7c524aa0c8
Jwt Claim Validation
...
This introduces OAuth2TokenValidator which allows the customization of
validation steps that need to be performing when decoding a string
token to a Jwt.
At this point, two validators, JwtTimestampValidator and
JwtIssuerValidator, are available for use.
Fixes: gh-5133
2018-08-16 13:19:26 -05:00
c6ea447cc0
Add support for Feature-Policy security header
2018-08-16 09:31:02 -05:00
9c478257d4
Fix the broken link in the WebSocket documentation
...
Changeset 46bb855#4094 ) removed websocket chat
sample in favor of spring-session one. This commit
updates spring-security documentation link to
point to the up-to-date sample location
2018-08-16 09:14:24 -05:00
a4bd0d3923
OIDC Provider Configuration - ClientRegistrations
...
OIDC Provider Configuration is now being used to create more than just
ClientRegistration instances. Also, the endpoint is being addressed in
more contexts than just the client.
To that end, this refactors OidcConfigurationProvider in the config
project to ClientRegistrations in the oauth2-client project.
Fixes: gh-5647
2018-08-14 13:26:46 -06:00
cbdc7ee4b3
Relax validation on ClientRegistration
...
Fixes gh-5667
2018-08-14 14:05:45 -04:00
010d99a7d0
Make ClientRegistration.clientSecret optional
...
Fixes gh-5652
2018-08-14 13:32:51 -04:00
8a0c6868cd
Add additional parameters to OAuth2UserRequest
...
Fixes gh-5368
2018-08-14 05:14:45 -04:00
950a314c9f
RememberMeConfigTests groovy->java
...
Issue: gh-4939
2018-08-10 11:17:54 -06:00
68878a1675
Replace isEqualTo(null) with isNull()
2018-08-09 18:04:48 -06:00
4de3d0b860
Create AuthorizationEndpointConfig.configure
...
Issue: gh-5654
2018-08-08 16:02:40 -05:00
52622bc6dd
Move OAuth2ClientConfigurer.configure to AuthorizationCodeGrantConfigurer
...
Issue: gh-5654
2018-08-08 16:02:34 -05:00
16fe1c5b52
Expose RestOperations in NimbusJwtDecoderJwkSupport
...
Fixes gh-5603
2018-08-08 14:49:46 -04:00
11984039c2
Add OidcUserService.setOauth2UserService()
...
Fixes gh-5604
2018-08-08 09:32:47 -04:00
952743269d
Add support for client_credentials grant
...
Fixes gh-4982
2018-08-08 08:06:47 -05:00
14a7387190
Made JwtConfigurer fluent
...
Adjusted return type of #decoder(JwtDecoder) and #jwkSetUri(String)
to return the JwtDecoder itself. Added new method #and() that returns
the enclosing OAuth2ResourceServerConfigurer.
Fixes gh-5595
2018-08-08 08:28:26 -04:00
973af94b42
Fix typo
2018-08-07 22:52:59 -05:00
6a2dd78f88
Regenerate spring-security-5.1.xsd
...
Commit 884fdbf9
2018-08-03 10:57:54 -05:00
e945f3bf82
Fix typo
...
Closes #5579
2018-08-03 09:58:01 -05:00
4e8f2a3ee4
Add @Configuration to ServerHttpSecurityConfiguration
...
Fixes: gh-5635
2018-08-03 09:37:03 -05:00
3d1185df3b
Add @Deprecation on removeAuthorizationRequest() ( #5634 )
2018-08-03 09:37:48 -04:00
1a65abd781
Add defaultOAuth2AuthorizedClient flag
...
Fixes: gh-5619
2018-07-31 14:44:40 -05:00
cecbc2175b
Add CORS WebFlux Support
...
Fixes: gh-4832
2018-07-31 11:37:50 -05:00
fe17c71775
Mention spring-security-data dependency for Spring Data in doc
...
Closes #5556
2018-07-31 09:56:57 -05:00
0c26d1b98a
ServerHttpBasicAuthenticationConverter Validates Scheme Name
...
Fixes: gh-5414
2018-07-31 09:10:23 -05:00
e3d4d66917
BasicAuthenticationFilter case insenstive
...
Fixes: gh-5586
2018-07-31 09:10:10 -05:00
2cd2bab818
Use HttpHeaders.setBasicAuth
...
Issue: gh-5612
2018-07-30 15:34:48 -05:00
afa2d9cbc7
Remove ExchangeFilterFunctions
...
Issue: gh-5612
2018-07-30 15:34:44 -05:00
262c1a77c6
Remove SecurityHeaders
...
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth
Issue: gh-5612
2018-07-30 15:34:40 -05:00
c26d7dc859
Update to Spring Boot 2.1.0.M1
...
Fixes: gh-5613
2018-07-30 15:34:35 -05:00
b5abb99908
ClaimAccessor.getClaimAsString() checks null claim value
...
Fixes gh-5608
2018-07-30 15:31:41 -04:00
e243f93eed
Default to server_error when OAuth2Error.errorCode is null
...
Fixes gh-5594
2018-07-30 13:20:58 -04:00
aea861e2f9
Fix Imports
...
Issue: gh-5599
2018-07-30 12:15:53 -05:00
6d0369647b
Add OAuth2LoginSpec.and()
...
Fixes: gh-5609
2018-07-30 12:07:51 -05:00
a01dc3a5f6
WebFlux Handles Undefined State Parameter
...
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.
This commit handles the null value.
Fixes: gh-5599
2018-07-30 12:02:42 -05:00
dd1fa7f709
Add Sample
...
Issue: gh-5605
2018-07-30 11:39:50 -05:00
e215d2733f
Add OAuth2Spec
...
Issue: gh-5605
2018-07-30 11:39:45 -05:00
2056b3440f
Add ServerBearerTokenAuthenticationConverter
...
Issue: gh-5605
2018-07-30 11:39:40 -05:00
4f417f01a7
BearerTokenServerAuthenticationEntryPoint
...
Issue: gh-5605
2018-07-30 11:39:34 -05:00
da73242d60
Add JwtReactiveAuthenticationManager
...
Issue: gh-5605
2018-07-30 11:39:28 -05:00
b8308c9ae0
Extract JwtConverter
...
Issue: gh-5605
2018-07-30 11:37:56 -05:00
e6bd5357df
Next Development Version
2018-07-26 20:11:59 -05:00
b5ae0c86d0
Release 5.1.0.M2
2018-07-26 19:38:11 -05:00
a699cccda1
Disable Snapshot for release
2018-07-26 19:37:40 -05:00
1c308ecb44
Next Development Version
2018-07-26 15:22:02 -05:00
ff06fcb1ab
Release 5.1.0.M2
2018-07-26 15:21:11 -05:00
f3c9cce56d
Rename to WebClientAuthorizationCodeTokenResponseClient
...
Rename NimbusReactiveAUthorizationCodeTokenResponseClient to
WebClientReactiveAuthorizationCodeTokenResponseClient
Fixes: gh-5529
2018-07-26 15:14:11 -05:00
1c8a931e33
Rename to OidcAuthorizationCodeReactiveAuthenticationManager
...
Renamed OidcReactiveAuthenticationManager to
OidcAuthorizationCodeReactiveAuthenticationManager since it only handles
authorization code flow.
Fixes: gh-5530
2018-07-26 15:14:11 -05:00
5f20bb3d50
Update to Spring Data Lovelace RC1
...
Fixes: gh-5589
2018-07-26 15:14:11 -05:00
44578e5539
Update to Spring Framework 5.1.0.RC1
...
Fixes: gh-5588
2018-07-26 15:14:11 -05:00
1f3fe624c8
Update to Reactor Californium M1
...
Fixes: gh-5587
2018-07-26 15:14:11 -05:00
Josh Cummings
Vedran Pavic
fdesu
Joe Grandja
Johnny Lim
Rob Winch
Daniel Meier