Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,948 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

7948 Commits

Author SHA1 Message Date
Lars Grefer fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer 05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Josh Cummings 3a831820f6
Polish LdapUserDetailsManagerModifyPasswordTests 
Issue gh-3392
 2019-08-07 14:37:46 -06:00
Josh Cummings 65f6025cef
Polish OAuth2LoginConfigurer 
Improve way of accessing ApplicationContext to ensure backward
compatibility.

Issue gh-7232
 2019-08-07 13:25:38 -06:00
Josh Cummings a00ad37168
OAuth2LoginConfigurer UserService Beans 
Fixes gh-7232
 2019-08-07 10:58:23 -06:00
Lars Grefer f5cd0ec302 Use try-with-resources instead of try-finally 2019-08-06 15:33:04 -05:00
Jeffrey Morlan a17d66463d Fix race condition in SessionRegistryImpl 
Adding/removing sessions from principals wasn't atomic. If one thread
removed the last session from a principal while another thread added a
new one, the addition could be lost.

Fixes gh-3189
 2019-08-06 13:45:50 -05:00
Henrique Luis Schmidt da62c31fdc Add test examples for the resource server sample 
- Add a post endpoint in /messages
- Changes the security config to require the read scope to GET a message and the write scope
to POST a new message.
- Changes the jwks of the mock server so I could create a new access token with the write scope.
- Creates tests and integration-tests for the POST endpoint.
- Changes the README to add an example of a POST request.

Fixes gh-7118
 2019-08-06 14:27:29 -04:00
kostya05983 646f257e01 docs, change name of class in multiple httpSecurity 2019-08-06 13:05:55 -05:00
Lars Grefer 2056834432 Cleanup unnecessary unboxing 
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
 2019-08-06 10:17:38 -04:00
Lars Grefer 2306d987e9 Cleanup unnecessary boxing 2019-08-06 10:17:38 -04:00
Filip Hanik 2055466ad7 Add Javadoc 2019-08-05 19:43:00 -04:00
Filip Hanik ddf68821cb Add RequestMatcher.matcher(HttpServletRequest) 
Step 3 - Usage of RequestVariablesExtractor or types that are assigned
to AntPathRequestMatcher should be replaced with the new method.

[closes #7148]
 2019-08-05 19:43:00 -04:00
Eddú Meléndez 496579dde2 Add match result for servlet requests 
Fixes gh-7148
 2019-08-05 19:43:00 -04:00
Eddú Meléndez 2c836a171a Add authenticationFailureHandler method in OAuth2LoginSpec 
Allow to customize the failure handler.

Fixes gh-7051
 2019-08-05 14:09:11 -05:00
Simeon Macke b3da1e466b Add Argon2PasswordEncoder 
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes gh-5354
 2019-08-05 13:54:29 -05:00
Josh Cummings 1b1e45a1ef
Next Development Version 2019-08-05 12:29:53 -06:00
Josh Cummings be23fd626e
Release 5.2.0.M4 2019-08-05 12:10:04 -06:00
Josh Cummings 7d7cce27f1
Revert "Update to Spring Boot 2.2.0.M4" 
This reverts commit c8f7273aa2.

Fixes gh-7196
 2019-08-05 12:09:03 -06:00
Josh Cummings cc7512a6eb
Revert "Release 5.2.0.M4" 
This reverts commit 34e54c4675.
 2019-08-05 12:06:13 -06:00
Josh Cummings 34e54c4675
Release 5.2.0.M4 2019-08-05 11:38:46 -06:00
Josh Cummings c8f7273aa2
Update to Spring Boot 2.2.0.M4 
Fixes gh-7143
 2019-08-05 11:37:46 -06:00
Filip Hanik ca8142188c
Build using openjdk8 
Fixes gh-7169

[closes #7169]
 2019-08-05 09:35:41 -06:00
Filip Hanik 802a8015ac
Upgrade com.google.appengine:appengine components to 1.9.76 
Fixes gh-7134

[closes #7134]
 2019-08-05 09:35:41 -06:00
Filip Hanik a2a0674d00
Upgrade org.mockito:mockito-core to 3.0.0 
Fixes gh-7145

[closes #7145]
 2019-08-05 09:35:41 -06:00
Filip Hanik 7a5b8e3e85
Upgrade com.nimbusds:oauth2-oidc-sdk to 6.14 
Fixes gh-7136

[closes #7136]
 2019-08-05 09:35:41 -06:00
Filip Hanik b089dfc040
Upgrade com.nimbusds:nimbus-jose-jwt to 7.6 
Fixes gh-7135

[closes #7135]
 2019-08-05 09:35:40 -06:00
Filip Hanik 92c82799ce
Upgrade jackson-databind to 2.9.9.1 
Fixes gh-7133

[closes #7133]
 2019-08-05 09:35:40 -06:00
Filip Hanik cbc0130d23
Upgrade org.hibernate:hibernate-validator to 6.0.17.Final 
Fixes gh-7141

[closes #7141]
 2019-08-05 09:35:40 -06:00
Filip Hanik 606ed1af8e
Upgrade org.codehaus.groovy groovy|json|all libraries to 2.4.17 
Fixes gh-7140

[closes #7140]
 2019-08-05 09:35:40 -06:00
Filip Hanik 13e98fcdfa
Upgrade cas-client-core to 3.5.1 
Fixes gh-7142

[closes #7142]
 2019-08-05 09:35:40 -06:00
Filip Hanik 99d67daae5
Upgrade httpclient to 4.5.9 
Fixes gh-7138

[closes #7138]
 2019-08-05 09:35:39 -06:00
Josh Cummings a91ade910a
Update to Reactor Dysprosium-M3 
Fixes gh-7186
 2019-08-05 09:34:34 -06:00
Josh Cummings 8f2260639b
Update to Spring Data Moore RC2 
Fixes gh-7185
 2019-08-05 09:33:51 -06:00
Josh Cummings 126e0bb82a
Update to Spring Framework 5.2.0.RC1 
Fixes gh-7184
 2019-08-05 09:33:08 -06:00
Josh Cummings 774a2e669c
Polish setAllowedHostnames 
Added JavaDoc to method, including @since attribute

Issue gh-4310
 2019-08-03 19:19:44 -06:00
Eddú Meléndez f712c5598c Add support for allowedHostnames in StrictHttpFirewall 
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
 2019-08-03 21:16:45 -04:00
Khy a5cfd9fdb9 Downgrade AuthenticationFilter modifier 
Fixes gh-7177
 2019-08-03 21:14:33 -04:00
Lars Grefer f28681f41d Remove the unused emma plugin 2019-08-03 12:37:27 -04:00
Lars Grefer 776a4c3760 Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers 2019-08-03 12:28:37 -04:00
Josh Cummings d843818e48
Polish JwtGrantedAuthoritiesConverter 
Rework the implementation so that it is clearer that authorities are
derived from a single claim.

Issue: gh-6273
 2019-08-02 14:54:04 -06:00
Lars Grefer 09a119978c Migrate VersionsResourceTasks groovy->java 
Issue: gh-4939
 2019-08-02 15:53:49 -04:00
Eleftheria Stein 522d118aca Fix typo in SCryptPasswordEncoder Javadoc 
Fixes: gh-4004
 2019-08-02 13:48:46 -04:00
Rob Winch ad2f999c25 Polish BasicAuthenticationConverter 
This reverts to the old behavior from BasicAuthenticationFilter.
Specifically, if a token has an empty password, it still parses a username
and an empty String password.

Issue gh-7025
 2019-08-02 09:04:55 -05:00
Josh Cummings d157125c8e
Polish AuthenticationFilter 
Updated member variable references to be prefixed with "this.".
Fixed typo in authentication manager resolver error message.

Issue: gh-6506
 2019-08-01 16:26:54 -06:00
Eddú Meléndez 50adb6abcb Fix javadoc 2019-07-31 15:36:30 -04:00
Sam Simmons e88c5c0eee Fix CSRF session authentication strategy since version 2019-07-31 07:45:51 -05:00
Ahmed Sayed 0591403dea ignore Multipart requests in HttpSessionRequestCache.requestMatcher 2019-07-31 12:17:55 +02:00
Eleftheria Stein 0b4502b2c5 Remove exceptions from lambda security configuration 
Fixes: gh-7128
 2019-07-30 08:31:37 -05:00
Eleftheria Stein b55322b2cb Make basic authentication scheme case-insensitive 
Fixes: gh-7163
 2019-07-29 16:30:03 -04:00