Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,168 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

6168 Commits

Author SHA1 Message Date
Joe Grandja a06487c0f7 Move additionalParameters to TokenResponseAttributes 
Fixes gh-4554
 2017-09-22 15:21:22 -04:00
Rob Winch 773820158f Exclude transitive aopalliance 2017-09-22 12:10:30 -05:00
Stephan Schroevers 496ea3e321 Also update the dependency management section 
The `aopalliance:aopalliance:1.0` dependency is indirectly pulled in by
`spring-security-openid` through its dependence on
`com.google.inject:guice:3.0`. There are no other references to
``aopalliance:aopalliance`.
 2017-09-22 11:11:04 -05:00
Stephan Schroevers 9e719bc313 Drop the `aopalliance:aopalliance` dependency 
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
 2017-09-22 11:11:04 -05:00
Rob Winch 192a177ddf Update to Gradle 4.2 2017-09-22 10:00:49 -05:00
Joe Grandja 680984c242 SecurityTokenRepository associates SecurityToken to ClientRegistration 
Fixes gh-4563
 2017-09-22 09:51:00 -04:00
Joe Grandja 8521ca8f94 Polish gh-4560 2017-09-21 17:21:41 -04:00
Joe Grandja 7fb386669f InMemoryClientRegistrationRepository -> enforce unique ClientRegistration's 
Fixes gh-4562
 2017-09-21 15:47:26 -04:00
Joe Grandja 9b61eba41d Add identifier strategy for ClientRegistration 
Fixes gh-4561
 2017-09-21 10:19:28 -04:00
Joe Grandja baa3b6f258 Add utility for loading properties of client types 
Fixes gh-4560
 2017-09-20 22:50:19 -04:00
Joe Grandja 991a154703 Add OIDC Client and User Authentication 
Fixes gh-4521
 2017-09-19 20:57:56 -04:00
Joe Grandja c54c622124 Re-structure OAuth2AuthenticationToken 
Fixes gh-4553
 2017-09-19 16:35:43 -04:00
Rob Winch 8854414101 Polish for Gradle 5.0 2017-09-18 16:53:19 -05:00
Rob Winch 8a66d0c78d Polish PermissionEvaluator Autowired into Web Security 
Issue gh-4077
 2017-09-18 16:53:19 -05:00
Craig Andrews 3bf6bf10de Configure permissionEvaluator and roleHierarchy by default 
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue gh-4077
 2017-09-18 16:35:16 -05:00
Rob Winch 3f58822d4d Fix MyCustomDsl Reference 
Fixes gh-4340
 2017-09-18 16:07:29 -05:00
Rob Winch 03f0d87e86 AspectJPlugin Defers until afterEvaluate 
Fixes for changes in SpringIoPlugin at
029d8757df
 2017-09-18 14:26:12 -05:00
Rob Winch c46243594a Use appengine-gradle-plugin 
The com.google.appengine:gradle-appengine-plugin is deprecated
 2017-09-18 12:00:50 -05:00
Rob Winch 2213c5b696 Update GAE to 1.9.56 2017-09-18 12:00:01 -05:00
Rob Winch 63bbc19deb Fix apache license link 2017-09-18 11:52:49 -05:00
Rob Winch e345dd106c Remove leading whitespaces 2017-09-18 11:52:31 -05:00
Rob Winch f8ee9944ff Copyright date range 2017-09-18 11:18:46 -05:00
Rob Winch 1f4082e754 Fix copyright lines 2017-09-18 11:11:25 -05:00
Rob Winch 01d4387f56 Fix empty lines in copyright 2017-09-18 10:53:04 -05:00
Rob Winch 3ecf3ea034 Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00
Rob Winch 455e2bab90 Update to Gradle 4.1 2017-09-18 10:19:59 -05:00
Rob Winch bf49650251 TestMono->PublisherProbe 2017-09-18 10:18:22 -05:00
Rob Winch 404a8e793e Add WithMockUser & mutateWith to WebFlux Samples 2017-09-18 10:18:11 -05:00
Rob Winch ae342dfcce Update to the lastest SNAPSHOTs 2017-09-18 10:17:21 -05:00
Rob Winch fd9c087bd3 Change version to 5.0.0.BUILD-SNAPSHOT 2017-09-13 18:19:11 -05:00
Rob Winch 361244fdb8 Release 5.0.0.M4 2017-09-13 17:18:13 -05:00
Rob Winch 5fd84a62b5 LogoutWebFilter supports anonymous users 
Fixes gh-4540
 2017-09-13 17:04:44 -05:00
Rob Winch 5baf71f4a0 Temporarily disable anonymous WebFlux Logout 
Work around LogoutWebFilter always intercepting requests

Issue gh-4540
 2017-09-13 16:56:07 -05:00
Rob Winch e14af37775 Add LogoutWebFilter 
Fixes gh-4539
 2017-09-13 16:43:04 -05:00
Rob Winch 426e24c18e Polish 
Formatting changes
 2017-09-13 15:31:32 -05:00
Rob Winch 21f8ee7f36 Use basicAuthenticationCredentials 2017-09-13 15:31:32 -05:00
Joe Grandja 65b968f04a Move servlet-specific classes to 'web' package 
Fixes gh-4366
 2017-09-13 16:13:32 -04:00
Rob Winch 0a36359f11 WebFlux HTTP Basic & Form Login Sessions 
By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
 2017-09-13 14:47:44 -05:00
Joe Grandja 9133eb1b78 Revert "Provide fix for Google iss claim" 
This reverts commit b6212cba66.
 2017-09-13 14:07:23 -04:00
Joe Grandja e31684bcf5 Update google defaults 2017-09-13 14:04:18 -04:00
Vedran Pavic 549decf00a Prefer `sub` claim as OIDC principal name 
This commit removes preference for `name` claim as principal name in `DefaultOidcUser` so that the default is now `sub` claim. In addition to that, `DefaultOidcUser` now also provides constructors to explicitly define the claim to be preferred as principal name.

Fixes gh-4515
 2017-09-13 13:53:14 -04:00
Rob Winch 1fe414379c Simplify hellowebfluxfn 
This sample should be absolute minimal example
 2017-09-13 10:45:11 -05:00
Rob Winch 164404c7d3 Simplify hellowebflux 
This sample should be absolute minimal example.
 2017-09-13 10:40:50 -05:00
Rob Winch 7bb4367cf1 Prepare Versions for Release 2017-09-13 08:24:14 -05:00
Rob Winch 3d745e63f6 HttpSecurityConfiguration applies all defaults 
HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
 2017-09-12 22:07:12 -05:00
Rob Winch b5edb58050 Polish reactive config 
Code Checkstyle fixes
 2017-09-12 21:56:09 -05:00
Rob Winch 8b32b8db74 Polish 
HeadersBuilder build is protected
 2017-09-12 21:51:26 -05:00
Rob Winch d93c774691 Add FormLogin Configuration 
Fixes gh-4537
 2017-09-12 20:40:56 -05:00
Rob Winch fca8bf6088 Add MediaTypeServerWebExchangeMatcher 
Fixes gh-4536
 2017-09-12 20:40:56 -05:00
Rob Winch 3aebf11700 Format DelegatingAuthenticationEntryPoint 2017-09-12 20:40:56 -05:00