Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,985 Commits 48 Branches 362 Tags
Commit Graph

3098 Commits

Author SHA1 Message Date
Rob Winch
994abb0d00 Document User.withDefaultPasswordEncoder unsafe for production 
Fixes: gh-4793
 2018-01-31 16:26:26 -06:00
Rob Winch
f7e49ace9f Add TestAuthentication 2018-01-26 15:13:09 -06:00
Rob Winch
c5e6ee4563 Update Dependencies 
Fixes: gh-4973
 2018-01-24 13:48:14 -06:00
Rob Winch
6ba225b62d Polish userNotFoundEncodedPassword 
Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.

Issue: gh-4915
 2018-01-24 11:06:08 -06:00
Phillip Webb
fd78d055aa Lazily initialize userNotFoundEncodedPassword 
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes gh-4915
 2018-01-24 11:06:08 -06:00
Johnny Lim
f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Rob Winch
803cdcf01e Test Jackson HashMap in Whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Chris Burrell
cf97e16379 Add HashMap to Jackson whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Rob Winch
b9152701a6 Javadoc Polish 2017-12-21 16:43:11 -06:00
Johnny Lim
921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim
57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Rob Winch
c856c376df Fix UTF-8 in JdbcDaoImplTests 2017-12-20 15:50:23 -06:00
Joe Grandja
e19fdb6cc1 Remove AuthenticatedPrincipal from UserDetails 
Issue gh-4877
 2017-11-30 10:52:24 -05:00
Joe Grandja
50d1a81458 AbstractAuthenticationToken.getName() uses UserDetails.getUsername() 
Fixes gh-4877
 2017-11-30 09:17:42 -05:00
Rob Winch
ee1745b681 Update to Spring Framework 5.0.2.RELEASE 2017-11-27 11:57:03 -06:00
Rob Winch
691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder 
Issue: gh-4873
 2017-11-27 11:42:56 -06:00
Johnny Lim
701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim
5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Oleg Zhuravlev
563139c469 Fix keys in messages bundle 2017-11-16 11:28:57 -06:00
Benedikt Ritter
fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch
6d4b4bf2c7 Align Dependencies with Spring IO Cairo 
Fixes gh-4821
 2017-11-14 13:45:24 -06:00
Johnny Lim
99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch
d9abd2e443 User.UserBuilder only encodes once 
Fixes gh-4794
 2017-11-06 09:47:37 -06:00
Greg Turnquist
881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details 
Resolves #4698
 2017-10-31 16:34:07 -05:00
Rob Winch
e95430fa36 Polish Reactive Method Security reference 
Issue gh-4757
 2017-10-30 16:27:50 -05:00
Gajendra kumar
ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster 
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
 2017-10-30 01:08:15 -05:00
Frank Pavageau
35706ad60a Deserialize the principal in a neutral way 
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
 2017-10-30 00:53:31 -05:00
Frank Pavageau
6fd9ff254b Map values directly from the JSON nodes 
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
 2017-10-30 00:53:31 -05:00
Antoine
0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine
e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch
44320447fe Update to Spring 5.0.1.RELEASE 
Issue gh-4739
 2017-10-29 14:31:45 -05:00
Rob Winch
747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch
9ea4df5b5d ReactiveSecurityContextHolder 
Fixes gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch
399da1ecad SecurityContextImpl constructor 
Fixes gh-4712
 2017-10-26 20:11:42 -05:00
Rob Winch
38a8189a62 DelegatingApplicationListener uses CopyOnWriteArrayList 
Fixes gh-4416
 2017-10-24 15:35:04 -05:00
Rob Winch
8291f20796 DaoAuthenticationProvider uses DelegatingPasswordEncoder 
This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
 2017-10-24 07:56:28 -05:00
Rob Winch
d19b222b55 UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder 
This means passwords will be encoded with BCrypt by default

Issue: gh-2775
 2017-10-24 07:56:28 -05:00
Rob Winch
cdc992b132 Remove SaltSource 
Fixes gh-4681
 2017-10-24 07:56:28 -05:00
Rob Winch
4529e09339 Remove PasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
6c69333df6 Remove PasswordEncoderUtils from core 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
3a4a32e654 Remove LdapShaPasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:56:20 -05:00
Rob Winch
6a3e981c80 Remove BaseDigestPasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:55:40 -05:00
Rob Winch
a8aa65b828 Remove Md4PasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:55:32 -05:00
Rob Winch
2dc4e326be Remove MessageDigestPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
12dbf2e961 Remove PlainTextPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
40fd8d7aa7 Remove ShaPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
e98fc3556e Remove Md5PasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
52560b560d PasswordEncodedUser 
Fixes gh-4680
 2017-10-23 22:27:16 -05:00