Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,314 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1473 Commits

Author SHA1 Message Date
Josh Cummings cb7786bf97
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-26 12:59:22 -06:00
Joe Grandja 4706b16a2b oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 05:09:45 -04:00
Eleftheria Stein 256aba7b37 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:36:20 -04:00
Erik van Paassen 86e25ff2ab
Fix typo in Javadoc of HttpSecurity#csrf() 
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
 2020-03-17 13:36:34 -06:00
Markus Engelbrecht 75f22285c6
Fix typo 'properites' in documentation 
Fixes gh-8095
 2020-03-11 11:01:06 -06:00
Josh Cummings 9092115b8a
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 18:43:54 -07:00
Stephane Maldini 0012e24c46 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7953
 2020-02-07 20:18:50 -05:00
Josh Cummings c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors 2020-02-05 07:16:37 -07:00
Eleftheria Stein 9dd3dfe718 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:56:59 +01:00
Eleftheria Stein edb6cd3729 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:52:01 +01:00
Johannes Edmeier cc956a66df Don't cache requests with `Accept: text/event-stream` by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:37:34 -08:00
Filip Hanik b754a3d635 Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-18 08:44:27 -08:00
Eleftheria Stein 0d24e2b8cf Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-12-13 11:53:20 +01:00
Joe Grandja e4aa3be4c5 WebFlux oauth2Login() redirects on failed authentication 
Fixes gh-5562 gh-6484
 2019-12-05 20:12:09 -05:00
Alexey Nesterov 0babe7d930 Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 13:58:27 -05:00
Eleftheria Stein 8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Pim Moerenhout cd0bec48de Fix typo in log message. 2019-11-21 15:55:27 -07:00
Paul Pazderski 0d35194b47 Add sessionFixation Javadoc 2019-11-15 12:17:05 +01:00
Adrian Pena ca8877c8c5 Updates javadoc for InitializeUserDetailsBeanManagerConfigurer 2019-11-13 10:34:10 +01:00
Eleftheria Stein 1188a3bb5f Polish RememberMeConfigurer 
Issue: gh-4140
 2019-11-07 15:26:59 +01:00
邓超 b13f750646 Retrieve remember-me key from service as fallback 
Fixes: gh-4140
 2019-11-07 13:55:39 +01:00
Yanming Zhou 9f6a36444a Add missing schemas 2019-11-06 08:24:20 -06:00
Josh Cummings 925bf48ec0
Polish OAuth2ResourceServerConfigurerTests 
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
 2019-11-04 11:39:54 -07:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Josh Cummings 5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch 635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Vitalii Mahas 0ac5f5456f Fix typo 'is' -> 'if' in javadoc 2019-10-25 13:27:11 -06:00
Eleftheria Stein de7cbc82b5 Clarify in Javadoc that expressionHandler should not be null 
Fixes: gh-2665
 2019-10-23 15:10:39 -04:00
Rob Winch 3051a79188 Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 2019-09-30 14:33:41 -05:00
Rob Winch a911f3d52f Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-30 14:14:59 -05:00
Rob Winch 3854afad61 Merge Add denyAll method in AuthorizePayloadsSpec.Access 2019-09-30 14:05:42 -05:00
Josh Cummings 758af54796
ObjectPostProcessor Tests groovy->java 
Issue gh-4939
 2019-09-27 16:36:33 -06:00
Josh Cummings a08be5bf6f
UrlAuthorizationsTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Josh Cummings 870d83eb3e
PermitAllSupportTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle 350bce761f Add hasAuthority method to RSocketSecurity 
Fixes gh-7435
 2019-09-27 16:48:25 -05:00
Josh Cummings 5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Joe Grandja 5ef6e7ed6f Add author for SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 15:17:20 -04:00
Joe Grandja 0fea57d6a1 Optimize SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 14:46:39 -04:00
Josh Cummings 33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja 5a67971375 WebFluxSecurityConfiguration configures oauth2Client() by default 
Fixes gh-7470
 2019-09-27 10:04:19 -04:00
Joe Grandja 08d2c93713 Polish gh-7466 2019-09-26 22:11:53 -04:00
Roman Chigvintsev 9bae0a4dbd Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec 
Fixes gh-7466
 2019-09-26 17:19:32 -04:00
Joe Grandja 2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Jesús Ascama ceab56f764 Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrder.AUTHORIZATION 
Fixes gh-7434
 2019-09-24 15:39:25 -05:00
Joe Grandja 9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Eleftheria Stein 98e75eb51a Fix Javadoc for anonymous 2019-09-23 11:06:28 -04:00
Rob Winch 00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Ebert Toribio 3a66191756 Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 
See Fixes gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-18 21:17:09 -05:00