e9130489a6
Remove restricted static imports
...
Replace static imports with class referenced methods. With the exception
of a few well known static imports, checkstyle restricts the static
imports that a class can use. For example, `asList(...)` would be
replaced with `Arrays.asList(...)`.
Issue gh-8945
2020-08-24 17:33:08 -05:00
b69825d925
Simplify boolean expression
...
Simplify boolean expression of the form `if (b == true)` to instead
just use the form `if (b)`.
Issue gh-8945
2020-08-24 17:33:08 -05:00
db55ef4b3b
Migrate to BDD Mockito
...
Migrate Mockito imports to use the BDD variant. This aligns better with
the "given" / "when" / "then" style used in most tests since the "given"
block now uses Mockito `given(...)` calls.
The commit also updates a few tests that were accidentally using
Power Mockito when regular Mockito could be used.
Issue gh-8945
2020-08-24 17:33:08 -05:00
f1cee9500f
Ensure classes are defined in their own files
...
Ensure that all classes are defined in their own files. Mostly classes
have been changed to inner-types.
Issue gh-8945
2020-08-24 17:33:08 -05:00
053af720a4
Ensure no whitespace before lines
...
Fix a few issues cause by the automatic formatting that meant additional
leading whitespace was present.
Issue gh-8945
2020-08-24 17:33:08 -05:00
4d487e8dc3
Ensure all files end with a new line
...
Update all files to ensure that they always end with a new-line
character.
Issue gh-8945
2020-08-24 17:33:07 -05:00
218480fb7c
Reduce the number of nested if statements
...
Refactor `HeadersBeanDefinitionParser` and `AclImpl` to reduce the
number of nested if statements. A few extracted methods are now used
to hopefully improve readability.
Issue gh-8945
2020-08-24 17:33:07 -05:00
a0b9442265
Use consistent modifier order
...
Update code to use a consistent modifier order that aligns with that
used in the "Java Language specification".
Issue gh-8945
2020-08-24 17:33:07 -05:00
3e700e7571
Remove (non-Javadoc) comments
...
Search and replace using '(?s)/\*\s*\* \(non-Javadoc\).*?\*/' to remove
all "(non-Javadoc)" comments. These comments used to be added
automatically by Eclipse, but are not really necessary.
Issue gh-8945
2020-08-24 17:33:07 -05:00
a2f2e9ac8d
Move inner-types so that they are always last
...
Move all inner-types so that they are consistently the last item
defined. This aligns with the style used by Spring Framework and
the consistency generally makes it easier to scan the source.
Issue gh-8945
2020-08-24 17:33:07 -05:00
9e08b51ed3
Apply code cleanup rules to projects
...
Apply automated cleanup rules to add `@Override` and `@Deprecated`
annotations and to fix class references used with static methods.
Issue gh-8945
2020-08-24 17:33:07 -05:00
8866fa6fb0
Always use 'this.' when accessing fields
...
Apply an Eclipse cleanup rules to ensure that fields are always accessed
using `this.`. This aligns with the style used by Spring Framework and
helps users quickly see the difference between a local and member
variable.
Issue gh-8945
2020-08-24 17:33:07 -05:00
6894ff5d12
Make classes final where possible
...
Update classes that have private constructors so that they are also
declared final. In a few cases, inner-classes used private constructors
but were subclassed. These have now been changed to have package-private
constructors.
Issue gh-8945
2020-08-24 17:33:07 -05:00
b5d499e2eb
Remove empty block
...
Refactor a few classes so that empty blocks are not longer used. For
example, rather than:
if(x) {
} else {
i++;
}
use:
if(!x) {
i++;
}
Issue gh-8945
2020-08-24 17:33:07 -05:00
37fa94fafc
Organize imports
...
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
5f64f53c3f
Use consistent "@" tag order in Javadoc
...
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.
Issue gh-8945
2020-08-24 17:33:07 -05:00
8142e4046f
Use compact annotation style
...
Always use compact annotations when possible. For example, replace
`@Target(value = ElementType.TYPE)` with `@Target(ElementType.TYPE)`.
Issue gh-8945
2020-08-24 17:33:07 -05:00
71bc145ae4
Remove superfluous comments
...
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.
Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.
Issue gh-8945
2020-08-24 17:33:07 -05:00
b7fc18262d
Reformat code using spring-javaformat
...
Run `./gradlew format` to reformat all java files.
Issue gh-8945
2020-08-24 17:32:56 -05:00
0486d5add9
scopes_supported metadata not used as default in ClientRegistrations
...
Closes gh-8514
2020-08-20 08:09:54 -04:00
af5c55c380
Polish AuthnRequest Customization Support
...
Having the application generate the AuthnRequest fresh allows Spring
Security to back away more gracefully. Using a Consumer implies that
the application will need to undo any values that Spring Security set
that the application doesn't want.
Also, if this does become a configuration burden, it can be simplified
in a separate ticket by exposing the default Converter.
Issue gh-8776
2020-08-19 14:27:31 -06:00
1069e91645
RSocket Deprecations
...
Stop using deprecated RSocket APIs in integration tests
Issue gh-8948
2020-08-13 17:51:59 -06:00
be6d2f117e
Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL
...
Closes gh-8892
2020-08-11 07:59:22 -04:00
9caa39e370
Fix malformed formatter-on/off javadoc
...
Remove the formatter-on/formatter-off comments from Javadoc examples
so that they don't confuse checkstyle. The comments are not necessary
in the Javadoc since `pre` blocks are not formatted in the same
way as code.
Issue gh-8945
2020-08-10 16:24:44 -05:00
8e092f8d2c
Add noformat blocks around withDefaultPasswordEncoder
...
Find `withDefaultPasswordEncoder` calls and protect them against
formatting.
Issue gh-8945
2020-08-10 16:24:44 -05:00
6979125ccf
Add noformat blocks around User.withUsername
...
Find `User.withUsername` calls and protect them against formatting.
Issue gh-8945
2020-08-10 16:24:44 -05:00
63b5998fad
Add noformat blocks around auth config
...
Find `auth` config using a regex search of `^\s*auths*$` and protect
them against formatting.
Issue gh-8945
2020-08-10 16:24:44 -05:00
103d822e46
Add noformat blocks around http config
...
Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.
Issue gh-8945
2020-08-10 16:24:44 -05:00
27ac046d8a
Rename *Test.java -> *Tests.java
...
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.
Issue gh-8945
2020-08-10 16:24:44 -05:00
1d74d556c2
Revert "Lock Dependency Versions for 5.4.0-RC1"
...
This reverts commit f3a1e5d40c
2020-08-05 14:59:11 -04:00
74b42ba956
Move RSocket integration tests to integration tests
...
Closes gh-8944
2020-08-05 13:23:20 -05:00
f3a1e5d40c
Lock Dependency Versions for 5.4.0-RC1
2020-08-05 13:46:11 -04:00
b999faa5a0
Complete SAML 2.0 SP Metadata Endpoint
...
Closes gh-8693
2020-08-05 10:08:47 -06:00
8a355240bc
SAML 2.0 SP Metadata Endpoint Support
...
Issue gh-8693
2020-08-05 10:08:47 -06:00
aeafe04260
Remove need for WebSecurityConfigurerAdapter
...
Closes gh-8804
2020-08-05 10:10:12 -04:00
5061ae9e79
Add Saml2AuthenticationTokenConverter
...
Closes gh-8768
2020-08-04 18:41:43 -06:00
a10c2c6cf8
Polish DefaultSaml2AuthenticationRequestContextResolver
...
Issue gh-8360
Issue gh-8887
2020-08-04 17:29:13 -06:00
3bc0b8c144
Revert "Fix snapshot build failure related to reactor-netty"
...
This reverts commit f37714a26f
2020-08-04 14:24:32 -04:00
f37714a26f
Fix snapshot build failure related to reactor-netty
...
Closes gh-8909
2020-08-04 14:17:03 -04:00
8146b1fdda
Deprecate CustomUserTypesOAuth2UserService
...
Closes gh-8908
2020-08-04 13:23:44 -04:00
0ed919f072
Deprecate ClientRegistration.redirectUriTemplate
...
Closes gh-8906
2020-08-04 11:03:29 -04:00
11cc94afd8
Deprecate ImplicitGrantConfigurer
...
Closes gh-8902
2020-08-04 07:26:58 -04:00
0a2006ebec
Support custom filter in Server Kotlin DSL
...
Closes gh-8783
2020-07-22 05:32:16 -04:00
37aa5f9b7c
Introduce AuthenticationConverterServerWebExchangeMatcher
...
AuthenticationConverterServerWebExchangeMatcher is ServerWebExchangeMatcher implementation based on AuthenticationConverter which matches if ServerWebExchange can be converted to Authentication.
It can be used as a matcher where SecurityFilterChain should be matched based on used authentication method.
BearerTokenServerWebExchangeMatcher was replaced by this matcher.
Closes gh-8824
2020-07-21 10:11:57 -06:00
cc44a93333
Polish WebSecurityConfigurerAdapter JavaDoc
...
Issue gh-8784
2020-07-20 15:21:18 -06:00
956a6ee00c
WebSecurityConfigurerAdapter JavaDoc
...
Closes gh-8784
2020-07-20 15:21:18 -06:00
2c960d2ad1
Add AuthnRequestConsumerResolver
...
Closes gh-8141
2020-07-16 14:53:22 -06:00
7cc6509200
Polish gh-8669
2020-07-15 11:52:42 -04:00
78ed6c4de6
Add custom HeaderWriter in Kotlin DSL
...
Closes gh-8823
2020-07-10 14:18:48 +02:00
815ceae45c
Allow disabling headers in Kotlin DSL
...
Closes gh-8816
2020-07-08 10:55:01 +02:00
146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
...
This reverts commit 68538897c8
2020-07-01 13:11:50 -06:00
68538897c8
Lock Dependency Versions for 5.4.0-M2
2020-07-01 12:40:29 -06:00
0b5a14a900
Register OAuth2AuthorizedClientArgumentResolver as custom resolver for XML config
...
Issue gh-8669
2020-07-01 11:07:33 -04:00
3e25714dc6
Add reified function variants to security DSL
...
Closes gh-8697
2020-07-01 07:22:16 -04:00
edf06a3461
OAuth2AuthorizedClientArgumentResolver uses OAuth2AuthorizedClientManager @Bean
...
Closes gh-8700
2020-06-30 11:25:39 -04:00
951e64185b
Register OAuth2AuthorizedClientArgumentResolver for XML Config
...
Closes gh-8669
2020-06-25 16:10:29 -04:00
224361cb4a
Fix typo in Javadoc
2020-06-16 09:38:09 -04:00
4e7be2078f
DefaultWebSecurityExpressionHandler uses RoleHierarchy bean
...
Fixes gh-7059
2020-06-10 16:43:01 -04:00
a907026eae
Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive
...
Closes gh-8677
2020-06-10 11:48:56 -05:00
da4b626bf1
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 17:28:21 -04:00
28d2cfa14a
Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter
...
Fixes gh-8536
2020-06-02 21:54:09 -04:00
748538d19f
Delay AuthenticationPrincipalArgumentResolver Creation
...
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.
Closes gh-8613
2020-05-29 16:49:01 -05:00
61060b3a4f
Add multipart configuration to CSRF Kotlin DSL
...
Fixes gh-8602
2020-05-27 17:01:12 -04:00
6f5947cab7
Fix test warnings
2020-05-27 17:00:48 -04:00
fa11ae3c33
Remove unused import
2020-05-27 14:27:29 -04:00
67d2efde1c
Resolve package tangles with security marker annotation
2020-05-27 07:33:24 -05:00
bc272ddf73
Resolve package tangles in Kotlin server package
2020-05-27 07:33:24 -05:00
f1db7167cb
Polish
...
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.
This change does not alter behavior.
2020-05-22 20:33:32 -05:00
dbdeec4216
Check for an existing SessionRegistry bean
...
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
2020-05-22 20:33:32 -05:00
0fa339f75b
Allow port=0 for ApacheDSContainer
...
Fixes gh-8144
2020-05-21 16:14:01 -05:00
51a0cffd36
Post-process AuthenticationRequestFilter
...
Fixes gh-8552
2020-05-18 21:08:23 -06:00
9241cd2892
Move TestRelyingPartyRegistrations
...
Fixes gh-8551
2020-05-18 16:38:40 -06:00
1e211b6558
Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter
...
Fixes gh-8120
2020-05-15 15:13:15 -04:00
c1abc9b134
Polish gh-8501
2020-05-15 13:26:09 -04:00
78fa859798
Add issuerUri to ClientRegistration.providerDetails
...
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.
Fixes gh-8326
2020-05-14 17:13:07 -04:00
e5d2aaf6fe
Deprecate OpenID 2.0 support
...
Deprecate OpenID 2.0 support
2020-05-12 09:37:56 -05:00
1aadbb2f4d
Remove "/path/**/other" patterns in tests
...
Fixes gh-8513
2020-05-11 17:00:25 -04:00
f2a2b469c4
Deprecate openID 2.0 support
...
This commit adds deprecation notice to xml schema, parser of the schema and removes fixme comments.
Fixes gh-7153
2020-05-09 12:04:13 +02:00
d91b153cad
Explicitly set useSuffixPatternMatch for Tests
...
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.
This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.
Closes gh-8493
2020-05-08 16:43:56 -05:00
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
2020-05-06 17:27:35 -04:00
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
339d44b5a1
Deprecate openID 2.0 support
...
This commit puts deprecation notice on docs, sample applications and configurations (java and xml)
Fixes gh-7153
2020-05-02 10:18:31 +02:00
4a9fa0337a
Allow Configure RequestRjectedHandler in XML
...
Issue gh-5007
2020-05-01 10:51:11 -05:00
b826c798f7
Add RequestRejectedHandler
...
Closes gh-5007
2020-05-01 10:51:01 -05:00
8e8251ac5f
Add ROLE_INFRASTRUCTURE to infrastructure beans
...
Closes gh-8407
2020-04-27 08:59:24 -05:00
0f29bee1b0
Add authorize() DSL method that accepts HttpMethod
...
Fixes: gh-8307
2020-04-22 16:14:04 -04:00
16a7cbee4b
Use named arguments in Kotlin authorization rule
2020-04-22 16:14:04 -04:00
401393d756
Extract pattern type in request matcher DSL
2020-04-22 16:14:04 -04:00
5cd1ec7bb3
Add AuthoritiesMapper setter for reactive OAuth2Login
...
Allow the configuration of a custom GrantedAuthorityMapper for reactive OAuth2Login
- Add setter in OidcAuthorizationCodeReactiveAuthenticationManager
and OAuth2LoginReactiveAuthenticationManager
- Use an available GrantedAuthorityMapper bean to configure the default ReactiveAuthenticationManager
Fixes gh-8324
2020-04-17 16:55:05 -04:00
2cccf223df
Add Flag to enable searching of LDAP groups on subtrees
...
Closes gh-8939
2020-04-17 12:55:11 -05:00
146d9ba0bf
Add marker to make Kotlin DSL type safe.
...
Fixes gh-8366
2020-04-14 16:23:28 -04:00
a70d55552b
Resource Server Finds JwtAuthenticationConverter Beans
...
Fixes gh-8185
2020-04-13 22:47:20 -06:00
9a42a028e7
Logout defaults to use Global SecurityContextServerLogoutHandler
...
Closes gh-8375
2020-04-13 16:36:12 -05:00
711954e016
Deprecate Saml2AuthenticationRequestFilter Constructor
...
Removing the default usage of OpenSamlAuthenticationRequestFactory.
Otherwise, the Open SAML dependency is required, even when
Saml2AuthenticationRequestFactory is implemented without it.
Fixes gh-8359
2020-04-08 16:27:46 -06:00
39e09e4ca5
Idiomatic Kotlin DSL for server HTTP security
...
Issue: gh-5558
2020-04-07 11:04:59 -04:00
6017510fdd
Compile Kotlin tasks using JVM 1.8
2020-04-07 11:04:59 -04:00
6d45ec5d6b
Fix typo in Javadoc of ServerHttpSecurity#hasAuthority
2020-04-06 14:19:42 -05:00
dc6b8ce470
Add addFilterAfter and addFilterBefore to Kotlin DSL
...
Fixes gh-8316
2020-04-03 12:04:03 -04:00
1de0cf5057
Fix HttpSecurity Javadoc
...
Fixes gh-4404
2020-04-02 11:32:38 -04:00
91728ef53b
Fix HttpServlet3RequestFactory Logout Handlers
...
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.
This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.
Closes gh-4760
2020-03-30 17:50:28 -05:00
b055f8bb25
SpringTestContext returns ConfigurableWebApplicationContext
...
Closes gh-8233
2020-03-30 17:46:25 -05:00
e27e548215
oauth2Login WebFlux does not auto-redirect for XHR request
...
Fixes gh-8118
2020-03-26 04:36:23 -04:00
97085ef310
Fix rsocket test
...
Request route that exists; add additional error message verification
Fixes gh-8154
2020-03-19 17:27:14 -04:00
2d8c65db56
Support port=0 for LDAP Servers
...
Fixes gh-8138
2020-03-18 09:45:10 -06:00
4d99ee2896
Allow port=0 in XSD
...
Issue gh-8138
2020-03-18 09:45:10 -06:00
f438bdfbcf
Add spring-security-5.4.xsd
...
Issue gh-8138
2020-03-18 09:45:10 -06:00
ad9bb7f230
Fix typo in Javadoc of HttpSecurity#csrf()
...
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
2020-03-17 12:42:11 -06:00
40b15f5a46
Rename to SessionFixationDslTests
2020-03-17 12:05:25 -04:00
bfd36d9a54
Remove Redundant ConcurrentSessionFilter Refs
...
Fixes gh-8105
2020-03-13 16:27:30 -06:00
d81321bc29
Fix typo 'properites' in documentation
...
Fixes gh-8095
2020-03-11 10:54:14 -06:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
c729fee7bc
Malformed Bearer Token Returns 401 for WebFlux
...
Fixes gh-7668
2020-03-03 15:42:02 -07:00
c111099640
Polish client-registration xsd attributes
...
Issue gh-4557
2020-03-02 15:02:46 -05:00
e97396b9c7
Add Resource Server XML Support
...
Fixes gh-5185
2020-03-02 11:51:40 -07:00
f1a2d69968
Add AuthenticationProvider List Configurability
...
Issue gh-5185
2020-03-02 11:51:40 -07:00
34b40deb38
Add By-RequestMatcher Exception Handling
...
Issue gh-5185
2020-03-02 11:51:40 -07:00
98a2ca3bbc
Add Csrf Ignore Configurability
...
Issue gh-5185
2020-03-02 11:51:40 -07:00
19584884b3
Register Authentication Provider in Init Phase
...
Fixes gh-8031
2020-02-28 15:32:27 -07:00
3257349045
Support POST binding for AuthNRequest
...
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
727fee1e12
Polish HeaderWriterSpec
...
Assert.notNull(Object,Supplier) is for when then message passed in
requires concatenation and avoids doing extra work. Since this does
not require concatenation, we can use Assert.notNull(Object,String)
Issue gh-7636
2020-02-27 07:57:51 -06:00
480c5bc87e
Custom ServerHttpHeadersWriter to HeaderSpec
...
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
2020-02-27 07:55:30 -06:00
2fb3d3d5a2
Add hasRole to authorizeRequests in Kotlin DSL
...
Fixes: gh-8023
2020-02-25 08:29:26 -05:00
4cd89b584f
Polish gh-5184
2020-02-20 21:25:17 -05:00
8a4ff4452b
Add XML namespace support for oauth2-client
...
Fixes gh-5184
2020-02-20 20:05:48 -05:00
171e0d048f
Fix typo in WebSecurityConfigurer Javadoc
...
Fixes: gh-7876
2020-02-14 11:00:45 +01:00
ff8002eb2e
Polish gh-4557
2020-02-12 15:47:57 -05:00
71a5c9521c
Add XML namespace support for oauth2-login
...
Fixes gh-4557
2020-02-12 15:26:17 -05:00
40c0a452d7
Define oauth2-login xsd elements
...
Issue gh-4557
2020-02-12 15:26:17 -05:00
fde3ccb8b3
Add marker to make Kotlin DSL type safe
...
Fixes: gh-7971
2020-02-12 11:35:45 +01:00
1d6fdd249b
Add missing Javadoc to Kotlin class
2020-02-11 18:09:30 +01:00
f37a4557e6
Fix typo in Kotlin Javadoc
2020-02-11 18:09:30 +01:00
5bdf57d1e5
Remove Groovy and Spock Dependencies
...
Fixes gh-4939
2020-02-10 10:38:40 -07:00
a5210aaf9b
Support custom filter in Kotlin DSL
...
Fixes: gh-7951
2020-02-10 12:03:32 +01:00
851be025e9
Don't force downcasting of RequestAttributes to ServletRequestAttributes
...
Fixes gh-7952
2020-02-07 20:44:19 -05:00
8c0b754a49
Fix credentials precedence over introspector in Kotlin
...
Fixes: gh-7878
2020-02-06 11:01:42 +01:00
1fed688f05
Fix JWK Set URI precedence over decoder in Kotlin
...
Fixes: gh-7877
2020-02-06 10:48:42 +01:00
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
2020-02-05 15:53:04 +01:00
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
1d7208f8ef
Add RSocket Authentication Extension Support
...
Fixes gh-7935
2020-02-04 23:36:47 -06:00
209c81d65d
Add BadOpaqueTokenException
...
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.
Fixes gh-7902
2020-02-04 17:33:08 -07:00
0c3754c811
Add BadJwtException
...
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.
Fixes gh-7885
2020-02-04 17:33:08 -07:00
3e07b35611
Polish Bearer Token Error Handling
...
Issue gh-7822
Issue gh-7823
2020-02-03 17:54:39 -07:00
ee6df1701b
Polish SessionManagementConfigurer
2020-01-31 11:24:36 -07:00
cb9fd09150
Change AuthenticationWebFilter's constructor
...
Fixes gh-7872
2020-01-31 09:31:28 -07:00
a512789a93
Fix requiresAuthenticationMatcher not being used
...
The custom server requiresAuthenticationMatcher was not always picked up
Fixes: gh-7863
2020-01-27 16:12:27 +01:00
29377545d9
Fix authenticationFailureHandler not being used
...
The custom server authenticationFailureHandler was not always picked up
Fixes: gh-7782
2020-01-27 13:10:03 +01:00
bdc60a9128
Don't cache requests with `Accept: text/event-stream` by default.
...
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:42:16 -08:00
f1f158b37e
AuthenticationEventPublisher DSL Lookup
...
Fixes gh-4400
2020-01-14 12:07:46 -07:00
5579846263
AuthenticationEventPublisher Bean Lookup
...
Issue gh-7793
Fixes gh-7515
2020-01-14 12:07:46 -07:00
fc9b97c94a
Typo in doc
2020-01-14 08:32:26 -07:00
f0856c83a9
Migrate LDAP integration tests groovy->java
...
This commit also removes BaseSpringSpec
Issue: gh-4939
2020-01-13 14:18:25 +01:00
a35ce77451
Add missing PowerMockIgnore annotation
...
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
2020-01-09 15:48:08 -07:00
ba21c156dd
Polish WebSecurityConfigurerAdapter tests
...
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
2020-01-09 13:51:19 -07:00
fcc6457bef
Unlock dependencies for next development version
...
This reverts commit 93acf8f0f1
2020-01-08 22:15:17 +01:00
93acf8f0f1
Lock dependencies for 5.3.0.M1
2020-01-08 19:41:10 +01:00
de87675f6d
Add JwtIssuerAuthenticationManagerResolver
...
Fixes gh-7724
2020-01-07 23:30:42 -07:00
2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security
...
Issue: gh-5558
2020-01-07 12:08:43 -05:00
65981444f1
Use Version Ranges
...
Fixes gh-7788
2020-01-06 14:46:48 -06:00
06d7443946
Use Gradle platform and constraints
...
This was largely generated from the following script
wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy
2020-01-06 14:46:36 -06:00
924b9e95a1
Polish MethodSecurityEvaluationContext
...
Issue: gh-6224
2020-01-03 20:08:52 -05:00
8b8267e1fe
Fix typo in LDAP Javadoc
2020-01-02 10:58:44 -05:00
b4619f31ee
Fix return type
...
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.
Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
2019-12-30 12:01:56 -07:00
2c7f2c2117
Fix Javadoc error in oauth2ResourceServer
...
Fixes: gh-7670
2019-12-27 14:24:46 +01:00
af415948b1
Allow configuration of AuthenticationManagerResolver in saml2Login()
...
Fixes gh-7654
https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
9aa333ca4d
Use the custom ServerRequestCache that the user configures
...
on for the default authentication entry point and authentication
success handler
Fixes gh-7721
https://github.com/spring-projects/spring-security/issues/7721
Set RequestCache on the Oauth2LoginSpec default authentication success handler
import static ReflectionTestUtils.getField
Feedback incorporated per
https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-17 13:33:56 -08:00
02f161aba7
Use OidcIdToken.Builder
...
Issue gh-7592
2019-12-12 07:37:15 -07:00
c40a17b4d1
WebFlux oauth2Login() redirects on failed authentication
...
Fixes gh-5562 gh-6484
2019-12-05 16:50:43 -05:00
d8d59e97ac
Correctly configure authorization requests repository for OAuth2 login
...
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.
This change also makes OAuth2Client and OAuth2Login authentication converters consistent.
Fixes gh-7675
2019-11-29 12:05:15 -05:00
b7cb93f671
Fix WebFlux logout disabling
...
Fixes: gh-7682
2019-11-28 14:40:25 +01:00
c38e57fa42
Fix class and variable names
2019-11-28 09:23:38 +01:00
8ebc7ca0ea
Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc
2019-11-28 09:23:38 +01:00
8a95e5798d
Update @MessageMapping to match input/output cardinality
2019-11-22 15:07:38 -06:00
cd0bec48de
Fix typo in log message.
2019-11-21 15:55:27 -07:00
0d35194b47
Add sessionFixation Javadoc
2019-11-15 12:17:05 +01:00
ca8877c8c5
Updates javadoc for InitializeUserDetailsBeanManagerConfigurer
2019-11-13 10:34:10 +01:00
1188a3bb5f
Polish RememberMeConfigurer
...
Issue: gh-4140
2019-11-07 15:26:59 +01:00
b13f750646
Retrieve remember-me key from service as fallback
...
Fixes: gh-4140
2019-11-07 13:55:39 +01:00
9f6a36444a
Add missing schemas
2019-11-06 08:24:20 -06:00
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests
...
To confirm that resource server only produces SCOPE_<scope>
authorities by default.
Issue gh-7596
2019-11-04 11:39:54 -07:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
5f17032ffd
Restore Removed Throws Clauses
...
In a recent clean-up, certain exceptions were removed from various
throws clauses.
This PR re-introduces throws clauses that are important for one of the
following reasons:
1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.
Fixes gh-7541
2019-10-30 12:13:54 -06:00
635f7e1edd
CsrfWebFilter supports multipart/form-data
...
Fixes gh-7576
2019-10-28 14:06:10 -05:00
0ac5f5456f
Fix typo 'is' -> 'if' in javadoc
2019-10-25 13:27:11 -06:00
de7cbc82b5
Clarify in Javadoc that expressionHandler should not be null
...
Fixes: gh-2665
2019-10-23 15:10:39 -04:00
3051a79188
Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access
2019-09-30 14:33:41 -05:00
a911f3d52f
Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access
2019-09-30 14:14:59 -05:00
3854afad61
Merge Add denyAll method in AuthorizePayloadsSpec.Access
2019-09-30 14:05:42 -05:00
758af54796
ObjectPostProcessor Tests groovy->java
...
Issue gh-4939
2019-09-27 16:36:33 -06:00
a08be5bf6f
UrlAuthorizationsTests groovy->java
...
Issue gh-4939
2019-09-27 16:23:33 -06:00
870d83eb3e
PermitAllSupportTests groovy->java
...
Issue gh-4939
2019-09-27 16:23:33 -06:00
350bce761f
Add hasAuthority method to RSocketSecurity
...
Fixes gh-7435
2019-09-27 16:48:25 -05:00
5f905232cb
Polish CurrentSecurityContextArgumentResolvers
...
Fixes gh-7487
2019-09-27 13:19:08 -06:00
5ef6e7ed6f
Add author for SecurityReactorContextConfiguration
...
Issue gh-7422
2019-09-27 15:17:20 -04:00
0fea57d6a1
Optimize SecurityReactorContextConfiguration
...
Issue gh-7422
2019-09-27 14:46:39 -04:00
33ba292fed
Resource Server w/ SecurityReactorContextSubscriber
...
Fixes gh-7423
2019-09-27 11:01:04 -06:00
5a67971375
WebFluxSecurityConfiguration configures oauth2Client() by default
...
Fixes gh-7470
2019-09-27 10:04:19 -04:00
08d2c93713
Polish gh-7466
2019-09-26 22:11:53 -04:00
9bae0a4dbd
Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec
...
Fixes gh-7466
2019-09-26 17:19:32 -04:00
2a5bd6e719
Align Servlet ExchangeFilterFunction CoreSubscriber
...
Fixes gh-7422
2019-09-26 16:17:17 -04:00
d3b7a47ef8
Polish gh-4442
2019-09-25 21:37:31 -04:00
da9f027fa4
Add nonce to OIDC Authentication Request
...
Fixes gh-4442
2019-09-25 14:57:54 -04:00
ceab56f764
Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrder.AUTHORIZATION
...
Fixes gh-7434
2019-09-24 15:39:25 -05:00
9f18c2e21a
OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri
...
Fixes gh-7036
2019-09-24 11:07:36 -04:00
98e75eb51a
Fix Javadoc for anonymous
2019-09-23 11:06:28 -04:00
00f8991fac
Merge Remove Redudant Throws
...
Fixes gh-7301
2019-09-19 11:04:53 -05:00
3a66191756
Add hasAnyAuthority method in AuthorizePayloadsSpec.Access
...
See Fixes gh-7437
Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
2019-09-18 21:17:09 -05:00
034b5e9e93
Introduce LogoutSuccessEvent
...
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.
By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.
This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.
Fixes gh-2900
2019-09-18 10:57:16 -05:00
9926ad68b8
add hasAnyRole method in AuthorizePayloadsSpec.Access
2019-09-18 07:59:20 -05:00
daf6b53e3a
Add denyAll method in AuthorizePayloadsSpec.Access
...
See gh-7437
Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
2019-09-17 20:17:10 -05:00
05caf3d8fb
Use Jwt.Builder
...
Fixes gh-7443
2019-09-16 14:00:25 -06:00
1176d0cfdb
Polish DefaultFilters,Issue55Tests
...
Formatted HttpSecurity and WebSecurity configuration stacks
Removed unnecessary code
Issue gh-4939
2019-09-16 13:56:17 -06:00
950e6422a1
Migrate DefaultFilters,Issue55Tests groovy->java
...
Issue gh-4939
2019-09-16 13:37:22 -06:00
101e0a21a8
Bearer WebClient Filter Authentication Propagation
...
Fixes: gh-7418
2019-09-11 16:27:21 +01:00
96d44cd4b7
Add Default RSocketSecurity
...
Fixes gh-7361
2019-09-09 16:10:55 -05:00
5d0815bc76
Allow RSocketMessageHandlerITests to timeout
...
Fixes gh-7415
2019-09-09 16:10:50 -05:00
6296e6e896
RSocketSecurity delegates to correct matcher
...
Fixes gh-7414
2019-09-09 16:09:23 -05:00
1b699a49fb
Polish RSocket packaging
...
Fixes gh-7413
2019-09-09 16:07:14 -05:00
aa533c2565
Add missing javadoc to session fixation
2019-09-06 16:33:51 -04:00
316380e622
Allow Custom PayloadInterceptor to be Added
...
Fixes gh-7362
2019-09-06 14:52:47 -05:00
a60446836b
OAuth2AuthorizeRequest supports attributes
...
Fixes gh-7341
2019-09-05 21:04:25 -04:00
08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp
...
Add SAML Service Provider Support
2019-09-05 17:04:14 -07:00
e9a44bc0ce
HttpSecurity.saml2login() - MVP Core Code
...
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:
- Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
- Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
- Supports basic java-configuration via DSL
- Provides an integration sample using Spring Boot
Not implemented with this MVP
- Single Logout
- Dynamic Service Provider Metadata
Fixes gh-6019
2019-09-05 14:40:08 -07:00
9639962e27
Fix RSocket Package Tangle
...
Issue gh-7360
2019-09-05 16:27:57 -05:00
7ad641d106
RSocket Tests use Available Port
...
Issue gh-7360
2019-09-05 09:16:07 -05:00
26a65249f9
Remove invalid characters
2019-09-05 04:32:34 -06:00
5a4eded696
Add RSocket Support
...
Fixes gh-7360
2019-09-04 19:24:01 -05:00
dcd997ea43
Add support for Resource Owner Password Credentials grant
...
Fixes gh-6003
2019-09-04 14:07:45 -04:00
de672e3ae9
Polish oauth2ResourceServer() Error Messaging
...
Fixes: gh-6876
2019-09-04 11:49:22 -06:00
1fc5b27fa2
Update LogoutConfigurerClearSiteData Tests
...
Issue gh-7347
2019-09-04 03:30:37 -06:00
068f4f0147
Polish Opaque Token
...
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.
Fixes gh-7344
Fixes gh-7345
2019-09-03 15:58:05 -06:00
8773c7994f
Allow to set default securityContextRepository for each authentication mechanisms
...
Fixes gh-7249
2019-09-03 07:46:59 -06:00
f6c650db47
Replace Streams with Loops
...
First version of replacing streams
fix wwwAuthenticate and codestyle
fix errors in implementation to pass tests
Fix review notes
Remove uneccessary final to align with cb
Short circuit way to authorize
Simplify error message, make code readably
Return error while duplicate key found
Delete check for duplicate, checkstyle issues
Return duplicate error
Fixes gh-7154
2019-09-02 15:30:48 -06:00
d6d0d89ff8
NamespaceRememberMeTests groovy->java
...
Issue gh-4939
2019-09-02 13:08:21 -06:00
bf5b693549
NamespaceHttpOpenIDLoginTests groovy->java
...
Issue gh-4939
2019-08-30 15:54:43 -06:00
95511331fa
fix checkstyle
2019-08-26 22:42:26 +02:00
2c2e8e5f24
Remove internal Optional usage in favor of null checks
...
Issue gh-7155
2019-08-26 09:27:40 -04:00
34dd5fea30
Remove redundant throws clauses
...
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
46756d2e6b
Introduce Reactive OAuth2AuthorizedClient Manager/Provider
...
Fixes gh-7116
2019-08-21 14:12:38 -04:00
9876b66f99
Polish GlobalMethodSecurityConfiguration
...
Initialize ExpressionBasedPreInvocationAdvice for
PreInvocationAuthorizationAdviceVoter only when needed.
2019-08-17 16:35:30 -06:00
71444ff5dc
RequestCache ignores multipart requests
...
Fixes gh-7060
2019-08-15 09:21:41 -05:00
08ea2348d6
Polish RequestCache ignores multipart requests
2019-08-15 09:20:45 -05:00
1ab05dae02
added test
2019-08-14 21:35:34 +02:00
abc90280e0
Add unbounid support in xml
...
Add unbounid support in xml
Fixes gh-6011
2019-08-14 10:05:49 -05:00
cb4f3d2f44
Use UTF-8 for Java sources and XML
2019-08-14 08:47:00 -05:00
2e63def05b
Add tests
2019-08-14 00:56:26 -05:00
93142f3e30
Remove unboundid dependency
2019-08-13 20:39:25 -05:00
c03fb701ce
Improve logic to pick embedded server
2019-08-13 20:36:46 -05:00
3511c0ea4f
Update xsd
2019-08-13 20:17:51 -05:00
4ed197e515
Rename OAuth2TokenIntrospectionClient
...
Renamed to OpaqueTokenIntrospector
Fixes gh-7245
2019-08-12 18:05:28 -04:00
Phillip Webb
Martin Vietz
Josh Cummings
koishikawa11
Joe Grandja
Rob Winch
Jakub Kubrynski
Eleftheria Stein
Evgeniy Cheban
Dávid Kováč
Romil Patel
Peer Schönhusen
Parikshit Dutta
Craig Andrews
Joe Grandja
Thomas Vitale
Dávid Kovács
Leonard Brünings
Adam Millerchip
Antonin Arquey
Roberto Paolillo
Loïc Labagnara
hotire
Markus Engelbrecht
Erik van Paassen
Filip Hanik
Ankur Pathak
Ruby Hartono
Stephane Maldini
James
Johannes Edmeier
Vincent Ricard
BELHAKEL Ammar
Alexey Nesterov
Ruslan Stelmachenko
Pim Moerenhout
Paul Pazderski
Adrian Pena
邓超
Yanming Zhou
Vitalii Mahas
Luis Felipe Vega Calle
Roman Chigvintsev
Mark Heckler
Jesús Ascama
Ebert Toribio
Onur Kagan Ozcan
Manuel Tejeda
kostya05983
Eddú Meléndez
Lars Grefer
watsta
John Lin
Ahmed Sayed