Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,936 Commits 33 Branches 337 Tags
Commit Graph

1096 Commits

Author SHA1 Message Date
Rob Winch
73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Kazuki Shimizu
2c92496911 Polishing the OidcConfigurationProvider 
See gh-5355
 2018-05-21 12:20:58 -05:00
Rob Winch
9d55a64465 OidcConfigurationProvider validate returned issuer 
Validate the issuer that was returned matches the issuer that was
was requested.

Issue: gh-5355
 2018-05-18 13:15:27 -05:00
Rob Winch
db889973a8 OidcConfigurationProvider improve invalid issuer error 
Issue: gh-5355
 2018-05-18 11:21:45 -05:00
Rob Winch
18c8af8f0d Add OidcConfigurationProvider ClientAuthenticationMethod.POST support 
Issue: gh-5355
 2018-05-18 10:35:53 -05:00
Rob Winch
7853c759d9 OidcConfigurationProvider uses OidcScopes.OPENID 
Issue: gh-5355
 2018-05-18 10:03:36 -05:00
Rob Winch
cbf9a7b7a2 Polish OidcConfigurationProvider Javadoc 
Issue: gh-5355
 2018-05-18 10:02:07 -05:00
Rob Winch
9862c7bbef Move OidcConfigurationProvider to .oidc package 
Issue: gh-5355
 2018-05-18 09:57:12 -05:00
Rob Winch
0eedfc717a Revert "Revert "Add ClientRegistration from OpenID Connect Discovery"" 
This reverts commit 9fe0f50e3ced98357bfaceee88c4539f03d11e45.

The original commit was accidentally pushed prior to PR. We attempted
to revert the commit hoping the PR would open again. This did not work.
We are going to do a Polish commit instead.

Issue: gh-5355
 2018-05-18 09:40:43 -05:00
Rob Winch
9fe0f50e3c Revert "Add ClientRegistration from OpenID Connect Discovery" 
This reverts commit 0598d4773257d96ed323f98cbc7e78b55dfd516c.
 2018-05-18 09:20:51 -05:00
Rob Winch
0598d47732 Add ClientRegistration from OpenID Connect Discovery 
Fixes: gh-4413
 2018-05-16 12:30:04 -05:00
Josh Cummings
658acf0332
PlaceHolderAndELConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings
428b0e45aa
HttpCorsConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings
306e9ed91c
HttpConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Rob Winch
32e368d9b7 Single ClientRegistration redirects by default 
Fixes: gh-5339
 2018-05-14 16:38:13 -05:00
Rob Winch
f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch
7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Johnny Lim
b91ebf7090 Fix @since for MockEventListener 2018-05-07 16:53:26 -05:00
Denys Ivano
fed15f2b01 Add accessDeniedHandler method to ExceptionHandlingSpec 
This allows to configure accessDeniedHandler in ExceptionTranslationWebFilter through ServerHttpSecurity.

Issue: gh-5257
 2018-05-07 16:22:29 -05:00
Johnny Lim
2a0f529ee4 Use spring-projects for organization in GitHub URLs 2018-05-04 21:01:39 -05:00
Josh Cummings
2273839aad
FormLoginConfigTests groovy->java 
Issue: gh-4939
 2018-05-01 08:11:04 -06:00
Rob Winch
9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch
eb067bc3a1 DefaultWebSecurityExpressionHandler uses PermissionEvaluator Bean 
The default instance of DefaultWebSecurityExpressionHandler uses the
PermissionEvaluator Bean by default.

Fixes: gh-5272
 2018-04-30 12:15:50 -05:00
Josh Cummings
359a73eff2
Merge pull request #5260 from jzheaux/gh-4939-FormLoginBeanDefinitionParserTests 
FormLoginBeanDefinitionParserTests groovy->java
 2018-04-27 12:03:55 -06:00
Josh Cummings
3c1231efd3
CsrfConfigTests groovy->java 
Issue: gh-4939
 2018-04-25 11:41:32 -06:00
Josh Cummings
65326b1178
FormLoginBeanDefinitionParserTests groovy->java 
Issue: gh-4939
 2018-04-25 11:12:07 -06:00
Josh Cummings
9c0f2cc281
AccessDeniedConfigTests groovy->java 
Issue: gh-4939
 2018-04-24 08:11:47 -06:00
Joe Grandja
526e0fdd4f Add OAuth2 Client HandlerMethodArgumentResolver 
Fixes gh-4651
 2018-04-02 12:13:52 -04:00
Joe Grandja
982fc360b2 Add support for authorization_code grant 
Fixes gh-4928
 2018-04-02 12:13:06 -04:00
Rob Winch
234c20eb30 Polish XsdDocumentedTests 
- NicerNoce->XmlNode
- NicerXmlSupport->XmlSupport
- NicerXmlParser->XmlParser

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Josh Cummings
0c0abea3ad XsdDocumentedTests groovy->java 
Groovy has more extensive support for Xml parsing via XmlSlurper.
To replace it, this conversion also introduces a SAX wrapper,
NicerXmlParser, and a companion Node wrapper, NicerNode, that
allowed for less modification of the converted tests.

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Rob Winch
fb7394c1de Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:57 -05:00
Rob Winch
6e1e977778 Polish HeadersSpec 
Fixes: gh-5187
 2018-03-29 15:33:57 -05:00
Rob Winch
7a204a5f58 Fixes for SPR-16624 
Fixes: gh-5164
 2018-03-27 22:35:08 -05:00
Josh Cummings
ec46b7dbe1 WebSocketMessageBrokerConfigTests groovy->java 
Of note is that this commit unrolls three Spock @Unroll-parameterized
tests into a separate test for each parameter.

Issue: gh-4939
 2018-03-27 12:38:06 -05:00
Christoph Dreis
d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch
b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch
018ab7d92c Fix Javadoc Typo uses->use 
Issue: gh-5113
 2018-03-19 15:36:31 -05:00
Rob Winch
01152ede41 Clarify HttpSecurity.registerFilterAt 
Fixes: gh-5113
 2018-03-19 14:41:03 -05:00
Rob Winch
e86becc151 Relax assertions in HeaderSpecTests 
Fixes: gh-5116
 2018-03-15 08:30:37 -05:00
Rob Winch
4f709d47b9 Fix @since on GlobalAuthenticationConfigurerAdapter 
Fixes: gh-5106
 2018-03-13 14:23:36 -05:00
Rob Winch
452d855396 Fix appendix tests 2018-03-09 16:34:49 -06:00
Rob Winch
a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Josh Cummings
3121f9c000 NamespaceGlobalMethodSecurity groovy->java 
Note that the `WhenUsingAspectJ` tests are still simply verifying structure instead of behavior. This is because the project appearsto be misconfigured in some way such that AspectJ advice isn't getting woven in at runtime. The original Groovy tests also only verified structure and they may be that way for a similar reason.

Either way, I will open up a ticket so we can review why that is the case and if there is a good fix.

Issue: gh-4939
 2018-03-08 16:53:54 -06:00
Josh Cummings
c91ca0584c Sec2758Tests groovy->java 
Note that the old groovy test used a configuration of

```
http
    .authorizeRequests()
        .anyRequest().hasAnyAuthority("USER")
```

However, as I read the issue, gh-2984, the problem this issue
identifies is the non-passive change of defaulting to prefix
ROLE_ with all role-based configuration methods. So, the test now
does the following:

```
http
    .authorizeRequests()
        .anyRequest().access("hasAnyRole('USER')")
```

which demonstrates, given the configuration in this test, that
ROLE_ is correctly not prefixed in this expression, even though
it is a role-based configuration.

Issue: gh-4939
 2018-03-08 16:52:20 -06:00
Joe Grandja
a5bd76b6ed Revert authorization_code grant support 
This reverts commit eae7afd9aa963581ea638a4385d49b6571fc5e74.
 2018-03-06 16:16:45 -05:00
Joe Grandja
c922fe3be1 WebSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-03-06 09:24:52 -05:00
Joe Grandja
b1f3d495d9 Sec2515Tests groovy->java 
Issue: gh-4939
 2018-03-05 15:16:52 -05:00
Joe Grandja
0aa87e8501 EnableWebSecurityTests groovy->java 
Issue: gh-4939
 2018-03-05 10:23:48 -05:00
Joe Grandja
5af1d1d936 Polish HttpConfigurationTests 2018-03-05 08:36:15 -05:00