Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,721 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

8721 Commits

Author SHA1 Message Date
Eleftheria Stein 6f5947cab7 Fix test warnings 2020-05-27 17:00:48 -04:00
Eleftheria Stein fa11ae3c33 Remove unused import 2020-05-27 14:27:29 -04:00
Markus Engelbrecht 7463583c1b Fix typos in BCryptPasswordEncoder documentation 
Resolves gh-8585
 2020-05-27 10:35:49 -05:00
Spencer Gilson 551f9114a9 Fixing typo in README 
@pivotal-issuemaster This is an Obvious Fix
 2020-05-27 07:50:33 -05:00
Eleftheria Stein 67d2efde1c Resolve package tangles with security marker annotation 2020-05-27 07:33:24 -05:00
Eleftheria Stein bc272ddf73 Resolve package tangles in Kotlin server package 2020-05-27 07:33:24 -05:00
Eleftheria Stein 0a42aa26c8 Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 10:16:56 -04:00
Craig Andrews f1db7167cb Polish 
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.

This change does not alter behavior.
 2020-05-22 20:33:32 -05:00
Craig Andrews dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Evgeniy Cheban 0fa339f75b Allow port=0 for ApacheDSContainer 
Fixes gh-8144
 2020-05-21 16:14:01 -05:00
justmehyp 06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
 2020-05-21 11:19:03 -05:00
Mazharul Islam bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft 014df98ebb Polish 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
 2020-05-21 11:09:31 -05:00
Maksim Vinogradov 4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 09:53:35 -05:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00
Andreas Volkmann 16b0a268d9 Update index.adoc 2020-05-20 08:01:56 -05:00
Josh Cummings 9a72654b8d
Update to jQuery 3.5.1 
Fixes gh-8557
 2020-05-19 13:02:04 -06:00
Josh Cummings c519d726ed
Polish hellojs Sample 
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password

Fixes gh-8555
Fixes gh-8556
 2020-05-19 13:02:04 -06:00
Josh Cummings b04b34ba85
Fix Logout in OpenID Sample 
Fixes gh-8554
 2020-05-19 13:02:04 -06:00
Dávid Kovács 4ab9da1c53 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:43:00 -05:00
Josh Cummings 51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts 
Issue gh-8552
 2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials 
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
 2020-05-18 10:08:27 -06:00
cbornet bfb401eeed Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:04:54 -05:00
Parikshit Dutta 1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale 78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Dávid Kovács db4ca1f756 Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:13 -05:00
Rob Winch bb05603b3c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:07:24 -05:00
Rob Winch e5d2aaf6fe
Deprecate OpenID 2.0 support 
Deprecate OpenID 2.0 support
 2020-05-12 09:37:56 -05:00
Mathieu Ouellet cd08102b93 Add debug logging 
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
 2020-05-12 09:03:24 -05:00
Rob Winch 8d447633f4 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:20:27 -05:00
Rob Winch 4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed 
Issue gh-8149
 2020-05-11 17:20:16 -05:00
Parikshit Dutta 0f92415395 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8149
 2020-05-11 17:19:57 -05:00
Artyom Tarynin 6db514a4e2 Update AntPathRequestMatcher.java 
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
 2020-05-11 17:11:22 -04:00
Eleftheria Stein 1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Jean-Pierre Bergamin fbd3cfa40e
Fix code snippets to configure timeouts 
Issue: gh-8487
 2020-05-11 15:59:11 -04:00
Dávid Kovács f2a2b469c4 Deprecate openID 2.0 support 
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.

Fixes gh-7153
 2020-05-09 12:04:13 +02:00
Rob Winch d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Jean-Pierre Bergamin 6d5d883518 Use Opaquetoken properties to configure timeouts 
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
 2020-05-07 15:20:50 -04:00
Rob Winch e1fd0b3859 Update to spring-build-conventions:0.0.32.RELEASE 
Closes gh-8499
 2020-05-06 17:39:22 -05:00
Pei-Tang Huang 9dcdae3269 Update Traditional Chinese translation. 
Align with commit f7b33da577.
 2020-05-06 17:07:57 -05:00
Joe Grandja f92ab34ca0 Next development version 2020-05-06 17:37:30 -04:00
Joe Grandja 86ca6b013c Unlock dependencies 
This reverts commit 206960cf44.
 2020-05-06 17:27:35 -04:00
Joe Grandja c506ee6b69 Release 5.4.0-M1 2020-05-06 17:19:22 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Eleftheria Stein 07f8154a06 Temporarily build against Framework 5.2.x snapshot 
Issue: gh-8489
 2020-05-06 12:55:50 -04:00
Eleftheria Stein 545286188d Update SAML2 errors in integration tests 2020-05-06 11:46:54 -04:00