Commit Graph

6755 Commits

Author SHA1 Message Date
Rob Winch adec62cdf2 EnableWebFluxSecurity creates CsrfRequestDataValueProcessor
Fixes gh-4762
2017-11-07 22:25:48 -06:00
Rob Winch 676020321e Add reactive CsrfRequestDataValueProcessor
Fixes gh-4762
2017-11-07 22:25:36 -06:00
Rob Winch 7622826b69 WebSessionServerCsrfTokenRepository saves on getToken
Fixes gh-4801
2017-11-07 22:25:23 -06:00
Rob Winch 776364d403 ServerCsrfTokenRepository.saveToken return Mono<CsrfToken>
Fixes gh-4800
2017-11-07 22:24:53 -06:00
Rob Winch 3f18881493 Remove additional attribute name from CsrfWebFilter
Fixes gh-4799
2017-11-07 22:24:42 -06:00
Rob Winch 91e27c1422 Add slf4jDependencies to hellowebflux
Fixes gh-4798
2017-11-07 22:24:32 -06:00
Rob Winch c7c84e0996 Fix CustomLoginPage test
Fixes gh-4797
2017-11-07 22:24:21 -06:00
Rob Winch 1506dcd413 SpringTestContext.getContext()
Add accessor method for SpringTestContext.getContext()

Fixes gh-4796
2017-11-07 22:24:15 -06:00
Joe Grandja db35dc6c03 Add tests to oauth2-core
Fixes gh-4298
2017-11-06 11:39:17 -05:00
Rob Winch d9abd2e443 User.UserBuilder only encodes once
Fixes gh-4794
2017-11-06 09:47:37 -06:00
Rob Winch 21aec19d42 Add FormLoginBuilder.serverAuthenticationSuccessHandler
Fixes: gh-4786
2017-11-03 08:47:59 -05:00
Rob Winch 1d4c7da1e1 Fix WebTestClientWebConnection for redirects 2017-11-03 08:46:56 -05:00
Craig Walls 06c4bffc5f Use id field instead of name field for GitHub and Facebook providers.
Fixes gh-4764
2017-11-01 10:48:57 -04:00
Greg Turnquist 881cd0befb Fix UsernamePasswordAuthenticationTokenMixin to handle null credentials/details
Resolves #4698
2017-10-31 16:34:07 -05:00
Rob Winch 82adf744f5 Polish Docs 2017-10-31 10:27:34 -05:00
Rob Winch 35758fc61f Next Development Version 5.0.0.BUILD-SNAPSHOT 2017-10-30 17:06:54 -05:00
Rob Winch e7ab2a697d Release 5.0.0.RC1 2017-10-30 16:47:44 -05:00
Rob Winch e95430fa36 Polish Reactive Method Security reference
Issue gh-4757
2017-10-30 16:27:50 -05:00
Rob Winch d664ff2e26 Lookup HandlerMappingIntrospector from Bean 2017-10-30 16:27:50 -05:00
Joe Grandja ef9cd76607 Polish oauth2
Fixes gh-4758
2017-10-30 16:49:01 -04:00
Rob Winch 8e6c726fb2 Add WebFlux to What's New 5.0
Fixes gh-4757
2017-10-30 15:29:13 -05:00
Joe Grandja d435f149eb Polish spring-security-oauth2-jose
Fixes gh-4755
2017-10-30 13:09:40 -04:00
Joe Grandja 511d702ee0 Remove JwtDecoderRegistry
Fixes gh-4754
2017-10-30 12:52:42 -04:00
Joe Grandja 727098d6c0 Fix NPE when configuring oauth2Login.loginPage
Fixes gh-4752
2017-10-30 06:26:07 -04:00
Rob Winch 5280ac40e9 WebMvcConfigurerAdapter->WebMvcConfigurer
Fixes gh-4612
2017-10-30 01:30:08 -05:00
Gajendra kumar ec723952d5 principals and sessionIds should be set using constructor so that can be shared across node in cluster
As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal.
2017-10-30 01:08:15 -05:00
Kazuki Shimizu 3d5989dea4 Change a default realm name
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.

Fixes gh-4220
2017-10-30 00:59:39 -05:00
Frank Pavageau 35706ad60a Deserialize the principal in a neutral way
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
2017-10-30 00:53:31 -05:00
Frank Pavageau 6fd9ff254b Map values directly from the JSON nodes
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
2017-10-30 00:53:31 -05:00
SignleMR a1fdb7dcb3 Update AbstractRememberMeServices.java
this file`s file encode is unkown,maybe is "Eddu Melendez"
2017-10-30 00:50:23 -05:00
Rob Winch 4295461830 ServerHttpSecurity extracts WebFilter from OrderedWebFilter
Fixes gh-4736
2017-10-30 00:45:26 -05:00
Jeremy Waters 832f5c39c1 SEC-3190: Add support for colons in remember-me token values
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
2017-10-30 00:33:14 -05:00
Trygve Aasjord 8d717c62af Pass username as second parameter for search filter.
Allows the username only (without domain) to be used in custom search filter like "sAMAccountName={1}",
in eg. situations where the userPrincipalName has a different suffix than domain.

Thanks to contributors in issue.

fixes gh-2448
2017-10-29 23:58:58 -05:00
Johnny Lim cdcf65de1e Polish
Fixes gh-4425
2017-10-29 23:43:13 -05:00
Rob Winch 93ac706d86 Polish XFrameOptionsHeaderWriter
Issue: gh-4559
2017-10-29 23:32:53 -05:00
Nathan Wong 02a78b17b9 Add check to see if return value is DENY
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
2017-10-29 23:32:53 -05:00
Antoine bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine 0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine e0aca04a28 Polish AssertJ assertions
Polish AssertJ assertions
2017-10-29 22:22:34 -05:00
Arend v. Reinersdorff a558d408a3 Minor typos PreAuthenticatedAuthenticationProvider 2017-10-29 22:12:04 -05:00
Kyle Anderson a139a0052d Fix Typo in Reference Docs 2017-10-29 22:09:46 -05:00
Rob Winch 77de91ad60 Polish unbounded support
- Update unboundid-ldapsdk-4.0.1
- Fix ordering of dependencies

Issue gh-4672
2017-10-29 21:59:55 -05:00
Eddú Meléndez 70165869b1 Add UnboundId LDAP inmemory support
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
2017-10-29 21:59:55 -05:00
Joe Grandja 9a4513356d Configure default OAuth2AuthorizedClientService
Fixes gh-4751
2017-10-29 22:45:57 -04:00
Paul Wheeler 6decf1c8ef Allow use of non-numeric (e.g. UUID) values for ObjectIdentity.getIdentifier()
Prior to this commit, the ObjectIdentity id had to be a number. This
commit allows for domain objects to use UUIDs as their identifier. The
fully qualified class name of the identifier type can be specified
in the acl_object_identity table and a ConversionService can be provided
to BasicLookupStrategy to convert from String to the actual identifier
type.

There are the following other changes:

 - BasicLookupStrategy has a new property, aclClassIdSupported, which
 is used to retrieve the new column from the database. This preserves
 backwards-compatibility, as it is false by default.

 - JdbcMutableAclService has the same property, aclClassIdSupported,
 which is needed to modify the insert statement to write to the
 new column. Defaults to false for backwards-compatibility.

 - Tests have been updated to verify both the existing functionality
 for backwards-compatibility and the new functionality.

Fixes gh-1224
2017-10-29 21:29:12 -05:00
Joris Portegies Zwart de9fe3e3b1 Fix the JavaDoc for Pbkdf2PasswordEncoder so that it uses the actual values for default hash width and number of iterations 2017-10-29 21:08:38 -05:00
Rob Winch 4fa9b4dd15 Add ServerHttpSecurity.exceptionHandling()
Fixes gh-4750
2017-10-29 21:00:10 -05:00
Rob Winch d9584384c4 Move collectClaims to OidcUserAuthority
Fixes gh-4749
2017-10-29 20:41:05 -05:00
Joe Grandja 5fa822d114 Expose custom config for OidcUserService
Fixes gh-4715
2017-10-29 21:33:51 -04:00
Joe Grandja a261c9a047 Polish OAuth2LoginConfigurer
Fixes gh-4747
2017-10-29 21:33:51 -04:00