Steve Riesenberg
f0168c6c27
Add support for customizing claims in JWT Client Assertion
...
Closes gh-9855
2022-03-17 09:53:16 -05:00
Joe Grandja
4a8219d16c
Update whats-new.adoc with gh-9812
2022-03-17 04:41:33 -04:00
Joe Grandja
50d315d833
Remove unused code
2022-03-17 04:23:44 -04:00
Joe Grandja
a2ffc88294
Allow configuring PKCE for confidential clients
...
Closes gh-6548
2022-03-16 13:33:12 -04:00
ShinDongHun1
7955e5ac52
Polish UsernamePasswordAuthenticationFilter method
...
Closes gh-10970
2022-03-16 16:29:40 +01:00
Josh Cummings
cf29bf996c
Polish InResponseTo support
...
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once
Issue gh-9174
2022-03-15 14:06:58 -06:00
Elias Lousseief
3c878549b5
Add support for validation of InResponseTo
...
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).
Closes gh-9174
2022-03-15 14:06:57 -06:00
Elias Lousseief
836f203d44
Refactored OpenSaml4AuthenticationProviderTests
...
Factored out repeatedly used code for signing a request.
2022-03-15 14:06:57 -06:00
Simone Giannino
73003d59d6
OAuth 2.0 logout handler resolves uri placeholders
...
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri
Issue gh-7900
2022-03-15 12:54:39 -06:00
Rob Winch
fabeabd2db
Fix docs SecurityContextHolder Diagram
...
Issue gh-9635
2022-03-12 13:44:45 -06:00
Rob Winch
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
Rob Winch
dbcb5004b4
Extract createSecurityContextRepository()
...
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.
Issue gh-9635
2022-03-11 17:21:49 -06:00
Rob Winch
6e45a376cd
Remove "Hi ... there" From Docs
...
Close gh-10963
2022-03-11 13:42:38 -06:00
Rob Winch
e4f1826622
Remove "Hi ... there" From Docs
...
Close gh-10963
2022-03-11 13:41:19 -06:00
Rob Winch
b71b2f81e1
Add Persistence to documentation
...
Closes gh-10962
2022-03-11 13:41:19 -06:00
Rob Winch
9967078059
Antora 3.0.0
...
Issue gh-10962
2022-03-11 13:41:19 -06:00
Norbert Nowak
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
Rob Winch
d2f24ae5f5
Add SecurityContextRepository to all Authentication Filters
...
Closes gh-10949
2022-03-09 15:40:17 -06:00
Rob Winch
9db79aa5d7
BearerTokenAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
2e9b04ed48
CasAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
636f3e1d5d
AbstractPreAuthenticatedProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
e6b6104b52
DigestAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
9b0cd5a0a8
BasicAuthenticationFilter.setSecurityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
120f2a356f
RememberMeAuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
014c471ff1
AuthenticationFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch
f11cb988a9
AbstractAuthenticationProcessingFilter.securityContextRepository
...
Issue gh-10953
2022-03-09 15:33:42 -06:00
Marcus Da Coregio
70b67cd2f1
AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
...
Closes gh-10950
2022-03-09 15:22:21 -03:00
Marcus Da Coregio
980e0466a7
AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
...
Closes gh-10950
2022-03-09 15:21:37 -03:00
Rob Winch
65ec2659c4
HttpSessionSecurityContextRepository saves with original response
...
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.
This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.
Closes gh-10947
2022-03-09 10:17:15 -06:00
Lijamaija
bc2bb8cb96
Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket
...
Closes gh-10932
2022-03-09 16:18:09 +01:00
Marcus Da Coregio
93d4fd3559
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 09:18:01 -03:00
Marcus Da Coregio
73f839312d
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 09:18:01 -03:00
Rob Winch
b9f79543c5
Add RequestAttributeSecurityContextRepository
...
Closes gh-10918
2022-03-07 14:52:24 -06:00
Josh Cummings
ff87cfce3a
Polish EntityDescriptor Customizer
...
Issue gh-10839
2022-03-04 10:42:04 -07:00
Ulrich Grave
d225205bf2
Add method to customize EntityDescriptor
...
Closes gh-10839
2022-03-04 10:42:04 -07:00
Josh Cummings
304e89041c
Polish Formatting
...
Issue gh-10799
2022-03-02 16:40:13 -07:00
Sander van Schouwenburg
f1a76efc2d
Preserve order of RelyingPartRegistration credentials
...
Issue gh-10799
2022-03-02 16:40:13 -07:00
Josh Cummings
963251314b
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:40:11 -07:00
Josh Cummings
ee061f3659
Use RFC2045 Encoding for SAML 2.0 Logout
...
Closes gh-10923
2022-03-02 16:39:31 -07:00
Josh Cummings
923c61e9d2
Polish Formatting
...
Issue gh-10799
2022-03-02 16:37:58 -07:00
Sander van Schouwenburg
14d0663ae2
Preserve order of RelyingPartRegistration credentials
...
Issue gh-10799
2022-03-02 16:37:58 -07:00
Josh Cummings
7a02bd14c1
Replace Apache Commons Base64 Decoding
...
Issue gh-10923
2022-03-02 16:19:03 -07:00
Josh Cummings
238616da80
Use RFC2045 Encoding for SAML 2.0 Logout
...
Closes gh-10923
2022-03-02 16:18:34 -07:00
Josh Cummings
931fb6a328
Move UnmodifiableMapDeserializer
...
Issue gh-10905
2022-03-01 14:03:41 -07:00
Josh Cummings
6c3d183a94
Polish Saml2 Jackson Support
...
Issue gh-10905
2022-03-01 13:56:02 -07:00
Ulrich Grave
df84826c95
Add Jackson Support for Saml2 Module
...
Closes gh-10905
2022-03-01 12:07:55 -07:00
Talerngpong Virojwutikul
440ffce2eb
Update PasswordEncoder declaration
...
Closes gh-10910
2022-03-01 07:50:55 -07:00
Talerngpong Virojwutikul
ff15bec02d
update PasswordEncoder declaration
2022-03-01 07:48:31 -07:00
m0k045e
3aa7a65cb4
OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
...
Closes gh-10846
2022-02-28 15:30:19 -07:00
Filip Hanik
47871562ca
Change HashSet to LinkedHashSet
...
For various RelyingPartyRegistration.credentials to preserve order of insertion.
Issue gh-10799
2022-02-28 15:02:03 -07:00