Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 06:50:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,877 Commits 49 Branches 376 Tags
Commit Graph

726 Commits

Author SHA1 Message Date
Rob Winch
74b42ba956 Move RSocket integration tests to integration tests 
Closes gh-8944
 2020-08-05 13:23:20 -05:00
Eleftheria Stein
aeafe04260 Remove need for WebSecurityConfigurerAdapter 
Closes gh-8804
 2020-08-05 10:10:12 -04:00
Josh Cummings
5061ae9e79
Add Saml2AuthenticationTokenConverter 
Closes gh-8768
 2020-08-04 18:41:43 -06:00
Josh Cummings
a10c2c6cf8
Polish DefaultSaml2AuthenticationRequestContextResolver 
Issue gh-8360
Issue gh-8887
 2020-08-04 17:29:13 -06:00
Joe Grandja
0ed919f072 Deprecate ClientRegistration.redirectUriTemplate 
Closes gh-8906
 2020-08-04 11:03:29 -04:00
Josh Cummings
2c960d2ad1
Add AuthnRequestConsumerResolver 
Closes gh-8141
 2020-07-16 14:53:22 -06:00
Joe Grandja
0b5a14a900 Register OAuth2AuthorizedClientArgumentResolver as custom resolver for XML config 
Issue gh-8669
 2020-07-01 11:07:33 -04:00
Joe Grandja
edf06a3461 OAuth2AuthorizedClientArgumentResolver uses OAuth2AuthorizedClientManager @Bean 
Closes gh-8700
 2020-06-30 11:25:39 -04:00
Joe Grandja
951e64185b Register OAuth2AuthorizedClientArgumentResolver for XML Config 
Closes gh-8669
 2020-06-25 16:10:29 -04:00
Evgeniy Cheban
4e7be2078f DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:43:01 -04:00
Rob Winch
a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive 
Closes gh-8677
 2020-06-10 11:48:56 -05:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Parikshit Dutta
28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Rob Winch
748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Craig Andrews
dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Josh Cummings
51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings
9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests 
Fixes gh-8513
 2020-05-11 17:00:25 -04:00
Rob Winch
d91b153cad Explicitly set useSuffixPatternMatch for Tests 
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
 2020-05-08 16:43:56 -05:00
Rob Winch
4a9fa0337a Allow Configure RequestRjectedHandler in XML 
Issue gh-5007
 2020-05-01 10:51:11 -05:00
Evgeniy Cheban
a70d55552b
Resource Server Finds JwtAuthenticationConverter Beans 
Fixes gh-8185
 2020-04-13 22:47:20 -06:00
Rob Winch
9a42a028e7 Logout defaults to use Global SecurityContextServerLogoutHandler 
Closes gh-8375
 2020-04-13 16:36:12 -05:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers 
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
 2020-03-30 17:50:28 -05:00
Rob Winch
b055f8bb25 SpringTestContext returns ConfigurableWebApplicationContext 
Closes gh-8233
 2020-03-30 17:46:25 -05:00
Joe Grandja
e27e548215 oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 04:36:23 -04:00
Eleftheria Stein
97085ef310 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:27:14 -04:00
Josh Cummings
f438bdfbcf
Add spring-security-5.4.xsd 
Issue gh-8138
 2020-03-18 09:45:10 -06:00
Josh Cummings
c729fee7bc
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-03 15:42:02 -07:00
Josh Cummings
e97396b9c7 Add Resource Server XML Support 
Fixes gh-5185
 2020-03-02 11:51:40 -07:00
Josh Cummings
19584884b3
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 15:32:27 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest 
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
 2020-02-28 09:15:26 -08:00
Ankur Pathak
480c5bc87e Custom ServerHttpHeadersWriter to HeaderSpec 
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
 2020-02-27 07:55:30 -06:00
Joe Grandja
8a4ff4452b Add XML namespace support for oauth2-client 
Fixes gh-5184
 2020-02-20 20:05:48 -05:00
Joe Grandja
ff8002eb2e Polish gh-4557 2020-02-12 15:47:57 -05:00
Ruby Hartono
71a5c9521c Add XML namespace support for oauth2-login 
Fixes gh-4557
 2020-02-12 15:26:17 -05:00
Joe Grandja
40c0a452d7 Define oauth2-login xsd elements 
Issue gh-4557
 2020-02-12 15:26:17 -05:00
Josh Cummings
5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Stephane Maldini
851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7952
 2020-02-07 20:44:19 -05:00
Rob Winch
1d7208f8ef Add RSocket Authentication Extension Support 
Fixes gh-7935
 2020-02-04 23:36:47 -06:00
Josh Cummings
209c81d65d
Add BadOpaqueTokenException 
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
 2020-02-04 17:33:08 -07:00
Josh Cummings
0c3754c811
Add BadJwtException 
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
 2020-02-04 17:33:08 -07:00
Josh Cummings
3e07b35611
Polish Bearer Token Error Handling 
Issue gh-7822
Issue gh-7823
 2020-02-03 17:54:39 -07:00
Josh Cummings
cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Eleftheria Stein
a512789a93 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:12:27 +01:00
Eleftheria Stein
29377545d9 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:10:03 +01:00
Johannes Edmeier
bdc60a9128 Don't cache requests with Accept: text/event-stream by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:42:16 -08:00
Josh Cummings
f1f158b37e AuthenticationEventPublisher DSL Lookup 
Fixes gh-4400
 2020-01-14 12:07:46 -07:00