d1492afc0c
Replace deprecated Gradle Task method in AspectJPlugin.groovy
...
This commit ensures that the method Task.deleteAllActions is not used
Fixes: gh-6128
2018-11-22 23:18:14 -06:00
e60e17109c
Update to Gradle 4.10.2
...
Fixes gh-6106
2018-11-21 09:57:26 -06:00
2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose
...
Issue: gh-6025
2018-11-20 14:02:10 -07:00
9ee291e659
AesBytesEncryptorTests Check Key Strength
...
Fixes: gh-6121
2018-11-20 11:45:45 -07:00
7232dabd48
Update to oauth2-oidc-sdk:6.2
...
Fixes: gh-6101
2018-11-20 11:05:27 -07:00
3a43ed8f1c
Register NullRequestCache When Disabled
...
Fixes: gh-6102
2018-11-20 07:15:09 -07:00
80e13bad41
Remove PowerMock from oauth2-client
...
Issue: gh-6025
2018-11-19 18:09:00 -07:00
39933b10ff
Add scopes method to TestOAuth2AccessTokens
...
Issue: gh-6025
2018-11-19 18:06:40 -07:00
f6414e9a52
Make InMemory*ClientRegistrationRepository Consistent
...
The previous builders with the list argument were inconsistent with their
respective builders of var args.
2018-11-19 15:09:30 -06:00
e1d68e4f6b
WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code
...
This ensures that token response is only extracted when ClientResponse has a successful status
Fixes: gh-6089
2018-11-19 10:50:33 -06:00
f30fcdda6b
RequestCacheConfigurerTests groovy->java
...
Issue: gh-4939
2018-11-16 15:40:12 -07:00
686393ed5c
ExceptionHandlingConfigurerTests groovy->java
...
Issue: gh-4939
2018-11-16 14:51:26 -07:00
1ea73e7d8e
Jwt Decoder Local Key Configuration
...
Adds support for configuring Resource Server DSL with a local public
key.
Fixes: gh-5131
2018-11-16 13:07:19 -06:00
75a2c2b729
OAuth2AccessTokenResponseBodyExtractor supports Object values
...
This commit ensures the token response is parsed correctly if the values are not a String.
Fixes: gh-6087
2018-11-15 13:23:36 -06:00
808fbfa161
Update webflux-form sample to use Built in CSRF Support
...
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5
Issue: gh-6061
2018-11-14 17:38:37 -06:00
d28e32b000
NimbusJwtDecoder Builder
...
A Builder to simply common construction patterns for NimbusJwtDecoder
Issue: gh-6010
2018-11-14 15:53:47 -06:00
fbcf48cea0
Low-level Nimbus Jwt Decoder
...
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.
Fixes: gh-5648
2018-11-14 15:53:47 -06:00
db5e54266c
#3912 lazyBean method respects @Primary annotation
2018-11-14 14:31:29 -06:00
b2c2f84f00
Fix Typo in Reference Docs
...
Fixes gh-6076
2018-11-14 11:36:27 -06:00
ac026e23fe
Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE
2018-11-14 10:51:38 -06:00
b5455b0bec
Make AesByesEncryptor public
...
Fixes: gh-5099
2018-11-13 16:05:59 -07:00
13de580632
AesBytesEncryptorTests
...
Issue: gh-5099
2018-11-13 16:03:47 -07:00
95c824cb2a
Upgrade to neko-htmlunit 2.33
2018-11-13 15:48:52 -06:00
ae74f22e30
Reactive Jwt Claim Set Converter Support
...
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.
Fixes: gh-6015
2018-11-13 15:31:08 -06:00
11b6b63364
Docs: Fix Maven Property example `spring-security.version`
2018-11-13 15:08:00 -06:00
2769b7ffb0
Leave Issuer As String - Documentation
...
Update documentation that indicated the iss claim is proactively
coerced into a URL.
Issue: gh-6073
2018-11-13 12:40:41 -07:00
19649db9ce
Leave Issuer As String
...
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.
Issue: gh-6073
2018-11-13 11:39:15 -07:00
c70b65c5df
Favor URL.toExternalForm
...
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().
Fixes: gh-6073
2018-11-13 08:20:18 -07:00
a32d19ec7d
Polish NimbusReactiveJwtDecoderTests
...
Issue: gh-5650
2018-11-12 15:04:00 -07:00
8eedb3919e
Policy OAuth2ResourceServerSpecTests
...
Issue: gh-6052
2018-11-12 15:01:15 -07:00
dca3645850
Update to spring-build-conventions:0.0.22.RELEASE
...
Fixes: gh-6064
2018-11-09 10:55:35 -07:00
898d005a53
InMemoryUserDetailsManager.updatePassword case-insenstive
...
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.
This commit updates updatePassword to be case insensitive.
Fixes: gh-6039
2018-11-09 11:39:58 -06:00
3a6582d2a6
Fix csrf:token-repository-ref XSD documentation
...
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.
Fixes gh-6037
2018-11-08 10:14:49 -06:00
9a13f9acde
Custom Bearer Token Error Handling Support
...
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.
Fixes: gh-6052
2018-11-07 16:29:56 -06:00
78e27ca17f
Update Reactive Resource Server Docs
...
Resource Server documentation for both Servlet and Reactive now have a
similar feel and offer deeper exposure to common use cases.
Fixes: gh-6054
2018-11-07 12:05:21 -07:00
8a475e39be
Write Security Headers Before Servlet Include
...
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.
Fixes: gh-5499
2018-10-31 09:27:25 -05:00
ccc4e1c876
Made AclClassIdUtils genuinely package level by injecting the conversionService instead of AclClassIdUtils
...
Fixes gh-4814
2018-10-31 09:24:35 -05:00
2c362456fd
AclClassIdUtils should be public
...
Fixes gh-4814
2018-10-31 09:24:35 -05:00
75e7e099ab
MiscHttpConfigTests groovy->java
...
Issue: gh-4939
2018-10-30 12:58:20 -06:00
7d3302f52b
Polish Test Name
...
So that it adheres to methodNameWhenConditionThenVerification naming
convention.
Issue: gh-3743
2018-10-30 10:20:37 -06:00
50d26c9d28
Polish Logging and Tests
...
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.
Issue: gh-3743
2018-10-30 10:18:16 -06:00
92e68a589a
PostFilter Support for Streams
...
Users can return a Stream from a @PostFilter-annotated method.
Fixes: gh-3743
2018-10-30 10:17:16 -06:00
e1c7dd6480
Add JDK 11 to Jenkins
...
Fixes: gh-5860
2018-10-25 17:10:50 -06:00
42b111fba6
JDK 11 Compatibility
...
Upgraded dependencies and removed a test in the Java Config LDAP
sample which is arguably an integration test since it starts up an
LDAP container. This test also isn't JDK 11 compatible and the
remaining integration tests in the sample cover the same material.
Issue: gh-5860
2018-10-25 17:10:50 -06:00
a96893a42a
Remove charset from Accept header in UserInfo request
...
Fixes gh-6017
2018-10-25 12:56:45 -04:00
52be2839ca
Migraged unit test from groovy to java
...
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java
gh-4939
2018-10-23 20:04:42 -05:00
8ef65ce5c5
Set AuthenticationEventPublisher on each AuthenticationManagerBuilder
...
Fixes gh-6009
2018-10-23 14:08:23 -04:00
7a94931514
Polish javadoc
2018-10-23 08:45:06 -04:00
551ea66ce3
Migrated unit test TldTests.groovy to TldTests.java
...
Moved unit test TldTests#testTldVersionIsCorrect from groovy to java.
gh-4939
2018-10-22 11:55:34 -05:00
f56f55dc8e
Fix BCrypt Checkstyle
...
Issue: gh-3320
2018-10-22 11:18:52 -05:00
Rafael Dominguez
Josh Cummings
Satish Sharma
dperezcabrera
Daniel Bustamante Ospina
Karl Goffin
Dongmin Shin
Krzysztof Szmytkowski
Johnny Lim
Gunnar Hillert
Erik van Paassen
Paul Wheeler
Joe Grandja
Bob Maertz
Rob Winch