Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-20 21:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,637 Commits 33 Branches 337 Tags
Commit Graph

763 Commits

Author SHA1 Message Date
Marcus Da Coregio
92c82191c9 Merge branch '5.8.x' into 6.0.x 
Closes gh-13882
 2023-09-29 11:46:00 -03:00
Marcus Da Coregio
64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Steve Riesenberg
771d9cd8b6
Merge branch '5.8.x' into 6.0.x 
Closes gh-13799
 2023-09-12 17:00:47 -05:00
Steve Riesenberg
9b7a110704
Fix OAuth2AuthenticationExceptionMixinTests on JDK 17 
Closes gh-11893
 2023-09-12 16:51:47 -05:00
Josh Cummings
dbf0c66301
Fix Client Authentication Method Error Message 
Closes gh-13496
 2023-07-12 14:15:31 -06:00
Josh Cummings
5f26daedcb Error On Unsupported Client Authentication Methods 
Closes gh-13144
 2023-06-12 15:13:13 -06:00
Josh Cummings
69b17f3d3f
Merge branch '5.8.x' into 6.0.x 
Closes gh-13222
 2023-05-24 15:29:39 -06:00
Josh Cummings
c1002ff745
Improve Error Handling 
Closes gh-13143
 2023-05-24 15:29:15 -06:00
Josh Cummings
7bd6deccc3
Revert "Disable Some R2dbc Tests" 
This reverts commit 813179931ad714662c25c906280fd9c7e54d137f.

Closes gh-12339
 2022-12-19 15:42:22 -07:00
Josh Cummings
813179931a
Disable Some R2dbc Tests 
Issue gh-12339
 2022-12-05 11:13:15 -07:00
Josh Cummings
b22bc42bb0
Merge branch '5.8.x' into 6.0.x 
Closes gh-12325
 2022-11-30 14:50:51 -07:00
Josh Cummings
29c00905ce
Merge branch '5.7.x' into 5.8.x 
Closes gh-12324
 2022-11-30 14:49:26 -07:00
Josh Cummings
667cab6cda
Merge branch '5.6.x' into 5.7.x 
Closes gh-12323
 2022-11-30 14:38:16 -07:00
이경욱
52c7141aac
Save Request Before Response Is Committed 
Specifically important for cookie-based authorization request
repositories.

Closes gh-11602
 2022-11-30 14:33:08 -07:00
Steve Riesenberg
bb3d92e33a
Update r2dbc-h2 to 1.0.0.RELEASE 
Closes gh-12251
 2022-11-18 23:04:38 -06:00
Steve Riesenberg
4e88623873
Polish gh-12087 in 6.0 2022-11-17 14:31:44 -06:00
Steve Riesenberg
a3d35ecf3c
Merge branch '5.8.x' 
Closes gh-12234
 2022-11-17 14:27:41 -06:00
Michael Sosa
52888d6206
Warn when AuthorizationGrantType does not match 
Log a warning when AuthorizationGrantType does not exactly match a
pre-defined constant.

Closes gh-11905
 2022-11-17 14:17:54 -06:00
Steve Riesenberg
ce065a87da
Merge branch '5.8.x' 
Closes gh-12207
 2022-11-14 12:25:05 -06:00
Steve Riesenberg
71eb71d185
Merge branch '5.7.x' into 5.8.x 
Closes gh-12206
 2022-11-14 12:11:59 -06:00
Steve Riesenberg
67a1f0836b
Merge branch '5.6.x' into 5.7.x 
Closes gh-12205
 2022-11-14 12:10:55 -06:00
Steve Riesenberg
fde26e003a
Request user info when AS returns no scopes 
Closes gh-12144
 2022-11-10 16:29:43 -06:00
Josh Cummings
cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings
d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Steve Riesenberg
801ceb0832
Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg
66f2f1cde7
Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg
2915a70bf7
Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg
26a51ee198
Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg
e7fe778abc
Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg
3e2ac82612
Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg
5560bbaa80
Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg
75004587a4
Fix scope mapping 
Issue gh-12101
 2022-10-28 11:00:27 -05:00
Josh Cummings
14584b0562
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-10-05 23:50:54 -06:00
Marcus Da Coregio
7f0140278e Add native hint for OAuth2 Client's schemas 
Closes gh-11920
 2022-09-29 10:01:51 -03:00
Steve Riesenberg
181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg
7527fd811c
Merge branch '5.8.x' 2022-09-26 09:56:55 -05:00
Steve Riesenberg
bbac85e20b Reduce severity of invalid registrationId to warn 
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
 2022-09-26 09:56:20 -05:00
Steve Riesenberg
c6458c35aa
Merge branch '5.8.x' 2022-09-14 15:12:21 -05:00
Daniel Garnier-Moiroux
bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Rob Winch
f84f08c4b9 Default HttpSessionRequestCache.matchingRequestParameterName=continue 
Closes gh-11757
 2022-08-26 14:44:55 -05:00
Rob Winch
32dbaceec5 Fix mockito 4.7.0 merge 
Issue gh-11748
 2022-08-24 08:58:00 -05:00
Rob Winch
670b71363d Merge branch '5.8.x' 
Closes gh-11749
 2022-08-23 16:03:50 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Igor Bolic
2e66b9f6cc Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:44:01 -05:00
Igor Bolic
efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Joe Grandja
b5b3ddd6b4 Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:45:00 -04:00
Joe Grandja
95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Joe Grandja
6ee1643bae Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11589
 2022-07-15 15:13:40 -04:00