b97e93a486
Add guard around logger.debug statement
...
The log message involves string concatenation, the cost of which
should only be incurred if debug logging is enabled
Issue gh-9648
2021-04-16 10:37:48 -06:00
26788a7309
Fix HttpSecurity.addFilter* Ordering
...
Closes gh-9633
2021-04-14 17:49:33 -05:00
67d5520194
Limit oauth2Login() links to redirect-based flows
...
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
2021-04-14 05:36:57 -04:00
c381503f7b
Next Development Version
2021-04-12 13:47:56 -04:00
8850ccb1c6
Revert "Lock Dependencies"
...
This reverts commit 924ceac681
2021-04-12 13:47:04 -04:00
321e6a8742
Release 5.4.6
2021-04-12 13:36:39 -04:00
924ceac681
Lock Dependencies
2021-04-12 13:36:39 -04:00
951cb844dd
Update to Spring Boot 2.4.4
2021-04-12 13:36:28 -04:00
9570d0cada
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
2021-04-09 21:47:11 -06:00
e7ee70384d
Consider Order on SecurityFilterChain bean definitions
...
Closes gh-9154
2021-03-24 11:08:49 +02:00
d192b3eb91
Next Development Version
2021-02-17 16:00:33 -07:00
71e0967b53
Revert "Lock Dependencies for Release"
...
This reverts commit 8c04074264
2021-02-17 15:59:48 -07:00
45bca751c7
Release 5.4.5
2021-02-17 14:59:57 -07:00
8c04074264
Lock Dependencies for Release
2021-02-17 14:59:17 -07:00
7db6c9189e
Downgrade to Nimbus JOSE JWT 8.+
2021-02-12 10:56:35 +00:00
f6a2850753
Next Development Version
2021-02-11 18:38:25 -07:00
cf032d86d6
Revert "Lock Dependencies"
...
This reverts commit 9535a41d5a
2021-02-11 18:38:07 -07:00
abc523c063
Release 5.4.4
2021-02-11 18:00:01 -07:00
9535a41d5a
Lock Dependencies
2021-02-11 17:43:39 -07:00
4b6b417d5a
Additional Test for HttpSessionSecurityContextRepository
...
Issue gh-9387
2021-02-11 17:39:49 -07:00
c72a6fac04
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 17:39:48 -07:00
357446ba9d
Next Development Version
2021-02-11 17:35:08 -07:00
f449da8b78
Revert "Lock Dependencies"
...
This reverts commit d17ebf53f9
2021-02-11 17:28:01 -07:00
9fbcfd9513
Release 5.4.3
2021-02-11 16:56:28 -07:00
d17ebf53f9
Lock Dependencies
2021-02-11 16:56:28 -07:00
c241f643ad
Update to GAE 1.9.86
...
Closes gh-9448
2021-02-11 16:56:21 -07:00
d4461dc856
Update to Spring Boot 2.4.2
...
Closes gh-9447
2021-02-11 16:56:12 -07:00
ad0ad06705
Update to Kotlin 1.4.30
...
Closes gh-9446
2021-02-11 16:55:59 -07:00
db76882f75
Fix Test Configuration
...
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable
Closes gh-9421
2021-02-10 11:34:43 -07:00
27e6743fd6
Update saml2-login.adoc
...
Fix example on registering custom marshaller for saml request
2021-02-04 10:10:04 -07:00
e79141a188
Downgrade nimbus-jose-jwt to 8.+
...
Closes gh-9399
2021-02-03 13:18:18 -07:00
da7141eb5b
Polish Tests
...
Issue gh-9331
2021-02-03 09:13:38 -07:00
e30d78086a
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
2021-02-03 09:13:28 -07:00
fc24c7991c
Allow null or empty authorities for DefaultOAuth2User
...
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken
Closes gh-9366
2021-02-01 17:26:56 -05:00
42013ee3a1
Change Example Name
...
Closes gh-9379
2021-01-28 11:23:47 -07:00
21f03b53f2
Use spring-build-conventions:0.0.37
2021-01-25 20:26:35 -06:00
f6b678f137
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:23:49 -05:00
76657631fd
Migrate SAML 2.0 Tests and Docs to PCFOne
...
Issue gh-9362
2021-01-22 15:13:41 -07:00
3f2057364e
Migrate SAML 2.0 Samples to PCFOne
...
Closes gh-9362
2021-01-22 11:22:28 -07:00
a8a66480be
Fix SAML 2.0 Javaconfig Sample
...
Issue gh-9362
2021-01-22 11:22:22 -07:00
1f4aa8fe4f
Provide artifactoryUsername/Password in docs and schema jobs
2021-01-22 14:45:25 +01:00
420e8227d4
Resolve artifacts from Maven Central first
...
- Use spring-build-conventions:0.0.36
- Add https://repo.spring.io/release to reference
Closes gh-9367
2021-01-22 13:28:35 +01:00
580b988e7f
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
Closes gh-9364
2021-01-21 16:22:29 -07:00
acb5ae607b
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:09:21 -06:00
77a1befcc2
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
2021-01-12 11:38:01 -06:00
61b75bb2d6
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:19:11 -06:00
429caeacc9
Fix bug with multiple AuthenticationManager beans
...
Closes gh-9256
2021-01-06 18:19:13 +01:00
8c93d95818
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:11:19 -07:00
b8175bccd2
OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
...
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
2020-12-03 10:54:00 -05:00
00375da173
Next Development Version
2020-12-02 22:21:21 -07:00
Craig Andrews
Rob Winch
Denis Washington
Joe Grandja
佚名
Eleftheria Stein
Josh Cummings
Andy Wilkinson
kavi87
happier233
Mayur Patel
Benjamin Faal
Eleftheria Stein
tristanessquare
Rob Winch
Ovidiu Popa