924ceac681
Lock Dependencies
2021-04-12 13:36:39 -04:00
951cb844dd
Update to Spring Boot 2.4.4
2021-04-12 13:36:28 -04:00
9570d0cada
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
2021-04-09 21:47:11 -06:00
e7ee70384d
Consider Order on SecurityFilterChain bean definitions
...
Closes gh-9154
2021-03-24 11:08:49 +02:00
d192b3eb91
Next Development Version
2021-02-17 16:00:33 -07:00
71e0967b53
Revert "Lock Dependencies for Release"
...
This reverts commit 8c04074264
2021-02-17 15:59:48 -07:00
45bca751c7
Release 5.4.5
2021-02-17 14:59:57 -07:00
8c04074264
Lock Dependencies for Release
2021-02-17 14:59:17 -07:00
7db6c9189e
Downgrade to Nimbus JOSE JWT 8.+
2021-02-12 10:56:35 +00:00
f6a2850753
Next Development Version
2021-02-11 18:38:25 -07:00
cf032d86d6
Revert "Lock Dependencies"
...
This reverts commit 9535a41d5a
2021-02-11 18:38:07 -07:00
abc523c063
Release 5.4.4
2021-02-11 18:00:01 -07:00
9535a41d5a
Lock Dependencies
2021-02-11 17:43:39 -07:00
4b6b417d5a
Additional Test for HttpSessionSecurityContextRepository
...
Issue gh-9387
2021-02-11 17:39:49 -07:00
c72a6fac04
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 17:39:48 -07:00
357446ba9d
Next Development Version
2021-02-11 17:35:08 -07:00
f449da8b78
Revert "Lock Dependencies"
...
This reverts commit d17ebf53f9
2021-02-11 17:28:01 -07:00
9fbcfd9513
Release 5.4.3
2021-02-11 16:56:28 -07:00
d17ebf53f9
Lock Dependencies
2021-02-11 16:56:28 -07:00
c241f643ad
Update to GAE 1.9.86
...
Closes gh-9448
2021-02-11 16:56:21 -07:00
d4461dc856
Update to Spring Boot 2.4.2
...
Closes gh-9447
2021-02-11 16:56:12 -07:00
ad0ad06705
Update to Kotlin 1.4.30
...
Closes gh-9446
2021-02-11 16:55:59 -07:00
db76882f75
Fix Test Configuration
...
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable
Closes gh-9421
2021-02-10 11:34:43 -07:00
27e6743fd6
Update saml2-login.adoc
...
Fix example on registering custom marshaller for saml request
2021-02-04 10:10:04 -07:00
e79141a188
Downgrade nimbus-jose-jwt to 8.+
...
Closes gh-9399
2021-02-03 13:18:18 -07:00
da7141eb5b
Polish Tests
...
Issue gh-9331
2021-02-03 09:13:38 -07:00
e30d78086a
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
2021-02-03 09:13:28 -07:00
fc24c7991c
Allow null or empty authorities for DefaultOAuth2User
...
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken
Closes gh-9366
2021-02-01 17:26:56 -05:00
42013ee3a1
Change Example Name
...
Closes gh-9379
2021-01-28 11:23:47 -07:00
21f03b53f2
Use spring-build-conventions:0.0.37
2021-01-25 20:26:35 -06:00
f6b678f137
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:23:49 -05:00
76657631fd
Migrate SAML 2.0 Tests and Docs to PCFOne
...
Issue gh-9362
2021-01-22 15:13:41 -07:00
3f2057364e
Migrate SAML 2.0 Samples to PCFOne
...
Closes gh-9362
2021-01-22 11:22:28 -07:00
a8a66480be
Fix SAML 2.0 Javaconfig Sample
...
Issue gh-9362
2021-01-22 11:22:22 -07:00
1f4aa8fe4f
Provide artifactoryUsername/Password in docs and schema jobs
2021-01-22 14:45:25 +01:00
420e8227d4
Resolve artifacts from Maven Central first
...
- Use spring-build-conventions:0.0.36
- Add https://repo.spring.io/release to reference
Closes gh-9367
2021-01-22 13:28:35 +01:00
580b988e7f
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
Closes gh-9364
2021-01-21 16:22:29 -07:00
acb5ae607b
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:09:21 -06:00
77a1befcc2
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
2021-01-12 11:38:01 -06:00
61b75bb2d6
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:19:11 -06:00
429caeacc9
Fix bug with multiple AuthenticationManager beans
...
Closes gh-9256
2021-01-06 18:19:13 +01:00
8c93d95818
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:11:19 -07:00
b8175bccd2
OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
...
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
2020-12-03 10:54:00 -05:00
00375da173
Next Development Version
2020-12-02 22:21:21 -07:00
1af21a9d02
Revert "Lock Dependencies for 5.4.2"
...
This reverts commit 046bc9789f
2020-12-02 22:21:02 -07:00
9effebe934
Release 5.4.2
2020-12-02 17:36:26 -07:00
046bc9789f
Lock Dependencies for 5.4.2
2020-12-02 17:36:26 -07:00
423d3682d0
Update to Google App Engine 1.9.83
...
Closes gh-9250
2020-12-02 17:36:08 -07:00
1f5591198e
Update to Kotlin 1.4.20
...
Closes gh-9249
2020-12-02 17:36:02 -07:00
0a95d3cfa8
Update to Spring Boot 2.4.0
...
Closes gh-9248
2020-12-02 16:37:41 -07:00
Joe Grandja
佚名
Eleftheria Stein
Josh Cummings
Andy Wilkinson
Rob Winch
kavi87
happier233
Mayur Patel
Benjamin Faal
Eleftheria Stein
tristanessquare
Rob Winch
Ovidiu Popa