Commit Graph

8863 Commits

Author SHA1 Message Date
Craig Andrews dbdeec4216 Check for an existing SessionRegistry bean
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
2020-05-22 20:33:32 -05:00
Evgeniy Cheban 0fa339f75b Allow port=0 for ApacheDSContainer
Fixes gh-8144
2020-05-21 16:14:01 -05:00
justmehyp 06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
2020-05-21 11:19:03 -05:00
Mazharul Islam bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft 014df98ebb Polish
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
2020-05-21 11:09:31 -05:00
Maksim Vinogradov 4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
2020-05-21 09:53:35 -05:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative
Issue: gh-8399
2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest
Closes gh-8566
2020-05-20 10:13:59 -05:00
Andreas Volkmann 16b0a268d9 Update index.adoc 2020-05-20 08:01:56 -05:00
Josh Cummings 9a72654b8d
Update to jQuery 3.5.1
Fixes gh-8557
2020-05-19 13:02:04 -06:00
Josh Cummings c519d726ed
Polish hellojs Sample
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password

Fixes gh-8555
Fixes gh-8556
2020-05-19 13:02:04 -06:00
Josh Cummings b04b34ba85
Fix Logout in OpenID Sample
Fixes gh-8554
2020-05-19 13:02:04 -06:00
Dávid Kovács 4ab9da1c53 Object ID Identicy conversion to long fails on old schema
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
2020-05-19 13:43:00 -05:00
Josh Cummings 51a0cffd36
Post-process AuthenticationRequestFilter
Fixes gh-8552
2020-05-18 21:08:23 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts
Issue gh-8552
2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations
Fixes gh-8551
2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
2020-05-18 10:08:27 -06:00
cbornet bfb401eeed Create the CSRF token on the bounded elactic scheduler
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
2020-05-18 11:04:54 -05:00
Parikshit Dutta 1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter
Fixes gh-8120
2020-05-15 15:13:15 -04:00
Joe Grandja c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale 78fa859798 Add issuerUri to ClientRegistration.providerDetails
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
2020-05-14 17:13:07 -04:00
Dávid Kovács db4ca1f756 Document NoOpPasswordEncoder will not be removed
This commit adds extension to deprecation notice.

Fixes gh-8506
2020-05-13 12:54:13 -05:00
Rob Winch bb05603b3c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic()
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
2020-05-12 13:07:24 -05:00
Rob Winch e5d2aaf6fe
Deprecate OpenID 2.0 support
Deprecate OpenID 2.0 support
2020-05-12 09:37:56 -05:00
Mathieu Ouellet cd08102b93 Add debug logging
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
2020-05-12 09:03:24 -05:00
Rob Winch 8d447633f4 Fix non-standard HTTP method for CsrfWebFilter
Closes gh-8452
2020-05-11 17:20:27 -05:00
Rob Winch 4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed
Issue gh-8149
2020-05-11 17:20:16 -05:00
Parikshit Dutta 0f92415395 Fix non-standard HTTP method for CsrfWebFilter
Closes gh-8149
2020-05-11 17:19:57 -05:00
Artyom Tarynin 6db514a4e2 Update AntPathRequestMatcher.java
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
2020-05-11 17:11:22 -04:00
Eleftheria Stein 1aadbb2f4d Remove "/path/**/other" patterns in tests
Fixes gh-8513
2020-05-11 17:00:25 -04:00
Jean-Pierre Bergamin fbd3cfa40e
Fix code snippets to configure timeouts
Issue: gh-8487
2020-05-11 15:59:11 -04:00
Dávid Kovács f2a2b469c4 Deprecate openID 2.0 support
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.

Fixes gh-7153
2020-05-09 12:04:13 +02:00
Rob Winch d91b153cad Explicitly set useSuffixPatternMatch for Tests
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
2020-05-08 16:43:56 -05:00
Jean-Pierre Bergamin 6d5d883518 Use Opaquetoken properties to configure timeouts
Improve the documentation to show how to re-use the Opaquetoken properties of `OAuth2ResourceServerProperties` to set up basic auth in the configured `RestTemplate`.
2020-05-07 15:20:50 -04:00
Rob Winch e1fd0b3859 Update to spring-build-conventions:0.0.32.RELEASE
Closes gh-8499
2020-05-06 17:39:22 -05:00
Pei-Tang Huang 9dcdae3269 Update Traditional Chinese translation.
Align with commit f7b33da577.
2020-05-06 17:07:57 -05:00
Joe Grandja f92ab34ca0 Next development version 2020-05-06 17:37:30 -04:00
Joe Grandja 86ca6b013c Unlock dependencies
This reverts commit 206960cf44.
2020-05-06 17:27:35 -04:00
Joe Grandja c506ee6b69 Release 5.4.0-M1 2020-05-06 17:19:22 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Eleftheria Stein 07f8154a06 Temporarily build against Framework 5.2.x snapshot
Issue: gh-8489
2020-05-06 12:55:50 -04:00
Eleftheria Stein 545286188d Update SAML2 errors in integration tests 2020-05-06 11:46:54 -04:00
Eleftheria Stein 026a951d4f Remove JDK 9 and JDK 10 build from Jenkins pipeline
Closes gh-8482
2020-05-05 19:57:56 -04:00
Eleftheria Stein db155b3094 Clean up Javadoc
Fixes gh-8480
2020-05-05 17:31:54 -04:00
Josh Cummings d4dbe069ad Polish OpenSamlAuthenticationProvider
- Use type-safe CriteriaSet
- Keep Assertion immutable

Closes gh-8471
2020-05-05 16:33:17 -04:00
Andrii Hrytsiuk 7748fb00ba Fix typos in documentation 2020-05-05 10:45:42 -05:00
Dávid Kovács 1f1ddeb025 SecurityMockMvcConfigurer$DelegateFilter is not null-safe
This commit adds null-check to getter method, so instead of NPE an IllegalStateException will be thrown with additional details.

Fixes gh-7745
2020-05-05 09:56:37 -05:00
Daz DeBoer 6ec5f777d1 Upgrade Freefair AspectJ plugin to v5.0.1
The `io.freefair.aspectj.post-compile-weaving` plugin v5.0.1 includes [a fix](https://github.com/freefair/gradle-plugins/pull/213) that allows all tasks for `./gradlew classes` to be marked as `UP-TO-DATE` following an initial `./gradlew clean classes`. Without this fix, any compile task that is enhanced by the `io.freefair.aspectj.post-compile-weaving` plugin will incorrectly have compilation outputs configured as a _task input_, resulting in the task being out of date following a `clean compile`.
2020-05-04 17:07:08 -05:00
Dávid Kovács 2d9a6aca98 Deprecate openID 2.0 support
This commit adds link to spring code on the top of ThomasVitale's changes.

Fixes gh-7153
2020-05-02 10:25:35 +02:00
Thomas Vitale 84f45e4196 Deprecate OpenID 2.0 Support
Add deprecation notice to all files in the spring-security-openid module

Fixes gh-7263
2020-05-02 10:22:37 +02:00