Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-21 16:30:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,458 Commits 49 Branches 379 Tags
Commit Graph

498 Commits

Author SHA1 Message Date
ir73
9a357f8cb6 Moved CachingUserDetailsService to spring-core 
Made CachingUserDetailsService constructor public and moved to spring-core to make it easier to configure caching in UserDetailsService

Fixes gh-4139
 2018-12-11 13:22:08 -06:00
Dongmin Shin
56eb658eae RoleVoter Configuration Defaults Prefix Using GrantedAuthorityDefauts 
Fixes: gh-4876
 2018-12-07 14:17:44 -06:00
Ankur Pathak
8b3fb55aea Added methods to add filter relatively in ServerHttpSecurity 
Addition of two new methods addFilterBefore and addFilterAfter in
ServerHttpSecurity to allow addition of WebFilter before and after of
specified order

Fixes: gh-6138
 2018-12-04 13:29:53 -06:00
Eric Deandrea
be423debfd ServerAuthenticationConverter should be configurable 
Fixes gh-6186
 2018-11-29 14:37:22 -07:00
Josh Cummings
3a43ed8f1c Register NullRequestCache When Disabled 
Fixes: gh-6102
 2018-11-20 07:15:09 -07:00
Josh Cummings
f30fcdda6b
RequestCacheConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 15:40:12 -07:00
Josh Cummings
686393ed5c
ExceptionHandlingConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 14:51:26 -07:00
Josh Cummings
1ea73e7d8e Jwt Decoder Local Key Configuration 
Adds support for configuring Resource Server DSL with a local public
key.

Fixes: gh-5131
 2018-11-16 13:07:19 -06:00
Josh Cummings
d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Karl Goffin
db5e54266c #3912 lazyBean method respects @Primary annotation 2018-11-14 14:31:29 -06:00
Josh Cummings
8eedb3919e
Policy OAuth2ResourceServerSpecTests 
Issue: gh-6052
 2018-11-12 15:01:15 -07:00
Josh Cummings
9a13f9acde Custom Bearer Token Error Handling Support 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
 2018-11-07 16:29:56 -06:00
Josh Cummings
75e7e099ab
MiscHttpConfigTests groovy->java 
Issue: gh-4939
 2018-10-30 12:58:20 -06:00
Bob Maertz
52be2839ca Migraged unit test from groovy to java 
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java

gh-4939
 2018-10-23 20:04:42 -05:00
Joe Grandja
8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder 
Fixes gh-6009
 2018-10-23 14:08:23 -04:00
Josh Cummings
bd9e3877f9 JDK 10 Compatibility 
Upgrading dependencies and reconfiguring PowerMock

Issue: gh-5860
 2018-10-17 15:03:42 -05:00
Joe Grandja
921abefaa2 Remove address and phone scope from CommonOAuth2Provider.OKTA 
Fixes gh-5987
 2018-10-17 11:50:34 -04:00
Josh Cummings
22bd8f1c1f Reactive Jwt Authentication Converter Support 
Fixes: gh-5092
 2018-10-15 11:55:12 -05:00
Rob Winch
93ca455405 OAuth2LoginAuthenticationFilter ignores authenticated Users 
This ensures that OAuth2 Client support works with the same log in URL as
oauth2 login.

Fixes: gh-5915
 2018-10-12 16:29:27 -05:00
Eric Deandrea
b060ec050a Automatically add CsrfServerLogoutHandler if csrf enabled 
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled

Fixes gh-5337
 2018-09-21 00:59:36 -05:00
Vedran Pavic
79828d4f7b Polish WebFlux Referrer-Policy header config 2018-09-20 17:14:16 -05:00
Josh Cummings
73c1abbba0
EnableGlobalMethodSecurity Misconfiguration Check 
This polishes the EnableGlobalMethodSecurity misconfiguration check to
not error if the user has specified a custom method security metadata
source.

Issue: gh-5341
 2018-09-20 07:55:03 -06:00
artsiom
1e864ad764
Validate @EnableGlobalMethodSecurity usage 
Fixes: gh-5341
 2018-09-20 07:55:03 -06:00
Joe Grandja
8b0a3a760c Use providedSessionAuthenticationStrategy 
Fixes gh-5763
 2018-09-19 07:04:49 -04:00
Rob Winch
72301e548a Reactive OAuth2 DSL Customizations 
Fixes: gh-5855
 2018-09-17 21:21:36 -05:00
Rob Winch
68bc649a45 Fix XsdDocumentedTests 
Issue: gh-5836
 2018-09-12 19:56:30 -05:00
Johnny Lim
42327a0aec Polish OAuth2ResourceServerConfigurerTests 2018-09-10 13:24:16 -06:00
Josh Cummings
2c982a4168 Reactive Redirect to Https 
This introduces the capability to configure Reactive Spring Security
to upgrade requests to HTTPS

Fixes: gh-5749
 2018-09-07 14:25:58 -05:00
Rob Winch
07b6699fd9 ServerWebExchangeReactorContextWebFilter 
Fixes: gh-5779
 2018-09-07 08:49:27 -05:00
Josh Cummings
932ea245fb AuthenticationManager for OAuth2ResourceServerSpec 
This makes the AuthenticationManager used by the OAuth2 Resource
Server configurable, focusing at this point on the Jwt use case.

Fixes: gh-5750
 2018-09-05 09:19:11 -05:00
Josh Cummings
25d1f49d84
Remove Resource Server's Session Policy Config 
Resource Server doesn't need to set the session policy for the
application to STATELESS since it can rely on the
SessionManagementFilter ignoring token's annotated with @Transient,
which a JwtAuthenticationToken is.

Fixes: gh-5759
 2018-09-04 14:55:40 -06:00
Josh Cummings
8510e9a285 Reactive Resource Server insufficient_scope 
This introduces an implementation of ServerAccessDeniedHandler that is
compliant with the OAuth 2.0 spec for insufficent_scope errors.

Fixes: gh-5705
 2018-08-31 10:33:11 -05:00
Vedran Pavic
cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Josh Cummings
68d836d508 Reactive Resource Server Csrf Bypass 
This makes requests identified as bearer token requests skip the csrf
filter.

Fixes: gh-5710
 2018-08-24 09:44:01 -05:00
Josh Cummings
cba2444e1a ServerHttpSecurity ReactiveJwtDecoder discovery 
This makes so that WebFlux OAuth 2.0 Resource Server configuration
will pick up a ReactiveJwtDecoder exposed as a bean.

Fixes: gh-5720
 2018-08-23 15:12:14 -05:00
Josh Cummings
0fdc081ab5 Add unit tests 
Added some unit tests around some untested parts of the code that I
will be touching for this issue.

Issue: gh-5720
 2018-08-23 15:11:40 -05:00
Joe Grandja
ff6e1232c8 Flatten HttpSecurity.oauth2() 
Fixes gh-5715
 2018-08-22 05:58:04 -04:00
Joe Grandja
0f89e59707 Simplified oauth2().client() DSL 
Fixes gh-5662
 2018-08-22 04:45:35 -04:00
Rob Winch
0dc80aed40 Flatten ServerHttpSecurity.oauth2() 
Fixes: gh-5712
 2018-08-21 15:48:41 -05:00
Vedran Pavic
f382b69507 Add reactive support for Referrer-Policy security header 2018-08-20 10:10:59 -05:00
Vedran Pavic
10621a0f2c Add reactive support for Content-Security-Policy security header 2018-08-20 10:03:42 -05:00
Vedran Pavic
29cfc3dd1d Add reactive support for Feature-Policy security header 
Closes gh-5672
 2018-08-20 09:02:12 -05:00
Rob Winch
b9ab4929b7 Add OAuth2AuthorizationCodeGrantWebFilter 
Issue: gh-5620
 2018-08-19 21:12:41 -05:00
Rob Winch
b02ce59188 TestClientRegistrations 
Fixes: gh-5651
 2018-08-19 21:08:02 -05:00
Rob Winch
46f71cc232 Update to assertj 3.11.0 
Fixes: gh-5686
 2018-08-17 21:10:47 -05:00
Josh Cummings
d610f31425 Jwt -> Authentication Conversion 
Exposes ability to specify a strategy for converting Jwt into an
Authentication, specifically in JwtAuthenticationProvider.

Fixes: gh-5629
 2018-08-17 11:04:27 -05:00
Rob Winch
938dbbf424 Add OAuth2AuthorizationRequestResolver.resolve(HttpServletRequest,String) 
Previously there was a tangle between
DefaultOAuth2AuthorizationRequestResolver and
OAuth2AuthorizationRequestRedirectFilter with
AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME

This commit adds a new method that can be used for resolving the
OAuth2AuthorizationRequest when the client registration id is known.

Issue: gh-4911
 2018-08-16 20:41:13 -05:00
Josh Cummings
7c524aa0c8 Jwt Claim Validation 
This introduces OAuth2TokenValidator which allows the customization of
validation steps that need to be performing when decoding a string
token to a Jwt.

At this point, two validators, JwtTimestampValidator and
JwtIssuerValidator, are available for use.

Fixes: gh-5133
 2018-08-16 13:19:26 -05:00
Josh Cummings
a4bd0d3923
OIDC Provider Configuration - ClientRegistrations 
OIDC Provider Configuration is now being used to create more than just
ClientRegistration instances. Also, the endpoint is being addressed in
more contexts than just the client.

To that end, this refactors OidcConfigurationProvider in the config
project to ClientRegistrations in the oauth2-client project.

Fixes: gh-5647
 2018-08-14 13:26:46 -06:00
Josh Cummings
950a314c9f
RememberMeConfigTests groovy->java 
Issue: gh-4939
 2018-08-10 11:17:54 -06:00