Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 23:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,222 Commits 33 Branches 337 Tags
Commit Graph

812 Commits

Author SHA1 Message Date
Rob Winch
370fc48afe Polish LogoutBuilder 
Issue gh-4603
 2017-10-06 16:37:11 -05:00
shazin.sadakath@gmail.com
79e749790f Add Reactive LogoutBuilder 
Fixes gh-4541
 2017-10-06 16:36:19 -05:00
Rob Winch
c77cc72cd3 Fix EnableWebFluxSecurityTests 
Fixes gh-4604
 2017-10-06 16:28:57 -05:00
Joe Grandja
926ad45f21 Add default config for common OAuth2 Providers 
Fixes gh-4597
 2017-10-06 10:17:32 -04:00
Joe Grandja
29d36e4d16 Remove OAuth2ClientTemplatePropertiesLoader 
Fixes gh-4598
 2017-10-05 20:15:28 -04:00
Joe Grandja
1b7e761be4 Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor 
Fixes gh-4591
 2017-10-05 17:05:56 -04:00
Joe Grandja
eb320bfed4 AuthorizationCodeAuthenticationProcessingFilter -> AuthorizationCodeAuthenticationFilter 2017-10-05 16:40:12 -04:00
Joe Grandja
5c14e48b18 Add OAuth2UserAuthenticationProvider 
Moved logic from AuthorizationCodeAuthenticationProvider
to OAuth2UserAuthenticationProvider (new) related to
loading user attributes via OAuth2UserService.

This re-factor is part of the work required for Issue gh-4513
 2017-10-05 15:15:35 -04:00
Joe Grandja
f8a9077d5a Generalize AuthorizationCodeAuthenticationProvider 
The AuthorizationCodeAuthenticationProvider implements part of the
Authorization Code Grant flow as defined in
OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0.
The implementation needs to be de-coupled to allow for better re-use and readability.
This commit introduces the AuthorizationGrantAuthenticator and extracts logic from
AuthorizationCodeAuthenticationProvider and provides different implementations
for OAuth 2.0 and OpenID Connect 1.0.

This re-factor is part of the work required for Issue gh-4513
 2017-10-05 05:02:22 -04:00
Joe Grandja
fb57111ecd redirect-uri property supports 'baseRedirectUrl' uri variable 
Fixes gh-4589
 2017-10-02 15:29:03 -04:00
Joe Grandja
66647070ab Default login page supports Iterable<ClientRegistration> 
Fixes gh-4596
 2017-09-29 19:54:17 -04:00
Rob Winch
99f06ca58c HttpSecurity invokes configure(this) 
Issue gh-4542
 2017-09-29 16:04:47 -05:00
Rob Winch
b3bd5ba946 Add Reactive HttpSecurity.addWebFilterAt 
Fixes gh-4542
 2017-09-29 16:04:35 -05:00
Rob Winch
737c48de06 Polish 2017-09-29 14:13:02 -05:00
Joe Grandja
b9258aa6ee Make AuthorizationRequestUriBuilder optional 
Fixes gh-4577
 2017-09-28 16:43:11 -04:00
Joe Grandja
9a8ddebc94 Use param matching for Authorization Response 
Fixes gh-4576
 2017-09-28 10:21:01 -04:00
Joe Grandja
8448a54678 Remove ClientRegistrationRepository.getRegistrations() 
Fixes gh-4582
 2017-09-28 07:02:59 -04:00
Joe Grandja
b463f8e6b5 Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName() 
Related gh-4580
 2017-09-27 15:39:39 -04:00
Joe Grandja
814742fef6 Rename ClientRegistration.clientAlias -> registrationId 
Fixes gh-4575
 2017-09-27 09:14:55 -04:00
Joe Grandja
38be35677d Add userNameAttributeName to ClientRegistration 
Fixes gh-4580
 2017-09-26 21:55:19 -04:00
Joe Grandja
0e9b2807bf Split up NimbusOAuth2UserService 
Fixes gh-4447
 2017-09-26 11:32:49 -04:00
Rob Winch
6d26b86792 Add UserDetailsRepositoryResourceFactoryBean.fromString 
Fixes gh-4566
 2017-09-22 20:18:59 -05:00
Rob Winch
a4c2073bcd Add UserDetailsManagerResourceFactoryBean.fromString 
Fixes gh-4567
 2017-09-22 20:18:59 -05:00
Rob Winch
bc99f8aff3 Add UserDetailsResourceFactoryBean.fromString 
Fixes gh-4568
 2017-09-22 20:18:59 -05:00
Stephan Schroevers
9e719bc313 Drop the aopalliance:aopalliance dependency 
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
 2017-09-22 11:11:04 -05:00
Joe Grandja
8521ca8f94 Polish gh-4560 2017-09-21 17:21:41 -04:00
Joe Grandja
baa3b6f258 Add utility for loading properties of client types 
Fixes gh-4560
 2017-09-20 22:50:19 -04:00
Rob Winch
8a66d0c78d Polish PermissionEvaluator Autowired into Web Security 
Issue gh-4077
 2017-09-18 16:53:19 -05:00
Craig Andrews
3bf6bf10de Configure permissionEvaluator and roleHierarchy by default 
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue gh-4077
 2017-09-18 16:35:16 -05:00
Rob Winch
f8ee9944ff Copyright date range 2017-09-18 11:18:46 -05:00
Rob Winch
1f4082e754 Fix copyright lines 2017-09-18 11:11:25 -05:00
Rob Winch
01d4387f56 Fix empty lines in copyright 2017-09-18 10:53:04 -05:00
Rob Winch
3ecf3ea034 Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00
Rob Winch
e14af37775 Add LogoutWebFilter 
Fixes gh-4539
 2017-09-13 16:43:04 -05:00
Rob Winch
426e24c18e Polish 
Formatting changes
 2017-09-13 15:31:32 -05:00
Joe Grandja
65b968f04a Move servlet-specific classes to 'web' package 
Fixes gh-4366
 2017-09-13 16:13:32 -04:00
Rob Winch
0a36359f11 WebFlux HTTP Basic & Form Login Sessions 
By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
 2017-09-13 14:47:44 -05:00
Rob Winch
3d745e63f6 HttpSecurityConfiguration applies all defaults 
HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
 2017-09-12 22:07:12 -05:00
Rob Winch
b5edb58050 Polish reactive config 
Code Checkstyle fixes
 2017-09-12 21:56:09 -05:00
Rob Winch
8b32b8db74 Polish 
HeadersBuilder build is protected
 2017-09-12 21:51:26 -05:00
Rob Winch
d93c774691 Add FormLogin Configuration 
Fixes gh-4537
 2017-09-12 20:40:56 -05:00
Rob Winch
a0a0a32bda Add WebTestClient HtmlUnit Support 
Fixes gh-4534
 2017-09-12 20:40:56 -05:00
Rob Winch
8d997fd079 Remove DefaultAuthenticationSuccessHandler 
We always need to save the user after authentication, so it should be
part of AuthenticationWebFilter

Fixes gh-4524
 2017-09-12 20:40:56 -05:00
Joe Grandja
4ff0b52f74 Remove HttpClientConfig 
Issue gh-4478
 2017-09-12 21:03:40 -04:00
Rob Winch
d9bad2bc9d Mono.currentContext()->subscriberContext() 
Fixing refactoring by Reactor
 2017-09-01 17:20:47 -05:00
Rob Winch
be0081290b EnableWebFluxSecurity uses PasswordEncoder Bean 2017-08-30 10:02:00 -05:00
Rob Winch
9f2ea90f0d Polish HttpSecurity 
Code Style fixes
 2017-08-29 20:34:20 -05:00
Rob Winch
51ad53f76a Remove Optional from Reactive HttpSecurity 2017-08-29 20:30:04 -05:00
Rob Winch
20befc3702 Support .and() in Reactive HttpBasic & HeaderBuilder 2017-08-29 20:17:56 -05:00
Rob Winch
c4917f359a Fix for Reactor Refactor 
- contextStart -> subscriberContext
 2017-08-29 08:24:55 -05:00