Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,003 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1003 Commits

Author SHA1 Message Date
Josh Cummings 5e1db6a771
Merge branch '5.7.x' into 5.8.x 
Closes gh-12494
 2023-01-06 12:55:43 -07:00
Jon Kjennbakken 225dc593a8 Polish NimbusJwtDecoderTests 
- Add missing mock

Closes gh-12238
 2023-01-06 12:53:36 -07:00
Josh Cummings 29c00905ce
Merge branch '5.7.x' into 5.8.x 
Closes gh-12324
 2022-11-30 14:49:26 -07:00
Josh Cummings 667cab6cda
Merge branch '5.6.x' into 5.7.x 
Closes gh-12323
 2022-11-30 14:38:16 -07:00
이경욱 52c7141aac
Save Request Before Response Is Committed 
Specifically important for cookie-based authorization request
repositories.

Closes gh-11602
 2022-11-30 14:33:08 -07:00
Michael Sosa 52888d6206
Warn when AuthorizationGrantType does not match 
Log a warning when AuthorizationGrantType does not exactly match a
pre-defined constant.

Closes gh-11905
 2022-11-17 14:17:54 -06:00
Steve Riesenberg 71eb71d185
Merge branch '5.7.x' into 5.8.x 
Closes gh-12206
 2022-11-14 12:11:59 -06:00
Steve Riesenberg 67a1f0836b
Merge branch '5.6.x' into 5.7.x 
Closes gh-12205
 2022-11-14 12:10:55 -06:00
Steve Riesenberg fde26e003a
Request user info when AS returns no scopes 
Closes gh-12144
 2022-11-10 16:29:43 -06:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Steve Riesenberg 66f2f1cde7
Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg 2915a70bf7
Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg 26a51ee198
Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg e7fe778abc
Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg 3e2ac82612
Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg 5560bbaa80
Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg 75004587a4
Fix scope mapping 
Issue gh-12101
 2022-10-28 11:00:27 -05:00
Josh Cummings 099aaa33ff
Remove Deprecation Markers 
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.

Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.

At that time, BearerTokenAuthenticationFilter can change to use
the handler.

Closes gh-11932
 2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux 200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
 2022-10-13 19:25:04 -06:00
Steve Riesenberg bbac85e20b Reduce severity of invalid registrationId to warn 
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
 2022-09-26 09:56:20 -05:00
Josh Cummings ae6fb8c681
Add Deprecated Versions of Original Classes 
Issue gh-7349
 2022-09-23 16:31:22 -06:00
Josh Cummings 37a160245f
Adjust OAuth2 Resource Server packaging 
Closes gh-7349
 2022-09-23 16:31:21 -06:00
Steve Riesenberg 67a00bcaa0
Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Daniel Garnier-Moiroux bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Rob Winch 32dbaceec5 Fix mockito 4.7.0 merge 
Issue gh-11748
 2022-08-24 08:58:00 -05:00
Rob Winch 2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Steve Riesenberg 7c7f9380c7
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:54:45 -05:00
tinolazreg 888715bbb2
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:54:45 -05:00
Steve Riesenberg 53a3ff8932
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:53:45 -05:00
tinolazreg 77d11a3f9f
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:53:44 -05:00
Steve Riesenberg 51dc672625
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:48:42 -05:00
tinolazreg d1c742d7aa
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:48:41 -05:00
Igor Bolic efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Josh Cummings 1d72a05c32
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-06-27 13:05:12 -06:00
Josh Cummings 539a11d0a4
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:13:42 -06:00
Josh Cummings f035c30edb
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:12:13 -06:00
Josh Cummings 01513ab17e
Add placeholders to reactive post_logout_redirect_uri 
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
 2022-06-16 16:10:26 -06:00
Josh Cummings 6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId 
Closes gh-11378
 2022-06-16 16:09:57 -06:00
Josh Cummings 3f30de388a
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:09:56 -06:00
Michael e4505ed6c8
Add placeholders to post_logout_redirect_uri 
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
 2022-06-16 16:09:56 -06:00
Kuby 759d799ddd Change phoneNumberVerified with type Boolean 
Closes: gh-11315
 2022-06-03 09:46:00 -05:00
Marcus Da Coregio b8b0661d73
Lock Dependencies for Release 2022-05-16 14:01:51 -06:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Joe Grandja 50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00