Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,603 Commits 34 Branches 337 Tags
Commit Graph

7603 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rafael Dominguez
75a2c2b729 OAuth2AccessTokenResponseBodyExtractor supports Object values 
This commit ensures the token response is parsed correctly if the values are not a String.

Fixes: gh-6087
 2018-11-15 13:23:36 -06:00
Daniel Bustamante Ospina
808fbfa161 Update webflux-form sample to use Built in CSRF Support 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: gh-6061
 2018-11-14 17:38:37 -06:00
Josh Cummings
d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Josh Cummings
fbcf48cea0 Low-level Nimbus Jwt Decoder 
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.

Fixes: gh-5648
 2018-11-14 15:53:47 -06:00
Karl Goffin
db5e54266c #3912 lazyBean method respects @Primary annotation 2018-11-14 14:31:29 -06:00
Dongmin Shin
b2c2f84f00 Fix Typo in Reference Docs 
Fixes gh-6076
 2018-11-14 11:36:27 -06:00
Rafael Dominguez
ac026e23fe Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE 2018-11-14 10:51:38 -06:00
Krzysztof Szmytkowski
b5455b0bec
Make AesByesEncryptor public 
Fixes: gh-5099
 2018-11-13 16:05:59 -07:00
Josh Cummings
13de580632
AesBytesEncryptorTests 
Issue: gh-5099
 2018-11-13 16:03:47 -07:00
Johnny Lim
95c824cb2a Upgrade to neko-htmlunit 2.33 2018-11-13 15:48:52 -06:00
Josh Cummings
ae74f22e30 Reactive Jwt Claim Set Converter Support 
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.

Fixes: gh-6015
 2018-11-13 15:31:08 -06:00
Gunnar Hillert
11b6b63364 Docs: Fix Maven Property example spring-security.version 2018-11-13 15:08:00 -06:00
Josh Cummings
2769b7ffb0
Leave Issuer As String - Documentation 
Update documentation that indicated the iss claim is proactively
coerced into a URL.

Issue: gh-6073
 2018-11-13 12:40:41 -07:00
Josh Cummings
19649db9ce
Leave Issuer As String 
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.

Issue: gh-6073
 2018-11-13 11:39:15 -07:00
Josh Cummings
c70b65c5df
Favor URL.toExternalForm 
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().

Fixes: gh-6073
 2018-11-13 08:20:18 -07:00
Josh Cummings
a32d19ec7d
Polish NimbusReactiveJwtDecoderTests 
Issue: gh-5650
 2018-11-12 15:04:00 -07:00
Josh Cummings
8eedb3919e
Policy OAuth2ResourceServerSpecTests 
Issue: gh-6052
 2018-11-12 15:01:15 -07:00
Josh Cummings
dca3645850
Update to spring-build-conventions:0.0.22.RELEASE 
Fixes: gh-6064
 2018-11-09 10:55:35 -07:00
dperezcabrera
898d005a53 InMemoryUserDetailsManager.updatePassword case-insenstive 
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
 2018-11-09 11:39:58 -06:00
Erik van Paassen
3a6582d2a6 Fix csrf:token-repository-ref XSD documentation 
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.

Fixes gh-6037
 2018-11-08 10:14:49 -06:00
Josh Cummings
9a13f9acde Custom Bearer Token Error Handling Support 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
 2018-11-07 16:29:56 -06:00
Josh Cummings
78e27ca17f
Update Reactive Resource Server Docs 
Resource Server documentation for both Servlet and Reactive now have a
similar feel and offer deeper exposure to common use cases.

Fixes: gh-6054
 2018-11-07 12:05:21 -07:00
Josh Cummings
8a475e39be Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 09:27:25 -05:00
Paul Wheeler
ccc4e1c876 Made AclClassIdUtils genuinely package level by injecting the conversionService instead of AclClassIdUtils 
Fixes gh-4814
 2018-10-31 09:24:35 -05:00
Paul Wheeler
2c362456fd AclClassIdUtils should be public 
Fixes gh-4814
 2018-10-31 09:24:35 -05:00
Josh Cummings
75e7e099ab
MiscHttpConfigTests groovy->java 
Issue: gh-4939
 2018-10-30 12:58:20 -06:00
Josh Cummings
7d3302f52b
Polish Test Name 
So that it adheres to methodNameWhenConditionThenVerification naming
convention.

Issue: gh-3743
 2018-10-30 10:20:37 -06:00
Karl Goffin
50d26c9d28
Polish Logging and Tests 
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.

Issue: gh-3743
 2018-10-30 10:18:16 -06:00
Karl Goffin
92e68a589a
PostFilter Support for Streams 
Users can return a Stream from a @PostFilter-annotated method.

Fixes: gh-3743
 2018-10-30 10:17:16 -06:00
Josh Cummings
e1c7dd6480
Add JDK 11 to Jenkins 
Fixes: gh-5860
 2018-10-25 17:10:50 -06:00
Josh Cummings
42b111fba6
JDK 11 Compatibility 
Upgraded dependencies and removed a test in the Java Config LDAP
sample which is arguably an integration test since it starts up an
LDAP container. This test also isn't JDK 11 compatible and the
remaining integration tests in the sample cover the same material.

Issue: gh-5860
 2018-10-25 17:10:50 -06:00
Joe Grandja
a96893a42a Remove charset from Accept header in UserInfo request 
Fixes gh-6017
 2018-10-25 12:56:45 -04:00
Bob Maertz
52be2839ca Migraged unit test from groovy to java 
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java

gh-4939
 2018-10-23 20:04:42 -05:00
Joe Grandja
8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder 
Fixes gh-6009
 2018-10-23 14:08:23 -04:00
Joe Grandja
7a94931514 Polish javadoc 2018-10-23 08:45:06 -04:00
Bob Maertz
551ea66ce3 Migrated unit test TldTests.groovy to TldTests.java 
Moved unit test TldTests#testTldVersionIsCorrect from groovy to java.

gh-4939
 2018-10-22 11:55:34 -05:00
Rob Winch
f56f55dc8e Fix BCrypt Checkstyle 
Issue: gh-3320
 2018-10-22 11:18:52 -05:00
linfeng
388a7b62b9 Add BCrypt Revision Support 
Fixes: gh-3320
 2018-10-22 11:13:55 -05:00
Vedran Pavic
605469db06 Clarify default OAuth 2.0 login page requirements 
Fixes gh-5996
 2018-10-22 09:20:49 -04:00
Drummond Dawson
818a3506fe Remove unnecessary concatenation of sql in JdbcUserDetailsManager 2018-10-19 15:30:03 -05:00
Drummond Dawson
9ea4d2d4ac Add missing space to heading for it to render properly 2018-10-19 15:25:15 -05:00
Rob Winch
1eb7a297d3 Update to spring-build-conventions:0.0.20.RELEASE 
Fixes: gh-5998
 2018-10-18 16:14:37 -05:00
Rob Winch
d5d9adf11d Fail the build if deploy fails 
Fixes: gh-5997
 2018-10-18 16:03:00 -05:00
Vedran Pavic
e1b095df32 Allow in-memory client registration repos to be constructed with a map 
Fixes gh-5918
 2018-10-18 14:07:12 -04:00
Brian Demers
8f49ca850a Fixing IllegalStateException message in OAuth2ResourceServerConfigurer 
Updated message to include `http.oauth2ResourceServer()`
 2018-10-17 15:14:36 -05:00
Josh Cummings
adb9f4e34b Add JDK 10 to Jenkins 
Fixes: gh-5860
 2018-10-17 15:03:42 -05:00
Josh Cummings
bd9e3877f9 JDK 10 Compatibility 
Upgrading dependencies and reconfiguring PowerMock

Issue: gh-5860
 2018-10-17 15:03:42 -05:00
Josh Cummings
52507695d1 Update to Spring Build Conventions 0.0.19 
Fixes: gh-5981
 2018-10-17 15:03:42 -05:00
sunflower-seed
2e6ff72c31 Update SubjectDnX509PrincipalExtractor.java 
Added missing asterisk
 2018-10-17 14:56:45 -05:00
sunflower-seed
e26bb2b326 Update x509.adoc 
Added Escaping for Adoc
 2018-10-17 14:56:45 -05:00