Eleftheria Stein
6f5947cab7
Fix test warnings
2020-05-27 17:00:48 -04:00
Eleftheria Stein
fa11ae3c33
Remove unused import
2020-05-27 14:27:29 -04:00
Markus Engelbrecht
7463583c1b
Fix typos in BCryptPasswordEncoder documentation
...
Resolves gh-8585
2020-05-27 10:35:49 -05:00
Spencer Gilson
551f9114a9
Fixing typo in README
...
@pivotal-issuemaster This is an Obvious Fix
2020-05-27 07:50:33 -05:00
Eleftheria Stein
67d2efde1c
Resolve package tangles with security marker annotation
2020-05-27 07:33:24 -05:00
Eleftheria Stein
bc272ddf73
Resolve package tangles in Kotlin server package
2020-05-27 07:33:24 -05:00
Eleftheria Stein
0a42aa26c8
Mock request with non-standard HTTP method in test
...
Fixes gh-8594
2020-05-26 10:16:56 -04:00
Craig Andrews
f1db7167cb
Polish
...
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.
This change does not alter behavior.
2020-05-22 20:33:32 -05:00
Craig Andrews
dbdeec4216
Check for an existing SessionRegistry bean
...
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
2020-05-22 20:33:32 -05:00
Evgeniy Cheban
0fa339f75b
Allow port=0 for ApacheDSContainer
...
Fixes gh-8144
2020-05-21 16:14:01 -05:00
justmehyp
06254a4fd4
Remove unused field 'digester' in Md4PasswordEncoder
...
`private Digester digester;` defined in Md4PasswordEncoder is never used. So remove it.
2020-05-21 11:19:03 -05:00
Mazharul Islam
bf9e8295d6
mentioning the default strength of BCryptPasswordEncoder
2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft
014df98ebb
Polish
...
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
2020-05-21 11:09:31 -05:00
Maksim Vinogradov
4f58576952
Prevent StackOverflowError for AccessControlEntryImpl.hashCode
...
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl
Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode
fixes gh-5401
2020-05-21 09:53:35 -05:00
Astushi Yoshikawa
f08ca4e688
Throw exception if URL does not include context path when context relative
...
Issue: gh-8399
2020-05-20 14:02:17 -04:00
Rob Winch
dc514b369e
FilterInvocation Support Default Methods on HttpServletRequest
...
Closes gh-8566
2020-05-20 10:13:59 -05:00
Andreas Volkmann
16b0a268d9
Update index.adoc
2020-05-20 08:01:56 -05:00
Josh Cummings
9a72654b8d
Update to jQuery 3.5.1
...
Fixes gh-8557
2020-05-19 13:02:04 -06:00
Josh Cummings
c519d726ed
Polish hellojs Sample
...
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password
Fixes gh-8555
Fixes gh-8556
2020-05-19 13:02:04 -06:00
Josh Cummings
b04b34ba85
Fix Logout in OpenID Sample
...
Fixes gh-8554
2020-05-19 13:02:04 -06:00
Dávid Kovács
4ab9da1c53
Object ID Identicy conversion to long fails on old schema
...
This change fixed a bug which tried to convert non-string object as string
Fixes gh-7621
2020-05-19 13:43:00 -05:00
Josh Cummings
51a0cffd36
Post-process AuthenticationRequestFilter
...
Fixes gh-8552
2020-05-18 21:08:23 -06:00
Josh Cummings
8e7c4c143c
Add TestSaml2AuthenticationRequestContexts
...
Issue gh-8552
2020-05-18 21:08:03 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations
...
Fixes gh-8551
2020-05-18 16:38:40 -06:00
Josh Cummings
7c7934c052
Remove Extra TestSaml2X509Credentials
...
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials
Issue gh-8404
2020-05-18 10:08:27 -06:00
cbornet
bfb401eeed
Create the CSRF token on the bounded elactic scheduler
...
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.
Fixes gh-8128
2020-05-18 11:04:54 -05:00
Parikshit Dutta
1e211b6558
Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter
...
Fixes gh-8120
2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134
Polish gh-8501
2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798
Add issuerUri to ClientRegistration.providerDetails
...
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.
Fixes gh-8326
2020-05-14 17:13:07 -04:00
Dávid Kovács
db4ca1f756
Document NoOpPasswordEncoder will not be removed
...
This commit adds extension to deprecation notice.
Fixes gh-8506
2020-05-13 12:54:13 -05:00
Rob Winch
bb05603b3c
AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic()
...
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs
Closes gh-7522
2020-05-12 13:07:24 -05:00
Rob Winch
e5d2aaf6fe
Deprecate OpenID 2.0 support
...
Deprecate OpenID 2.0 support
2020-05-12 09:37:56 -05:00
Mathieu Ouellet
cd08102b93
Add debug logging
...
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow
Fixes gh-5758
2020-05-12 09:03:24 -05:00
Rob Winch
8d447633f4
Fix non-standard HTTP method for CsrfWebFilter
...
Closes gh-8452
2020-05-11 17:20:27 -05:00
Rob Winch
4473dca022
Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed
...
Issue gh-8149
2020-05-11 17:20:16 -05:00
Parikshit Dutta
0f92415395
Fix non-standard HTTP method for CsrfWebFilter
...
Closes gh-8149
2020-05-11 17:19:57 -05:00
Artyom Tarynin
6db514a4e2
Update AntPathRequestMatcher.java
...
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
2020-05-11 17:11:22 -04:00
Eleftheria Stein
1aadbb2f4d
Remove "/path/**/other" patterns in tests
...
Fixes gh-8513
2020-05-11 17:00:25 -04:00
Jean-Pierre Bergamin
fbd3cfa40e
Fix code snippets to configure timeouts
...
Issue: gh-8487
2020-05-11 15:59:11 -04:00
Dávid Kovács
f2a2b469c4
Deprecate openID 2.0 support
...
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.
Fixes gh-7153
2020-05-09 12:04:13 +02:00
Rob Winch
d91b153cad
Explicitly set useSuffixPatternMatch for Tests
...
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.
This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.
Closes gh-8493
2020-05-08 16:43:56 -05:00
Jean-Pierre Bergamin
6d5d883518
Use Opaquetoken properties to configure timeouts
...
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
2020-05-07 15:20:50 -04:00
Rob Winch
e1fd0b3859
Update to spring-build-conventions:0.0.32.RELEASE
...
Closes gh-8499
2020-05-06 17:39:22 -05:00
Pei-Tang Huang
9dcdae3269
Update Traditional Chinese translation.
...
Align with commit f7b33da577
.
2020-05-06 17:07:57 -05:00
Joe Grandja
f92ab34ca0
Next development version
2020-05-06 17:37:30 -04:00
Joe Grandja
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
.
2020-05-06 17:27:35 -04:00
Joe Grandja
c506ee6b69
Release 5.4.0-M1
2020-05-06 17:19:22 -04:00
Joe Grandja
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
Eleftheria Stein
07f8154a06
Temporarily build against Framework 5.2.x snapshot
...
Issue: gh-8489
2020-05-06 12:55:50 -04:00
Eleftheria Stein
545286188d
Update SAML2 errors in integration tests
2020-05-06 11:46:54 -04:00