Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,297 Commits 34 Branches 337 Tags
Commit Graph

1201 Commits

Author SHA1 Message Date
Joe Grandja
8b0a3a760c Use providedSessionAuthenticationStrategy 
Fixes gh-5763
 2018-09-19 07:04:49 -04:00
Rob Winch
501c008526 Add WebFlux Redirect to HTTPS Reference 
Fixes: gh-5869
 2018-09-18 21:12:37 -05:00
Rob Winch
54d07b6b8b Add WebFlux HTTP Headers Reference 
Fixes: gh-5868
 2018-09-18 17:09:41 -05:00
Rob Winch
72301e548a Reactive OAuth2 DSL Customizations 
Fixes: gh-5855
 2018-09-17 21:21:36 -05:00
Rob Winch
385bdfc055 OAuth2AuthorizationCodeGrantWebFilter works with /{action}/ 
This ensures that the same URL can work for both log in and
authorization code which prevents having to create additional registrations
on the client and potentially on the server (GitHub only allows a single
valid redirect URL).

Fixes: gh-5856
 2018-09-17 21:21:36 -05:00
Rob Winch
68bc649a45 Fix XsdDocumentedTests 
Issue: gh-5836
 2018-09-12 19:56:30 -05:00
Johnny Lim
42327a0aec Polish OAuth2ResourceServerConfigurerTests 2018-09-10 13:24:16 -06:00
Josh Cummings
2c982a4168 Reactive Redirect to Https 
This introduces the capability to configure Reactive Spring Security
to upgrade requests to HTTPS

Fixes: gh-5749
 2018-09-07 14:25:58 -05:00
Johnny Lim
f164f2f869
Polish FilterComparator 
Extracts STEP incrementing into a separate helper class
 2018-09-07 10:30:57 -06:00
Rob Winch
438d2911fb OAuth2AuthorizedClientResolver 
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.

Issue: gh-4921
 2018-09-07 08:58:00 -05:00
Rob Winch
07b6699fd9 ServerWebExchangeReactorContextWebFilter 
Fixes: gh-5779
 2018-09-07 08:49:27 -05:00
Sola
c60fcf263e provide test for custom principal extractor config 
Signed-off-by: Sola <dev@sola.love>
 2018-09-05 15:51:14 -05:00
Sola
2980f96b55 Allow PrincipalExtractor to be customized. 
Signed-off-by: Sola <dev@sola.love>
 2018-09-05 15:51:14 -05:00
Josh Cummings
932ea245fb AuthenticationManager for OAuth2ResourceServerSpec 
This makes the AuthenticationManager used by the OAuth2 Resource
Server configurable, focusing at this point on the Jwt use case.

Fixes: gh-5750
 2018-09-05 09:19:11 -05:00
Josh Cummings
25d1f49d84
Remove Resource Server's Session Policy Config 
Resource Server doesn't need to set the session policy for the
application to STATELESS since it can rely on the
SessionManagementFilter ignoring token's annotated with @Transient,
which a JwtAuthenticationToken is.

Fixes: gh-5759
 2018-09-04 14:55:40 -06:00
Josh Cummings
8510e9a285 Reactive Resource Server insufficient_scope 
This introduces an implementation of ServerAccessDeniedHandler that is
compliant with the OAuth 2.0 spec for insufficent_scope errors.

Fixes: gh-5705
 2018-08-31 10:33:11 -05:00
Joe Grandja
229b69dd35 Add DefaultAuthorizationCodeTokenResponseClient 
Fixes gh-5547
 2018-08-27 12:44:19 -04:00
Vedran Pavic
cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Rob Winch
1640a1f462 Polish ServerAuthenticationConverter 
Fix package tangles

Issue: gh-5338
 2018-08-24 09:44:27 -05:00
Josh Cummings
68d836d508 Reactive Resource Server Csrf Bypass 
This makes requests identified as bearer token requests skip the csrf
filter.

Fixes: gh-5710
 2018-08-24 09:44:01 -05:00
Rob Winch
820fb7d828 Polish formatting ServerHttpSecurity JwtSpec 
Fixes: gh-5728
 2018-08-23 15:12:19 -05:00
Josh Cummings
cba2444e1a ServerHttpSecurity ReactiveJwtDecoder discovery 
This makes so that WebFlux OAuth 2.0 Resource Server configuration
will pick up a ReactiveJwtDecoder exposed as a bean.

Fixes: gh-5720
 2018-08-23 15:12:14 -05:00
Josh Cummings
0fdc081ab5 Add unit tests 
Added some unit tests around some untested parts of the code that I
will be touching for this issue.

Issue: gh-5720
 2018-08-23 15:11:40 -05:00
Joe Grandja
ff6e1232c8 Flatten HttpSecurity.oauth2() 
Fixes gh-5715
 2018-08-22 05:58:04 -04:00
Joe Grandja
0f89e59707 Simplified oauth2().client() DSL 
Fixes gh-5662
 2018-08-22 04:45:35 -04:00
Rob Winch
0dc80aed40 Flatten ServerHttpSecurity.oauth2() 
Fixes: gh-5712
 2018-08-21 15:48:41 -05:00
Rob Winch
53652584b2 ResourceServerSpec->OAuth2ResourceServerSpec 
Fixes: gh-5713
 2018-08-21 14:51:22 -05:00
Joe Grandja
c3e19e29b5 Remove authorizationEndpoint.baseUri in OAuth2ClientConfigurer 
Fixes gh-5661
 2018-08-21 15:33:58 -04:00
Vedran Pavic
f382b69507 Add reactive support for Referrer-Policy security header 2018-08-20 10:10:59 -05:00
Vedran Pavic
10621a0f2c Add reactive support for Content-Security-Policy security header 2018-08-20 10:03:42 -05:00
Vedran Pavic
29cfc3dd1d Add reactive support for Feature-Policy security header 
Closes gh-5672
 2018-08-20 09:02:12 -05:00
Rob Winch
b9ab4929b7 Add OAuth2AuthorizationCodeGrantWebFilter 
Issue: gh-5620
 2018-08-19 21:12:41 -05:00
Rob Winch
d0ebe47cd5 OAuth2LoginReactiveAuthenticationManager uses OAuth2AuthorizationCodeReactiveAuthenticationManager 
Issue: gh-5620
 2018-08-19 21:12:32 -05:00
Rob Winch
f843da1942 Add OAuth2LoginAuthenticationWebFilter 
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.

Issue: gh-5621
 2018-08-19 21:11:43 -05:00
Rob Winch
dd7925cb63 OAuth2AuthorizedClientArgumentResolver Uses ServerOAuth2AuthorizedClientRepository 
Issue: gh-5621
 2018-08-19 21:11:24 -05:00
Rob Winch
b02ce59188 TestClientRegistrations 
Fixes: gh-5651
 2018-08-19 21:08:02 -05:00
Rob Winch
5ddb25fff8 Consistent .server package for ServerWebExchange OAuth2 
Fixes: gh-5663
 2018-08-19 21:05:55 -05:00
Rob Winch
e3eaa99ad0 Polish ServerAuthenticationConverter 
Update changes for ServerAuthenticationConverter to be passive.

Issue: gh-5338
 2018-08-18 19:55:39 -05:00
Rob Winch
46f71cc232 Update to assertj 3.11.0 
Fixes: gh-5686
 2018-08-17 21:10:47 -05:00
Rob Winch
2c27e18eb3 GlobalMethodSecurityConfiguration uses BeanFactoryAware 
This works around an issue found when updating to
Spring 5.1.0.RC2

Issue: gh-5679
 2018-08-17 21:09:37 -05:00
Rob Winch
ff8163f4c7 Run rnc generation after Feature-Policy Support 
After the Feature-Policy support changes the format of the xsd did not
align with the generator which meant running the build caused changes
for the commit.

This commit ran the xsd generation so that the formatting would be
consistent with the generator.

Issue: gh-5670
 2018-08-17 11:20:26 -05:00
Josh Cummings
d610f31425 Jwt -> Authentication Conversion 
Exposes ability to specify a strategy for converting Jwt into an
Authentication, specifically in JwtAuthenticationProvider.

Fixes: gh-5629
 2018-08-17 11:04:27 -05:00
Rob Winch
938dbbf424 Add OAuth2AuthorizationRequestResolver.resolve(HttpServletRequest,String) 
Previously there was a tangle between
DefaultOAuth2AuthorizationRequestResolver and
OAuth2AuthorizationRequestRedirectFilter with
AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME

This commit adds a new method that can be used for resolving the
OAuth2AuthorizationRequest when the client registration id is known.

Issue: gh-4911
 2018-08-16 20:41:13 -05:00
Josh Cummings
7c524aa0c8 Jwt Claim Validation 
This introduces OAuth2TokenValidator which allows the customization of
validation steps that need to be performing when decoding a string
token to a Jwt.

At this point, two validators, JwtTimestampValidator and
JwtIssuerValidator, are available for use.

Fixes: gh-5133
 2018-08-16 13:19:26 -05:00
Vedran Pavic
c6ea447cc0 Add support for Feature-Policy security header 2018-08-16 09:31:02 -05:00
Josh Cummings
a4bd0d3923
OIDC Provider Configuration - ClientRegistrations 
OIDC Provider Configuration is now being used to create more than just
ClientRegistration instances. Also, the endpoint is being addressed in
more contexts than just the client.

To that end, this refactors OidcConfigurationProvider in the config
project to ClientRegistrations in the oauth2-client project.

Fixes: gh-5647
 2018-08-14 13:26:46 -06:00
Josh Cummings
950a314c9f
RememberMeConfigTests groovy->java 
Issue: gh-4939
 2018-08-10 11:17:54 -06:00
Johnny Lim
68878a1675 Replace isEqualTo(null) with isNull() 2018-08-09 18:04:48 -06:00
Rob Winch
4de3d0b860 Create AuthorizationEndpointConfig.configure 
Issue: gh-5654
 2018-08-08 16:02:40 -05:00
Rob Winch
52622bc6dd Move OAuth2ClientConfigurer.configure to AuthorizationCodeGrantConfigurer 
Issue: gh-5654
 2018-08-08 16:02:34 -05:00