8763 Commits

Author SHA1 Message Date
Jonas Erbe
606bf6b38d Fix JwtClaimValidator wrong error code
Previously JwtClaimValidator returned the invalid_request
error on claim validation failure.

But validators have to return invalid_token errors on failure
according to:

https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.

Closes gh-10337
2021-11-29 13:30:38 -07:00
Marcus Da Coregio
5a47e17a0d Improve log message when no CSRF token found
Closes gh-10436
2021-11-19 09:00:29 -03:00
Josh Cummings
6fcee07527 Fix setJWTClaimSetJWSKeySelector Typo
Closes gh-10504
2021-11-16 15:35:22 -07:00
Josh Cummings
1b1c78f408 Fix jwtDecoder Documentation Usage
Closes gh-10505
2021-11-16 15:22:26 -07:00
Josh Cummings
7b03fb5321 Don't Cache ReactiveJwtDecoders Errors
Closes gh-10444
2021-11-10 18:17:33 -07:00
Joe Grandja
823c1ebca5 Next development version 2021-10-18 10:50:44 -04:00
Joe Grandja
5c8cd23a2d Revert "Lock dependencies"
This reverts commit fc53f81d2ef873b319f02cfc30a3c0f15f5cc24e.
2021-10-18 10:48:23 -04:00
Joe Grandja
8605350ed6 Release 5.3.12.RELEASE 5.3.12.RELEASE 2021-10-18 10:31:23 -04:00
Josh Cummings
9481122e02 Restructure SwitchUserFilter Logs
Issue gh-6311
2021-10-18 09:59:42 -04:00
Eleftheria Stein
fc53f81d2e Lock dependencies 2021-10-14 15:44:09 +02:00
Eleftheria Stein
9f895708f7 Update to Google App Engine 1.9.88
Closes gh-10381
2021-10-14 12:02:59 +02:00
Eleftheria Stein
9f07593256 Update to nohttp 0.0.10
Closes gh-10380
2021-10-14 12:02:32 +02:00
Josh Cummings
dc95d8d705 Fix OAuth2 Error Code
Closes gh-10319
2021-09-28 15:23:53 -06:00
heowc
31cc0b856e Fix typo
Closes gh-10276
2021-09-22 16:38:50 -06:00
Rob Winch
1eb64652a3 Remove finally block for junit
Allow this to be gathered by Gradle enterprise since if build is up to
date there will be no tests ran which causes failure. Additionally,
Gradle Enterprise displays the tests better than Jenkins.
2021-09-22 16:24:39 -05:00
Rob Winch
e25052b987 Add jenkins user to Jenkinsfile 2021-09-22 16:20:29 -05:00
Anthony Lofton
1ca04ffc91 Updated test.adoc SecurityMockServerConfigurers method references
Updated all references to SecurityMockServerConfigurers to refer to
correct methods.
Added documentation for mockJwt to include the
SecurityMockServerConfigurers class.

Issue gh-10254
2021-09-14 16:25:38 -03:00
Derek Van Blerkom
2bdaa31f72 Fix return type to allow further security config
Issue gh-10245
2021-09-13 15:41:40 -03:00
Fabio Guenci
f33598946f
Preserve Null Claim Values
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
2021-08-16 08:40:39 -06:00
Marcus Da Coregio
29a15a3c3a Next development version 2021-08-16 10:36:21 -03:00
Marcus Da Coregio
c706a103f9 Revert "Lock Dependencies"
This reverts commit 1533f098d28967a562bf1b2caf71c4292cbd1349.
2021-08-16 10:35:39 -03:00
Marcus Da Coregio
05319d2685 Release 5.3.11.RELEASE 5.3.11.RELEASE 2021-08-16 09:59:03 -03:00
Marcus Da Coregio
1533f098d2 Lock Dependencies 2021-08-16 09:42:34 -03:00
Steve Riesenberg
f55247e28a Revert "URL encode client credentials"
This reverts commit 6cafa4836987c8ee6ccd59e5d988ab7753f1c3e8.

Issue gh-9610 gh-9862
Closes gh-10018
2021-07-20 14:05:55 -05:00
dmitrilc
1cf377c250
Update oauth2-resourceserver.adoc
fix the name of the parameter, from failure to badCredentials

Replaces AuthenticationFailureEvent

Remove AuthenticationFailureEvent Reference

Closes gh-10062
2021-07-16 12:03:59 -06:00
Rob Winch
56b1dfe0cf Update to use s01.oss.sonatype.org
Closes gh-10015
2021-06-29 16:51:00 -05:00
Rob Winch
99f72a0299 Remove -PdeployDocsHost=docs-ip.spring.io
Closes gh-10021
2021-06-29 16:51:00 -05:00
Rob Winch
8ea65ac68f Update to spring-build-conventions:0.0.38
Closes gh-10020
2021-06-29 16:50:43 -05:00
/usr/local/ΕΨΗΕΛΩΝ
5b1221a846 Improve AuthenticationManagerBeanDefinitionParser XML parsing
Closes gh-7282
2021-06-28 13:21:35 +02:00
Marcus Da Coregio
cee42ec0bf Next development version 2021-06-22 10:20:51 -03:00
Marcus Da Coregio
b0d22d1a03 Revert "Lock Dependencies"
This reverts commit eb300c78bdbbce27f21bdf8d67913670edf043e7.
2021-06-22 10:20:07 -03:00
Marcus Da Coregio
01c1c192d1 Release 5.3.10.RELEASE 5.3.10.RELEASE 2021-06-22 09:38:32 -03:00
Marcus Da Coregio
eb300c78bd Lock Dependencies 2021-06-21 09:23:19 -03:00
Eleftheria Stein
442c9cbf38 Disable default logout page when logout disabled
Closes gh-9475
2021-06-18 10:31:50 +02:00
Christian Frommeyer
7cf538cba6
Replace StringUtils from oauth2-oidc-sdk
SecurityMockServerConfigurers.java previously used the StringUtils from
the optional oauth2-oidc-sdk dependency. Replacing this with the
StringUtils from the spring framework this should not force adding the
dependency in cases where it is not actually used.

Closes gh-9923
2021-06-16 14:15:14 -06:00
Steve Riesenberg
b6ae11295f Commit missing compile fix from cherry-pick conflict 2021-06-15 12:10:06 -05:00
Steve Riesenberg
ee9c8e2fd0 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository
Related to gh-9649
Closes gh-9857
2021-06-15 12:06:22 -05:00
Marcus Hert da Coregio
e16b88c9d5 Fix Adding Filter Relative to Custom Filter
Closes gh-9787
2021-06-14 16:56:33 -03:00
Josh Cummings
0ad2d90a72
Anonymous Authentication Argument Resolution Docs
Closes gh-3338
2021-06-08 16:23:50 -06:00
Josh Cummings
ba9b4d8cc6
Fix Getting Started Link
Closes gh-6502
2021-06-08 13:51:35 -06:00
Josh Cummings
b189e0370a
PayloadInterceptorRSocket retains all payloads
Flux#skip discards its corresponding elements, meaning that they
aren't intended for reuse. When using RSocket's ByteBufPayloads,
this means that the bytes are releaseed back into RSocket's pool.

Since the downstream request may still need the skipped payload,
we should construct the publisher in a different way so as to
avoid the preemptive release.

Deferring Spring JavaFormat to clarify what changed.

Closes gh-9345
2021-06-04 13:45:30 -06:00
Steve Riesenberg
6cafa48369 URL encode client credentials
Closes gh-9610
2021-06-03 09:39:00 -05:00
Eleftheria Stein
5b802a45f5 Fix Resource Server clock skew default value in docs
Closes gh-6611
2021-06-02 12:56:37 +03:00
Josh Cummings
6d816fbf85
Polish postLogoutRedirectUri encoding
Issue gh-9511
2021-05-26 14:38:20 -06:00
Hans Hosea Schaefer
e52b104636
Encode postLogoutRedirectUri query params
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
2021-05-26 14:36:05 -06:00
Marcus Hert da Coregio
02285708eb Adjust createNewSessionIfAllowed to prevent NPE
Ensure that isTransientAuthentication reuses the same authentication object from saveContext

Closes gh-8947
2021-05-26 15:13:55 -03:00
Steve Riesenberg
4f31e42fbc Handle encoded spaces in the root dn
Fixes an issue where provider URLs passed to the constructor of the
DefaultSpringSecurityContextSource can be URL encoded, resulting in
an invalid base dn. Additionally adds support for list constructor
to support spaces in base dn.

Closes gh-9742

# Conflicts:
#	ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
#	ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
2021-05-26 12:53:16 -05:00
Steve Riesenberg
22272321f2 Handle custom status codes in error handler
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
2021-05-25 15:37:37 -05:00
Rob Winch
a4216d0ea5 Additional HttpSessionOAuth2AuthorizationRequestRepository tests
Issue gh-5145
2021-05-13 19:52:00 -04:00
Craig Andrews
b8eee2002f HttpSessionOAuth2AuthorizationRequestRepository: store one request by default
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
2021-05-13 19:50:47 -04:00