Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 06:58:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,280 Commits 33 Branches 337 Tags
Commit Graph

496 Commits

Author SHA1 Message Date
Martin Vietz
0486d5add9 scopes_supported metadata not used as default in ClientRegistrations 
Closes gh-8514
 2020-08-20 08:09:54 -04:00
Phillip Webb
27ac046d8a Rename *Test.java -> *Tests.java 
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
 2020-08-10 16:24:44 -05:00
Joe Grandja
1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1" 
This reverts commit f3a1e5d40c11169d4ec6c50eba30cf4ed3ba2851.
 2020-08-05 14:59:11 -04:00
Joe Grandja
f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Joe Grandja
3bc0b8c144 Revert "Fix snapshot build failure related to reactor-netty" 
This reverts commit f37714a26fb2cc8a93cb1d5259a00c4c0934dd59.
 2020-08-04 14:24:32 -04:00
Joe Grandja
f37714a26f Fix snapshot build failure related to reactor-netty 
Closes gh-8909
 2020-08-04 14:17:03 -04:00
Joe Grandja
8146b1fdda Deprecate CustomUserTypesOAuth2UserService 
Closes gh-8908
 2020-08-04 13:23:44 -04:00
Joe Grandja
73e550a867 Polish gh-8906 2020-08-04 11:16:26 -04:00
Joe Grandja
0ed919f072 Deprecate ClientRegistration.redirectUriTemplate 
Closes gh-8906
 2020-08-04 11:03:29 -04:00
Joe Grandja
a0c10f2df6 Allow for custom ClientRegistration.clientAuthenticationMethod 
Closes gh-8903
 2020-08-04 08:48:56 -04:00
Joe Grandja
4e5a304a8a Remove use of Mono.deferWithContext() 
Closes gh-8901
 2020-08-04 07:26:32 -04:00
Dennis Neufeld
de572be8e9 Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:14:45 -04:00
Joe Grandja
b69bcf88e0 Improve error message when invalid content-type for UserInfo response 
Closes gh-8764
 2020-07-09 14:10:14 -04:00
Josh Cummings
146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2" 
This reverts commit 68538897c83a7ce8db0ec7275dbd10b1a548498f.
 2020-07-01 13:11:50 -06:00
Josh Cummings
68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
Eleftheria Stein
eb7b27695d Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:12:55 +02:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 17:28:21 -04:00
Joe Grandja
4c902bb857 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 17:28:21 -04:00
Josh Cummings
1d821a2664
Add Ticket Number to Test 
Issue gh-8650
 2020-06-05 14:24:49 -06:00
Erik Bakker
cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Parikshit Dutta
28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Joe Grandja
86ca6b013c Unlock dependencies 
This reverts commit 206960cf448b38e643045468b2291e66bfbbd4a9.
 2020-05-06 17:27:35 -04:00
Joe Grandja
206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Stav Shamir
a783fbc641 Support update when saving with JdbcOAuth2AuthorizedClientService 
Before this commit, JdbcOAuth2AuthorizedClientService threw DuplicateKeyException when re-authorizing or when authorizing the same user from a different client.

This commit makes JdbcOAuth2AuthorizedClientService's saveAuthorizedClient method consistent with that of InMemoryOAuth2AuthorizedClientService.

Fixes gh-8425
 2020-04-29 07:37:57 -04:00
Daniel Furtlehner
32ce94d2dd Validate ID Token Issuer 
When the issuer is set in the provider metadata, we validate the iss
field of the ID Token against it.

The OpenID Connect Specification says this must always be validated.
But this would be a breaking change for applications configured other
than with ClientRegistrations.fromOidcIssuerLocation(issuer). This will
be done later with #8326

Fixes gh-8321
 2020-04-21 20:30:01 -04:00
Antonin Arquey
5cd1ec7bb3 Add AuthoritiesMapper setter for reactive OAuth2Login 
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login

- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
  and OAuth2LoginReactiveAuthenticationManager

- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager

Fixes gh-8324
 2020-04-17 16:55:05 -04:00
Ruby Hartono
71b4248fe6 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 20:55:43 -04:00
Martin Nemec
75c05d0bb4 OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 05:58:28 -04:00
Joe Grandja
46baf38f59 Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer 
Fixes gh-8177
 2020-03-24 13:44:09 -04:00
Joe Grandja
a9dabf6efb Assign sensible default for OAuth2AuthorizedClientProvider 
Fixes gh-8150
 2020-03-19 11:44:30 -04:00
Josh Cummings
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE 
This reverts commit 147d7dadd7e449e1e8347f9a0b3959c7abf095dc.
 2020-03-04 12:02:48 -07:00
Josh Cummings
147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
Josh Cummings
968ebb194b
baseUrl placeholder for OidcLogoutSuccessHandlers 
Fixes gh-7842
 2020-02-25 13:35:50 -07:00
Joe Grandja
fa73b1397a Add missing @FunctionalInterface in oauth2 modules 
Fixes gh-8020
 2020-02-24 11:53:30 -05:00
Joe Grandja
3e5600f83f Add configurable Clock in OidcIdTokenValidator 
Fixes gh-8019
 2020-02-24 11:21:03 -05:00
Joe Grandja
7734d049eb Polish javadoc gh-7511 2020-02-24 10:35:58 -05:00
Joe Grandja
d32c98b1c5 Add OAuth2AuthorizeRequest.Builder.principal(String) 
Fixes gh-8018
 2020-02-24 09:58:38 -05:00
Joe Grandja
c6da7b2dd6 Polish gh-7840 2020-02-24 09:28:00 -05:00
Joe Grandja
65b5d468fb Deprecate UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-8016
 2020-02-24 06:50:58 -05:00
Joe Grandja
4e2f1988f2 Polish Fix package tangles 
Issue #7699 #7840
 2020-02-24 06:42:00 -05:00
Joe Grandja
82cd203791 Remove unnecessary mocking 
Fixes gh-8012
 2020-02-23 19:35:16 -05:00
Joe Grandja
c8cc9717c9 Fix package tangles 
Issue #7699 #7840
 2020-02-23 07:24:36 -05:00
Joe Grandja
f2da2c56be Resolve OAuth2Error from WWW-Authenticate header 
Issue gh-7699
 2020-02-21 15:12:58 -05:00
Joe Grandja
69156b741d Add OAuth2Authorization success/failure handlers 
Fixes gh-7840
 2020-02-21 15:12:58 -05:00
Joe Grandja
23ce717380 Simplify customizing OAuth2AuthorizationRequest 
Fixes gh-7696
 2020-02-19 06:22:07 -05:00
Joe Grandja
de8b558561 Add JDBC implementation of OAuth2AuthorizedClientService 
Fixes gh-7655
 2020-02-13 12:17:29 -05:00
Joe Grandja
0809c04aa2 OAuth2AuthorizationCodeGrantWebFilter matches on query parameters 
Fixes gh-7966
 2020-02-10 15:11:04 -05:00