Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,213 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

812 Commits

Author SHA1 Message Date
Rob Winch 370fc48afe Polish LogoutBuilder 
Issue gh-4603
 2017-10-06 16:37:11 -05:00
shazin.sadakath@gmail.com 79e749790f Add Reactive LogoutBuilder 
Fixes gh-4541
 2017-10-06 16:36:19 -05:00
Rob Winch c77cc72cd3 Fix EnableWebFluxSecurityTests 
Fixes gh-4604
 2017-10-06 16:28:57 -05:00
Joe Grandja 926ad45f21 Add default config for common OAuth2 Providers 
Fixes gh-4597
 2017-10-06 10:17:32 -04:00
Joe Grandja 29d36e4d16 Remove OAuth2ClientTemplatePropertiesLoader 
Fixes gh-4598
 2017-10-05 20:15:28 -04:00
Joe Grandja 1b7e761be4 Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor 
Fixes gh-4591
 2017-10-05 17:05:56 -04:00
Joe Grandja eb320bfed4 AuthorizationCodeAuthenticationProcessingFilter -> AuthorizationCodeAuthenticationFilter 2017-10-05 16:40:12 -04:00
Joe Grandja 5c14e48b18 Add OAuth2UserAuthenticationProvider 
Moved logic from AuthorizationCodeAuthenticationProvider
to OAuth2UserAuthenticationProvider (new) related to
loading user attributes via OAuth2UserService.

This re-factor is part of the work required for Issue gh-4513
 2017-10-05 15:15:35 -04:00
Joe Grandja f8a9077d5a Generalize AuthorizationCodeAuthenticationProvider 
The AuthorizationCodeAuthenticationProvider implements part of the
Authorization Code Grant flow as defined in
OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0.
The implementation needs to be de-coupled to allow for better re-use and readability.
This commit introduces the AuthorizationGrantAuthenticator and extracts logic from
AuthorizationCodeAuthenticationProvider and provides different implementations
for OAuth 2.0 and OpenID Connect 1.0.

This re-factor is part of the work required for Issue gh-4513
 2017-10-05 05:02:22 -04:00
Joe Grandja fb57111ecd redirect-uri property supports 'baseRedirectUrl' uri variable 
Fixes gh-4589
 2017-10-02 15:29:03 -04:00
Joe Grandja 66647070ab Default login page supports Iterable<ClientRegistration> 
Fixes gh-4596
 2017-09-29 19:54:17 -04:00
Rob Winch 99f06ca58c HttpSecurity invokes configure(this) 
Issue gh-4542
 2017-09-29 16:04:47 -05:00
Rob Winch b3bd5ba946 Add Reactive HttpSecurity.addWebFilterAt 
Fixes gh-4542
 2017-09-29 16:04:35 -05:00
Rob Winch 737c48de06 Polish 2017-09-29 14:13:02 -05:00
Joe Grandja b9258aa6ee Make AuthorizationRequestUriBuilder optional 
Fixes gh-4577
 2017-09-28 16:43:11 -04:00
Joe Grandja 9a8ddebc94 Use param matching for Authorization Response 
Fixes gh-4576
 2017-09-28 10:21:01 -04:00
Joe Grandja 8448a54678 Remove ClientRegistrationRepository.getRegistrations() 
Fixes gh-4582
 2017-09-28 07:02:59 -04:00
Joe Grandja b463f8e6b5 Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName() 
Related gh-4580
 2017-09-27 15:39:39 -04:00
Joe Grandja 814742fef6 Rename ClientRegistration.clientAlias -> registrationId 
Fixes gh-4575
 2017-09-27 09:14:55 -04:00
Joe Grandja 38be35677d Add userNameAttributeName to ClientRegistration 
Fixes gh-4580
 2017-09-26 21:55:19 -04:00
Joe Grandja 0e9b2807bf Split up NimbusOAuth2UserService 
Fixes gh-4447
 2017-09-26 11:32:49 -04:00
Rob Winch 6d26b86792 Add UserDetailsRepositoryResourceFactoryBean.fromString 
Fixes gh-4566
 2017-09-22 20:18:59 -05:00
Rob Winch a4c2073bcd Add UserDetailsManagerResourceFactoryBean.fromString 
Fixes gh-4567
 2017-09-22 20:18:59 -05:00
Rob Winch bc99f8aff3 Add UserDetailsResourceFactoryBean.fromString 
Fixes gh-4568
 2017-09-22 20:18:59 -05:00
Stephan Schroevers 9e719bc313 Drop the `aopalliance:aopalliance` dependency 
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
 2017-09-22 11:11:04 -05:00
Joe Grandja 8521ca8f94 Polish gh-4560 2017-09-21 17:21:41 -04:00
Joe Grandja baa3b6f258 Add utility for loading properties of client types 
Fixes gh-4560
 2017-09-20 22:50:19 -04:00
Rob Winch 8a66d0c78d Polish PermissionEvaluator Autowired into Web Security 
Issue gh-4077
 2017-09-18 16:53:19 -05:00
Craig Andrews 3bf6bf10de Configure permissionEvaluator and roleHierarchy by default 
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue gh-4077
 2017-09-18 16:35:16 -05:00
Rob Winch f8ee9944ff Copyright date range 2017-09-18 11:18:46 -05:00
Rob Winch 1f4082e754 Fix copyright lines 2017-09-18 11:11:25 -05:00
Rob Winch 01d4387f56 Fix empty lines in copyright 2017-09-18 10:53:04 -05:00
Rob Winch 3ecf3ea034 Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00
Rob Winch e14af37775 Add LogoutWebFilter 
Fixes gh-4539
 2017-09-13 16:43:04 -05:00
Rob Winch 426e24c18e Polish 
Formatting changes
 2017-09-13 15:31:32 -05:00
Joe Grandja 65b968f04a Move servlet-specific classes to 'web' package 
Fixes gh-4366
 2017-09-13 16:13:32 -04:00
Rob Winch 0a36359f11 WebFlux HTTP Basic & Form Login Sessions 
By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
 2017-09-13 14:47:44 -05:00
Rob Winch 3d745e63f6 HttpSecurityConfiguration applies all defaults 
HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
 2017-09-12 22:07:12 -05:00
Rob Winch b5edb58050 Polish reactive config 
Code Checkstyle fixes
 2017-09-12 21:56:09 -05:00
Rob Winch 8b32b8db74 Polish 
HeadersBuilder build is protected
 2017-09-12 21:51:26 -05:00
Rob Winch d93c774691 Add FormLogin Configuration 
Fixes gh-4537
 2017-09-12 20:40:56 -05:00
Rob Winch a0a0a32bda Add WebTestClient HtmlUnit Support 
Fixes gh-4534
 2017-09-12 20:40:56 -05:00
Rob Winch 8d997fd079 Remove DefaultAuthenticationSuccessHandler 
We always need to save the user after authentication, so it should be
part of AuthenticationWebFilter

Fixes gh-4524
 2017-09-12 20:40:56 -05:00
Joe Grandja 4ff0b52f74 Remove HttpClientConfig 
Issue gh-4478
 2017-09-12 21:03:40 -04:00
Rob Winch d9bad2bc9d Mono.currentContext()->subscriberContext() 
Fixing refactoring by Reactor
 2017-09-01 17:20:47 -05:00
Rob Winch be0081290b EnableWebFluxSecurity uses PasswordEncoder Bean 2017-08-30 10:02:00 -05:00
Rob Winch 9f2ea90f0d Polish HttpSecurity 
Code Style fixes
 2017-08-29 20:34:20 -05:00
Rob Winch 51ad53f76a Remove Optional from Reactive HttpSecurity 2017-08-29 20:30:04 -05:00
Rob Winch 20befc3702 Support .and() in Reactive HttpBasic & HeaderBuilder 2017-08-29 20:17:56 -05:00
Rob Winch c4917f359a Fix for Reactor Refactor 
- contextStart -> subscriberContext
 2017-08-29 08:24:55 -05:00