c94f13a971
Polish tests
2019-01-08 11:16:22 -06:00
1a02cafe81
NamespaceHttpAnonymousTests groovy->java
...
Issue: gh-4939
2019-01-07 15:04:26 -07:00
9b65107922
NamespaceDebugTests groovy->java
...
Issue: gh-4939
2019-01-04 17:53:31 -07:00
5f33bbe512
Removed isServlet30 check
2019-01-04 08:27:26 -07:00
6e1db1105b
Fixes typo in x,rnc files
...
1. Fixes type ammount to amount in *.rnc files
2. Regenerates *.xsd files from *.rnc files
Fixes: gh-6325
2019-01-02 11:17:02 -07:00
f289ef8689
Fixes Documentation Problem
...
Fixes documentation problem of Anonymous Authentication
in ServerHttpSecurity
Fixes: gh-6327
2019-01-02 11:13:18 -07:00
d77b12d229
authorization_uri Uses UriComponentsBuilder
...
Because of this, authorization_uri can now be a fully-qualified url.
Fixes: gh-5760
2018-12-21 13:23:47 -07:00
9c0d78da71
Extract OidcTokenValidator to an OAuth2TokenValidator
...
Fixes gh-5930
2018-12-21 11:06:40 -05:00
7a55af246e
Polish tests and javadoc
...
When using AssertJ, it's easy to commit the following error
assertThat(some boolean condition)
The above actually does nothing. It at least needs to be
assertThat(some boolean condition).isTrue()
This commit refines some assertions that were missing a verify
condition.
Also, one Javadoc was just a little bit confusing, so this
clarifies it.
Issue: gh-6259
2018-12-21 08:47:37 -07:00
086b105273
Remove Servlet 2.5 Support for Session Fixation
...
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.
Fixes: gh-6259
2018-12-21 08:47:37 -07:00
12f320851d
Set openid scope in OAuth2LoginTests
2018-12-21 09:24:55 -06:00
8f4f52edb9
Support configurable JwtDecoder for IdToken verification
...
Fixes gh-5717
2018-12-21 09:24:55 -06:00
e60ae4984a
Add hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec
...
Fixes gh-6306
2018-12-19 09:55:47 -06:00
3bcb1d9458
Allow setting authenticationEntryPoint for Http Basic
...
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned
Fixes: gh-6270
2018-12-17 11:24:11 -06:00
2b369cfe98
Added support for Anonymous Authentication
...
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder
Fixes: gh-5934
2018-12-12 16:05:30 -06:00
9a357f8cb6
Moved CachingUserDetailsService to spring-core
...
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService
Fixes gh-4139
2018-12-11 13:22:08 -06:00
56eb658eae
RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts
...
Fixes: gh-4876
2018-12-07 14:17:44 -06:00
8b3fb55aea
Added methods to add filter relatively in ServerHttpSecurity
...
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order
Fixes: gh-6138
2018-12-04 13:29:53 -06:00
6bddb38cac
Update to Gradle 5.0
...
Change project's gradle version to 5.0, this requires to make some minor
adjustments.
Fixes: gh-6148
2018-11-30 08:50:47 -06:00
b8f038e86a
Polish OAuth2ResourceServerConfigurer
2018-11-30 06:37:00 -05:00
be423debfd
ServerAuthenticationConverter should be configurable
...
Fixes gh-6186
2018-11-29 14:37:22 -07:00
3a43ed8f1c
Register NullRequestCache When Disabled
...
Fixes: gh-6102
2018-11-20 07:15:09 -07:00
f30fcdda6b
RequestCacheConfigurerTests groovy->java
...
Issue: gh-4939
2018-11-16 15:40:12 -07:00
686393ed5c
ExceptionHandlingConfigurerTests groovy->java
...
Issue: gh-4939
2018-11-16 14:51:26 -07:00
1ea73e7d8e
Jwt Decoder Local Key Configuration
...
Adds support for configuring Resource Server DSL with a local public
key.
Fixes: gh-5131
2018-11-16 13:07:19 -06:00
d28e32b000
NimbusJwtDecoder Builder
...
A Builder to simply common construction patterns for NimbusJwtDecoder
Issue: gh-6010
2018-11-14 15:53:47 -06:00
db5e54266c
#3912 lazyBean method respects @Primary annotation
2018-11-14 14:31:29 -06:00
8eedb3919e
Policy OAuth2ResourceServerSpecTests
...
Issue: gh-6052
2018-11-12 15:01:15 -07:00
3a6582d2a6
Fix csrf:token-repository-ref XSD documentation
...
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.
Fixes gh-6037
2018-11-08 10:14:49 -06:00
9a13f9acde
Custom Bearer Token Error Handling Support
...
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.
Fixes: gh-6052
2018-11-07 16:29:56 -06:00
75e7e099ab
MiscHttpConfigTests groovy->java
...
Issue: gh-4939
2018-10-30 12:58:20 -06:00
52be2839ca
Migraged unit test from groovy to java
...
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java
gh-4939
2018-10-23 20:04:42 -05:00
8ef65ce5c5
Set AuthenticationEventPublisher on each AuthenticationManagerBuilder
...
Fixes gh-6009
2018-10-23 14:08:23 -04:00
8f49ca850a
Fixing IllegalStateException message in OAuth2ResourceServerConfigurer
...
Updated message to include `http.oauth2ResourceServer()`
2018-10-17 15:14:36 -05:00
bd9e3877f9
JDK 10 Compatibility
...
Upgrading dependencies and reconfiguring PowerMock
Issue: gh-5860
2018-10-17 15:03:42 -05:00
921abefaa2
Remove address and phone scope from CommonOAuth2Provider.OKTA
...
Fixes gh-5987
2018-10-17 11:50:34 -04:00
22bd8f1c1f
Reactive Jwt Authentication Converter Support
...
Fixes: gh-5092
2018-10-15 11:55:12 -05:00
93ca455405
OAuth2LoginAuthenticationFilter ignores authenticated Users
...
This ensures that OAuth2 Client support works with the same log in URL as
oauth2 login.
Fixes: gh-5915
2018-10-12 16:29:27 -05:00
5d18bb68ed
Add @formatter to @EnableWebFluxSecurity Javadoc
...
Fixes: gh-5898
2018-09-21 08:11:50 -05:00
45a9c0fd54
Polish Automatically Add CsrfServerLogoutHandler
...
Issue: gh-5337
2018-09-21 00:59:36 -05:00
b060ec050a
Automatically add CsrfServerLogoutHandler if csrf enabled
...
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled
Fixes gh-5337
2018-09-21 00:59:36 -05:00
79828d4f7b
Polish WebFlux Referrer-Policy header config
2018-09-20 17:14:16 -05:00
8a49c431c3
Add OAuth2ClientSpec.and
...
Fixes: gh-5888
2018-09-20 10:19:21 -05:00
73c1abbba0
EnableGlobalMethodSecurity Misconfiguration Check
...
This polishes the EnableGlobalMethodSecurity misconfiguration check to
not error if the user has specified a custom method security metadata
source.
Issue: gh-5341
2018-09-20 07:55:03 -06:00
1e864ad764
Validate @EnableGlobalMethodSecurity usage
...
Fixes: gh-5341
2018-09-20 07:55:03 -06:00
9e0c7f17b7
Default RequestCache should ignore favicon
...
Fixes: gh-5875
2018-09-19 14:29:14 -05:00
8b0a3a760c
Use providedSessionAuthenticationStrategy
...
Fixes gh-5763
2018-09-19 07:04:49 -04:00
501c008526
Add WebFlux Redirect to HTTPS Reference
...
Fixes: gh-5869
2018-09-18 21:12:37 -05:00
54d07b6b8b
Add WebFlux HTTP Headers Reference
...
Fixes: gh-5868
2018-09-18 17:09:41 -05:00
72301e548a
Reactive OAuth2 DSL Customizations
...
Fixes: gh-5855
2018-09-17 21:21:36 -05:00
Johnny Lim
Josh Cummings
Farooq Khan
Ankur Pathak
Joe Grandja
Rafael Dominguez
Robbie Martinus
ir73
Dongmin Shin
Daniel Bustamante Ospina
Eric Deandrea
Karl Goffin
Erik van Paassen
Bob Maertz
Brian Demers
Rob Winch
Vedran Pavic
artsiom