Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,572 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

892 Commits

Author SHA1 Message Date
Josh Cummings 14584b0562
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-10-05 23:50:54 -06:00
Marcus Da Coregio 7f0140278e Add native hint for OAuth2 Client's schemas 
Closes gh-11920
 2022-09-29 10:01:51 -03:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg 7527fd811c
Merge branch '5.8.x' 2022-09-26 09:56:55 -05:00
Steve Riesenberg bbac85e20b Reduce severity of invalid registrationId to warn 
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
 2022-09-26 09:56:20 -05:00
Josh Cummings ae6fb8c681
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 16:31:22 -06:00
Josh Cummings 37a160245f
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-23 16:31:21 -06:00
Josh Cummings 53dbcfd457
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 12:06:59 -06:00
Steve Riesenberg 3c66ef6305
Change default SecurityContextRepository 
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.

Closes gh-11026
 2022-09-22 17:31:14 -05:00
Josh Cummings 70460ca009
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-20 17:44:05 -06:00
Marcus Da Coregio fee1ffa422 Fix JSONObject and JSONArray imports in tests 
Issue gh-11858
 2022-09-16 15:57:43 -03:00
Steve Riesenberg 67a00bcaa0
Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Steve Riesenberg c6458c35aa
Merge branch '5.8.x' 2022-09-14 15:12:21 -05:00
Daniel Garnier-Moiroux bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Steve Riesenberg 2431dd1103
Merge branch '5.8.x' 2022-09-13 17:38:10 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Rob Winch f84f08c4b9 Default HttpSessionRequestCache.matchingRequestParameterName=continue 
Closes gh-11757
 2022-08-26 14:44:55 -05:00
Rob Winch 32dbaceec5 Fix mockito 4.7.0 merge 
Issue gh-11748
 2022-08-24 08:58:00 -05:00
Rob Winch 670b71363d Merge branch '5.8.x' 
Closes gh-11749
 2022-08-23 16:03:50 -05:00
Rob Winch 2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Steve Riesenberg 51dc672625
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:48:42 -05:00
tinolazreg d1c742d7aa
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:48:41 -05:00
Steve Riesenberg 9c02e835e8 Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:42:57 -05:00
tinolazreg 3e73fa6954 Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:42:57 -05:00
Igor Bolic 2e66b9f6cc Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:44:01 -05:00
Igor Bolic efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Joe Grandja b5b3ddd6b4 Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:45:00 -04:00
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Joe Grandja 6ee1643bae Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11589
 2022-07-15 15:13:40 -04:00
Joe Grandja 054791c26c Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11588
 2022-07-15 15:12:39 -04:00
Joe Grandja 65db5fa028 Remove deprecations in JwtAuthenticationConverter 
Closes gh-11587
 2022-07-15 14:43:08 -04:00
Joe Grandja 1ac6054e6f Remove deprecations in OidcUserInfo 
Closes gh-11586
 2022-07-15 14:42:54 -04:00
Joe Grandja 6b41faaf55 Remove deprecations in ClaimAccessor 
Closes gh-11585
 2022-07-15 14:42:33 -04:00
Joe Grandja 0859da5590 Remove deprecations in OAuth2AuthorizedClientArgumentResolver 
Closes gh-11584
 2022-07-15 14:42:03 -04:00
Joe Grandja 743b6a5bfe Remove deprecations in OidcClientInitiatedLogoutSuccessHandler 
Closes gh-11565
 2022-07-15 14:04:09 -04:00
Joe Grandja cae22867b2 Remove deprecated allowMultipleAuthorizationRequests 
Closes gh-11564
 2022-07-15 13:50:30 -04:00
Joe Grandja 0e291a3295 Remove deprecations in AuthorizationRequestRepository 
Closes gh-11519
 2022-07-15 08:15:52 -04:00
Joe Grandja e12823095f Remove deprecations in ClientRegistration 
Closes gh-11518
 2022-07-15 08:15:30 -04:00
Joe Grandja 61b034bf69 Remove deprecations in AbstractOAuth2AuthorizationGrantRequest 
Closes gh-11517
 2022-07-15 08:14:56 -04:00
Joe Grandja be58e2ac49 Remove deprecations in ClientAuthenticationMethod 
Closes gh-11516
 2022-07-15 07:45:33 -04:00
Joe Grandja 8c12c3dad0 Remove deprecated converters in OAuth2AccessTokenResponseHttpMessageConverter 
Closes gh-11513
 2022-07-14 16:55:53 -04:00
Joe Grandja 746d27eab1 Remove deprecated NimbusAuthorizationCodeTokenResponseClient 
Closes gh-11512
 2022-07-14 16:32:21 -04:00
Joe Grandja 42683693c0 Remove deprecated CustomUserTypesOAuth2UserService 
Closes gh-11511
 2022-07-14 14:28:41 -04:00
Joe Grandja 67b27a41c3 Remove deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Closes gh-11508
 2022-07-14 12:10:58 -04:00
Joe Grandja f5a436df80 Remove deprecated NimbusJwtDecoderJwkSupport 
Closes gh-11507
 2022-07-14 12:09:59 -04:00
Joe Grandja a3326fc0ee Remove deprecated implicit authorization grant type 
Closes gh-11506
 2022-07-14 10:05:15 -04:00
Joe Grandja 7df9c6eba5 Use OAuth2Token instead of AbstractOAuth2Token 
Closes gh-10959
 2022-07-13 16:48:28 -04:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor 
Closes gh-11499
 2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00