Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,237 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

260 Commits

Author SHA1 Message Date
Phillip Webb 37fa94fafc Organize imports 
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc 
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
 2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat 
Run `./gradlew format` to reformat all java files.

Issue gh-8945
 2020-08-24 17:32:56 -05:00
Phillip Webb 8e092f8d2c Add noformat blocks around withDefaultPasswordEncoder 
Find `withDefaultPasswordEncoder` calls and protect them against
formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb 63b5998fad Add noformat blocks around auth config 
Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Phillip Webb 103d822e46 Add noformat blocks around http config 
Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1" 
This reverts commit f3a1e5d40c.
 2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Dávid Kováč af1c96b425
Simplify OAuth 2.0 Introspection Attribute Retrieval 
In order to simplify retrieving of OAuth 2.0 Introspection specific
attributes, OAuth2IntrospectionClaimAccessor interface was introduced
and also new OAuth2AuthenticatedPrincipal implementing this new
interface (OAuth2IntrospectionAuthenticatedPrincipal).

Also DefaultOAuth2AuthenticatedPrincipal was replaced by
OAuth2IntrospectionAuthenticatedPrincipal in cases where OAuth 2.0
Introspection is performed (NimbusOpaqueTokenIntrospector,
NimbusReactiveOpaqueTokenIntrospector).

DefaultOAuth2AuthenticatedPrincipal can be still used by applications
that introspected the token without OAuth 2.0 Introspection.

OAuth2IntrospectionAuthenticatedPrincipal will also be used as a
default principal in tests where request is post-processed/mutated
by OpaqueTokenRequestPostProcessor/OpaqueTokenMutator.

Closes gh-6489
 2020-07-09 17:26:13 -06:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2" 
This reverts commit 68538897c8.
 2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Rob Winch dac7806cf5 Test beforeTestMethod delays creation of SecurityContext 
Issue gh-6591
 2020-06-24 16:40:09 -05:00
Markus Gabriel 97ee6d66f1 Fix SecurityContext creation for TEST_EXECUTION 
Currently, there is support for setting up a SecurityContext after @Before by
using TestExecutionEvent.TEST_EXECUTION. The current implementation, however,
already creates the SecurityContext in @Before and just does not set it yet.
This leads to issues like #6591. For the case of @WithUserDetails, the
creation of the SecurityContext already looks up a user from the repository.
If the user was inserted in @Before, the user is not found despite using
TestExecutionEvent.TEST_EXECUTION. This commit changes the creation of the
SecurityContext to happen after @Before if using
TestExecutionEvent.TEST_EXECUTION.

Closes gh-6591
 2020-06-24 16:40:08 -05:00
Dávid Kovács 88028d82ed formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:54:32 -05:00
Josh Cummings 900f551890
Inject TestOAuth2AuthorizedClientRepository 
Fixes gh-8603
 2020-05-28 10:33:02 -06:00
Joe Grandja 86ca6b013c Unlock dependencies 
This reverts commit 206960cf44.
 2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Dávid Kovács 1f1ddeb025 SecurityMockMvcConfigurer$DelegateFilter is not null-safe 
This commit adds null-check to getter method, so instead of NPE an IllegalStateException will be thrown with additional details.

Fixes gh-7745
 2020-05-05 09:56:37 -05:00
Markus Engelbrecht d81321bc29
Fix typo 'properites' in documentation 
Fixes gh-8095
 2020-03-11 10:54:14 -06:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7.
 2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Josh Cummings 85b0e468ad
Add missing calls to principalName 
Issue gh-8054
 2020-03-03 17:11:42 -07:00
Josh Cummings 2064214f39
Add principal name to oauth2Client Test Support 
Fixes gh-8054
 2020-03-03 16:33:08 -07:00
Josh Cummings 3bc1b7a933
Simplify opaqueToken support 
Remove scopes convenience method to alleviate potential confusion with
the "scope" attribute.

Issue gh-7827
Issue gh-7712
 2020-03-03 16:24:43 -07:00
Josh Cummings 689fc9df0c
Align Test Support Claims 
Make all sub claims 'user' and all scopes 'read' to align with
existing support for JWT

Issue gh-7828
Issue gh-7789
Issue gh-7680
Issue gh-7618
 2020-03-03 16:24:43 -07:00
Josh Cummings 30adabb685
Simplify oauth2Login Test Support 
Remove nameAttributeKey as this is easily done by constructing
a DefaultOAuth2User instance.

Issue gh-7789
Issue gh-7828
 2020-03-03 15:48:04 -07:00
Josh Cummings bd593a3431
Add Opaque Token WebTestClient Support 
Fixes gh-7827
 2020-02-27 11:29:55 -07:00
Josh Cummings ffb5a3a0d4
Add oauth2Client WebTestClient Support 
Fixes gh-7910
 2020-02-05 15:33:57 -07:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings c367378421
Add OAuth2Client MockMvc Test Support 
Fixes gh-7886
 2020-02-03 15:59:58 -07:00
Josh Cummings 982f3f902c
Add oauth2Login Reactive Test Support 
Fixes gh-7828
 2020-01-13 17:49:52 -07:00
Josh Cummings 8f1d0cf528
opaqueToken MockMvc Configuration Order 
Fixes gh-7800
 2020-01-10 16:47:31 -07:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings 09810b8df9
oidcLogin Test Configuration Flow 
Fixes gh-7794
 2020-01-07 17:37:48 -07:00
Josh Cummings 84ba3ddf26
Add oauth2Login MockMvc Support 
Fixes gh-7789
 2020-01-07 14:09:36 -07:00
Josh Cummings e1fdb24b5d
Add opaqueToken MockMvc Test Support 
Fixes gh-7712
 2019-12-20 15:34:11 -07:00
Josh Cummings d102cae243
oidcLogin MockMvc Documentation 
Remove documentation requiring a valid ClientRegistrationRepository

Issue: gh-7618
 2019-12-02 22:49:17 -07:00
Josh Cummings 8c32d5fe48
Add oidcLogin WebFlux Test Support 
Fixes: gh-7680
 2019-12-02 22:28:24 -07:00
Josh Cummings b35e18ff31
Add oidcLogin MockMvc Test Support 
Fixes gh-7618
 2019-11-26 16:12:06 -07:00
Josh Cummings 7cbd1665a6
Isolate Jwt Test Support 
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.

Fixes gh-7641
 2019-11-22 15:07:05 -07:00
Drummond Dawson 4f82be7e68 Support URI vars in formLogin and logout MockMvc requests 2019-11-05 09:46:50 +01:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Josh Cummings 05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings b55b2914c2 Mock Jwt Disables CSRF 
Fixes gh-7170
 2019-09-13 19:04:05 +01:00
Lars Grefer 95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Lars Grefer 34dd5fea30 Remove redundant throws clauses 
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
 2019-08-23 01:03:54 +02:00
Rob Winch 9d63c36f93 Fix JDK 10+ 
Issue gh-7265
 2019-08-16 11:13:11 -05:00
Rob Winch 0c6bff4afb SecurityMockMvcConfigurer Honors Filter Order 
Fixes gh-7265
 2019-08-16 09:24:33 -05:00
Rob Winch c1db1aad91
Cleanup Code Style Issues 
Cleanup Code Style Issues
 2019-08-12 13:06:49 -05:00
Lars Grefer ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer 38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00
Lars Grefer b388976ac8 fix checkstyle 2019-08-09 02:46:20 +02:00
Lars Grefer fe9e454978 StandardCharsets can be used 
Reports methods and constructors where constant charset String literal is used (like "UTF-8") which could be replaced with a predefined Charset object like StandardCharsets.UTF_8. This may work a little bit faster, because charset lookup becomes unnecessary. Also catching UnsupportedEncodingException may become unnecessary as well. In this case the catch block will be removed automatically.
 2019-08-09 00:39:09 +02:00
Lars Grefer fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer 776a4c3760 Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers 2019-08-03 12:28:37 -04:00
Lars Grefer c5b5cc507c Cleanup redundant type casts 2019-07-10 09:31:09 -05:00
sandmannn 23a7c3010c Added jwt injection for reactive test mocks 
Added new implementation of jwt() method that
makes it possible to directly provide a previously
prepared JWT token to WebTestClient mutator.

Fixes: spring-projectsgh-6896
 2019-06-15 10:01:57 -06:00
sandmannn 9323d8e821 Extended testing api for JWT 
Added new implementation of jwt() method that
makes it possible to directly provide a previously
prepared JWT token to the MockMvc request builder.

Issue: spring-projectsgh-6896
 2019-06-12 10:09:32 -06:00
Josh Cummings d0f5b42884
Mock Jwt Test Support and Jwt.Builder Polish 
Simplified the initial support to introduce fewer classes and only the
features described in the ticket.

Changed tests to align with existing patterns in the repository.

Added JavaDoc to remaining public methods introduced for this feature.

Issue: gh-6634
Issue: gh-6851
 2019-05-22 14:23:02 -06:00
Jérôme Wacongne e59d8a529b
Mock Jwt Test Support and Jwt.Builder 
Fixes: gh-6634
Fixes: gh-6851
 2019-05-22 14:23:02 -06:00
Spring Operator b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Rob Winch 1a80d4a66c Fix Generics in ReactorContextTestExecutionListenerTests for JDK 9+ 
Issue: gh-6075
 2018-11-30 12:07:58 -06:00
Aanuoluwapo Otitoola a28c677f88 ReactorContextTestExecutionListener should use named hooks 
Fixes: gh-6075
 2018-11-30 11:13:26 -06:00
Tadaya Tsuyukubo 12050404ad Populate test security context with authentication 
Add setAuthentication method on TestSecurityContextHolder.
 2018-10-03 14:24:45 -04:00
Vedran Pavic cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
mhyeon.lee 18db425861 Polish Javadoc to remove warning 2018-07-18 09:24:59 -06:00
Rob Winch 1137f3b46d Add cross references to ReactorContextTestExecutionListener 
Fixes: gh-5418
 2018-06-11 17:13:24 -05:00
Rob Winch 7a204a5f58 Fixes for SPR-16624 
Fixes: gh-5164
 2018-03-27 22:35:08 -05:00
Rob Winch b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch 1851aaa66d Fix ReactorContextTestExecutionListener with custom SecurityContext 
Fixes: gh-5137
 2018-03-19 09:29:27 -05:00
Oleh Dokuka 76e36bd06e fix Mock Authentication resolution 2018-03-19 09:16:55 -05:00
Rob Winch 65193963ad Fix Imports 
Issue: gh-4888
 2018-03-09 09:15:39 -06:00
Rob Winch 2228485a40 WithUserDetails supports ReactiveUserDetailsService 
Fixes: gh-4888
 2018-03-08 23:13:19 -06:00
Rob Winch abae2f3e87 Allow WithSecurityContextTestExecutionListener to execute after @Before 
Fixes: gh-2935
 2018-03-08 14:13:07 -06:00
Rob Winch e1a8d250de Add authenticated().withAuthentication(Consumer<Authentication>) 
This allows arbitrary assertions of the authenticated user

Fixes: gh-4996
 2018-02-02 16:56:45 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Johnny Lim b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Johnny Lim cdcf65de1e Polish 
Fixes gh-4425
 2017-10-29 23:43:13 -05:00
Antoine e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch 8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch c467dcdbe1 SecurityMockServerConfiguers fixes 
Issue: gh-4719
 2017-10-27 18:17:36 -05:00
Rob Winch 77aedcf502 SecurityMockServerConfigurers updates 
Issue: gh-4719
 2017-10-27 18:17:33 -05:00
Rob Winch 3bceadd369 Only populate a Context once 
Fixes gh-4718
 2017-10-27 17:35:54 -05:00
Rob Winch be593b95a8 Prefer existing Context in ReactorContextTestExecutionListener 
Issue gh-4718
 2017-10-27 17:35:54 -05:00
Rob Winch 9363e2ba41 Polish ReactorContextTestExecutionListenerTests 
Necessary for preparing for the changes that will be made. The Context
should not necessarily be empty, but it should not contain the SecurityContext

Issue gh-4718
 2017-10-27 17:35:54 -05:00
Rob Winch 3abec60188 SecurityMockServerConfigurers checkstyle 2017-10-27 17:33:08 -05:00
Rob Winch 747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch 8291f20796 DaoAuthenticationProvider uses DelegatingPasswordEncoder 
This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
 2017-10-24 07:56:28 -05:00
Johnny Lim 25052214ae Polish 2017-10-16 18:33:27 -05:00
Rob Winch 23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch 445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch 1f4082e754 Fix copyright lines 2017-09-18 11:11:25 -05:00
Rob Winch 3ecf3ea034 Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00
Rob Winch d9bad2bc9d Mono.currentContext()->subscriberContext() 
Fixing refactoring by Reactor
 2017-09-01 17:20:47 -05:00
Rob Winch f59fc357b8 Polish ReactorContextTestExecutionListenerTests 
Code Style fixes
 2017-08-30 14:27:14 -05:00
Rob Winch 4fd17e4c2e Fix ReactorContext after changes to Reactor 2017-08-30 14:25:40 -05:00
Rob Winch 7ae4506a88 Add ReactorContextTestExecutionListener 
Fixes gh-4502
 2017-08-17 16:42:01 -05:00