Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,409 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8409 Commits

Author SHA1 Message Date
Josh Cummings bae50ecc05
AbstractSecurityWebApplicationInitializerTests groovy->java 
Issue gh-4939
 2020-02-10 10:38:39 -07:00
Eleftheria Stein a5210aaf9b Support custom filter in Kotlin DSL 
Fixes: gh-7951
 2020-02-10 12:03:32 +01:00
Joe Grandja 3c86239b39 OAuth2AuthorizationCodeGrantFilter matches on query parameters 
Fixes gh-7963
 2020-02-10 05:13:47 -05:00
Manuel Bleichenbacher d3490b0f87 Prevent double-escaping of authorize URL parameters 
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.

It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Fixes gh-7871
 2020-02-08 16:40:15 -05:00
Stephane Maldini 851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7952
 2020-02-07 20:44:19 -05:00
Josh Cummings 7c4d56319f
cassample groovy->java 
Issue gh-4939
 2020-02-07 16:44:08 -07:00
Rob Winch cb695ae60f Add Dave Syer to Authors 
Much of the content from architecture is borrowed, with permission
from Dave.

Issueh gh-7955
 2020-02-07 15:54:32 -06:00
Rob Winch 9afa95f925 Fix Checkstyle 
Issue gh-7955
 2020-02-07 15:31:09 -06:00
Rob Winch 55f42fc153 Add High Level Servlet Architecture 
- Review of Filters
- DelegatingFilterProxy
- FilterChainProxy
- Security Filters

Fixes gh-7955
 2020-02-07 14:25:31 -06:00
Rob Winch 0028414da7 Ignore Lock Files 2020-02-07 13:59:05 -06:00
Josh Cummings 653400edfa
Polish DefaultAuthenticationEventPublisher 
Simplified the constructor selection logic.

Issue gh-7825
 2020-02-06 14:13:05 -07:00
Zeeshan Adnan 51b9b2f693
DefaultAuthenticationEventPublisher Default Event 
Fixes gh-7825
 2020-02-06 14:13:04 -07:00
Josh Cummings a90e579350 Add JwtIssuerReactiveAuthenticationManagerResolver 
Fixes gh-7857
 2020-02-06 13:45:13 -07:00
Eleftheria Stein 8c0b754a49 Fix credentials precedence over introspector in Kotlin 
Fixes: gh-7878
 2020-02-06 11:01:42 +01:00
Eleftheria Stein 1fed688f05 Fix JWK Set URI precedence over decoder in Kotlin 
Fixes: gh-7877
 2020-02-06 10:48:42 +01:00
Josh Cummings f23ab6f716
Updated Tests for oauth2webclient-webflux Sample 
Issue gh-7910
 2020-02-05 15:56:18 -07:00
Josh Cummings ffb5a3a0d4
Add oauth2Client WebTestClient Support 
Fixes gh-7910
 2020-02-05 15:33:57 -07:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 3806f2387b Next development version 2020-02-05 15:51:25 +01:00
Eleftheria Stein f85f2fa740 Release 5.3.0.RC1 2020-02-05 15:17:14 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Eleftheria Stein 7c482007de Update to GAE 1.9.78 
Fixes gh-7893
 2020-02-05 09:42:36 +01:00
Eleftheria Stein 96913f4bc1 Update to Spring Boot 2.2.4.RELEASE 
Fixes gh-7892
 2020-02-05 09:41:36 +01:00
Rob Winch b47605266e Update to Gradle 6.1.1 
Fixes gh-7936
 2020-02-04 23:36:47 -06:00
Rob Winch 1d7208f8ef Add RSocket Authentication Extension Support 
Fixes gh-7935
 2020-02-04 23:36:47 -06:00
Josh Cummings 209c81d65d
Add BadOpaqueTokenException 
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
 2020-02-04 17:33:08 -07:00
Josh Cummings 0c3754c811
Add BadJwtException 
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
 2020-02-04 17:33:08 -07:00
Josh Cummings fbdecdafb8
Add Mapping to Invalid Bearer Token 
Fixes gh-7793
 2020-02-04 17:33:08 -07:00
Joe Grandja 25d029b092 Fix test gh-7873 2020-02-04 12:00:55 -05:00
Joe Grandja 04f3fe8af9 Add Jackson support for oauth2-client session related classes 
Fixes gh-4886
 2020-02-04 09:01:12 -05:00
Rob Winch ca5cc13948 SecurityEvaluationContextExtension Signature 
SecurityEvaluationContextExtension.getRootObject() should have a signature
with a return type of SecurityExpressionRoot. See
EvaluationContextExtension javadoc
eed7658ce5/src/main/java/org/springframework/data/spel/spi/EvaluationContextExtension.java (L61-L64)

This enhancement will allow for Spring Data to make certain types of
optimizations.

Fixes gh-7891
 2020-02-04 07:32:16 -06:00
Eleftheria Stein 5678490c1f Add relying party registration not found exception 
Fixes: gh-7865
 2020-02-04 09:58:54 +01:00
Josh Cummings 3e07b35611
Polish Bearer Token Error Handling 
Issue gh-7822
Issue gh-7823
 2020-02-03 17:54:39 -07:00
Josh Cummings 1b15f74f57
Add InvalidBearerTokenException 
Fixes gh-7822
 2020-02-03 17:54:39 -07:00
Josh Cummings 7b2fcd17f5
Add BearerTokenErrors 
Fixes gh-7823
 2020-02-03 17:54:33 -07:00
Josh Cummings 187c76e610
Update Tests in oauth2webclient Sample 
Issue gh-7886
 2020-02-03 17:08:04 -07:00
Josh Cummings c367378421
Add OAuth2Client MockMvc Test Support 
Fixes gh-7886
 2020-02-03 15:59:58 -07:00
Eleftheria Stein 0694b621bb Manage specific version of htmlunit dependencies 
This allows Spring Boot to resolve consistent versions

Fixes: gh-7888
 2020-02-03 20:18:02 +01:00
James ee6df1701b
Polish SessionManagementConfigurer 2020-01-31 11:24:36 -07:00
Josh Cummings cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Josh Cummings 7550907e03
Polish OAuth2AccessTokenResponse converters 
Since these converters no longer have a direct reference to the HTTP
stack, it would be better to move them into another package. Also, now
that the converters are public, we should follow the prevailing
converter naming convention, which is to call it STConverter for an
implementation of Converter<S, T>.
 2020-01-30 16:42:44 -07:00
Nikita Konev 704f98688d
Make OAuth2AccessTokenResponse converters public 2020-01-30 16:42:44 -07:00
Josh Cummings d22b476983
Polish ProviderManager 
Updated copyright date range and adjusted constructor order to better
match DelegatingReactiveAuthenticationManager

Fixes gh-7713
 2020-01-30 16:08:01 -07:00
Thomas Vitale ace89e12f2 Make code cleaner in ProviderManagerTests 2020-01-30 16:07:24 -07:00
Thomas Vitale 5ce60022d3 ProviderManager should have a varargs constructor 
- Added varargs constructor to ProviderManager.
- Added check for null values in AuthenticationProvider list.
- Updated ProviderManagerTests to test for null values using both constructors.

Fixes gh-7713
 2020-01-30 16:07:24 -07:00
Josh Cummings df8feb8919
Update JettyCasService 
Align with changes to Jetty's SslContextFactory

Issue gh-7874
 2020-01-30 11:25:44 -07:00
Josh Cummings 50d8200348
Update cas-server-webapp to 4.0.7 
Did not update to the latest as there is some work involved in
aligning the casserver sample's XML configuration with the latest
cas-server-webapp.

Fixes gh-7874
 2020-01-30 11:24:16 -07:00
Eleftheria Stein a512789a93 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:12:27 +01:00
Eleftheria Stein 29377545d9 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:10:03 +01:00
Peter Keller e62fb755e8 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 15:34:35 +01:00