grandja 4d1a23b6b4 Update to ehcache 2.10.6 
Fixes gh-6431
 2019-01-14 16:53:59 -05:00
Joe Grandja f97d6f41ea Update to com.squareup.okhttp3 3.12.1 
Fixes gh-6430
 2019-01-14 16:52:00 -05:00
Joe Grandja 84a287d6ff Update to oauth2-oidc-sdk 6.5 
Fixes gh-6429
 2019-01-14 16:48:44 -05:00
Joe Grandja ce4a48e9c9 Update to nimbus-jose-jwt 6.5.1 
Fixes gh-6428
 2019-01-14 16:47:19 -05:00
Joe Grandja c725d220aa Update to jackson.core 2.9.8 
Fixes gh-6427
 2019-01-14 16:43:27 -05:00
Joe Grandja 5d72cdc104 Update to cglib-nodep 3.2.10 
Fixes gh-6426
 2019-01-14 16:40:59 -05:00
Rob Winch 802f3186a7 Fix ApacheDSContainer Checkstyle 
Issue: gh-6376
 2019-01-14 13:29:11 -06:00
Luke Butters 0b40d09fe6 Mark as ApacheDSContainer as deprecated 
Mark ApacheDSContainer as deprecated because ApacheDS have not released
a recent 'GA' version and the current 'GA' version does not work under
JDK11.

Fixes: gh-6002
 2019-01-14 13:29:11 -06:00
Joe Grandja 2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Adrian Javorski dd45a49f02 Update JwtTimestampValidator.java 
Changed MaxClockSkew variable to clockSkew to simplify the name.

Fixes gh-6380
 2019-01-14 10:33:38 -07:00
Ankur Pathak 4ff51491d7 fixes setting paramName only when it is not null 
Fixes: gh-6223
 2019-01-10 10:13:44 -06:00
Joe Grandja f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja 575d943f1a Add GitHub Issue reply templates 2019-01-09 14:45:08 -05:00
Joe Grandja d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez 057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Rafael Renan Pacheco 0656d2bc05 cconfigured -> configured 2019-01-08 13:18:14 -06:00
Rob Winch ae0f330f98 Add BCrypt Test for Empty Raw Password 
Issue: gh-5548
 2019-01-08 11:54:36 -06:00
Johnny Lim c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00