Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,679 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

2450 Commits

Author SHA1 Message Date
Lóránt Pintér f7beb537f0 Add included build to JAR 
Instead of copying classes to the compile output, we now add them directly to the JAR.
This allows JavaCompile to be cached, since there are no overlapping outputs anymore.
 2018-02-02 11:50:00 -06:00
Rob Winch 8b7f772761 Update to Jackson 2.9.4 
Fixes: gh-4985
 2018-02-01 13:45:06 -06:00
Rob Winch 994abb0d00 Document User.withDefaultPasswordEncoder unsafe for production 
Fixes: gh-4793
 2018-01-31 16:26:26 -06:00
Rob Winch f7e49ace9f Add TestAuthentication 2018-01-26 15:13:09 -06:00
Rob Winch c5e6ee4563 Update Dependencies 
Fixes: gh-4973
 2018-01-24 13:48:14 -06:00
Rob Winch 6ba225b62d Polish userNotFoundEncodedPassword 
Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.

Issue: gh-4915
 2018-01-24 11:06:08 -06:00
Phillip Webb fd78d055aa Lazily initialize userNotFoundEncodedPassword 
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes gh-4915
 2018-01-24 11:06:08 -06:00
Johnny Lim f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Rob Winch 803cdcf01e Test Jackson HashMap in Whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Chris Burrell cf97e16379 Add HashMap to Jackson whitelist 
Issue: gh-4889
 2018-01-03 16:17:23 -06:00
Rob Winch b9152701a6 Javadoc Polish 2017-12-21 16:43:11 -06:00
Johnny Lim 921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Rob Winch c856c376df Fix UTF-8 in JdbcDaoImplTests 2017-12-20 15:50:23 -06:00
Joe Grandja e19fdb6cc1 Remove AuthenticatedPrincipal from UserDetails 
Issue gh-4877
 2017-11-30 10:52:24 -05:00
Joe Grandja 50d1a81458 AbstractAuthenticationToken.getName() uses UserDetails.getUsername() 
Fixes gh-4877
 2017-11-30 09:17:42 -05:00
Rob Winch ee1745b681 Update to Spring Framework 5.0.2.RELEASE 2017-11-27 11:57:03 -06:00
Rob Winch 691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder 
Issue: gh-4873
 2017-11-27 11:42:56 -06:00
Johnny Lim 701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim 5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Oleg Zhuravlev 563139c469 Fix keys in messages bundle 2017-11-16 11:28:57 -06:00
Benedikt Ritter fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch 6d4b4bf2c7 Align Dependencies with Spring IO Cairo 
Fixes gh-4821
 2017-11-14 13:45:24 -06:00
Johnny Lim 99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch d9abd2e443 User.UserBuilder only encodes once 
Fixes gh-4794
 2017-11-06 09:47:37 -06:00
Greg Turnquist 881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details 
Resolves #4698
 2017-10-31 16:34:07 -05:00
Rob Winch e95430fa36 Polish Reactive Method Security reference 
Issue gh-4757
 2017-10-30 16:27:50 -05:00
Gajendra kumar ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster 
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
 2017-10-30 01:08:15 -05:00
Frank Pavageau 35706ad60a Deserialize the principal in a neutral way 
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
 2017-10-30 00:53:31 -05:00
Frank Pavageau 6fd9ff254b Map values directly from the JSON nodes 
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
 2017-10-30 00:53:31 -05:00
Antoine 0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch 44320447fe Update to Spring 5.0.1.RELEASE 
Issue gh-4739
 2017-10-29 14:31:45 -05:00
Rob Winch 747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch 9ea4df5b5d ReactiveSecurityContextHolder 
Fixes gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch 399da1ecad SecurityContextImpl constructor 
Fixes gh-4712
 2017-10-26 20:11:42 -05:00
Rob Winch 38a8189a62 DelegatingApplicationListener uses CopyOnWriteArrayList 
Fixes gh-4416
 2017-10-24 15:35:04 -05:00
Rob Winch 8291f20796 DaoAuthenticationProvider uses DelegatingPasswordEncoder 
This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
 2017-10-24 07:56:28 -05:00
Rob Winch d19b222b55 UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder 
This means passwords will be encoded with BCrypt by default

Issue: gh-2775
 2017-10-24 07:56:28 -05:00
Rob Winch cdc992b132 Remove SaltSource 
Fixes gh-4681
 2017-10-24 07:56:28 -05:00
Rob Winch 4529e09339 Remove PasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch 6c69333df6 Remove PasswordEncoderUtils from core 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch 3a4a32e654 Remove LdapShaPasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:56:20 -05:00
Rob Winch 6a3e981c80 Remove BaseDigestPasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:55:40 -05:00
Rob Winch a8aa65b828 Remove Md4PasswordEncoder from core 
Issue: gh-4674
 2017-10-24 07:55:32 -05:00
Rob Winch 2dc4e326be Remove MessageDigestPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch 12dbf2e961 Remove PlainTextPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch 40fd8d7aa7 Remove ShaPasswordEncoder from core 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00