cf3cba8f5f
Ensure Chrome Still SC_MOVED_TEMPORARILY
...
Issue: gh-4831
2017-11-16 10:33:51 -06:00
3e7e80a836
Accept */* triggers 401 by Default
...
Fixes gh-4831
2017-11-16 09:58:29 -06:00
dd33f0a7de
ClientRegistration.redirectUri -> redirectUriTemplate
...
Fixes gh-4827
2017-11-15 14:51:35 -05:00
e098c3707e
Update default redirect-uri to use 'baseUrl' template variable
...
Fixes gh-4826
2017-11-15 14:51:35 -05:00
0b1618d8b4
Fix RequestCache
...
Issue: gh-4789
2017-11-15 12:50:54 -06:00
a6733fae50
Polish
2017-11-15 12:50:54 -06:00
942b51dba7
Reactive Basic does not create session by default
...
Fixes: gh-4825
2017-11-15 12:50:29 -06:00
5f79fdd3eb
requiresLogoutMatcher naming polish
...
Issue: gh-4822
2017-11-14 16:42:41 -06:00
11f6e0477c
serverLogoutSuccessHandler->logoutSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:36 -06:00
bf570854b8
serverLogoutHandler->logoutHandler
...
Issue: gh-4822
2017-11-14 16:42:33 -06:00
2cbdb4ba02
serverCsrfTokenRepository->csrfTokenRepository
...
Issue: gh-4822
2017-11-14 16:42:27 -06:00
3bfda6cff7
serverAccessDeniedHandler->accessDeniedHandler
...
Issue: gh-4822
2017-11-14 16:42:24 -06:00
9e82fc0b83
serverAuthenticationEntryPoint->authenticationEntryPoint
...
Issue: gh-4822
2017-11-14 16:42:20 -06:00
520e0a5a68
serverAuthenticationSuccessHandler->authenticationSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:14 -06:00
5c83f92ddc
serverAuthenticationFailureHandler->authenticationFailureHandler
...
Issue: gh-4822
2017-11-14 16:42:10 -06:00
692233e431
ServerSecurityContextRepository members to securityContextRepository
...
Issue: gh-4822
2017-11-14 16:42:06 -06:00
9956de8f29
LogoutBuilder->LogoutSpec
...
Issue: gh-4822
2017-11-14 16:41:58 -06:00
7619556066
FormLoginBuilder->FormLoginSpec
...
Issue: gh-4822
2017-11-14 16:41:55 -06:00
83d4abb1c6
RequestCacheBuilder->RequestCacheSpec
...
Issue: gh-4822
2017-11-14 16:41:51 -06:00
eb7edf7092
HttpBasicBuilder->HttpBasicSpec
...
Issue: gh-4822
2017-11-14 16:41:47 -06:00
01154614d1
ExceptionHandlingBuilder->ExceptionHandlingSpec
...
Issue: gh-4822
2017-11-14 16:41:38 -06:00
903cbd7c35
CsrfBuilder->CsrfSpec
...
Issue: gh-4822
2017-11-14 16:41:31 -06:00
fd4726afaf
HeadersBuilder-HeadersSpec
...
Issue: gh-4822
2017-11-14 16:41:25 -06:00
53ddbfc0ab
AuthorizedExchangeBuilder->AuthorizedExchangeSpec
...
Issue: gh-4822
2017-11-14 16:41:08 -06:00
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
872a8f3189
Change constructor param order in oauth2 client filters
...
Fixes gh-4818
2017-11-13 17:32:22 -05:00
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
2017-11-13 15:49:34 -06:00
1ea66378f5
ServerHttpSecurity uses RedirectServerAuthenticationFailureHandler
...
Issue: gh-4816
2017-11-13 15:49:26 -06:00
3c7fb977fe
WebTestClientHtmlUnitDriverBuilder uses WebTestClient for localhost
...
Fixes gh-4815
2017-11-13 15:48:52 -06:00
aa9e057ba8
Fix CNF exception if oauth2-jose dependency not included
...
Fixes gh-4753
2017-11-12 12:27:18 -05:00
f2ccc53549
Add UserDetailsMapFactoryBean
...
Fixes gh-4804
2017-11-09 14:01:43 -06:00
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
adec62cdf2
EnableWebFluxSecurity creates CsrfRequestDataValueProcessor
...
Fixes gh-4762
2017-11-07 22:25:48 -06:00
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
2017-11-07 22:25:23 -06:00
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
2017-11-07 22:24:42 -06:00
c7c84e0996
Fix CustomLoginPage test
...
Fixes gh-4797
2017-11-07 22:24:21 -06:00
1506dcd413
SpringTestContext.getContext()
...
Add accessor method for SpringTestContext.getContext()
Fixes gh-4796
2017-11-07 22:24:15 -06:00
21aec19d42
Add FormLoginBuilder.serverAuthenticationSuccessHandler
...
Fixes: gh-4786
2017-11-03 08:47:59 -05:00
1d4c7da1e1
Fix WebTestClientWebConnection for redirects
2017-11-03 08:46:56 -05:00
06c4bffc5f
Use id field instead of name field for GitHub and Facebook providers.
...
Fixes gh-4764
2017-11-01 10:48:57 -04:00
d664ff2e26
Lookup HandlerMappingIntrospector from Bean
2017-10-30 16:27:50 -05:00
ef9cd76607
Polish oauth2
...
Fixes gh-4758
2017-10-30 16:49:01 -04:00
511d702ee0
Remove JwtDecoderRegistry
...
Fixes gh-4754
2017-10-30 12:52:42 -04:00
727098d6c0
Fix NPE when configuring oauth2Login.loginPage
...
Fixes gh-4752
2017-10-30 06:26:07 -04:00
5280ac40e9
WebMvcConfigurerAdapter->WebMvcConfigurer
...
Fixes gh-4612
2017-10-30 01:30:08 -05:00
3d5989dea4
Change a default realm name
...
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.
Fixes gh-4220
2017-10-30 00:59:39 -05:00
4295461830
ServerHttpSecurity extracts WebFilter from OrderedWebFilter
...
Fixes gh-4736
2017-10-30 00:45:26 -05:00
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
70165869b1
Add UnboundId LDAP inmemory support
...
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
2017-10-29 21:59:55 -05:00
9a4513356d
Configure default OAuth2AuthorizedClientService
...
Fixes gh-4751
2017-10-29 22:45:57 -04:00
4fa9b4dd15
Add ServerHttpSecurity.exceptionHandling()
...
Fixes gh-4750
2017-10-29 21:00:10 -05:00
5fa822d114
Expose custom config for OidcUserService
...
Fixes gh-4715
2017-10-29 21:33:51 -04:00
a261c9a047
Polish OAuth2LoginConfigurer
...
Fixes gh-4747
2017-10-29 21:33:51 -04:00
a3e38fec47
Remove AuthorizationRequestUriBuilder
...
Make this API private since we don't have concrete use cases for exposing
it yet.
Fixes gh-4742
2017-10-29 19:50:02 -05:00
c3d2effc1d
Polish OAuth2AuthorizedClientService
...
Fixes gh-4746
2017-10-29 20:25:03 -04:00
e4887057bc
Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient
...
Fixes gh-4741
2017-10-29 17:49:15 -04:00
e2dd037b4a
Default WebFlux headers and Logout
2017-10-29 15:06:06 -05:00
6fbd435bdf
OAuth2LoginAuthenticationFilter requires collaborators
...
Fixes gh-4661
2017-10-29 04:41:23 -04:00
5a7466512e
Expose default constructor in AbstractAuthenticationFilterConfigurer
...
Fixes gh-4737
2017-10-29 04:41:23 -04:00
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00
f040bd054d
Javadoc @EnableWebFluxSecurity
2017-10-28 22:59:24 -05:00
b394ae5d5e
Polish
...
Restructure WebFluxSecurityConfiguration for easier copy paste of
default ServerHttpSecurity Bean
2017-10-28 22:59:24 -05:00
77acb34bcd
Add spring-security-test to spring-security-config test dependencies
2017-10-28 22:58:55 -05:00
b471dd1c54
Remove OAuth2TokenRepository
...
Fixes gh-4727
2017-10-28 21:40:33 -04:00
83dc902ff7
Map CustomUserTypesOAuth2UserService using clientRegistrationId
...
Fixes gh-4692
2017-10-28 18:11:39 -04:00
ddf87b54f7
Polish OAuth2LoginConfigurer
...
Fixes gh-4731
2017-10-28 17:48:45 -04:00
0c68eb1821
Re-factor OAuth2AuthorizationCodeAuthenticationToken
...
Fixes gh-4730
2017-10-28 17:15:31 -04:00
64d8c8b8a9
Re-factor AuthorizationGrantTokenExchanger
...
Fixes gh-4728
2017-10-28 17:12:14 -04:00
16e69d06b4
Add OAuth2AuthorizedClientService
...
Fixes gh-4726
2017-10-28 17:12:14 -04:00
67bac28481
OAuth2UserService uses OAuth2UserRequest
...
Fixes gh-4724
2017-10-27 22:34:25 -04:00
3d319f7592
Make AuthorizationRequestRepository a Generic
...
Fixes gh-4723
2017-10-27 21:31:45 -04:00
9afefef3b9
Polish class names in oauth2-client
...
Fixes gh-4722
2017-10-27 21:00:52 -04:00
34668e05af
Polish class names in oauth2-core
...
Fixes gh-4720
2017-10-27 20:42:58 -04:00
2060125ebd
ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:52 -05:00
3281cea46a
Default use WebSessionServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:47 -05:00
faa0bd7143
Update WebFilter ordering
...
Issue: gh-4719
2017-10-27 18:17:44 -05:00
9c31041dce
EnableWebFluxSecurityTests fixes
...
Issue: gh-4719
2017-10-27 18:17:25 -05:00
437ba56415
ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter
...
Issue: gh-4719
2017-10-27 18:17:10 -05:00
8527daa22a
Make OAuth2UserService Generic using OAuth2AuthorizedClient and OAuth2User types
...
Fixes gh-4706
2017-10-27 11:49:29 -04:00
3b80b6ded8
Move AuthorizationRequestUriBuilder to oauth2-client
...
Fixes gh-4703
2017-10-26 21:23:06 -04:00
747473257f
Use ReactorSecurityContextHolder
...
Issue gh-4713
2017-10-26 20:11:42 -05:00
e23134c3ed
Add LogoutBuilder ServerLogoutSuccessHandler
...
Fixes gh-4714
2017-10-26 20:11:42 -05:00
ef197d8215
Move JwtDecoderRegistry to oauth2.client.jwt package
...
Fixes gh-4705
2017-10-26 21:06:28 -04:00
70543dcb30
Move oidc package in oauth2-core and oauth2-client
...
Fixes gh-4710
2017-10-26 21:06:28 -04:00
86875e117b
Prevent ServerHttpSecurity from being built twice
...
Issue: gh-4711
2017-10-26 19:48:38 -05:00
36501f4530
Remove ServerHttpSecurity duplicate build
...
WebFluxSecurityConfiguration invoked build twice
which caused each WebFilter to be added twice
Fixes gh-4711
2017-10-26 19:48:32 -05:00
ef83bc8dd7
Move package client.authentication.userinfo -> client.userinfo
...
Fixes gh-4708
2017-10-26 15:39:04 -04:00
027ea78dab
Revert "Move OAuth2LoginAuthenticationProvider into userinfo package"
...
This reverts commit 54547f35b7
2017-10-26 14:55:25 -04:00
942b647c0d
OAuth2LoginAuthenticationFilter processes uri /login/oauth2/code/*
...
Issue gh-4687
2017-10-26 14:20:19 -04:00
54547f35b7
Move OAuth2LoginAuthenticationProvider into userinfo package
...
Fix package tangles. OAuth2LoginAuthenticationProvider requires
OAuth2UserService which is in a child package. We should move
OAuth2LoginAuthenticationProvider to the same package.
Issue: gh-4614
2017-10-26 11:22:21 -05:00
875aae012b
Polish
2017-10-26 07:50:32 -05:00
d0a4e49870
Map custom OAuth2User types using String
...
Fixes gh-4691
2017-10-25 17:13:44 -04:00
9fbea5a11e
Refactor SecurityTokenRepository
...
Fixes gh-4650
2017-10-25 16:00:34 -04:00
44b41e78cd
Flux member variables in favor of Collections
...
Fix gh-4694
2017-10-25 07:41:37 -05:00
3b85512e48
Polish
...
Issue gh-4694
2017-10-25 07:41:29 -05:00
4dbbcabacf
Rename AuthorizationCodeAuthenticationProvider -> OAuth2LoginAuthenticationProvider
...
Fixes gh-4690
2017-10-24 15:24:26 -04:00
049080290e
Refactor OAuth2 AuthenticationProvider's
...
Fixes gh-4689
2017-10-24 15:24:26 -04:00
0fb32a052e
OAuth2LoginAuthenticationFilter processes uri /login/oauth2/*
...
Fixes gh-4687
2017-10-24 15:24:26 -04:00
4ae24f2fbe
Rename AuthorizationCodeAuthenticationFilter -> OAuth2LoginAuthenticationFilter
...
Fixes gh-4686
2017-10-24 15:24:25 -04:00
09a94a4ef4
Merge AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
...
Fixes gh-4684
2017-10-24 15:24:25 -04:00
8291f20796
DaoAuthenticationProvider uses DelegatingPasswordEncoder
...
This means that passwords will be encoded with BCrypt by default
Fixes: gh-2775
2017-10-24 07:56:28 -05:00
d19b222b55
UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder
...
This means passwords will be encoded with BCrypt by default
Issue: gh-2775
2017-10-24 07:56:28 -05:00
cdc992b132
Remove SaltSource
...
Fixes gh-4681
2017-10-24 07:56:28 -05:00
4529e09339
Remove PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:28 -05:00
3a4a32e654
Remove LdapShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:56:20 -05:00
6a3e981c80
Remove BaseDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:40 -05:00
a8aa65b828
Remove Md4PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:32 -05:00
12dbf2e961
Remove PlainTextPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
40fd8d7aa7
Remove ShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
e98fc3556e
Remove Md5PasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
7c95c88601
Add User/UserBuilder in UserDetailsManagerConfigurer
...
Fixes gh-4679
2017-10-23 22:27:16 -05:00
c5d4041ca8
Add 5.0.xsd
...
Fixes gh-4675
2017-10-23 22:27:16 -05:00
6d7d34c549
Move AuthorizationRequestUriBuilder and DefaultAuthorizationRequestUriBuilder
...
Fixes gh-4658
2017-10-23 10:19:31 -04:00
f0c9f85292
spring-security-jwt-jose -> spring-security-oauth2-jose
...
Fixes gh-4595
2017-10-23 09:04:01 -04:00
8e3a2a7123
Remove AuthorizationCodeAuthenticationFilter.AuthorizationResponseMatcher
...
Fixes gh-4654
2017-10-20 06:09:31 -04:00
eb82a79068
OAuth2 login url starts with /login/
...
Fixes gh-4659
2017-10-19 17:32:21 -04:00
d4dac21ca5
Make ClientRegistration.Builder constructor private
...
Fixes gh-4656
2017-10-19 14:15:59 -04:00
1f5edc98d5
ClientRegistration.Builder.scopes -> scope
...
Fixes gh-4663
2017-10-19 11:24:01 -04:00
1e891b38ab
Rename scope -> scopes for Set types
...
Fixes gh-4644
2017-10-18 17:56:39 -04:00
b81c1ce2c0
Move spring-security-webflux into spring-security-web
...
Fixes gh-4662
2017-10-18 16:20:09 -05:00
d231441cc0
EnableWebFluxSecurityTests uses SpringTestRule
...
This will hopefully resolve the periodic failures in
EnableWebFluxSecurityTests
2017-10-18 15:14:43 -05:00
9d46af3d7c
Introduce SpringTestContext
...
This adds support for testing different configurations per method.
2017-10-18 15:14:43 -05:00
7b8d131386
Fix package tangles -> OAuth2/Oidc AuthenticationProvider's
...
Fixes gh-4614
2017-10-16 20:56:32 -04:00
25052214ae
Polish
2017-10-16 18:33:27 -05:00
a74f7c6faa
Fix CSRF / DefaultLoginPageGeneratingFilter package tangle
...
Issue: gh-4636
2017-10-16 16:36:49 -05:00
7fd1cff3ce
Fix PrePostAdviceReactiveMethodInterceptor tangle
...
Issue: gh-4636
2017-10-16 16:36:43 -05:00
579282437b
Move GlobalAuthenticationConfigurerAdapter
...
Issue: gh-4636
2017-10-16 16:36:33 -05:00
a7d054c9f3
Remove AuthorizationGrantAuthenticator
2017-10-16 13:43:11 -04:00
3c824dc44b
Fix package tangles -> OAuth2UserService
...
Fixes gh-4614
2017-10-13 18:59:41 -04:00
cfa4858b04
Fix package tangles -> AuthorizationGrantTokenExchanger
...
Fixes gh-4614
2017-10-13 16:35:48 -04:00
c441f99567
Polish oauth2-client
2017-10-13 07:09:00 -04:00
211e8eae90
Remove formLogin() and httpBasic() from defaults
2017-10-12 16:41:01 -05:00
5fae710d69
Polish ServerHttpSecurityConfigurationBuilder
...
Fix copyright
2017-10-12 16:20:18 -05:00
30487c3b4b
Polish ServerHttpSecurity testing
2017-10-12 15:54:54 -05:00
015cc2203e
Fix ServerHttpSecurity
2017-10-12 15:54:54 -05:00
91d9404828
Fixed typo in HttpSecurity.authorizeRequests javadoc
2017-10-12 07:36:37 -05:00
18df9a869e
Move config AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
2017-10-11 17:39:21 -04:00
247f737bc8
Move HttpBasicServerAuthenticationEntryPoint
...
Move it up a package as www is too sparse. This is different than servlet
based support, but we also are now using a generic AuthenticationWebFilter
Fixes gh-4617
2017-10-11 16:24:14 -05:00
7271a427e8
SecurityContextServerRepository->ServerSecurityContextRepository
...
Issue gh-4615
2017-10-11 13:58:28 -05:00
792944eee7
HttpSecurity->ServerHttpSecurity
...
Issue gh-4615
2017-10-11 13:58:24 -05:00
185d3032f5
LogoutHandler->ServerLogoutHandler
...
Issue gh-4615
2017-10-11 13:58:21 -05:00
c9ce528206
AuthenticationFailureHandler->ServerAuthenticationFailureHandler
...
Issue gh-4615
2017-10-11 13:58:18 -05:00
897e7111e3
AccessDeniedHandler->ServerAccessDeniedHandler
...
Issue gh-4615
2017-10-11 13:58:14 -05:00
a5af2a07d7
HttpHeadersWriter->ServerHttpHeadersWriter
...
Issue gh-4615
2017-10-11 13:58:09 -05:00
2982b82b2d
AuthenticationSuccessHandler->ServerAuthenticationSuccessHandler
...
Issue gh-4615
2017-10-11 13:58:06 -05:00
b858985b0e
AuthenticationReactorContextFilter->AuthenticationReactorContextWebFilter
...
Issue gh-4615
2017-10-11 13:58:02 -05:00
bfcc2a602d
SecurityContextRepository->SecurityContextServerRepository
...
Issue gh-4615
2017-10-11 13:57:59 -05:00
e99e2a9f09
PrePostAdviceMethodInterceptor->PrePostAdviceReactiveMethodInterceptor
...
Issue gh-4615
2017-10-11 13:57:54 -05:00
Rob Winch
Joe Grandja
Johnny Lim
Craig Walls
Kazuki Shimizu
Antoine
Eddú Meléndez
bbelovic