Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,562 Commits 33 Branches 334 Tags 114 MiB
Commit Graph

6562 Commits

Author SHA1 Message Date
Rob Winch f2ccc53549 Add UserDetailsMapFactoryBean 
Fixes gh-4804
 2017-11-09 14:01:43 -06:00
Johnny Lim 99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch be0c6cde3d Update to Reactor-Bismuth-SNAPSHOT 
This may fix the hanging webflux-form build

Issue: gh-4803
 2017-11-08 10:37:01 -06:00
Rob Winch f1245059ff Consistent Thymeleaf Version in Boot Samples 
Issue gh-4802
 2017-11-08 09:04:50 -06:00
Rob Winch 9d7802d71f Configure logback for webflux-form 
Issue gh-4802
 2017-11-08 08:32:32 -06:00
Rob Winch 1728e21804 Update Thymeleaf 
We can remove PatchThymleeafReactiveView now that it is fixed and released
in Thymeleaf.

Issue gh-4802
 2017-11-08 08:29:49 -06:00
Rob Winch 75e77292cf webflux-form sample 
Fixes gh-4802
 2017-11-07 22:25:56 -06:00
Rob Winch adec62cdf2 EnableWebFluxSecurity creates CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:48 -06:00
Rob Winch 676020321e Add reactive CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:36 -06:00
Rob Winch 7622826b69 WebSessionServerCsrfTokenRepository saves on getToken 
Fixes gh-4801
 2017-11-07 22:25:23 -06:00
Rob Winch 776364d403 ServerCsrfTokenRepository.saveToken return Mono<CsrfToken> 
Fixes gh-4800
 2017-11-07 22:24:53 -06:00
Rob Winch 3f18881493 Remove additional attribute name from CsrfWebFilter 
Fixes gh-4799
 2017-11-07 22:24:42 -06:00
Rob Winch 91e27c1422 Add slf4jDependencies to hellowebflux 
Fixes gh-4798
 2017-11-07 22:24:32 -06:00
Rob Winch c7c84e0996 Fix CustomLoginPage test 
Fixes gh-4797
 2017-11-07 22:24:21 -06:00
Rob Winch 1506dcd413 SpringTestContext.getContext() 
Add accessor method for SpringTestContext.getContext()

Fixes gh-4796
 2017-11-07 22:24:15 -06:00
Joe Grandja db35dc6c03 Add tests to oauth2-core 
Fixes gh-4298
 2017-11-06 11:39:17 -05:00
Rob Winch d9abd2e443 User.UserBuilder only encodes once 
Fixes gh-4794
 2017-11-06 09:47:37 -06:00
Rob Winch 21aec19d42 Add FormLoginBuilder.serverAuthenticationSuccessHandler 
Fixes: gh-4786
 2017-11-03 08:47:59 -05:00
Rob Winch 1d4c7da1e1 Fix WebTestClientWebConnection for redirects 2017-11-03 08:46:56 -05:00
Craig Walls 06c4bffc5f Use id field instead of name field for GitHub and Facebook providers. 
Fixes gh-4764
 2017-11-01 10:48:57 -04:00
Greg Turnquist 881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details 
Resolves #4698
 2017-10-31 16:34:07 -05:00
Rob Winch 82adf744f5 Polish Docs 2017-10-31 10:27:34 -05:00
Rob Winch 35758fc61f Next Development Version 5.0.0.BUILD-SNAPSHOT 2017-10-30 17:06:54 -05:00
Rob Winch e7ab2a697d Release 5.0.0.RC1 2017-10-30 16:47:44 -05:00
Rob Winch e95430fa36 Polish Reactive Method Security reference 
Issue gh-4757
 2017-10-30 16:27:50 -05:00
Rob Winch d664ff2e26 Lookup HandlerMappingIntrospector from Bean 2017-10-30 16:27:50 -05:00
Joe Grandja ef9cd76607 Polish oauth2 
Fixes gh-4758
 2017-10-30 16:49:01 -04:00
Rob Winch 8e6c726fb2 Add WebFlux to What's New 5.0 
Fixes gh-4757
 2017-10-30 15:29:13 -05:00
Joe Grandja d435f149eb Polish spring-security-oauth2-jose 
Fixes gh-4755
 2017-10-30 13:09:40 -04:00
Joe Grandja 511d702ee0 Remove JwtDecoderRegistry 
Fixes gh-4754
 2017-10-30 12:52:42 -04:00
Joe Grandja 727098d6c0 Fix NPE when configuring oauth2Login.loginPage 
Fixes gh-4752
 2017-10-30 06:26:07 -04:00
Rob Winch 5280ac40e9 WebMvcConfigurerAdapter->WebMvcConfigurer 
Fixes gh-4612
 2017-10-30 01:30:08 -05:00
Gajendra kumar ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster 
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
 2017-10-30 01:08:15 -05:00
Kazuki Shimizu 3d5989dea4 Change a default realm name 
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.

Fixes gh-4220
 2017-10-30 00:59:39 -05:00
Frank Pavageau 35706ad60a Deserialize the principal in a neutral way 
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
 2017-10-30 00:53:31 -05:00
Frank Pavageau 6fd9ff254b Map values directly from the JSON nodes 
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
 2017-10-30 00:53:31 -05:00
SignleMR a1fdb7dcb3 Update AbstractRememberMeServices.java 
this file`s file encode is unkown,maybe is "Eddu Melendez"
 2017-10-30 00:50:23 -05:00
Rob Winch 4295461830 ServerHttpSecurity extracts WebFilter from OrderedWebFilter 
Fixes gh-4736
 2017-10-30 00:45:26 -05:00
Jeremy Waters 832f5c39c1 SEC-3190: Add support for colons in remember-me token values 
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
 2017-10-30 00:33:14 -05:00
Trygve Aasjord 8d717c62af Pass username as second parameter for search filter. 
Allows the username only (without domain) to be used in custom search filter like "sAMAccountName={1}",
in eg. situations where the userPrincipalName has a different suffix than domain.

Thanks to contributors in issue.

fixes gh-2448
 2017-10-29 23:58:58 -05:00
Johnny Lim cdcf65de1e Polish 
Fixes gh-4425
 2017-10-29 23:43:13 -05:00
Rob Winch 93ac706d86 Polish XFrameOptionsHeaderWriter 
Issue: gh-4559
 2017-10-29 23:32:53 -05:00
Nathan Wong 02a78b17b9 Add check to see if return value is DENY 
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
 2017-10-29 23:32:53 -05:00
Antoine bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine 0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Arend v. Reinersdorff a558d408a3 Minor typos PreAuthenticatedAuthenticationProvider 2017-10-29 22:12:04 -05:00
Kyle Anderson a139a0052d Fix Typo in Reference Docs 2017-10-29 22:09:46 -05:00
Rob Winch 77de91ad60 Polish unbounded support 
- Update unboundid-ldapsdk-4.0.1
- Fix ordering of dependencies

Issue gh-4672
 2017-10-29 21:59:55 -05:00
Eddú Meléndez 70165869b1 Add UnboundId LDAP inmemory support 
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
 2017-10-29 21:59:55 -05:00