spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 23:10:25 +00:00

Author	SHA1	Message	Date
Rob Winch	4a9fa0337a	Allow Configure RequestRjectedHandler in XML Issue gh-5007	2020-05-01 10:51:11 -05:00
Evgeniy Cheban	a70d55552b	Resource Server Finds JwtAuthenticationConverter Beans Fixes gh-8185	2020-04-13 22:47:20 -06:00
Rob Winch	9a42a028e7	Logout defaults to use Global SecurityContextServerLogoutHandler Closes gh-8375	2020-04-13 16:36:12 -05:00
Rob Winch	91728ef53b	Fix HttpServlet3RequestFactory Logout Handlers Previously there was a problem with Servlet API logout integration when Servlet API was configured before log out. This ensures that logout handlers is a reference to the logout handlers vs copying the logout handlers. This ensures that the ordering does not matter. Closes gh-4760	2020-03-30 17:50:28 -05:00
Rob Winch	b055f8bb25	SpringTestContext returns ConfigurableWebApplicationContext Closes gh-8233	2020-03-30 17:46:25 -05:00
Joe Grandja	e27e548215	oauth2Login WebFlux does not auto-redirect for XHR request Fixes gh-8118	2020-03-26 04:36:23 -04:00
Eleftheria Stein	97085ef310	Fix rsocket test Request route that exists; add additional error message verification Fixes gh-8154	2020-03-19 17:27:14 -04:00
Josh Cummings	f438bdfbcf	Add spring-security-5.4.xsd Issue gh-8138	2020-03-18 09:45:10 -06:00
Josh Cummings	c729fee7bc	Malformed Bearer Token Returns 401 for WebFlux Fixes gh-7668	2020-03-03 15:42:02 -07:00
Josh Cummings	e97396b9c7	Add Resource Server XML Support Fixes gh-5185	2020-03-02 11:51:40 -07:00
Josh Cummings	19584884b3	Register Authentication Provider in Init Phase Fixes gh-8031	2020-02-28 15:32:27 -07:00
Filip Hanik	3257349045	Support POST binding for AuthNRequest Has been tested with - Keycloak - SSOCircle - Okta - SimpleSAMLPhp This PR extends (builds on previous commits and adds user configuration options) https://github.com/spring-projects/spring-security/pull/7758	2020-02-28 09:15:26 -08:00
Ankur Pathak	480c5bc87e	Custom ServerHttpHeadersWriter to HeaderSpec Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec Fixes gh-7636	2020-02-27 07:55:30 -06:00
Joe Grandja	8a4ff4452b	Add XML namespace support for oauth2-client Fixes gh-5184	2020-02-20 20:05:48 -05:00
Joe Grandja	ff8002eb2e	Polish gh-4557	2020-02-12 15:47:57 -05:00
Ruby Hartono	71a5c9521c	Add XML namespace support for oauth2-login Fixes gh-4557	2020-02-12 15:26:17 -05:00
Joe Grandja	40c0a452d7	Define oauth2-login xsd elements Issue gh-4557	2020-02-12 15:26:17 -05:00
Josh Cummings	5bdf57d1e5	Remove Groovy and Spock Dependencies Fixes gh-4939	2020-02-10 10:38:40 -07:00
Stephane Maldini	851be025e9	Don't force downcasting of RequestAttributes to ServletRequestAttributes Fixes gh-7952	2020-02-07 20:44:19 -05:00
Rob Winch	1d7208f8ef	Add RSocket Authentication Extension Support Fixes gh-7935	2020-02-04 23:36:47 -06:00
Josh Cummings	209c81d65d	Add BadOpaqueTokenException Updated NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to throw. Updated OpaqueTokenAuthenticationProvider and OpaqueTokenReactiveAuthenticationManager to catch. Fixes gh-7902	2020-02-04 17:33:08 -07:00
Josh Cummings	0c3754c811	Add BadJwtException Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw. Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager to catch. Fixes gh-7885	2020-02-04 17:33:08 -07:00
Josh Cummings	3e07b35611	Polish Bearer Token Error Handling Issue gh-7822 Issue gh-7823	2020-02-03 17:54:39 -07:00
Josh Cummings	cb9fd09150	Change AuthenticationWebFilter's constructor Fixes gh-7872	2020-01-31 09:31:28 -07:00
Eleftheria Stein	a512789a93	Fix requiresAuthenticationMatcher not being used The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863	2020-01-27 16:12:27 +01:00
Eleftheria Stein	29377545d9	Fix authenticationFailureHandler not being used The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782	2020-01-27 13:10:03 +01:00
Johannes Edmeier	bdc60a9128	Don't cache requests with `Accept: text/event-stream` by default. The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..	2020-01-17 10:42:16 -08:00
Josh Cummings	f1f158b37e	AuthenticationEventPublisher DSL Lookup Fixes gh-4400	2020-01-14 12:07:46 -07:00
Josh Cummings	5579846263	AuthenticationEventPublisher Bean Lookup Issue gh-7793 Fixes gh-7515	2020-01-14 12:07:46 -07:00
Josh Cummings	a35ce77451	Add missing PowerMockIgnore annotation WebSecurityConfigurerAdapterPowermockTests needs to exclude javax.xml.transform.* from Powermock configuration.	2020-01-09 15:48:08 -07:00
Josh Cummings	ba21c156dd	Polish WebSecurityConfigurerAdapter tests Moved Powermock-dependent test over to WebSecurityConfigurerAdapterPowermockTests.	2020-01-09 13:51:19 -07:00
Josh Cummings	de87675f6d	Add JwtIssuerAuthenticationManagerResolver Fixes gh-7724	2020-01-07 23:30:42 -07:00
Rob Winch	65981444f1	Use Version Ranges Fixes gh-7788	2020-01-06 14:46:48 -06:00
Eleftheria Stein	924b9e95a1	Polish MethodSecurityEvaluationContext Issue: gh-6224	2020-01-03 20:08:52 -05:00
Filip Hanik	af415948b1	Allow configuration of AuthenticationManagerResolver in saml2Login() Fixes gh-7654 https://github.com/spring-projects/spring-security/issues/7654	2019-12-17 13:34:27 -08:00
Filip Hanik	9aa333ca4d	Use the custom ServerRequestCache that the user configures on for the default authentication entry point and authentication success handler Fixes gh-7721 https://github.com/spring-projects/spring-security/issues/7721 Set RequestCache on the Oauth2LoginSpec default authentication success handler import static ReflectionTestUtils.getField Feedback incorporated per https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359	2019-12-17 13:33:56 -08:00
Josh Cummings	02f161aba7	Use OidcIdToken.Builder Issue gh-7592	2019-12-12 07:37:15 -07:00
Joe Grandja	c40a17b4d1	WebFlux oauth2Login() redirects on failed authentication Fixes gh-5562 gh-6484	2019-12-05 16:50:43 -05:00
Alexey Nesterov	d8d59e97ac	Correctly configure authorization requests repository for OAuth2 login To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is correctly configured, but the latter always uses default, WebSession based repository. So authorization code created before redirect to authorization endpoint will never be found to complete OAuth2 login when custom ServerAuthorizationRequestRepository is used. This change also makes OAuth2Client and OAuth2Login authentication converters consistent. Fixes gh-7675	2019-11-29 12:05:15 -05:00
Eleftheria Stein	b7cb93f671	Fix WebFlux logout disabling Fixes: gh-7682	2019-11-28 14:40:25 +01:00
Eleftheria Stein	8a95e5798d	Update @MessageMapping to match input/output cardinality	2019-11-22 15:07:38 -06:00
Eleftheria Stein	1188a3bb5f	Polish RememberMeConfigurer Issue: gh-4140	2019-11-07 15:26:59 +01:00
邓超	b13f750646	Retrieve remember-me key from service as fallback Fixes: gh-4140	2019-11-07 13:55:39 +01:00
Josh Cummings	925bf48ec0	Polish OAuth2ResourceServerConfigurerTests To confirm that resource server only produces SCOPE_<scope> authorities by default. Issue gh-7596	2019-11-04 11:39:54 -07:00
Eleftheria Stein	de7cbc82b5	Clarify in Javadoc that expressionHandler should not be null Fixes: gh-2665	2019-10-23 15:10:39 -04:00
Rob Winch	3051a79188	Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access	2019-09-30 14:33:41 -05:00
Rob Winch	a911f3d52f	Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access	2019-09-30 14:14:59 -05:00
Rob Winch	3854afad61	Merge Add denyAll method in AuthorizePayloadsSpec.Access	2019-09-30 14:05:42 -05:00
Josh Cummings	758af54796	ObjectPostProcessor Tests groovy->java Issue gh-4939	2019-09-27 16:36:33 -06:00
Josh Cummings	a08be5bf6f	UrlAuthorizationsTests groovy->java Issue gh-4939	2019-09-27 16:23:33 -06:00

1 2 3 4 5 ...

704 Commits