Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-25 00:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,269 Commits 34 Branches 337 Tags
Commit Graph

1462 Commits

Author SHA1 Message Date
Filip Hanik
b754a3d635 Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-18 08:44:27 -08:00
Eleftheria Stein
0d24e2b8cf Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-12-13 11:53:20 +01:00
Joe Grandja
e4aa3be4c5 WebFlux oauth2Login() redirects on failed authentication 
Fixes gh-5562 gh-6484
 2019-12-05 20:12:09 -05:00
Alexey Nesterov
0babe7d930 Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 13:58:27 -05:00
Eleftheria Stein
8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Pim Moerenhout
cd0bec48de Fix typo in log message. 2019-11-21 15:55:27 -07:00
Paul Pazderski
0d35194b47 Add sessionFixation Javadoc 2019-11-15 12:17:05 +01:00
Adrian Pena
ca8877c8c5 Updates javadoc for InitializeUserDetailsBeanManagerConfigurer 2019-11-13 10:34:10 +01:00
Eleftheria Stein
1188a3bb5f Polish RememberMeConfigurer 
Issue: gh-4140
 2019-11-07 15:26:59 +01:00
邓超
b13f750646 Retrieve remember-me key from service as fallback 
Fixes: gh-4140
 2019-11-07 13:55:39 +01:00
Yanming Zhou
9f6a36444a Add missing schemas 2019-11-06 08:24:20 -06:00
Josh Cummings
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests 
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
 2019-11-04 11:39:54 -07:00
Filip Hanik
0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Josh Cummings
5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch
635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Vitalii Mahas
0ac5f5456f Fix typo 'is' -> 'if' in javadoc 2019-10-25 13:27:11 -06:00
Eleftheria Stein
de7cbc82b5 Clarify in Javadoc that expressionHandler should not be null 
Fixes: gh-2665
 2019-10-23 15:10:39 -04:00
Rob Winch
3051a79188 Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 2019-09-30 14:33:41 -05:00
Rob Winch
a911f3d52f Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-30 14:14:59 -05:00
Rob Winch
3854afad61 Merge Add denyAll method in AuthorizePayloadsSpec.Access 2019-09-30 14:05:42 -05:00
Josh Cummings
758af54796
ObjectPostProcessor Tests groovy->java 
Issue gh-4939
 2019-09-27 16:36:33 -06:00
Josh Cummings
a08be5bf6f
UrlAuthorizationsTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Josh Cummings
870d83eb3e
PermitAllSupportTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle
350bce761f Add hasAuthority method to RSocketSecurity 
Fixes gh-7435
 2019-09-27 16:48:25 -05:00
Josh Cummings
5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Joe Grandja
5ef6e7ed6f Add author for SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 15:17:20 -04:00
Joe Grandja
0fea57d6a1 Optimize SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 14:46:39 -04:00
Josh Cummings
33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja
5a67971375 WebFluxSecurityConfiguration configures oauth2Client() by default 
Fixes gh-7470
 2019-09-27 10:04:19 -04:00
Joe Grandja
08d2c93713 Polish gh-7466 2019-09-26 22:11:53 -04:00
Roman Chigvintsev
9bae0a4dbd Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec 
Fixes gh-7466
 2019-09-26 17:19:32 -04:00
Joe Grandja
2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja
d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler
da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Jesús Ascama
ceab56f764 Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrder.AUTHORIZATION 
Fixes gh-7434
 2019-09-24 15:39:25 -05:00
Joe Grandja
9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Eleftheria Stein
98e75eb51a Fix Javadoc for anonymous 2019-09-23 11:06:28 -04:00
Rob Winch
00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Ebert Toribio
3a66191756 Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 
See Fixes gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-18 21:17:09 -05:00
Onur Kagan Ozcan
034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Manuel Tejeda
9926ad68b8 add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-18 07:59:20 -05:00
Jesús Ascama
daf6b53e3a Add denyAll method in AuthorizePayloadsSpec.Access 
See gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-17 20:17:10 -05:00
Josh Cummings
05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings
1176d0cfdb
Polish DefaultFilters,Issue55Tests 
Formatted HttpSecurity and WebSecurity configuration stacks
Removed unnecessary code

Issue gh-4939
 2019-09-16 13:56:17 -06:00
kostya05983
950e6422a1
Migrate DefaultFilters,Issue55Tests groovy->java 
Issue gh-4939
 2019-09-16 13:37:22 -06:00
Josh Cummings
101e0a21a8 Bearer WebClient Filter Authentication Propagation 
Fixes: gh-7418
 2019-09-11 16:27:21 +01:00
Rob Winch
96d44cd4b7 Add Default RSocketSecurity 
Fixes gh-7361
 2019-09-09 16:10:55 -05:00
Rob Winch
5d0815bc76 Allow RSocketMessageHandlerITests to timeout 
Fixes gh-7415
 2019-09-09 16:10:50 -05:00
Rob Winch
6296e6e896 RSocketSecurity delegates to correct matcher 
Fixes gh-7414
 2019-09-09 16:09:23 -05:00
Rob Winch
1b699a49fb Polish RSocket packaging 
Fixes gh-7413
 2019-09-09 16:07:14 -05:00