Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,164 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

698 Commits

Author SHA1 Message Date
Josh Cummings 4df9b4547f Fix OAuth2 Error Code 
Closes gh-10319
 2021-09-28 14:56:25 -06:00
Fabio Guenci 8c1201ae49
Preserve Null Claim Values 
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
 2021-08-16 15:07:23 -06:00
Joe Grandja ec6b2203ca Revert "Lock Dependencies for Release" 
This reverts commit 067bdd0dd9.
 2021-08-16 11:55:39 -04:00
Joe Grandja 067bdd0dd9 Lock Dependencies for Release 2021-08-16 11:12:40 -04:00
Steve Riesenberg dc81e1c86b Revert "URL encode client credentials" 
This reverts commit 5243b1b8a8.

Issue gh-9610 gh-9861
Closes gh-10018
 2021-07-20 13:29:29 -05:00
Steve Riesenberg c17767883f Revert "Lock Dependencies for Release" 
This reverts commit d71be4ca28.
 2021-06-21 12:57:05 -05:00
Josh Cummings d71be4ca28
Lock Dependencies for Release 2021-06-21 10:33:10 -06:00
Arnaud Mergey 1cd4ffeeb7
fix typo preventing full exception to be displayed in log 
closes gh-9901
 2021-06-17 08:40:55 -06:00
Steve Riesenberg a108868529 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository 
Related to gh-9649
Closes gh-9857
Closes gh-9912
 2021-06-15 11:44:34 -05:00
Steve Riesenberg 5243b1b8a8 URL encode client credentials 
Closes gh-9610
 2021-06-03 09:29:25 -05:00
Josh Cummings 24c3c52254
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 13:58:28 -06:00
Hans Hosea Schaefer 499701e67a
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 13:58:23 -06:00
Steve Riesenberg 589eccc547 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 15:08:05 -05:00
Rob Winch f3436f25fb Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-13 14:01:04 -04:00
Craig Andrews e447a35cf2 HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-13 14:00:53 -04:00
Joe Grandja 8850ccb1c6 Revert "Lock Dependencies" 
This reverts commit 924ceac681.
 2021-04-12 13:47:04 -04:00
Joe Grandja 924ceac681 Lock Dependencies 2021-04-12 13:36:39 -04:00
Josh Cummings 71e0967b53
Revert "Lock Dependencies for Release" 
This reverts commit 8c04074264.
 2021-02-17 15:59:48 -07:00
Josh Cummings 8c04074264
Lock Dependencies for Release 2021-02-17 14:59:17 -07:00
Josh Cummings cf032d86d6
Revert "Lock Dependencies" 
This reverts commit 9535a41d5a.
 2021-02-11 18:38:07 -07:00
Josh Cummings 9535a41d5a
Lock Dependencies 2021-02-11 17:43:39 -07:00
Josh Cummings f449da8b78
Revert "Lock Dependencies" 
This reverts commit d17ebf53f9.
 2021-02-11 17:28:01 -07:00
Josh Cummings d17ebf53f9
Lock Dependencies 2021-02-11 16:56:28 -07:00
Josh Cummings e79141a188
Downgrade nimbus-jose-jwt to 8.+ 
Closes gh-9399
 2021-02-03 13:18:18 -07:00
Mayur Patel fc24c7991c Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-01 17:26:56 -05:00
Benjamin Faal f6b678f137 Make user info response status check error only 
Closes gh-9336
 2021-01-25 10:23:49 -05:00
tristanessquare 580b988e7f
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value

Closes gh-9364
 2021-01-21 16:22:29 -07:00
Ovidiu Popa b8175bccd2 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject 
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
 2020-12-03 10:54:00 -05:00
Josh Cummings 1af21a9d02
Revert "Lock Dependencies for 5.4.2" 
This reverts commit 046bc9789f.
 2020-12-02 22:21:02 -07:00
Josh Cummings 046bc9789f
Lock Dependencies for 5.4.2 2020-12-02 17:36:26 -07:00
Josh Cummings 84737e7b23
Revert "Lock Dependencies for 5.4.1" 
This reverts commit 48ac47418d.
 2020-10-07 16:38:48 -06:00
Josh Cummings 48ac47418d
Lock Dependencies for 5.4.1 2020-10-07 16:01:34 -06:00
Phillip Webb c502312719 Replace expected @Test attributes with AssertJ 
Replace JUnit expected @Test attributes with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Phillip Webb 20baa7d409 Replace ExpectedException @Rules with AssertJ 
Replace JUnit ExpectedException @Rules with AssertJ calls.
 2020-09-22 16:13:51 -06:00
Joe Grandja 6e6d382357 Adapt to WebClient's new exception wrapping 
See https://github.com/spring-projects/spring-framework/issues/23842

Closes gh-9031
 2020-09-17 12:21:51 -04:00
Joe Grandja 7b1f574769 Revert "Lock Dependency Versions for 5.4.0" 
This reverts commit 3d0e459182.
 2020-09-09 18:14:12 -04:00
Joe Grandja 3d0e459182 Lock Dependency Versions for 5.4.0 2020-09-09 13:45:03 -04:00
Josh Cummings bf067d679f
Add Logging to Resource Server 
Closes gh-9000
 2020-09-08 13:09:33 -06:00
Rob Winch 2abf59b695 Merge Formatting Changes 
Issue gh-8945
 2020-08-24 17:33:23 -05:00
Rob Winch 36ae1fe3f9 Polish oauth2-resource-server format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch d5ae4337e3 Polish oauth2-jose format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch a729d24d47 Polish oauth2-core format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Rob Winch dc47a7575e Polish oauth-client format 
Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 319d3364aa Migrate to assertThatExceptionOfType 
Consistently use `assertThatExceptionOfType(...).isThrownBy(...)`
rather than `assertThatCode` or `assertThatThrownBy`. This aligns with
Spring Boot and Spring Cloud. It also allows the convenience
`assertThatIllegalArgument` and `assertThatIllegalState` methods to
be used.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 2f8e835b11 Use assertThatObject to save casting 
Update tests that use `assertThat((Object) ...)` to use the convenience
`assertThatObject(...)` method instead.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 0a3eeb9c80 Remove incorrect AssertJ imports 
Fix a few tests that were accidentally importing incorrect AssertJ
classes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a5aa6b3d7f Remove blank lines from all tests 
Remove all blank lines from test code so that test methods are
visually grouped together. This generally helps to make the test
classes easer to scan, however, the "given" / "when" / "then"
blocks used by some tests are now not as easy to discern.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb ba19a9e4b6 Polish spring-security-oauth2-resource-server main code 
Manually polish `spring-security-oauth-resource-server`
following the formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb 20aa8bef25 Polish spring-security-oauth2-jose main code 
Manually polish `spring-security-oauth-jose` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00
Phillip Webb a577871bca Polish spring-security-oauth2-core main code 
Manually polish `spring-security-oauth-core` following the
formatting and checkstyle fixes.

Issue gh-8945
 2020-08-24 17:33:09 -05:00