Commit Graph

1135 Commits

Author SHA1 Message Date
Phillip Webb b5d499e2eb Remove empty block
Refactor a few classes so that empty blocks are not longer used. For
example, rather than:

	if(x) {
	} else {
		i++;
	}

use:

	if(!x) {
		i++;
	}

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 37fa94fafc Organize imports
Use "organize imports" from Eclipse to cleanup import statements so
that they appear in a consistent and well defined order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 5f64f53c3f Use consistent "@" tag order in Javadoc
Ensure that Javadoc "@" tags appear in a consistent and well defined
order.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb 71bc145ae4 Remove superfluous comments
Use '^\s+//\ \~\ .*$' and '^\s+//\ ============+$' regular expression
searches to remove superfluous comments.

Prior to this commit, many classes would have comments to indicate
blocks of code (such as constructors/methods/instance fields). These
added a lot of noise and weren't all that helpful, especially given
the outline views available in most modern IDEs.

Issue gh-8945
2020-08-24 17:33:07 -05:00
Phillip Webb b7fc18262d Reformat code using spring-javaformat
Run `./gradlew format` to reformat all java files.

Issue gh-8945
2020-08-24 17:32:56 -05:00
Phillip Webb 27ac046d8a Rename *Test.java -> *Tests.java
Rename a few test classes that accidentally ended in `Test` instead of
`Tests`.

Issue gh-8945
2020-08-10 16:24:44 -05:00
Joe Grandja 1d74d556c2 Revert "Lock Dependency Versions for 5.4.0-RC1"
This reverts commit f3a1e5d40c.
2020-08-05 14:59:11 -04:00
Joe Grandja f3a1e5d40c Lock Dependency Versions for 5.4.0-RC1 2020-08-05 13:46:11 -04:00
Artur Otrzonsek b22c50c4a8 Reactive SwitchUserWebFilter for user impersonation
Closes gh-8599
2020-07-22 16:05:31 +02:00
Josh Cummings b61bf49d07
Polish gh-8824 2020-07-21 10:47:37 -06:00
Dávid Kováč 37aa5f9b7c Introduce AuthenticationConverterServerWebExchangeMatcher
AuthenticationConverterServerWebExchangeMatcher is ServerWebExchangeMatcher implementation based on AuthenticationConverter which matches if ServerWebExchange can be converted to Authentication.
It can be used as a matcher where SecurityFilterChain should be matched based on used authentication method.
BearerTokenServerWebExchangeMatcher was replaced by this matcher.

Closes gh-8824
2020-07-21 10:11:57 -06:00
Eleftheria Stein e902be7ab9 Use String to specify custom HTTP method in test
Closes gh-8592
2020-07-21 15:47:11 +02:00
Eleftheria Stein fb936e2780 Polish CookieRequestCacheTests
Issue gh-8817
Issue gh-8820
2020-07-21 15:02:21 +02:00
majian 41f26b768a Improve request matching logic when using cookie
- Repair request cache deleted by mistake
- Fix RequestCache throw exception and error redirect.

Closes gh-8820
Closes gh-8817
2020-07-21 15:02:21 +02:00
Roman Sydorov 896b324722 Updated SimpleSavedRequest#getMethod
Before:
1. SimpleSavedRequest#getMethod returned null
2. SimpleSavedRequest(SavedRequest request) constructor did not set the method field from request

After:
1. SimpleSavedRequest#getMethod returns method property value
2. SimpleSavedRequest(SavedRequest request) constructor sets the method field from request

Closes gh-8675
2020-07-08 14:47:51 -06:00
Rob Winch 09fe6071e1 LoginPageGeneratingWebFilter honors context path
Closes gh-8807
2020-07-07 13:34:55 -05:00
Eleftheria Stein 4fb5ff35db Polish CookieRequestCache
Issue gh-8034
2020-07-02 13:41:37 +02:00
Zeeshan Adnan 9708a2d63f Adds cookie based RequestCache
fixes spring-projectsgh-8034
2020-07-02 07:11:16 -04:00
Josh Cummings 146d0b6358
Revert "Lock Dependency Versions for 5.4.0-M2"
This reverts commit 68538897c8.
2020-07-01 13:11:50 -06:00
Josh Cummings 68538897c8
Lock Dependency Versions for 5.4.0-M2 2020-07-01 12:40:29 -06:00
michal e113bd3c01 issue 5414 - configurable secure flag in CookieCsrfTokenRepository
While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall).

It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.
2020-06-25 14:42:38 -05:00
Craig Andrews c71352c548 Validate headers and parameters in StrictHttpFirewall
Adds methods to configure validation of header names and values and
parameter names and values:
 * setAllowedHeaderNames(Predicate)
 * setAllowedHeaderValues(Predicate)
 * setAllowedParameterNames(Predicate)
 * setAllowedParameterValues(Predicate)

By default, header names, header values, and parameter names that
contain ISO control characters or unassigned unicode characters are
rejected. No parameter value validation is performed by default.

Issue gh-8644
2020-06-24 14:15:46 -06:00
Eleftheria Stein 12d20f99a1 Fix incorrect Javadoc
Closes gh-8744
2020-06-22 13:14:34 +02:00
Eleftheria Stein c854f6b190 Add missing Javadoc
Closes gh-8743
2020-06-22 13:13:32 +02:00
Craig Andrews efb6953017 Reject the NULL character in paths in StrictHttpFirewall
Adds `setAllowNull`
By default, denies null in paths
2020-06-18 10:19:37 -06:00
Rob Winch ccbad61ae8 Change blacklist to blocklist
Closes gh-8676
2020-06-10 11:49:49 -05:00
Rob Winch ca1252be94 Replace whitelist with allowlist
Issue gh-8676
2020-06-10 11:49:21 -05:00
Rob Winch a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive
Closes gh-8677
2020-06-10 11:48:56 -05:00
Joe Grandja da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
Issue gh-8609
2020-06-09 17:28:21 -04:00
Eleftheria Stein 0a42aa26c8 Mock request with non-standard HTTP method in test
Fixes gh-8594
2020-05-26 10:16:56 -04:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative
Issue: gh-8399
2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest
Closes gh-8566
2020-05-20 10:13:59 -05:00
cbornet bfb401eeed Create the CSRF token on the bounded elactic scheduler
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
2020-05-18 11:04:54 -05:00
Mathieu Ouellet cd08102b93 Add debug logging
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
2020-05-12 09:03:24 -05:00
Rob Winch 4473dca022 Polish matchesRequireCsrfProtectionWhenNonStandardHTTPMethodIsUsed
Issue gh-8149
2020-05-11 17:20:16 -05:00
Parikshit Dutta 0f92415395 Fix non-standard HTTP method for CsrfWebFilter
Closes gh-8149
2020-05-11 17:19:57 -05:00
Artyom Tarynin 6db514a4e2 Update AntPathRequestMatcher.java
Fixed typo in JavaDoc. Actually, In these two cases, we are calling the constructor with a `boolean caseSensitive` which is equal to true. This means case sensitive
2020-05-11 17:11:22 -04:00
Joe Grandja 86ca6b013c Unlock dependencies
This reverts commit 206960cf44.
2020-05-06 17:27:35 -04:00
Joe Grandja 206960cf44 Lock dependencies for 5.4.0-M1 2020-05-06 17:13:04 -04:00
Rob Winch 0483b3e042 Polish RequestRejectedHandler
Issue gh-5007
2020-05-01 10:51:11 -05:00
Leonard Brünings b826c798f7 Add RequestRejectedHandler
Closes gh-5007
2020-05-01 10:51:01 -05:00
Oh Myung Woon b7d3acc02c Add constructors to AbstractAuthenticationProcessingFilter
Closes gh-8309
2020-04-09 13:53:06 -05:00
Mustafa Ulu 6bdd5f710f
Fix example in javadoc of FilterChainProxy 2020-04-07 21:05:12 +03:00
Rob Winch 91728ef53b Fix HttpServlet3RequestFactory Logout Handlers
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
2020-03-30 17:50:28 -05:00
Josh Cummings eed71243cb
SwitchUserFilter Defaults to POST
Fixes gh-4183
2020-03-27 13:41:49 -06:00
Zeeshan Adnan 935c547dde Fix exception for empty basic auth header token
fixes spring-projectsgh-7976
2020-03-16 12:57:13 -04:00
Eleftheria Stein 47011eb9e2 Polish transfer session's max inactive interval
Issue: gh-2693
2020-03-12 12:11:14 -04:00
Venkata Jaswanth U 02b7d04027 Transfer session's max inactive interval
Fixes: gh-2693
2020-03-12 10:11:59 -04:00
Eleftheria Stein b2ea0ba775 Polish SessionIdChangedEvent
Add AbstractSessionEvent; clean up license headers and Javadocs

Fixes: gh-5438
2020-03-06 12:04:49 -05:00
Venkata Jaswanth 5fc6414377 SessionRegistryImpl is now aware of SessionIdChangedEvent 2020-03-06 12:04:01 -05:00
Eleftheria Stein ae532c080c Add server request cache that uses cookie
Fixes: gh-8033
2020-03-05 15:36:47 -05:00
Eleftheria Stein 38979b1b09 Add test for ServerRequestCacheWebFilter 2020-03-05 14:57:07 -05:00
Josh Cummings 6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
This reverts commit 147d7dadd7.
2020-03-04 12:02:48 -07:00
Josh Cummings 147d7dadd7
Lock dependencies for 5.3.0.RELEASE 2020-03-04 10:28:39 -07:00
AmitB 2ce9eef95e Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:14:27 -06:00
Joe Grandja 82cd203791 Remove unnecessary mocking
Fixes gh-8012
2020-02-23 19:35:16 -05:00
Josh Cummings 5bdf57d1e5
Remove Groovy and Spock Dependencies
Fixes gh-4939
2020-02-10 10:38:40 -07:00
Josh Cummings bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java
Issue gh-4939
2020-02-10 10:38:39 -07:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Josh Cummings cb9fd09150
Change AuthenticationWebFilter's constructor
Fixes gh-7872
2020-01-31 09:31:28 -07:00
Peter Keller e62fb755e8 Set charset of BasicAuthenticationFilter converter
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
2020-01-23 15:34:35 +01:00
Onur Kağan Özcan 1f6381d970 Set secure on cookie when logging out
Mark cookie secure flag to ensure cookie identity is the same
2020-01-13 11:01:33 +01:00
Rob Winch ffccec953f Fix HttpHeaderWriterWebFilterTests
Ensure setComplete() is subscribed to
2020-01-09 14:24:35 -06:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Onur Kağan Özcan 2015f392ef Set secure when cancelling remember-me cookie
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
2019-12-20 16:04:31 +01:00
Rob Winch a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially
Fixes gh-7731
2019-12-12 11:23:56 -06:00
David Herberth 64e063d948 switches web authentication principal resolver to use reactive context
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
2019-12-12 15:33:23 +01:00
Rob Winch 8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially
Fixes gh-7728
2019-12-12 08:32:44 -06:00
Rob Winch 73babc3314 DelegatingServerLogoutHandler Executes Sequentially
Fixes gh-7723
2019-12-11 15:39:27 -06:00
Joe Grandja 4d9cee116c Display general error message when WebFlux oauth2Login() fails
Issue gh-5562 gh-6484
2019-12-05 16:54:31 -05:00
Filip Hrisafov 796859333f Log full failed authentication exception in BasicAuthenticationFilter 2019-11-27 14:56:24 +01:00
Josh Cummings 5f17032ffd Restore Removed Throws Clauses
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
2019-10-30 12:13:54 -06:00
Rob Winch 635f7e1edd CsrfWebFilter supports multipart/form-data
Fixes gh-7576
2019-10-28 14:06:10 -05:00
Filip Hrisafov b9f122230b Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour 2019-10-23 14:50:57 -04:00
Michel Palourdio d26f40f062 DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path. 2019-10-23 09:41:00 -04:00
Tadaya Tsuyukubo 62c7de03c3 Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter
Moved the existing auth check logic to the matcher.

Issue: gh-5928
2019-10-22 16:55:54 -04:00
Eleftheria Stein 264daec697 Test context relative URL with multiple schemes 2019-10-16 15:32:02 -04:00
Josh Cummings b764af6b9b
CookieServerCsrfTokenRepositoryTests Leading Dot
ResponseCookie removed support for having a leading dot in the cookie
domain.

Fixes gh-7500
2019-09-30 08:39:45 -06:00
Josh Cummings 7949dd492a
Move DelegatingServerAuthenticationSuccessHandlerTests
Moved from src/test/groovy to src/test/java

Issue gh-5332
2019-09-27 16:57:43 -06:00
Josh Cummings 5f905232cb
Polish CurrentSecurityContextArgumentResolvers
Fixes gh-7487
2019-09-27 13:19:08 -06:00
Rob Winch 00f8991fac Merge Remove Redudant Throws
Fixes gh-7301
2019-09-19 11:04:53 -05:00
Onur Kagan Ozcan 034b5e9e93 Introduce LogoutSuccessEvent
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
2019-09-18 10:57:16 -05:00
Josh Cummings 7576dc44d7
AuthenticationFilter Session Fixation Protection
Fixes gh-7446
2019-09-17 08:17:09 -06:00
Josh Cummings 496a2cdc60
Make AuthenticationFilter methods private
Fixes gh-7447
2019-09-17 08:06:21 -06:00
Josh Cummings aa12748c9b Add Request-level CSRF Skip
Fixes gh-7367
2019-09-13 19:04:05 +01:00
Eleftheria Stein 9f0986a093 Fix javadoc typo for invalid session strategy 2019-09-09 16:51:14 -04:00
Filip Hanik 08d50868c9
Merge pull request #7260 from fhanik/feature/saml2-sp-mvp
Add SAML Service Provider Support
2019-09-05 17:04:14 -07:00
Filip Hanik e9a44bc0ce HttpSecurity.saml2login() - MVP Core Code
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:

  - Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
  - Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
  - Supports basic java-configuration via DSL
  - Provides an integration sample using Spring Boot

Not implemented with this MVP

  - Single Logout
  - Dynamic Service Provider Metadata

Fixes gh-6019
2019-09-05 14:40:08 -07:00
Rob Winch 2a1f3f6aa7 Remove Package Tangle in HeaderWriterFilter
Fixes gh-7380
2019-09-05 16:08:45 -05:00
Josh Cummings 39e84013f7
ClearSiteDataHeaderWriter Directives
Fixes gh-7347
2019-09-03 15:57:10 -06:00
Eleftheria Stein ad0d3e9702 Polish remember me username check 2019-09-03 11:48:46 -04:00
Scott Murphy 26ae590c68 Check that userdetails for username exists. #7251 2019-09-03 11:48:46 -04:00
kostya05983 f6c650db47
Replace Streams with Loops
First version of replacing streams

fix wwwAuthenticate and codestyle

fix errors in implementation to pass tests

Fix review notes

Remove uneccessary final to align with cb

Short circuit way to authorize

Simplify error message, make code readably

Return error while duplicate key found

Delete check for duplicate, checkstyle issues

Return duplicate error

Fixes gh-7154
2019-09-02 15:30:48 -06:00
Lars Grefer 95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
watsta 2c2e8e5f24 Remove internal Optional usage in favor of null checks
Issue gh-7155
2019-08-26 09:27:40 -04:00
Lars Grefer 34dd5fea30 Remove redundant throws clauses
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
Daniel Wegener 1a233a58c7 Add OnCommittedResponseWrapper.setContentLengthLong
Add setContentLengthLong tracking to OnCommittedResponseWrapper in
order to detect commits on servlets that use setContentLengthLong to
announce the entity size they are about to write (as used in the
Apache Tomcat's DefaultServlet).

Fixes gh-7261
2019-08-19 21:14:41 -04:00
Eleftheria Stein 4bc231872f Expire as many sessions as exceed maximum allowed
Fixes: gh-7166
2019-08-15 09:48:42 -05:00
Josh Cummings 9735a718cc
Remove MultiTenantAuthenticationManagerResolver
Fixes gh-7259
2019-08-14 11:14:47 -06:00
Rob Winch c1db1aad91
Cleanup Code Style Issues
Cleanup Code Style Issues
2019-08-12 13:06:49 -05:00
Lars Grefer ec6ca97226 Fix tests 2019-08-11 21:09:10 +02:00
Lars Grefer ff1070df36 remove redundant modifiers found by checkstyle 2019-08-10 00:18:56 +02:00
Lars Grefer 38de737663 Java 8: Statement lambda can be replaced with expression lambda 2019-08-09 16:59:07 -05:00
Lars Grefer 7b2a7847e5 Java 8: Single Map method can be used 2019-08-09 16:59:07 -05:00
Lars Grefer 25c06be1eb Java 7: Identical 'catch' branches in 'try' statement 2019-08-09 16:59:07 -05:00
Lars Grefer 578d628774 'Collection.toArray()' call style 2019-08-09 16:57:31 -05:00
Lars Grefer b388976ac8 fix checkstyle 2019-08-09 02:46:20 +02:00
Lars Grefer 35bdf1f009 Unnecessary semicolon 2019-08-09 00:43:13 +02:00
Lars Grefer d9c1f03b84 Unnecessary interface modifier 2019-08-09 00:42:35 +02:00
Lars Grefer 40bee457f9 Unnecessary enum modifier 2019-08-09 00:42:07 +02:00
Lars Grefer 8d0ca14e55 Unnecessary conversion to String 2019-08-09 00:41:46 +02:00
Lars Grefer fb39d9c255 Anonymous type can be replaced with lambda 2019-08-08 17:09:09 -04:00
Lars Grefer 05f42a4995 Remove unused imports 2019-08-08 14:22:31 -04:00
Lars Grefer 2056834432 Cleanup unnecessary unboxing
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
2019-08-06 10:17:38 -04:00
Lars Grefer 2306d987e9 Cleanup unnecessary boxing 2019-08-06 10:17:38 -04:00
Filip Hanik 2055466ad7 Add Javadoc 2019-08-05 19:43:00 -04:00
Filip Hanik ddf68821cb Add RequestMatcher.matcher(HttpServletRequest)
Step 3 - Usage of RequestVariablesExtractor or types that are assigned
to AntPathRequestMatcher should be replaced with the new method.

[closes #7148]
2019-08-05 19:43:00 -04:00
Eddú Meléndez 496579dde2 Add match result for servlet requests
Fixes gh-7148
2019-08-05 19:43:00 -04:00
Josh Cummings 774a2e669c
Polish setAllowedHostnames
Added JavaDoc to method, including @since attribute

Issue gh-4310
2019-08-03 19:19:44 -06:00
Eddú Meléndez f712c5598c Add support for allowedHostnames in StrictHttpFirewall
Introduce a new method `setAllowedHostnames` which perform the validation
against untrusted hostnames.

Fixes gh-4310
2019-08-03 21:16:45 -04:00
Khy a5cfd9fdb9 Downgrade AuthenticationFilter modifier
Fixes gh-7177
2019-08-03 21:14:33 -04:00
Lars Grefer 776a4c3760 Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers 2019-08-03 12:28:37 -04:00
Rob Winch ad2f999c25 Polish BasicAuthenticationConverter
This reverts to the old behavior from BasicAuthenticationFilter.
Specifically, if a token has an empty password, it still parses a username
and an empty String password.

Issue gh-7025
2019-08-02 09:04:55 -05:00
Josh Cummings d157125c8e
Polish AuthenticationFilter
Updated member variable references to be prefixed with "this.".
Fixed typo in authentication manager resolver error message.

Issue: gh-6506
2019-08-01 16:26:54 -06:00
Eddú Meléndez 50adb6abcb Fix javadoc 2019-07-31 15:36:30 -04:00
Eleftheria Stein 0b4502b2c5 Remove exceptions from lambda security configuration
Fixes: gh-7128
2019-07-30 08:31:37 -05:00
Eleftheria Stein b55322b2cb Make basic authentication scheme case-insensitive
Fixes: gh-7163
2019-07-29 16:30:03 -04:00
sbespalov f1187bdfc2 issue/6506: AuthenticationConverter implementation 2019-07-23 17:31:21 -05:00
Clement Ng ab6440db10 Throws exception when passed IP address with too long mask
Fixes gh-2790
2019-07-19 06:25:58 -04:00
Rob Winch ea54d9014d
DSL nested builder for HTTP security
DSL nested builder for HTTP security

Fixes gh-5557
2019-07-12 16:09:19 -05:00
Lars Grefer 3ea9d376b2 Cleanup explicit type arguments 2019-07-10 09:32:41 -05:00
Lars Grefer c5b5cc507c Cleanup redundant type casts 2019-07-10 09:31:09 -05:00
Eleftheria Stein 758397f102 Allow configuration of headers through nested builder
Issue: gh-5557
2019-07-09 15:35:37 -04:00
Lars Grefer 43737a56bd Use foreach where possible 2019-07-09 06:11:45 -06:00
Bruno Studer 8016a193b9
Optimize IpAddressMatcher
Get rid of byte array allocation in matcher and small optimizations
2019-07-03 23:27:12 -06:00
Lars Grefer 4b0fb19fff Use MessageDigest.isEqual() where possible
fixes #7058
2019-07-03 05:40:20 -06:00
Lars Grefer 400e0c83b0 Add missing nullability annotation 2019-06-27 14:54:14 -05:00
Josh Cummings f5da63118e Add MultiTenantAuthenticationManagerResolver
A class with a number of handy request-based implementations of
AuthenticationManagerResolver targeted at common multi-tenancy
scenarios.

Fixes: gh-6976
2019-06-25 17:21:38 -06:00
Bagyoni Attila 878d262a26 Reimplement some hashCodes according to the currently recommended pattern.
These hashCode implementations seemed suspicious (field hashCodes XORed together with 31).
Included caseSensitive in AntPathRequestMatcher.hashCode() to be consistent with equals().
2019-06-18 12:44:57 -06:00
Rafiullah Hamedy f6ed1db702 Introduced ReactiveAuthenticationManagerResolver
Suitable for multi-tenant reactive applications needing to branch
authentication strategies based on request details.
2019-06-13 08:52:19 -06:00
Clement Ng e66369f6c6 Added null checks and tests to constructors
RequestKey, JaasGrantedAuthority, and SwitchUserGrantedAuthority
assume certain final members are non-null.

Issue: gh-6892
2019-05-29 16:10:36 -06:00
httpain 98a8467e4c Fix javadoc typo 2019-04-30 10:42:25 -06:00
Alexey Nesterov 9a67441507 Add x509 support for Reactive Security
[gh #5038]
2019-04-26 12:15:18 -05:00
MD Sayem Ahmed 2c136f7b6c Add Reactive Clear-Site-Data Support
1. A new implementation of ServerHttpHeadersWriter has been created to
   add Clear-Site-Data header support.
2. A new implementation of ServerLogoutHandler has been created which
   can be configured to write response headers during logout.
3. Added unit tests for both implementations.

Fixes gh-6743
2019-04-19 17:46:37 -06:00
Josh Cummings 20a7bc4785
Improved DigestAuthenticationFilter Test Coverage
Issue: gh-5462
2019-04-13 20:27:08 -06:00
Thomas Vitale d88c2c19f0
Throw exception that was created but not thrown
Fixes gh-5462
2019-04-13 20:27:07 -06:00
Dan Zheng 22c8f63390 review phase2 2019-04-13 19:22:44 -06:00
Dan Zheng 570eb01733 review phase1 2019-04-13 19:22:44 -06:00