Commit Graph

10077 Commits

Author SHA1 Message Date
Marcus Da Coregio 661848ef7e Update jackson-bom to 2.13.2
Closes gh-11000
2022-03-21 10:09:46 -03:00
Marcus Da Coregio 84717e0546 Update logback-classic to 1.2.11
Closes gh-10999
2022-03-21 10:09:43 -03:00
Steve Riesenberg 28dd7dabfb
Update What's New for 5.7 2022-03-17 12:56:17 -05:00
Steve Riesenberg 987ee2e67a
Polish gh-10911 2022-03-17 12:53:56 -05:00
David Kirstein 1b29c43a11
Use configurable charset in ServerHttpBasicAuthenticationConverter
Closes gh-10903
2022-03-17 12:53:55 -05:00
Steve Riesenberg c38c722473
Update What's New for 5.7 2022-03-17 09:56:45 -05:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion
Closes gh-9855
2022-03-17 09:53:16 -05:00
Joe Grandja 4a8219d16c Update whats-new.adoc with gh-9812 2022-03-17 04:41:33 -04:00
Joe Grandja 50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients
Closes gh-6548
2022-03-16 13:33:12 -04:00
ShinDongHun1 7955e5ac52 Polish UsernamePasswordAuthenticationFilter method
Closes gh-10970
2022-03-16 16:29:40 +01:00
Josh Cummings cf29bf996c
Polish InResponseTo support
- Moved methods so methods are listed before the methods they call
- Adjusted exception handling so no exceptions are eaten
- Adjusted so that malformed_request_data is returned with request data is malformed
- Refactored methods to have only immutable method parameters
- Removed usage of Stream API
- Moved AuthnRequestUnmarshaller into static block so that only looked
up once

Issue gh-9174
2022-03-15 14:06:58 -06:00
Elias Lousseief 3c878549b5
Add support for validation of InResponseTo
Whenever an InResponseTo is present in the SAML2 response and / or any of its assertions, it will be validated against the stored SAML2 request. If the request is missing or the ID of the request does not match the InResponseTo, validation fails. If there is no InResponseTo, no validation of it is done (as opposed to checking whether there is a saved request or not and then failing based on that).

Closes gh-9174
2022-03-15 14:06:57 -06:00
Elias Lousseief 836f203d44
Refactored OpenSaml4AuthenticationProviderTests
Factored out repeatedly used code for signing a request.
2022-03-15 14:06:57 -06:00
Simone Giannino 73003d59d6 OAuth 2.0 logout handler resolves uri placeholders
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
2022-03-15 12:54:39 -06:00
Rob Winch fabeabd2db Fix docs SecurityContextHolder Diagram
Issue gh-9635
2022-03-12 13:44:45 -06:00
Rob Winch 87ed31a99c Add SecurityContextHolderFilter
Closes gh-9635
2022-03-11 17:22:23 -06:00
Rob Winch dbcb5004b4 Extract createSecurityContextRepository()
Extract out method in preparation for adding SecurityContextHolderFilter
configuration.

Issue gh-9635
2022-03-11 17:21:49 -06:00
Rob Winch e4f1826622 Remove "Hi ... there" From Docs
Close gh-10963
2022-03-11 13:41:19 -06:00
Rob Winch b71b2f81e1 Add Persistence to documentation
Closes gh-10962
2022-03-11 13:41:19 -06:00
Rob Winch 9967078059 Antora 3.0.0
Issue gh-10962
2022-03-11 13:41:19 -06:00
Norbert Nowak ac9c29b2a0 Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method
 - authenticated factory method
 - test for unauthenticated factory method
 - test for authenticated factory method
 - make existing constructor protected
 - use newly factory methods in rest of the project
 - update copyright dates

Closes gh-10790
2022-03-09 15:23:35 -07:00
Rob Winch d2f24ae5f5 Add SecurityContextRepository to all Authentication Filters
Closes gh-10949
2022-03-09 15:40:17 -06:00
Rob Winch 9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch 2e9b04ed48 CasAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch 636f3e1d5d AbstractPreAuthenticatedProcessingFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch e6b6104b52 DigestAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch 9b0cd5a0a8 BasicAuthenticationFilter.setSecurityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch 120f2a356f RememberMeAuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch 014c471ff1 AuthenticationFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Rob Winch f11cb988a9 AbstractAuthenticationProcessingFilter.securityContextRepository
Issue gh-10953
2022-03-09 15:33:42 -06:00
Marcus Da Coregio 980e0466a7 AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains
Closes gh-10950
2022-03-09 15:21:37 -03:00
Rob Winch 65ec2659c4 HttpSessionSecurityContextRepository saves with original response
Previously, the HttpSessionSecurityContextRepository unnecessarily required
the HttpServletResponse from the HttpReqeustResponseHolder passed into
loadContext. This meant code that wanted to save a SecurityContext had to
have a reference to the original HttpRequestResponseHolder. Often that
implied that the code that saves the SecurityContext must also load the
SecurityContext.

This change allows any request / response to be used to save the
SecurityContext which means any code can save the SecurityContext not just
the code that loaded it. This sets up the code to be permit requiring
explicit saves. Using the request/response from the
HttpRequestResponseHolder is only necessary for implicit saves.

Closes gh-10947
2022-03-09 10:17:15 -06:00
Lijamaija bc2bb8cb96 Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket
Closes gh-10932
2022-03-09 16:18:09 +01:00
Marcus Da Coregio 93d4fd3559 Add SAML 2.0 Single Logout XML Support
Closes gh-10842
2022-03-09 09:18:01 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support
Closes gh-9012
2022-03-09 09:18:01 -03:00
Rob Winch b9f79543c5 Add RequestAttributeSecurityContextRepository
Closes gh-10918
2022-03-07 14:52:24 -06:00
Josh Cummings ff87cfce3a Polish EntityDescriptor Customizer
Issue gh-10839
2022-03-04 10:42:04 -07:00
Ulrich Grave d225205bf2 Add method to customize EntityDescriptor
Closes gh-10839
2022-03-04 10:42:04 -07:00
Josh Cummings 923c61e9d2 Polish Formatting
Issue gh-10799
2022-03-02 16:37:58 -07:00
Sander van Schouwenburg 14d0663ae2 Preserve order of RelyingPartRegistration credentials
Issue gh-10799
2022-03-02 16:37:58 -07:00
Josh Cummings 7a02bd14c1 Replace Apache Commons Base64 Decoding
Issue gh-10923
2022-03-02 16:19:03 -07:00
Josh Cummings 238616da80 Use RFC2045 Encoding for SAML 2.0 Logout
Closes gh-10923
2022-03-02 16:18:34 -07:00
Josh Cummings 931fb6a328 Move UnmodifiableMapDeserializer
Issue gh-10905
2022-03-01 14:03:41 -07:00
Josh Cummings 6c3d183a94 Polish Saml2 Jackson Support
Issue gh-10905
2022-03-01 13:56:02 -07:00
Ulrich Grave df84826c95 Add Jackson Support for Saml2 Module
Closes gh-10905
2022-03-01 12:07:55 -07:00
Talerngpong Virojwutikul ff15bec02d update PasswordEncoder declaration 2022-03-01 07:48:31 -07:00
m0k045e 3aa7a65cb4 OAuth2AuthorizedClientArgumentResolver resolves ReactiveOAuth2AuthorizedClientManager
Closes gh-10846
2022-02-28 15:30:19 -07:00
Filip Hanik 70b52a001b Change HashSet to LinkedHashSet
For various RelyingPartyRegistration.credentials to preserve order of insertion.

Issue gh-10799
2022-02-28 14:57:04 -07:00
Josh Cummings efd5fc745c Invert Log Messages
Closes gh-10909
2022-02-28 13:10:06 -07:00