Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 14:48:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,591 Commits 48 Branches 362 Tags
Commit Graph

161 Commits

Author SHA1 Message Date
Rivaldi
01a37dd678 Fix typo 
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
 2022-11-03 08:21:48 -03:00
Josh Cummings
cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings
d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Marcus Da Coregio
38a7bbd2eb Merge branch '5.8.x' 2022-10-05 13:20:12 -03:00
Marcus Da Coregio
ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg
181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg
2431dd1103
Merge branch '5.8.x' 2022-09-13 17:38:10 -05:00
Steve Riesenberg
355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Rob Winch
a5069d7e35 Fix Add @Configuration to @Enable*Security Usage 
Issue gh-6613
 2022-08-09 17:00:16 -05:00
Joshua Sattler
040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
André Luis Gomes
aca3fc2412 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:51:44 -03:00
André Luis Gomes
0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
André Luis Gomes
24701b547f Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:49:47 -03:00
André Luis Gomes
b9acdd5058 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 13:43:42 +02:00
Pascal Verdage
b71d9bfdc2 Fix typo 2022-04-06 11:09:41 +02:00
Pascal Verdage
ed8887e0fc Fix typo 2022-04-06 11:09:15 +02:00
Steve Riesenberg
f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Steve Riesenberg
428216b322 Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:50:25 -05:00
Joe Grandja
54b033078b Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:36:10 -04:00
Joe Grandja
a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Yuriy Savchenko
f64181ab41 Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 17:18:48 +01:00
Yuriy Savchenko
77ba94e1db Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 11:07:42 +01:00
Eleftheria Stein
4142f06259 Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs 
Closes gh-10003
 2022-02-08 18:10:58 +01:00
Eleftheria Stein
4492e5b667 Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs 
Closes gh-10003
 2022-02-08 16:12:10 +01:00
Joe Grandja
525f40490c Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:59:14 -05:00
Joe Grandja
214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Rob Winch
2fb056b5c1 Merge Clean up Reference Documentation 
Closes gh-9668
 2021-12-13 16:57:36 -06:00
Jeff Maxwell
32d79f3f4e Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:42 -07:00
Jeff Maxwell
b7cc667d21 Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:27 -07:00
Jeff Maxwell
879b2d089f Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:29:23 -07:00
Jeff Maxwell
088a24cf59 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:18:42 -07:00
Jeff Maxwell
3fb1565cc0 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:17:37 -07:00
Jeff Maxwell
5913501e1a #10505 Fix jwtDecoder 
Fixed jwtDecoder(JWTProcessor jwtProcessor, OAuth2TokenValidator<Jwt> jwtValidator)
 2021-11-16 14:05:43 -07:00
Steve Riesenberg
73e1506e5e Consistency update for servlet docs 2021-11-11 14:24:29 -06:00
Steve Riesenberg
ab794bf67a Consistency update for servlet docs 2021-11-11 10:41:12 -06:00
Josh Cummings
b60020a40c Use authorizeHttpRequests in Docs 
Issue gh-8900
 2021-11-10 16:09:50 -07:00
Josh Cummings
812d6f7b18 Use authorizeHttpRequests in Docs 
Issue gh-8900
 2021-11-10 16:08:57 -07:00
Josh Cummings
7708418fae Separate OAuth 2.0 Login Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Josh Cummings
82696918ae Separate OAuth 2.0 Client Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Steve Riesenberg
e350c8a852 Document parameters converter in oauth2 client servlet docs 
Closes gh-10467
 2021-11-05 12:45:46 -06:00
Steve Riesenberg
efa2fab061 Document authentication helper method in WebClient integration 
Closes gh-10120
 2021-11-05 12:45:46 -06:00
Josh Cummings
76ebbb84f7 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Josh Cummings
3db13de1e2 Separate OAuth 2.0 Login Servlet Docs 
Issue gh-10367
 2021-11-04 11:55:53 -06:00
Josh Cummings
8c508d6afa Separate OAuth 2.0 Client Servlet Docs 
Issue gh-10367
 2021-11-04 11:33:58 -06:00
Steve Riesenberg
b27c7e17f4 Document parameters converter in oauth2 client servlet docs 
Closes gh-10467
 2021-11-03 17:09:44 -05:00
Steve Riesenberg
49f3c0ce53 Document authentication helper method in WebClient integration 
Closes gh-10120
 2021-11-03 15:57:12 -05:00
Josh Cummings
869e379099 Separate Namespace Servlet Docs 
Issue gh-10367
 2021-11-01 17:49:15 -06:00