Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,130 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

8130 Commits

Author SHA1 Message Date
Joe Grandja a60446836b OAuth2AuthorizeRequest supports attributes 
Fixes gh-7341
 2019-09-05 21:04:25 -04:00
Filip Hanik 4a754c1f45
Merge pull request #7382 from fhanik/fix/update-to-apache-tomcat-9.0.24 
Upgrade to embedded Apache Tomcat 9.0.24
 2019-09-05 17:04:37 -07:00
Filip Hanik 08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp 
Add SAML Service Provider Support
 2019-09-05 17:04:14 -07:00
Josh Cummings 08f68c9122
Update JwtAuthenticationConverter Docs 
Replaced usage of deprecated API

Fixes gh-7062
 2019-09-05 16:15:55 -06:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code 
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
 2019-09-05 14:40:08 -07:00
Rob Winch 9639962e27 Fix RSocket Package Tangle 
Issue gh-7360
 2019-09-05 16:27:57 -05:00
Filip Hanik a919ff0461 Upgrade to embedded Apache Tomcat 9.0.24 2019-09-05 14:26:18 -07:00
Rob Winch 2a1f3f6aa7 Remove Package Tangle in HeaderWriterFilter 
Fixes gh-7380
 2019-09-05 16:08:45 -05:00
Rob Winch b5cbab01df Update to Spring 5.2.0.RC2 
Fixes gh-7371
 2019-09-05 13:42:34 -05:00
Eleftheria Stein 6aebf6c27e Update to Spring Boot 2.2.0.M5 
Fixes gh-7320
 2019-09-05 13:34:07 -05:00
Eleftheria Stein 266cc4a427 Update to org.seleniumhq.selenium:htmlunit-driver 2.36.0 
Fixes: gh-7319
 2019-09-05 13:34:07 -05:00
Eleftheria Stein 64e95c1e39 Update to hibernate-entitymanager 5.4.4.Final 
Fixes: gh-7318
 2019-09-05 13:34:07 -05:00
Eleftheria Stein da9221b156 Update to net.sourceforge.htmlunit:htmlunit 2.36.0 
Fixes: gh-7317
 2019-09-05 13:34:07 -05:00
Eleftheria Stein 2010bf4a65 Update to commons-codec 1.13 
Fixes: gh-7316
 2019-09-05 13:34:07 -05:00
Eleftheria Stein 97626f7dd2 Update to nimbus-jose-jwt 7.8 
Fixes: gh-7315
 2019-09-05 13:34:07 -05:00
Eleftheria Stein 19b29a20bd Update to GAE 1.9.76 
Fixes: gh-7314
 2019-09-05 13:34:07 -05:00
Rob Winch 2a3bf9b6bb DefaultReactiveOAuth2UserService IOException 
Improve handling of IOException to report an
AuthenticationServiceExceptionThere are many reasons that a
DefaultReactiveOAuth2UserService might fail due to an IOException
(i.e. SSLHandshakeException). In those cases we should use a
AuthenticationServiceException so that users are aware there is likely
some misconfiguration.

Fixes gh-7370
 2019-09-05 13:31:30 -05:00
Rob Winch 7ad641d106 RSocket Tests use Available Port 
Issue gh-7360
 2019-09-05 09:16:07 -05:00
Andreas Kluth c46b224ec4 Remove OAuth2AuthorizationRequest when a distributed session is used 
Dirties the WebSession by putting the amended AUTHORIZATION_REQUEST map into
the WebSession even it was already in the map. This causes common SessionRepository
implementations like Redis to persist the updated attribute.

Fixes gh-7327

Author: Andreas Kluth <mail@andreaskluth.net>
 2019-09-05 09:31:32 -04:00
Josh Cummings 26a65249f9
Remove invalid characters 2019-09-05 04:32:34 -06:00
Lars Grefer 93b991d5f7 Update AspectJ Gradle Plugin to 4.0.1 2019-09-04 19:31:28 -05:00
Lars Grefer b75212b325 Update to Gradle 5.6.1 2019-09-04 19:31:28 -05:00
Rob Winch 5a4eded696 Add RSocket Support 
Fixes gh-7360
 2019-09-04 19:24:01 -05:00
Josh Cummings 099d49aa40 Simplify currentAuthentication() 2019-09-04 15:33:41 -06:00
Josh Cummings 40ff837713 Polish Server|ServletBearerExchangeFilterFunction 
Fixes gh-7353
 2019-09-04 15:33:41 -06:00
Joe Grandja e6618d4d50 Removed unused OAuth2AuthorizedClientResolver 
Fixes gh-7357
 2019-09-04 16:56:40 -04:00
Josh Cummings 833bfd0c22 Add Authorities from Access Token 2019-09-04 14:15:28 -06:00
Josh Cummings aa1c80c801 Grant Individual Authorities From Claims 
Fixes gh-7339
 2019-09-04 14:15:28 -06:00
Joe Grandja 409285fb3d Fix test 
Issue gh-7350
 2019-09-04 14:27:01 -04:00
Joe Grandja 0ac8618eac Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper 
Fixes gh-7350
 2019-09-04 14:07:45 -04:00
Joe Grandja dcd997ea43 Add support for Resource Owner Password Credentials grant 
Fixes gh-6003
 2019-09-04 14:07:45 -04:00
Josh Cummings de672e3ae9
Polish oauth2ResourceServer() Error Messaging 
Fixes: gh-6876
 2019-09-04 11:49:22 -06:00
Josh Cummings 1fc5b27fa2
Update LogoutConfigurerClearSiteData Tests 
Issue gh-7347
 2019-09-04 03:30:37 -06:00
Josh Cummings 82ae4db4cc Update Multi Tenancy Sample to Convert Jwts 
Issue gh-7346
 2019-09-03 15:58:05 -06:00
Josh Cummings d7f7e9d4b7 Add Jwt to BearerTokenAuthentication Converter 
Fixes gh-7346
 2019-09-03 15:58:05 -06:00
Josh Cummings 068f4f0147 Polish Opaque Token 
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.

Fixes gh-7344
Fixes gh-7345
 2019-09-03 15:58:05 -06:00
Josh Cummings c019507770 Add BearerTokenAuthentication 
Fixes gh-7343
 2019-09-03 15:58:05 -06:00
Josh Cummings 346b8c2cff Add OAuth2AuthenticatedPrincipal 
Fixes gh-7342
 2019-09-03 15:58:05 -06:00
Josh Cummings 39e84013f7
ClearSiteDataHeaderWriter Directives 
Fixes gh-7347
 2019-09-03 15:57:10 -06:00
Josh Cummings f350988285 Add Servlet and ServerBearerExchangeFilterFunction 
Fixes gh-5334
Fixes gh-7284
 2019-09-03 15:29:06 -06:00
Bouke Nijhuis dbd1819ea4 add media type jwk-set+json to accept header 
Fixes gh-7290
 2019-09-03 14:12:50 -04:00
Eleftheria Stein ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00
Scott Murphy 26ae590c68 Check that userdetails for username exists. #7251 2019-09-03 11:48:46 -04:00
Eddú Meléndez 8773c7994f Allow to set default securityContextRepository for each authentication mechanisms 
Fixes gh-7249
 2019-09-03 07:46:59 -06:00
Josh Cummings 5e98b92273
In-memory ClientRegistration Repo Duplicate Check 
Fixes gh-7338
 2019-09-02 15:30:48 -06:00
kostya05983 f6c650db47
Replace Streams with Loops 
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
 2019-09-02 15:30:48 -06:00
Josh Cummings d6d0d89ff8
NamespaceRememberMeTests groovy->java 
Issue gh-4939
 2019-09-02 13:08:21 -06:00
Josh Cummings bf5b693549
NamespaceHttpOpenIDLoginTests groovy->java 
Issue gh-4939
 2019-08-30 15:54:43 -06:00
Roman Matiushchenko ffc43e02c3 Fix NPE in RequestContextSubscriber 
RequestContextSubscriber could cause NPE if Mono/Flux.subscribe()
was invoked outside of Web Context.
In addition it replaced source Context with its own without respect
to old data.
Now Request Context Data is Propagated within holder class and
it is added to existing reactor Context if Holder is not empty.

Fixes gh-7228
 2019-08-30 16:49:38 +03:00
Angel Aguilera 1de885e298 use simple link instead of 'pass' macro 2019-08-29 06:17:06 -05:00