Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-14 21:49:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,606 Commits 59 Branches 364 Tags
Commit Graph

745 Commits

Author SHA1 Message Date
Eleftheria Stein
d655deb718 Update r2dbc-h2 to 0.8.5.RELEASE 
Closes gh-10856
 2022-02-21 12:24:24 +01:00
Jonas Erbe
aefd2d497c Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:22:30 -07:00
Josh Cummings
72db6a20c9 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:44:15 -07:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00
Steve Riesenberg
b2db2bdb2a Update r2dbc-spi-test to 0.8.6.RELEASE 
Closes gh-10410
 2021-10-18 14:20:00 -05:00
Dávid Kováč
eb0597154d Update JavaDoc according to implementation 
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
 2021-10-13 13:13:44 -06:00
Josh Cummings
1f919bc791 Fix OAuth2 Error Code 
Closes gh-10319
 2021-09-28 14:55:37 -06:00
Fabio Guenci
b067aa4653
Preserve Null Claim Values 
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
 2021-08-16 08:22:31 -06:00
Steve Riesenberg
dfebd6d9d4 Revert "URL encode client credentials" 
This reverts commit e6c268add00bef40cc6f47d8963176f43b8a1de1.

Issue gh-9610 gh-9858
Closes gh-10018
Closes gh-10121
 2021-07-20 12:59:44 -05:00
Arnaud Mergey
5fd81eeaf1
fix typo preventing full exception to be displayed in log 
closes gh-9901
 2021-06-17 08:38:24 -06:00
Steve Riesenberg
a332e2a728
Support additional client authentication methods 
Closes gh-9780
 2021-06-16 16:03:13 -05:00
Steve Riesenberg
9daf058a6e
Handle missing authorization endpoint uri 
Closes gh-9795
 2021-06-16 16:00:53 -05:00
Steve Riesenberg
839cc5e851
Remove validation for unsupported grant types 
Closes gh-9828
 2021-06-16 15:55:45 -05:00
Joe Grandja
6fbd038111 Jwt client authentication converter detects new key 
Closes gh-9814
 2021-06-16 12:58:01 -04:00
Steve Riesenberg
700bda68b7 Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository 
Related to gh-9649
Closes gh-9857
 2021-06-15 11:32:35 -05:00
Steve Riesenberg
e6c268add0 URL encode client credentials 
Closes gh-9610
 2021-06-03 09:12:18 -05:00
Josh Cummings
f48a006034
Polish postLogoutRedirectUri encoding 
Issue gh-9511
 2021-05-26 13:51:26 -06:00
Hans Hosea Schaefer
b7a0959ede
Encode postLogoutRedirectUri query params 
Now encodes already encoded queryparameters in postLogoutRedirectUrl
correctly

Closes gh-9511
 2021-05-26 13:51:15 -06:00
Steve Riesenberg
de4b3a4310 Handle custom status codes in error handler 
Fixes an issue where custom status codes in the error response cause an
IllegalArgumentException to be thrown when resolving an HttpStatus.

Closes gh-9741
 2021-05-25 13:41:04 -05:00
Rob Winch
372c2b805b Update r2dbc-spi-test to 0.8.5.RELEASE 
Closes gh-9752
 2021-05-14 13:23:54 -05:00
Josh Cummings
5b24bd1288
Adjust ClientRegistrationsTests 
Closes gh-9748
 2021-05-14 10:30:46 -06:00
Asian Malaysian Vietnamese
5f6de026a8 Update javadoc AuthorizationCodeOAuth2AuthorizedClientProvider 
Closes gh-9708
 2021-05-13 13:02:08 -04:00
Rob Winch
64b7af473d Additional HttpSessionOAuth2AuthorizationRequestRepository tests 
Issue gh-5145
 2021-05-12 14:59:25 -05:00
Craig Andrews
35f5ebdbcf HttpSessionOAuth2AuthorizationRequestRepository: store one request by default 
Add setAllowMultipleAuthorizationRequests allowing applications to
revert to the previous functionality should they need to do so.

Closes gh-5145
Intentionally regresses gh-5110
 2021-05-12 14:59:25 -05:00
Marcus Hert da Coregio
6413511eb6 Update Deprecated Property in Opaque Token Introspectors 
Update NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to use MediaType.APPLICATION_JSON instead of the deprecated MediaType.APPLICATION_JSON_UTF8

Closes gh-9353
 2021-05-06 13:47:09 -06:00
Joe Grandja
761e3a9dd8 JwtBearerOAuth2AuthorizedClientProvider checks for access token expiry 
Fixes gh-9700
 2021-04-30 10:12:38 -04:00
Josh Cummings
b0011893d2
Update Copyright 
Issue gh-9651
 2021-04-20 10:43:20 -06:00
Tibor Koch
5da472f3be Fix ClassCastException 
Closes gh-9651
 2021-04-20 10:42:52 -06:00
Josh Cummings
7ded671858
Refactor AuthenticationDetailsSource support 
- BearerTokenAuthenticationFilter exposes this directly, simplifying
configuration and removing a package tangle

Closes gh-9576
 2021-04-09 12:41:16 -06:00
Joe Grandja
b556655290 Make OAuth2AuthorizationResponseType constructor public 
Closes gh-9584
 2021-04-09 08:01:08 -04:00
Joe Grandja
dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN 
Closes gh-9582
 2021-04-09 07:46:21 -04:00
Joe Grandja
eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi
7694aa27cf Add jwt-bearer authorization grant 
Closes gh-6053
 2021-04-09 06:22:29 -04:00
Joe Grandja
9c97970e26 Add Jwt Client Authentication support 
Closes gh-8175
 2021-04-08 15:44:33 -04:00
Rob Winch
f3f1106624 Update io.spring.javaformat to 0.0.27 
Closes gh-9553
 2021-04-05 22:23:59 -05:00
Rob Winch
8323590b6c Update r2dbc-spi-test to 0.8.4.RELEASE 
Closes gh-9551
 2021-04-05 22:23:59 -05:00
Rob Winch
60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Rob Winch
1a76ee7442 Update Gradle configuration names 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Hassene Laaribi
b8e47882aa Fix test to use non-expired token 
Closes gh-9506
 2021-03-17 17:38:08 +01:00
Eleftheria Stein
4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c8f4c9531d512ed7939a37d94a815e4.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein
f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings
b774e91734
Polish BearerTokenAuthenticationConverter 
Issue gh-8840
 2021-03-12 15:05:06 -07:00
Jeongjin Kim
31f310fd22
Add BearerTokenAuthenticationConverter 
BearerTokenAuthenticationConverter is introduced to solve the
problem of not being able to change AuthenticationDetailsSource.
BearerTokenAuthenticationFilter delegates to
BearerTokenAuthenticationConverter the task of creating
BearerTokenAuthenticationToken and setting AuthenticationDetailsSource.
BearerTokenAuthenticationConverter is customizable and the customized
converter can be used in BearerTokenAuthenticationFilter.

Closes gh-8840
 2021-03-12 15:05:06 -07:00
Josh Cummings
5e5ff27109
Configure Jackson for nanosecond precision 
Closes gh-9461
 2021-02-17 11:53:36 -07:00
Josh Cummings
a0a9718b8b
Use Instant with micro-second precision 
Closes gh-9449
 2021-02-17 11:31:23 -07:00
Josh Cummings
c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098589b0080d75e428f0d262090b6a1f1.
 2021-02-11 15:49:59 -07:00
Josh Cummings
a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Josh Cummings
02d017abf7
Adjust Test Assertion 
- Netty returns a slightly different exception on Windows,
so adjusted assertion accordingly.

Issue gh-9421
 2021-02-10 13:20:51 -07:00
Josh Cummings
ccb3b02888
Bearer Token Server-side Errors Return 500 
Closes gh-9395
 2021-02-10 12:35:34 -07:00
Mayur Patel
75706f118c Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-01 17:09:07 -05:00