Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 06:50:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,899 Commits 49 Branches 376 Tags
Commit Graph

737 Commits

Author SHA1 Message Date
Phillip Webb
6894ff5d12 Make classes final where possible 
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb
b5d499e2eb Remove empty block 
Refactor a few classes so that empty blocks are not longer used. For
example, rather than:

	if(x) {
	} else {
		i++;
	}

use:

	if(!x) {
		i++;
	}

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb
37fa94fafc Organize imports 
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb
5f64f53c3f Use consistent "@" tag order in Javadoc 
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb
71bc145ae4 Remove superfluous comments 
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.

Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb
b7fc18262d Reformat code using spring-javaformat 
Run `./gradlew format` to reformat all java files.

Issue gh-8945
 2020-08-24 17:32:56 -05:00
Phillip Webb
8e092f8d2c Add noformat blocks around withDefaultPasswordEncoder 
Find `withDefaultPasswordEncoder` calls and protect them against
formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb
6979125ccf Add noformat blocks around User.withUsername 
Find `User.withUsername` calls and protect them against formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb
63b5998fad Add noformat blocks around auth config 
Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb
103d822e46 Add noformat blocks around http config 
Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb
27ac046d8a Rename *Test.java -> *Tests.java 
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Rob Winch
74b42ba956 Move RSocket integration tests to integration tests 
Closes gh-8944
 2020-08-05 13:23:20 -05:00
Eleftheria Stein
aeafe04260 Remove need for WebSecurityConfigurerAdapter 
Closes gh-8804
 2020-08-05 10:10:12 -04:00
Josh Cummings
5061ae9e79
Add Saml2AuthenticationTokenConverter 
Closes gh-8768
 2020-08-04 18:41:43 -06:00
Josh Cummings
a10c2c6cf8
Polish DefaultSaml2AuthenticationRequestContextResolver 
Issue gh-8360
Issue gh-8887
 2020-08-04 17:29:13 -06:00
Joe Grandja
0ed919f072 Deprecate ClientRegistration.redirectUriTemplate 
Closes gh-8906
 2020-08-04 11:03:29 -04:00
Josh Cummings
2c960d2ad1
Add AuthnRequestConsumerResolver 
Closes gh-8141
 2020-07-16 14:53:22 -06:00
Joe Grandja
0b5a14a900 Register OAuth2AuthorizedClientArgumentResolver as custom resolver for XML config 
Issue gh-8669
 2020-07-01 11:07:33 -04:00
Joe Grandja
edf06a3461 OAuth2AuthorizedClientArgumentResolver uses OAuth2AuthorizedClientManager @Bean 
Closes gh-8700
 2020-06-30 11:25:39 -04:00
Joe Grandja
951e64185b Register OAuth2AuthorizedClientArgumentResolver for XML Config 
Closes gh-8669
 2020-06-25 16:10:29 -04:00
Evgeniy Cheban
4e7be2078f DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:43:01 -04:00
Rob Winch
a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Parikshit Dutta
28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Rob Winch
748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Craig Andrews
dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Josh Cummings
51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Rob Winch
d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Rob Winch
4a9fa0337a Allow Configure RequestRjectedHandler in XML 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Evgeniy Cheban
a70d55552b
Resource Server Finds JwtAuthenticationConverter Beans 
Fixes gh-8185
 2020-04-13 22:47:20 -06:00
Rob Winch
9a42a028e7 Logout defaults to use Global SecurityContextServerLogoutHandler 
Closes gh-8375
 2020-04-13 16:36:12 -05:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Rob Winch
b055f8bb25 SpringTestContext returns ConfigurableWebApplicationContext 
Closes gh-8233
 2020-03-30 17:46:25 -05:00
Joe Grandja
e27e548215 oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 04:36:23 -04:00
Eleftheria Stein
97085ef310 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:27:14 -04:00
Josh Cummings
f438bdfbcf
Add spring-security-5.4.xsd 
Issue gh-8138
 2020-03-18 09:45:10 -06:00
Josh Cummings
c729fee7bc
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-03 15:42:02 -07:00
Josh Cummings
e97396b9c7 Add Resource Server XML Support 
Fixes gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
19584884b3
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 15:32:27 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Ankur Pathak
480c5bc87e Custom ServerHttpHeadersWriter to HeaderSpec 
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
 2020-02-27 07:55:30 -06:00
Joe Grandja
8a4ff4452b Add XML namespace support for oauth2-client 
Fixes gh-5184
 2020-02-20 20:05:48 -05:00
Joe Grandja
ff8002eb2e Polish gh-4557 2020-02-12 15:47:57 -05:00
Ruby Hartono
71a5c9521c Add XML namespace support for oauth2-login 
Fixes gh-4557
 2020-02-12 15:26:17 -05:00
Joe Grandja
40c0a452d7 Define oauth2-login xsd elements 
Issue gh-4557
 2020-02-12 15:26:17 -05:00