Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,602 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

7602 Commits

Author SHA1 Message Date
Daniel Bustamante Ospina 808fbfa161 Update webflux-form sample to use Built in CSRF Support 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: gh-6061
 2018-11-14 17:38:37 -06:00
Josh Cummings d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Josh Cummings fbcf48cea0 Low-level Nimbus Jwt Decoder 
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.

Fixes: gh-5648
 2018-11-14 15:53:47 -06:00
Karl Goffin db5e54266c #3912 lazyBean method respects @Primary annotation 2018-11-14 14:31:29 -06:00
Dongmin Shin b2c2f84f00 Fix Typo in Reference Docs 
Fixes gh-6076
 2018-11-14 11:36:27 -06:00
Rafael Dominguez ac026e23fe Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE 2018-11-14 10:51:38 -06:00
Krzysztof Szmytkowski b5455b0bec
Make AesByesEncryptor public 
Fixes: gh-5099
 2018-11-13 16:05:59 -07:00
Josh Cummings 13de580632
AesBytesEncryptorTests 
Issue: gh-5099
 2018-11-13 16:03:47 -07:00
Johnny Lim 95c824cb2a Upgrade to neko-htmlunit 2.33 2018-11-13 15:48:52 -06:00
Josh Cummings ae74f22e30 Reactive Jwt Claim Set Converter Support 
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.

Fixes: gh-6015
 2018-11-13 15:31:08 -06:00
Gunnar Hillert 11b6b63364 Docs: Fix Maven Property example `spring-security.version` 2018-11-13 15:08:00 -06:00
Josh Cummings 2769b7ffb0
Leave Issuer As String - Documentation 
Update documentation that indicated the iss claim is proactively
coerced into a URL.

Issue: gh-6073
 2018-11-13 12:40:41 -07:00
Josh Cummings 19649db9ce
Leave Issuer As String 
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.

Issue: gh-6073
 2018-11-13 11:39:15 -07:00
Josh Cummings c70b65c5df
Favor URL.toExternalForm 
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().

Fixes: gh-6073
 2018-11-13 08:20:18 -07:00
Josh Cummings a32d19ec7d
Polish NimbusReactiveJwtDecoderTests 
Issue: gh-5650
 2018-11-12 15:04:00 -07:00
Josh Cummings 8eedb3919e
Policy OAuth2ResourceServerSpecTests 
Issue: gh-6052
 2018-11-12 15:01:15 -07:00
Josh Cummings dca3645850
Update to spring-build-conventions:0.0.22.RELEASE 
Fixes: gh-6064
 2018-11-09 10:55:35 -07:00
dperezcabrera 898d005a53 InMemoryUserDetailsManager.updatePassword case-insenstive 
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
 2018-11-09 11:39:58 -06:00
Erik van Paassen 3a6582d2a6 Fix csrf:token-repository-ref XSD documentation 
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.

Fixes gh-6037
 2018-11-08 10:14:49 -06:00
Josh Cummings 9a13f9acde Custom Bearer Token Error Handling Support 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
 2018-11-07 16:29:56 -06:00
Josh Cummings 78e27ca17f
Update Reactive Resource Server Docs 
Resource Server documentation for both Servlet and Reactive now have a
similar feel and offer deeper exposure to common use cases.

Fixes: gh-6054
 2018-11-07 12:05:21 -07:00
Josh Cummings 8a475e39be Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 09:27:25 -05:00
Paul Wheeler ccc4e1c876 Made AclClassIdUtils genuinely package level by injecting the conversionService instead of AclClassIdUtils 
Fixes gh-4814
 2018-10-31 09:24:35 -05:00
Paul Wheeler 2c362456fd AclClassIdUtils should be public 
Fixes gh-4814
 2018-10-31 09:24:35 -05:00
Josh Cummings 75e7e099ab
MiscHttpConfigTests groovy->java 
Issue: gh-4939
 2018-10-30 12:58:20 -06:00
Josh Cummings 7d3302f52b
Polish Test Name 
So that it adheres to methodNameWhenConditionThenVerification naming
convention.

Issue: gh-3743
 2018-10-30 10:20:37 -06:00
Karl Goffin 50d26c9d28
Polish Logging and Tests 
Removing debug statements which would have prematurely terminated the
stream, changing to AssertJ, and adding another test.

Issue: gh-3743
 2018-10-30 10:18:16 -06:00
Karl Goffin 92e68a589a
PostFilter Support for Streams 
Users can return a Stream from a @PostFilter-annotated method.

Fixes: gh-3743
 2018-10-30 10:17:16 -06:00
Josh Cummings e1c7dd6480
Add JDK 11 to Jenkins 
Fixes: gh-5860
 2018-10-25 17:10:50 -06:00
Josh Cummings 42b111fba6
JDK 11 Compatibility 
Upgraded dependencies and removed a test in the Java Config LDAP
sample which is arguably an integration test since it starts up an
LDAP container. This test also isn't JDK 11 compatible and the
remaining integration tests in the sample cover the same material.

Issue: gh-5860
 2018-10-25 17:10:50 -06:00
Joe Grandja a96893a42a Remove charset from Accept header in UserInfo request 
Fixes gh-6017
 2018-10-25 12:56:45 -04:00
Bob Maertz 52be2839ca Migraged unit test from groovy to java 
Moved AbstractConfigAttributeRequestMatcherRegistryTests.groovy to AbstractConfigAttributeRequestMatcherRegistryTests.java

gh-4939
 2018-10-23 20:04:42 -05:00
Joe Grandja 8ef65ce5c5 Set AuthenticationEventPublisher on each AuthenticationManagerBuilder 
Fixes gh-6009
 2018-10-23 14:08:23 -04:00
Joe Grandja 7a94931514 Polish javadoc 2018-10-23 08:45:06 -04:00
Bob Maertz 551ea66ce3 Migrated unit test TldTests.groovy to TldTests.java 
Moved unit test TldTests#testTldVersionIsCorrect from groovy to java.

gh-4939
 2018-10-22 11:55:34 -05:00
Rob Winch f56f55dc8e Fix BCrypt Checkstyle 
Issue: gh-3320
 2018-10-22 11:18:52 -05:00
linfeng 388a7b62b9 Add BCrypt Revision Support 
Fixes: gh-3320
 2018-10-22 11:13:55 -05:00
Vedran Pavic 605469db06 Clarify default OAuth 2.0 login page requirements 
Fixes gh-5996
 2018-10-22 09:20:49 -04:00
Drummond Dawson 818a3506fe Remove unnecessary concatenation of sql in JdbcUserDetailsManager 2018-10-19 15:30:03 -05:00
Drummond Dawson 9ea4d2d4ac Add missing space to heading for it to render properly 2018-10-19 15:25:15 -05:00
Rob Winch 1eb7a297d3 Update to spring-build-conventions:0.0.20.RELEASE 
Fixes: gh-5998
 2018-10-18 16:14:37 -05:00
Rob Winch d5d9adf11d Fail the build if deploy fails 
Fixes: gh-5997
 2018-10-18 16:03:00 -05:00
Vedran Pavic e1b095df32 Allow in-memory client registration repos to be constructed with a map 
Fixes gh-5918
 2018-10-18 14:07:12 -04:00
Brian Demers 8f49ca850a Fixing IllegalStateException message in OAuth2ResourceServerConfigurer 
Updated message to include `http.oauth2ResourceServer()`
 2018-10-17 15:14:36 -05:00
Josh Cummings adb9f4e34b Add JDK 10 to Jenkins 
Fixes: gh-5860
 2018-10-17 15:03:42 -05:00
Josh Cummings bd9e3877f9 JDK 10 Compatibility 
Upgrading dependencies and reconfiguring PowerMock

Issue: gh-5860
 2018-10-17 15:03:42 -05:00
Josh Cummings 52507695d1 Update to Spring Build Conventions 0.0.19 
Fixes: gh-5981
 2018-10-17 15:03:42 -05:00
sunflower-seed 2e6ff72c31 Update SubjectDnX509PrincipalExtractor.java 
Added missing asterisk
 2018-10-17 14:56:45 -05:00
sunflower-seed e26bb2b326 Update x509.adoc 
Added Escaping for Adoc
 2018-10-17 14:56:45 -05:00
Joe Grandja 0b3aa2ce24 Update Security version to 5.2 2018-10-17 14:52:06 -04:00