e6d6b39767
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:17:25 -06:00
b08075a721
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:30:12 -06:00
0fc80a6a65
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:12:29 -07:00
7d31837af3
OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
...
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
2020-12-03 11:20:11 -05:00
17276ad787
Next Development Version
2020-12-02 19:32:48 -07:00
7c2010f507
Revert "Lock Dependencies for 5.3.6"
...
This reverts commit a153012056
2020-12-02 19:32:03 -07:00
2975923a1d
Release 5.3.6.RELEASE
2020-12-02 16:31:52 -07:00
a153012056
Lock Dependencies for 5.3.6
2020-12-02 16:31:52 -07:00
a8fe846e7f
Update to Google App Engine 1.9.83
...
Closes gh-9247
2020-12-02 16:31:46 -07:00
02a9ee54a2
Update to Spring Boot 2.2.11
...
Closes gh-9246
2020-12-02 16:31:40 -07:00
0f76a16ae5
Provide artifactoryUsername/Password
2020-11-17 08:52:38 -06:00
82ba28ac74
Fix Snapshot Versions
2020-11-16 17:28:40 -06:00
78f0f7bd33
Use artifactoryUsername/Password for plugin repositories
2020-11-16 17:11:28 -06:00
ad4ed45cd7
Provide artifactoryUsername/Password
2020-11-16 17:11:20 -06:00
0f9de738df
Update to spring-build-conventions:0.0.35.RELEASE
2020-11-16 17:09:01 -06:00
3ba441ef50
add white space before strong notation.
2020-10-30 15:50:44 -06:00
9ab21f88cd
Closes gh-8196
...
Add leveloffset
2020-10-28 15:05:29 -06:00
93c37e6b15
Update Test Controllers
...
Closes gh-9121
2020-10-12 18:08:52 -06:00
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE"
...
This reverts commit 846a5a962c
2020-10-07 16:39:28 -06:00
8525ae0410
Next Development Version
2020-10-07 14:05:07 -06:00
989a162051
Release 5.3.5.RELEASE
2020-10-07 13:18:01 -06:00
846a5a962c
Lock Dependencies for 5.3.5.RELEASE
2020-10-07 13:18:01 -06:00
5bc0957d54
Update to AspectJ 1.9.6
...
Closes gh-9106
2020-10-07 13:17:04 -06:00
2b423b3505
Update to Google App Engine 1.9.82
...
Closes gh-9105
2020-10-07 13:16:59 -06:00
2f19e09531
Update to Spring Boot 2.2.10.RELEASE
...
Closes gh-9104
2020-10-07 13:16:54 -06:00
6aed9408e1
Add try-with-resources to close stream
...
Closes gh-9041
2020-09-29 08:29:49 -06:00
dec0368b39
Replace expired msdn link with latest web archive copy
...
Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016
2020-09-28 17:15:45 -06:00
b2dd95fc3b
Update ssl setup guide link in tomcat server
2020-09-24 13:53:04 -06:00
e44471331b
Create the CSRF token on the bounded elactic scheduler
...
The CSRF token is generated by UUID.randomUUID() which is I/O blocking operation.
This commit changes the subscriber thread to the bounded elactic scheduler.
Closes gh-9018
2020-09-16 09:01:45 -06:00
4f849de399
Next development version
2020-08-05 18:19:44 +02:00
d8bef76a0f
Unlock dependencies
...
This reverts commit b619d298aa
2020-08-05 18:18:02 +02:00
9187a7925e
Release 5.3.4.RELEASE
2020-08-05 17:40:07 +02:00
b619d298aa
Lock Dependencies for 5.3.4.RELEASE
2020-08-05 12:33:31 +02:00
ddeb68ff44
Update to Spring Boot 2.2.9.RELEASE
...
Closes gh-8922
2020-08-05 12:10:25 +02:00
49fa14c4c5
Update to GAE 1.9.81
...
Closes gh-8923
2020-08-05 12:09:46 +02:00
57f0a96e92
Update to nohttp 0.0.5.RELEASE
...
Closes gh-8924
2020-08-05 12:06:01 +02:00
cd78d384ea
Update to spring-build-conventions:0.0.34.RELEASE
...
Closes gh-8925
2020-08-05 12:05:28 +02:00
d104490cb8
Resolve Bearer token after subscribing to publisher
...
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.
Closes gh-8865
2020-08-03 11:09:48 -05:00
c2612a2f41
Remove unused import
...
Issue gh-8589
2020-07-31 08:45:17 -06:00
f3695932de
Polish to Avoid NPE
...
Issue gh-5648
Co-authored-by: MattyA <mat.auburn@gmail.com>
2020-07-30 17:28:07 -06:00
950769fa00
Additional Jwt Validation Debug Messages
...
Closes gh-8589
Co-authored-by: MattyA <mat.auburn@gmail.com>
2020-07-30 17:21:58 -06:00
57db8e5d4a
Add OAuth2AuthenticationException to allowlist
...
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error
Closes gh-8797
2020-07-21 10:15:44 -04:00
5d8bac1971
Polish WebSecurityConfigurerAdapter JavaDoc
...
Issue gh-8784
2020-07-20 15:23:43 -06:00
a55267f867
WebSecurityConfigurerAdapter JavaDoc
...
Closes gh-8784
2020-07-20 15:23:36 -06:00
9045636a4b
Polish Bearer Token Padding
...
Issue gh-8502
2020-07-16 11:56:55 -06:00
09e154d8f2
Bearer Token Padding
...
Closes gh-8502
2020-07-16 11:53:36 -06:00
6584b84b60
Fix ProviderManager Javadoc typo
...
Closes gh-8800
2020-07-07 17:12:38 -05:00
070706d948
LoginPageGeneratingWebFilter honors context path
...
Closes gh-8807
2020-07-07 13:36:35 -05:00
4fec451196
Enables empty authorityPrefix
...
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`
Fixes gh-8421
2020-07-07 15:24:38 +02:00
7af5804d56
Compare Timestamps up to the millisecond
...
Issue gh-8782
2020-07-01 11:30:27 +02:00
Rob Winch
Rob Winch
Josh Cummings
Ovidiu Popa
Hideaki Matsunami
Ayush Kohli
Malyshau Stanislau
Artem Grankin
ilee
Tomoki Tsubaki
Eleftheria Stein
Dávid Kováč
Dennis Neufeld
Romil Patel
kothasa
wangsong
Julian Müller