Commit Graph

1497 Commits

Author SHA1 Message Date
Eleftheria Stein a5210aaf9b Support custom filter in Kotlin DSL
Fixes: gh-7951
2020-02-10 12:03:32 +01:00
Stephane Maldini 851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes
Fixes gh-7952
2020-02-07 20:44:19 -05:00
Eleftheria Stein 8c0b754a49 Fix credentials precedence over introspector in Kotlin
Fixes: gh-7878
2020-02-06 11:01:42 +01:00
Eleftheria Stein 1fed688f05 Fix JWK Set URI precedence over decoder in Kotlin
Fixes: gh-7877
2020-02-06 10:48:42 +01:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version
This reverts commit 064616f1ef.
2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Rob Winch 1d7208f8ef Add RSocket Authentication Extension Support
Fixes gh-7935
2020-02-04 23:36:47 -06:00
Josh Cummings 209c81d65d
Add BadOpaqueTokenException
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
2020-02-04 17:33:08 -07:00
Josh Cummings 0c3754c811
Add BadJwtException
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
2020-02-04 17:33:08 -07:00
Josh Cummings 3e07b35611
Polish Bearer Token Error Handling
Issue gh-7822
Issue gh-7823
2020-02-03 17:54:39 -07:00
James ee6df1701b
Polish SessionManagementConfigurer 2020-01-31 11:24:36 -07:00
Josh Cummings cb9fd09150
Change AuthenticationWebFilter's constructor
Fixes gh-7872
2020-01-31 09:31:28 -07:00
Eleftheria Stein a512789a93 Fix requiresAuthenticationMatcher not being used
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
2020-01-27 16:12:27 +01:00
Eleftheria Stein 29377545d9 Fix authenticationFailureHandler not being used
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
2020-01-27 13:10:03 +01:00
Johannes Edmeier bdc60a9128 Don't cache requests with `Accept: text/event-stream` by default.
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:42:16 -08:00
Josh Cummings f1f158b37e AuthenticationEventPublisher DSL Lookup
Fixes gh-4400
2020-01-14 12:07:46 -07:00
Josh Cummings 5579846263 AuthenticationEventPublisher Bean Lookup
Issue gh-7793
Fixes gh-7515
2020-01-14 12:07:46 -07:00
James Howe fc9b97c94a Typo in doc 2020-01-14 08:32:26 -07:00
Vincent Ricard f0856c83a9 Migrate LDAP integration tests groovy->java
This commit also removes BaseSpringSpec

Issue: gh-4939
2020-01-13 14:18:25 +01:00
Josh Cummings a35ce77451
Add missing PowerMockIgnore annotation
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
2020-01-09 15:48:08 -07:00
Josh Cummings ba21c156dd
Polish WebSecurityConfigurerAdapter tests
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
2020-01-09 13:51:19 -07:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version
This reverts commit 93acf8f0f1.
2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings de87675f6d Add JwtIssuerAuthenticationManagerResolver
Fixes gh-7724
2020-01-07 23:30:42 -07:00
Eleftheria Stein-Kousathana 2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security
Issue: gh-5558
2020-01-07 12:08:43 -05:00
Rob Winch 65981444f1 Use Version Ranges
Fixes gh-7788
2020-01-06 14:46:48 -06:00
Rob Winch 06d7443946 Use Gradle platform and constraints
This was largely generated from the following script

wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy ./dsp.gradle
cat gradle/dependency-management.gradle | grep 'management "' | cut -d ':' -f 2 | xargs -I{} sh -c "rg {} -l -g '*.gradle' -g '\!dependency-management.gradle' > /dev/null || echo {}" | xargs -I{} sed -iE '/.*{}.*/d' gradle/dependency-management.gradle
rm ./dps.gradle

Fixes gh-7787
2020-01-06 14:46:36 -06:00
Eleftheria Stein 924b9e95a1 Polish MethodSecurityEvaluationContext
Issue: gh-6224
2020-01-03 20:08:52 -05:00
Eleftheria Stein 8b8267e1fe Fix typo in LDAP Javadoc 2020-01-02 10:58:44 -05:00
BELHAKEL Ammar b4619f31ee
Fix return type
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.

Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
2019-12-30 12:01:56 -07:00
Eleftheria Stein 2c7f2c2117 Fix Javadoc error in oauth2ResourceServer
Fixes: gh-7670
2019-12-27 14:24:46 +01:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login()
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
Filip Hanik 9aa333ca4d Use the custom ServerRequestCache that the user configures
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-17 13:33:56 -08:00
Josh Cummings 02f161aba7
Use OidcIdToken.Builder
Issue gh-7592
2019-12-12 07:37:15 -07:00
Joe Grandja c40a17b4d1 WebFlux oauth2Login() redirects on failed authentication
Fixes gh-5562 gh-6484
2019-12-05 16:50:43 -05:00
Alexey Nesterov d8d59e97ac Correctly configure authorization requests repository for OAuth2 login
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
2019-11-29 12:05:15 -05:00
Eleftheria Stein b7cb93f671 Fix WebFlux logout disabling
Fixes: gh-7682
2019-11-28 14:40:25 +01:00
Ruslan Stelmachenko c38e57fa42 Fix class and variable names 2019-11-28 09:23:38 +01:00
Ruslan Stelmachenko 8ebc7ca0ea Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc 2019-11-28 09:23:38 +01:00
Eleftheria Stein 8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Pim Moerenhout cd0bec48de Fix typo in log message. 2019-11-21 15:55:27 -07:00
Paul Pazderski 0d35194b47 Add sessionFixation Javadoc 2019-11-15 12:17:05 +01:00
Adrian Pena ca8877c8c5 Updates javadoc for InitializeUserDetailsBeanManagerConfigurer 2019-11-13 10:34:10 +01:00
Eleftheria Stein 1188a3bb5f Polish RememberMeConfigurer
Issue: gh-4140
2019-11-07 15:26:59 +01:00
邓超 b13f750646 Retrieve remember-me key from service as fallback
Fixes: gh-4140
2019-11-07 13:55:39 +01:00
Yanming Zhou 9f6a36444a Add missing schemas 2019-11-06 08:24:20 -06:00
Josh Cummings 925bf48ec0
Polish OAuth2ResourceServerConfigurerTests
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
2019-11-04 11:39:54 -07:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login()
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
Josh Cummings 5f17032ffd Restore Removed Throws Clauses
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
2019-10-30 12:13:54 -06:00
Rob Winch 635f7e1edd CsrfWebFilter supports multipart/form-data
Fixes gh-7576
2019-10-28 14:06:10 -05:00