6a3e981c80
Remove BaseDigestPasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:40 -05:00
a8aa65b828
Remove Md4PasswordEncoder from core
...
Issue: gh-4674
2017-10-24 07:55:32 -05:00
12dbf2e961
Remove PlainTextPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
40fd8d7aa7
Remove ShaPasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
e98fc3556e
Remove Md5PasswordEncoder from core
...
Issue: gh-4674
2017-10-23 22:27:16 -05:00
7c95c88601
Add User/UserBuilder in UserDetailsManagerConfigurer
...
Fixes gh-4679
2017-10-23 22:27:16 -05:00
c5d4041ca8
Add 5.0.xsd
...
Fixes gh-4675
2017-10-23 22:27:16 -05:00
6d7d34c549
Move AuthorizationRequestUriBuilder and DefaultAuthorizationRequestUriBuilder
...
Fixes gh-4658
2017-10-23 10:19:31 -04:00
8e3a2a7123
Remove AuthorizationCodeAuthenticationFilter.AuthorizationResponseMatcher
...
Fixes gh-4654
2017-10-20 06:09:31 -04:00
eb82a79068
OAuth2 login url starts with /login/
...
Fixes gh-4659
2017-10-19 17:32:21 -04:00
d4dac21ca5
Make ClientRegistration.Builder constructor private
...
Fixes gh-4656
2017-10-19 14:15:59 -04:00
1f5edc98d5
ClientRegistration.Builder.scopes -> scope
...
Fixes gh-4663
2017-10-19 11:24:01 -04:00
1e891b38ab
Rename scope -> scopes for Set types
...
Fixes gh-4644
2017-10-18 17:56:39 -04:00
d231441cc0
EnableWebFluxSecurityTests uses SpringTestRule
...
This will hopefully resolve the periodic failures in
EnableWebFluxSecurityTests
2017-10-18 15:14:43 -05:00
9d46af3d7c
Introduce SpringTestContext
...
This adds support for testing different configurations per method.
2017-10-18 15:14:43 -05:00
7b8d131386
Fix package tangles -> OAuth2/Oidc AuthenticationProvider's
...
Fixes gh-4614
2017-10-16 20:56:32 -04:00
25052214ae
Polish
2017-10-16 18:33:27 -05:00
a74f7c6faa
Fix CSRF / DefaultLoginPageGeneratingFilter package tangle
...
Issue: gh-4636
2017-10-16 16:36:49 -05:00
7fd1cff3ce
Fix PrePostAdviceReactiveMethodInterceptor tangle
...
Issue: gh-4636
2017-10-16 16:36:43 -05:00
579282437b
Move GlobalAuthenticationConfigurerAdapter
...
Issue: gh-4636
2017-10-16 16:36:33 -05:00
a7d054c9f3
Remove AuthorizationGrantAuthenticator
2017-10-16 13:43:11 -04:00
3c824dc44b
Fix package tangles -> OAuth2UserService
...
Fixes gh-4614
2017-10-13 18:59:41 -04:00
cfa4858b04
Fix package tangles -> AuthorizationGrantTokenExchanger
...
Fixes gh-4614
2017-10-13 16:35:48 -04:00
c441f99567
Polish oauth2-client
2017-10-13 07:09:00 -04:00
211e8eae90
Remove formLogin() and httpBasic() from defaults
2017-10-12 16:41:01 -05:00
5fae710d69
Polish ServerHttpSecurityConfigurationBuilder
...
Fix copyright
2017-10-12 16:20:18 -05:00
30487c3b4b
Polish ServerHttpSecurity testing
2017-10-12 15:54:54 -05:00
015cc2203e
Fix ServerHttpSecurity
2017-10-12 15:54:54 -05:00
91d9404828
Fixed typo in HttpSecurity.authorizeRequests javadoc
2017-10-12 07:36:37 -05:00
18df9a869e
Move config AuthorizationCodeGrantConfigurer -> OAuth2LoginConfigurer
2017-10-11 17:39:21 -04:00
247f737bc8
Move HttpBasicServerAuthenticationEntryPoint
...
Move it up a package as www is too sparse. This is different than servlet
based support, but we also are now using a generic AuthenticationWebFilter
Fixes gh-4617
2017-10-11 16:24:14 -05:00
7271a427e8
SecurityContextServerRepository->ServerSecurityContextRepository
...
Issue gh-4615
2017-10-11 13:58:28 -05:00
792944eee7
HttpSecurity->ServerHttpSecurity
...
Issue gh-4615
2017-10-11 13:58:24 -05:00
185d3032f5
LogoutHandler->ServerLogoutHandler
...
Issue gh-4615
2017-10-11 13:58:21 -05:00
c9ce528206
AuthenticationFailureHandler->ServerAuthenticationFailureHandler
...
Issue gh-4615
2017-10-11 13:58:18 -05:00
897e7111e3
AccessDeniedHandler->ServerAccessDeniedHandler
...
Issue gh-4615
2017-10-11 13:58:14 -05:00
a5af2a07d7
HttpHeadersWriter->ServerHttpHeadersWriter
...
Issue gh-4615
2017-10-11 13:58:09 -05:00
2982b82b2d
AuthenticationSuccessHandler->ServerAuthenticationSuccessHandler
...
Issue gh-4615
2017-10-11 13:58:06 -05:00
b858985b0e
AuthenticationReactorContextFilter->AuthenticationReactorContextWebFilter
...
Issue gh-4615
2017-10-11 13:58:02 -05:00
bfcc2a602d
SecurityContextRepository->SecurityContextServerRepository
...
Issue gh-4615
2017-10-11 13:57:59 -05:00
e99e2a9f09
PrePostAdviceMethodInterceptor->PrePostAdviceReactiveMethodInterceptor
...
Issue gh-4615
2017-10-11 13:57:54 -05:00
d0de8d40dd
WebFilterChainFilter -> WebFilterChainProxy
...
Issue gh-4615
2017-10-11 13:57:50 -05:00
cfc5572b7a
AuthenticationEntryPoint->ServerAuthenticationEntryPoint
...
Issue gh-4615
2017-10-11 13:57:46 -05:00
8d4a73cf3f
Use Server<Description>AuthenticationConverter
...
Issue gh-4615
2017-10-11 13:57:43 -05:00
5502856095
UserDetailsRepositoryAuthenticationManager->UserDetailsRepositoryReactiveAuthenticationManager
...
Issue gh-4615
2017-10-11 13:57:35 -05:00
4681697581
UserDetailsRepository->ReactiveUserDetailsService
...
Issue gh-4615
2017-10-11 13:57:30 -05:00
f1bc82dcef
AuthenticatedAuthorizationManager->AuthenticatedReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:26 -05:00
866ce5eaec
AuthorityAuthorizationManager->AuthorityReactiveAuthorizationManager
...
Issue gh-4615
2017-10-11 13:57:08 -05:00
d840090cb0
Add support for implicit grant type
...
Fixes gh-4500
2017-10-11 13:54:59 -04:00
6963b3c5d5
Expose login page config for oauth2Login
...
Fixes gh-4570
2017-10-10 19:05:57 -04:00
da0a7afa38
Polish AuthorizationCodeAuthenticationFilter
...
Fixes gh-4599
2017-10-10 14:39:47 -04:00
efa4bf409c
Remove AuthorizationCodeRequestRedirectFilter. setAuthorizationRequestMatcher
2017-10-10 14:38:06 -04:00
6b16fa0d8c
Polish OAuth Security Configurers
2017-10-10 14:38:06 -04:00
23f56f568c
Update MockitJunitRunner import
...
Issue: gh-4608
2017-10-09 16:13:33 -05:00
445834784a
Update to Mockito 2.10.0
...
Issue: gh-4608
2017-10-09 16:13:11 -05:00
370fc48afe
Polish LogoutBuilder
...
Issue gh-4603
2017-10-06 16:37:11 -05:00
79e749790f
Add Reactive LogoutBuilder
...
Fixes gh-4541
2017-10-06 16:36:19 -05:00
c77cc72cd3
Fix EnableWebFluxSecurityTests
...
Fixes gh-4604
2017-10-06 16:28:57 -05:00
926ad45f21
Add default config for common OAuth2 Providers
...
Fixes gh-4597
2017-10-06 10:17:32 -04:00
29d36e4d16
Remove OAuth2ClientTemplatePropertiesLoader
...
Fixes gh-4598
2017-10-05 20:15:28 -04:00
1b7e761be4
Remove SecurityTokenRepository from AuthorizationCodeAuthenticationProvider constructor
...
Fixes gh-4591
2017-10-05 17:05:56 -04:00
eb320bfed4
AuthorizationCodeAuthenticationProcessingFilter -> AuthorizationCodeAuthenticationFilter
2017-10-05 16:40:12 -04:00
5c14e48b18
Add OAuth2UserAuthenticationProvider
...
Moved logic from AuthorizationCodeAuthenticationProvider
to OAuth2UserAuthenticationProvider (new) related to
loading user attributes via OAuth2UserService.
This re-factor is part of the work required for Issue gh-4513
2017-10-05 15:15:35 -04:00
f8a9077d5a
Generalize AuthorizationCodeAuthenticationProvider
...
The AuthorizationCodeAuthenticationProvider implements part of the
Authorization Code Grant flow as defined in
OAuth 2.0 Authorization Framework and OpenID Connect Core 1.0.
The implementation needs to be de-coupled to allow for better re-use and readability.
This commit introduces the AuthorizationGrantAuthenticator and extracts logic from
AuthorizationCodeAuthenticationProvider and provides different implementations
for OAuth 2.0 and OpenID Connect 1.0.
This re-factor is part of the work required for Issue gh-4513
2017-10-05 05:02:22 -04:00
fb57111ecd
redirect-uri property supports 'baseRedirectUrl' uri variable
...
Fixes gh-4589
2017-10-02 15:29:03 -04:00
66647070ab
Default login page supports Iterable<ClientRegistration>
...
Fixes gh-4596
2017-09-29 19:54:17 -04:00
99f06ca58c
HttpSecurity invokes configure(this)
...
Issue gh-4542
2017-09-29 16:04:47 -05:00
b3bd5ba946
Add Reactive HttpSecurity.addWebFilterAt
...
Fixes gh-4542
2017-09-29 16:04:35 -05:00
737c48de06
Polish
2017-09-29 14:13:02 -05:00
b9258aa6ee
Make AuthorizationRequestUriBuilder optional
...
Fixes gh-4577
2017-09-28 16:43:11 -04:00
9a8ddebc94
Use param matching for Authorization Response
...
Fixes gh-4576
2017-09-28 10:21:01 -04:00
8448a54678
Remove ClientRegistrationRepository.getRegistrations()
...
Fixes gh-4582
2017-09-28 07:02:59 -04:00
b463f8e6b5
Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()
...
Related gh-4580
2017-09-27 15:39:39 -04:00
814742fef6
Rename ClientRegistration.clientAlias -> registrationId
...
Fixes gh-4575
2017-09-27 09:14:55 -04:00
38be35677d
Add userNameAttributeName to ClientRegistration
...
Fixes gh-4580
2017-09-26 21:55:19 -04:00
0e9b2807bf
Split up NimbusOAuth2UserService
...
Fixes gh-4447
2017-09-26 11:32:49 -04:00
6d26b86792
Add UserDetailsRepositoryResourceFactoryBean.fromString
...
Fixes gh-4566
2017-09-22 20:18:59 -05:00
a4c2073bcd
Add UserDetailsManagerResourceFactoryBean.fromString
...
Fixes gh-4567
2017-09-22 20:18:59 -05:00
bc99f8aff3
Add UserDetailsResourceFactoryBean.fromString
...
Fixes gh-4568
2017-09-22 20:18:59 -05:00
8521ca8f94
Polish gh-4560
2017-09-21 17:21:41 -04:00
baa3b6f258
Add utility for loading properties of client types
...
Fixes gh-4560
2017-09-20 22:50:19 -04:00
8a66d0c78d
Polish PermissionEvaluator Autowired into Web Security
...
Issue gh-4077
2017-09-18 16:53:19 -05:00
3bf6bf10de
Configure permissionEvaluator and roleHierarchy by default
...
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).
Issue gh-4077
2017-09-18 16:35:16 -05:00
f8ee9944ff
Copyright date range
2017-09-18 11:18:46 -05:00
1f4082e754
Fix copyright lines
2017-09-18 11:11:25 -05:00
01d4387f56
Fix empty lines in copyright
2017-09-18 10:53:04 -05:00
3ecf3ea034
Fix double * in Copyright headers
2017-09-18 10:47:26 -05:00
e14af37775
Add LogoutWebFilter
...
Fixes gh-4539
2017-09-13 16:43:04 -05:00
426e24c18e
Polish
...
Formatting changes
2017-09-13 15:31:32 -05:00
65b968f04a
Move servlet-specific classes to 'web' package
...
Fixes gh-4366
2017-09-13 16:13:32 -04:00
0a36359f11
WebFlux HTTP Basic & Form Login Sessions
...
By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
2017-09-13 14:47:44 -05:00
3d745e63f6
HttpSecurityConfiguration applies all defaults
...
HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
2017-09-12 22:07:12 -05:00
b5edb58050
Polish reactive config
...
Code Checkstyle fixes
2017-09-12 21:56:09 -05:00
8b32b8db74
Polish
...
HeadersBuilder build is protected
2017-09-12 21:51:26 -05:00
d93c774691
Add FormLogin Configuration
...
Fixes gh-4537
2017-09-12 20:40:56 -05:00
a0a0a32bda
Add WebTestClient HtmlUnit Support
...
Fixes gh-4534
2017-09-12 20:40:56 -05:00
8d997fd079
Remove DefaultAuthenticationSuccessHandler
...
We always need to save the user after authentication, so it should be
part of AuthenticationWebFilter
Fixes gh-4524
2017-09-12 20:40:56 -05:00
4ff0b52f74
Remove HttpClientConfig
...
Issue gh-4478
2017-09-12 21:03:40 -04:00
d9bad2bc9d
Mono.currentContext()->subscriberContext()
...
Fixing refactoring by Reactor
2017-09-01 17:20:47 -05:00
be0081290b
EnableWebFluxSecurity uses PasswordEncoder Bean
2017-08-30 10:02:00 -05:00
9f2ea90f0d
Polish HttpSecurity
...
Code Style fixes
2017-08-29 20:34:20 -05:00
51ad53f76a
Remove Optional from Reactive HttpSecurity
2017-08-29 20:30:04 -05:00
20befc3702
Support .and() in Reactive HttpBasic & HeaderBuilder
2017-08-29 20:17:56 -05:00
c4917f359a
Fix for Reactor Refactor
...
- contextStart -> subscriberContext
2017-08-29 08:24:55 -05:00
bc6be86aec
Add in-memory AccessTokenRepository
...
Fixes gh-4508
2017-08-23 17:18:35 -04:00
91b0bd4ba5
Provide oauth2login.tokenEndpoint config
...
Fixes gh-4506
2017-08-23 17:18:01 -04:00
c06975080f
Allow configuring oauth2 authentication handlers
...
Fixes gh-4472
2017-08-23 17:17:34 -04:00
93c2b2533e
Allow configuring request paths for oauth2 filters
...
Fixes gh-4473
2017-08-23 17:17:01 -04:00
416ff3c77a
Add EnableReactiveMethodSecurity
...
Issue gh-4496
2017-08-17 16:42:01 -05:00
b0b9b32c0c
Add AuthenticationReactorContextFilter
...
Fixes gh-4501
2017-08-17 16:42:01 -05:00
e16b8e7976
Fix logback-test.xml
2017-08-17 16:42:01 -05:00
efc3cadd43
Fixed Circular Bean References in Java Config
...
Fixes gh-4489
2017-08-09 16:24:01 -05:00
bfaead6f68
Removal of ParsingPathMatcher
...
Changes needed for the removal of ParsingPathMatcher in Spring Framework
b1440b6816 (diff-972650c759c249004b9725f94b570db3R156)
2017-08-02 11:11:11 -05:00
c872499eee
Enable custom configuration for HTTP client
...
Fixes gh-4477
2017-07-28 16:43:44 -04:00
9b7883fe10
Add WEB_FILTER_CHAIN_FILTER_ORDER
...
Fixes gh-4475
2017-07-27 21:02:38 -05:00
96ae0fe8f8
Expose configuration for authorities mapping
...
Fixes gh-4409
2017-07-12 17:35:16 -04:00
9cfb890207
Use id_token for user authentication
...
Fixes gh-4410
2017-07-07 12:44:26 -04:00
0e100be333
Fix Groovy 2.5 Compile Errors
...
Fixes gh-4415
2017-06-22 13:31:21 -05:00
8130965259
Fixes for changes in SPR-15657
...
Fixes gh-4408
2017-06-20 16:42:24 -05:00
ca6348800e
HttpSecurity.authorizeExchange() allows Method Chaining
...
Fixes gh-4397
2017-06-15 15:50:30 -05:00
9d19b7337e
Ensure Unique Names
...
Issue: gh-4394
2017-06-15 13:00:59 -05:00
fda0220fad
Provide default reactive HttpSecurity
...
Fixes gh-4396
2017-06-15 13:00:19 -05:00
9141a8a7c0
Add Multiple Reactive HttpSecurity
...
Fixes gh-4395
2017-06-15 13:00:19 -05:00
406e1e6951
Extract out HttpSecurityConfiguration
...
Fixes gh-4394
2017-06-15 13:00:19 -05:00
335a01577a
Typo "he" -> "the"
2017-06-15 12:47:41 -05:00
30132892a0
Polish UserDetailsResourceFactoryBean Support
...
Issues: gh-4380 gh-4381 gh-4382
2017-06-13 15:15:21 -05:00
337317a060
WebFlux now uses ParsingPathMatcher
...
Fixes gh-4388
2017-06-09 22:25:45 -05:00
6428cb411e
Add UserDetailsRepositoryResourceFactoryBean
...
Add the ability to easily create a UserDetailsRepository from a Properties
in the standard Spring Security user format.
Fixes gh-4382
2017-06-09 16:07:18 -05:00
4cb77e5386
Add UserDetailsManagerResourceFactoryBean
...
Add the ability to easily create a UserDetailsManager from a Properties
in the standard Spring Security user format.
Fixes gh-4381
2017-06-09 16:07:18 -05:00
256d14ede0
Add UserDetailsResourceFactoryBean
...
Add the ability to create a Collection<UserDetails> from a Properties
Resource using the standard Spring Security user format.
Fixes gh-4380
2017-06-09 16:07:18 -05:00
d09fb5b500
Move UserDetailsRepository to core.userdetails
...
Fixes gh-4383
2017-06-09 16:07:09 -05:00
6c0ecea494
Use java.util.Function instead of Converter
...
Fixes gh-4323
2017-06-01 17:25:39 -04:00
e5eda24054
Add ServerWebExchangeMatcherEntry
2017-05-31 16:13:20 -05:00
68368c87ca
Resolve compile errors -> WebTestClient methods removed
...
Fixes gh-4355
2017-05-25 11:14:29 -04:00
bc141febdb
Demo mock support with RouterFunction
2017-05-23 16:29:30 -05:00
9e6b10ce46
Fix JavaDoc for HeadersConfigurer
...
Corrected copy-paste error.
2017-05-22 00:32:19 +02:00
247635ed92
WebFluxSecurityConfiguration defaults HTTP Basic
...
Fixes gh-4346
2017-05-19 21:50:06 -05:00
1cec497a50
Add method chaining for AuthorizeExchangeBuilder
...
Fixes gh-4345
2017-05-19 21:25:50 -05:00
0428cdd934
Add @EnableWebFluxSecurity
...
Fixes gh-4344
2017-05-19 21:11:42 -05:00
85719fcd64
Use Base64 implementation provided by Java 8
2017-05-10 00:27:36 -05:00
b4f2777755
Add WebFlux
...
Fixes gh-4128
2017-05-10 00:13:02 -05:00
829c386756
Add support for OAuth 2.0 Login
...
Fixes gh-3907
2017-04-28 10:58:59 -04:00
5a65da400d
Use ReflectionTestUtils rather than Whitebox
...
This is better because it no longer uses Mockito's internal API
Fixes gh-4305
2017-04-21 10:54:58 -05:00
f3edaa673a
Fix SecurityNamespaceHandler Version Error Message
...
Fixes gh-4210
2017-03-02 00:25:51 -06:00
546d44d6e7
Fix NPE in WebSocketMessageBrokerSecurityBeanDefinitionParser
...
Fixes gh-4112
Closes gh-4194
2017-03-01 23:58:02 -06:00
2ac51c9c7f
Fix class name in comment
2017-03-01 23:31:32 -06:00
9c03571bbb
Use message in all Assert
...
This ensures compatibility with Spring 5.
Fixes gh-4193
2017-01-30 19:58:24 -06:00
7a7ce11ebb
Release version 4.2.1.RELEASE
2016-12-21 17:23:28 +00:00
fc516b55a6
Fix Build Against Spring 5.0.0.BUILD-SNAPSHOT
...
Change Bean definition to static to avoid SPR-12646
Fixes gh-4150
2016-12-08 15:54:46 -06:00
f94399cff9
Polish
2016-11-17 09:49:41 -06:00
Rob Winch
Joe Grandja
Johnny Lim
bbelovic
shazin.sadakath@gmail.com
Craig Andrews
stonio
Thomas Darimont
Vedran Pavic
Rob Winch
Joris Kuipers
Kazuki Miyahara
Spring Buildmaster