Rob Winch
520e0a5a68
serverAuthenticationSuccessHandler->authenticationSuccessHandler
...
Issue: gh-4822
2017-11-14 16:42:14 -06:00
Rob Winch
5c83f92ddc
serverAuthenticationFailureHandler->authenticationFailureHandler
...
Issue: gh-4822
2017-11-14 16:42:10 -06:00
Rob Winch
692233e431
ServerSecurityContextRepository members to securityContextRepository
...
Issue: gh-4822
2017-11-14 16:42:06 -06:00
Johnny Lim
d900f2a623
Remove unused imports
...
This commit also adds UnusedImportsCheck Checkstyle module.
2017-11-14 14:41:08 -06:00
Rob Winch
1b70efce2b
Add ServerRequestCache
...
Fixes: gh-4789
2017-11-13 15:49:34 -06:00
Rob Winch
8f6491b281
Add RedirectServerAuthenticationFailureHandler
...
Fixes gh-4816
2017-11-13 15:49:20 -06:00
Rob Winch
060d8689fe
Make RedirectServer*Tests less specific
...
Issue: gh-4816
2017-11-13 15:49:06 -06:00
Johnny Lim
99df632f24
Add missing @Override annotations
...
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
2017-11-08 13:27:24 -06:00
Rob Winch
676020321e
Add reactive CsrfRequestDataValueProcessor
...
Fixes gh-4762
2017-11-07 22:25:36 -06:00
Rob Winch
7622826b69
WebSessionServerCsrfTokenRepository saves on getToken
...
Fixes gh-4801
2017-11-07 22:25:23 -06:00
Rob Winch
776364d403
ServerCsrfTokenRepository.saveToken return Mono<CsrfToken>
...
Fixes gh-4800
2017-11-07 22:24:53 -06:00
Rob Winch
3f18881493
Remove additional attribute name from CsrfWebFilter
...
Fixes gh-4799
2017-11-07 22:24:42 -06:00
Frank Pavageau
35706ad60a
Deserialize the principal in a neutral way
...
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b
Map values directly from the JSON nodes
...
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
SignleMR
a1fdb7dcb3
Update AbstractRememberMeServices.java
...
this file`s file encode is unkown,maybe is "Eddu Melendez"
2017-10-30 00:50:23 -05:00
Jeremy Waters
832f5c39c1
SEC-3190: Add support for colons in remember-me token values
...
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons. so this
change urlencodes the individual tokens when creating the cookie
string; and urldecodes them decoding the cookie and extracting the
tokens. This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
2017-10-30 00:33:14 -05:00
Rob Winch
93ac706d86
Polish XFrameOptionsHeaderWriter
...
Issue: gh-4559
2017-10-29 23:32:53 -05:00
Nathan Wong
02a78b17b9
Add check to see if return value is DENY
...
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.
This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
2017-10-29 23:32:53 -05:00
Antoine
bed4ec7d18
Fix leading space characters reported by checkstyle
2017-10-29 22:22:34 -05:00
Antoine
0771778b81
Polish more AssertJ assertions
2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28
Polish AssertJ assertions
...
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Rob Winch
5a5ec58ca4
Add LogoutPageGeneratingWebFilter
...
Fixes gh-4735
2017-10-29 00:12:23 -05:00
Rob Winch
0734d70d02
Logout requires POST
...
Issue: gh-4734
2017-10-29 00:11:59 -05:00
Rob Winch
8da2c7f657
Add WebFlux CSRF Protection
...
Fixes gh-4734
2017-10-28 22:59:24 -05:00
Rob Winch
192776858d
HttpStatusServerAccessDeniedHandler write error message
2017-10-28 22:59:24 -05:00
Rob Winch
e63c53e267
Add AuthorizationWebFilterTests
2017-10-28 22:58:55 -05:00
Rob Winch
2060125ebd
ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository
...
Issue: gh-4719
2017-10-27 18:17:52 -05:00
Rob Winch
4777a869bc
Logout at the end of logout method
...
Issue: gh-4719
2017-10-27 18:17:40 -05:00
Rob Winch
5bcf3c559b
Remove wrappedExchange from AuthenticationWebFilter
...
Issue: gh-4719
2017-10-27 18:17:29 -05:00
Rob Winch
437ba56415
ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter
...
Issue: gh-4719
2017-10-27 18:17:10 -05:00
Rob Winch
c63b258b16
AuthorizeWebFilter uses ReactiveSecurityContextHolder
...
Issue gh-4719
2017-10-27 18:16:59 -05:00
Rob Winch
747473257f
Use ReactorSecurityContextHolder
...
Issue gh-4713
2017-10-26 20:11:42 -05:00
Rob Winch
44b41e78cd
Flux member variables in favor of Collections
...
Fix gh-4694
2017-10-25 07:41:37 -05:00
Rob Winch
fcc1152f78
WebFilterChainProxy not matched continues WebFilterChain
...
Fixes gh-4668
2017-10-24 16:22:07 -05:00
Rob Winch
b81c1ce2c0
Move spring-security-webflux into spring-security-web
...
Fixes gh-4662
2017-10-18 16:20:09 -05:00
Rob Winch
a74f7c6faa
Fix CSRF / DefaultLoginPageGeneratingFilter package tangle
...
Issue: gh-4636
2017-10-16 16:36:49 -05:00
Andreas Gebhardt
0c830f9ba8
fix JavaDoc typo on `BasicAuthenticationEntryPoint`
2017-10-12 07:42:58 -05:00
Rob Winch
23f56f568c
Update MockitJunitRunner import
...
Issue: gh-4608
2017-10-09 16:13:33 -05:00
Rob Winch
445834784a
Update to Mockito 2.10.0
...
Issue: gh-4608
2017-10-09 16:13:11 -05:00
Rob Winch
f3828924ff
Fix equals and hashCode alignment
...
Fixes gh-4588
2017-09-28 17:25:00 -05:00
Rob Winch
646b3e48b3
Avoid Exception Message in HTTP Response
...
Fixes gh-4587
2017-09-28 17:24:49 -05:00
Vedran Pavic
95de158909
Add `ForwardLogoutSuccessHandler`
2017-09-06 15:15:02 -05:00
Joe Grandja
4951550d7d
Add context path to authorization request URI
...
Fixes gh-4510
2017-08-26 18:55:23 -04:00
Rob Winch
e16b8e7976
Fix logback-test.xml
2017-08-17 16:42:01 -05:00
Kyle Anderson
d8a678df6f
Removed Unicode Character from Parameter Name
2017-06-29 16:03:29 -05:00
Takuma Setoguchi
f2c04dd9b1
fix typo
2017-06-20 08:17:15 -05:00
Vedran Pavic
85719fcd64
Use Base64 implementation provided by Java 8
2017-05-10 00:27:36 -05:00
Joe Grandja
829c386756
Add support for OAuth 2.0 Login
...
Fixes gh-3907
2017-04-28 10:58:59 -04:00
Rob Winch
5a65da400d
Use ReflectionTestUtils rather than Whitebox
...
This is better because it no longer uses Mockito's internal API
Fixes gh-4305
2017-04-21 10:54:58 -05:00
Rob Winch
9d9aadb80f
Fix DefaultSavedRequestMixinTests with Spring 5
...
Previously DefaultSavedRequestMixinTests
serializeDefaultRequestBuildWithConstructorTest broke in Spring 5
because Spring 5's MockHttpServletRequest.setCookie now automatically adds
the Cookie header.
This commit ensures that the Cookie header is not added by overriding the
class we are writing.
Fixes gh-4272
2017-04-12 15:51:26 -05:00