Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,805 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1330 Commits

Author SHA1 Message Date
Eric Hudon 79bbd6a39c Fix a missing "throws Exception" for configure(AuthenticationManagerBuilder auth) 
The actual method signature look this this:
```java
protected void configure(AuthenticationManagerBuilder auth) throws Exception
```
 This PR aims at aligning the javadoc for this annotation with the actual method signature.
 2018-07-19 09:30:51 -06:00
Rob Winch f48404a6a0 Default Log In Pages Use HTTPS for CSS 
Fixes: gh-5539
 2018-07-18 20:06:17 -05:00
Jonathan Chen fbf870a82e Include email in user information attributes from Facebook 
Fixes gh-5532
 2018-07-18 17:09:33 -04:00
mhyeon.lee 18db425861 Polish Javadoc to remove warning 2018-07-18 09:24:59 -06:00
Josh Cummings f0f678d61e
SessionManagementConfigTests groovy->java 
Issue: gh-4939
 2018-07-17 10:47:44 -06:00
Josh Cummings 884fdbf9b3 Add Bearer Token filter to Security Filters 
This introduces BearerTokenAuthenticationFilter to SecurityFilters so
that it can be used in the various addFilter methods and with the
`custom-filter` xml tag.

Fixes: gh-5479
 2018-07-17 10:56:49 -05:00
Joe Grandja 2cd548221d Allow configuring a custom OAuth2AuthorizationRequestResolver 
Fixes gh-5521
 2018-07-16 20:47:39 -04:00
Josh Cummings a9bc384b48
Reliable Error State Tests 
Some of Resource Server Configurer's tests were relying on specific
error messaging from Nimbus and from the JDK, which makes them
brittle.

These tests now simply confirm that resource server responses
contain the correct error state without relying on specific wording
outside of our control.
 2018-07-16 14:19:23 -06:00
Rob Winch d595098823 Rename @TransientAuthentication to @Transient 
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
 2018-07-16 11:31:10 -05:00
Josh Cummings 40ccdb93f7 Resource Server Jwt Support 
Introducing initial support for Jwt-Encoded Bearer Token authorization
with remote JWK set signature verification.

High-level features include:

- Accepting bearer tokens as headers and form or query parameters
- Verifying signatures from a remote Jwk set

And:

- A DSL for easy configuration
- A sample to demonstrate usage

Fixes: gh-5128
Fixes: gh-5125
Fixes: gh-5121
Fixes: gh-5130
Fixes: gh-5226
Fixes: gh-5237
 2018-07-16 10:40:46 -05:00
Josh Cummings 28afb4e3d7 Access Denied Handling Defaults 
This introduces the capability for users to wire denial handling
by request matcher, similar to how users can already do with
authentication entry points.

This is handy for when denial behavior differs based on the contents
of the request, for example, when the Authorization header indicates
an OAuth2 Bearer Token request vs Basic authentication.

Fixes: gh-5478
 2018-07-16 10:40:46 -05:00
Josh Cummings b7ccb63dfd Disable CSRF by Request Matcher 
This introduces an evolution on CsrfConfigurer#ignoreAntMatchers,
allowing users to specify a RequestMatcher in the circumstance where
more than just the path needs to be analyzed to determine whether
CsrfFilter should require a token for the request.

Simply put, a user can now selectively disable csrf by request matcher
in addition to the way it can already be done with ant matchers.

Fixes: gh-5477
 2018-07-16 10:40:45 -05:00
Josh Cummings ed20edd177 Improved Session Creation Policy Configuration 
Other configurers can now offer their preference on session creation
policy without trumping what a user provided via the
sessionCreationPolicy method.

This is valuable for configurer's like Resource Server that would like
to have session management be stateless, but not at the expense of the
user's direct configuration.

Fixes: gh-5518
 2018-07-16 10:40:45 -05:00
Josh Cummings 3c46727be1 Transient Authentication Tokens 
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
 2018-07-16 10:40:45 -05:00
Joe Grandja 371221d729 Support anonymous Principal for OAuth2AuthorizedClient 
Fixes gh-5064
 2018-07-16 10:15:41 -05:00
Joe Grandja 779597af2a Add support for custom authorization request parameters 
Fixes gh-4911
 2018-07-16 09:39:06 -05:00
Rob Winch a3210c96d9 Default Log Out Page 
Fixes: gh-5516
 2018-07-15 19:45:20 -05:00
Rob Winch 05ed028f9d Modernize Default Log In Page 
Fixes: gh-5515
 2018-07-15 19:43:42 -05:00
Rob Winch a66b945ab7 Configuration for ReactiveUserDetailsPasswordService 
Issue: gh-2778
 2018-07-15 15:08:06 -05:00
Rob Winch 3ca5810bc8 Configuration Support for UserDetailsPasswordManager 
Issue: gh-2778
 2018-07-15 14:56:45 -05:00
Rob Winch 02b857d82a Add PasswordEncoder.upgradeEncoding 
Issue: gh-2778
 2018-07-14 22:52:15 -05:00
mhyeon.lee 2af69f08a9 Fix oauth2login loginProcessingUrl NPE for java config 
Java Config http.oauth2Login().loginProcessingUrl("url"); throws NPE.
Override loginProcessingUrl method and cached config url.
Then when the config is initialized,
it calls the super method to complete the configuration.

Fixes gh-5488
 2018-07-13 09:34:17 -04:00
Johnny Lim 522bfe9e05 Polish Javadoc in ServerHttpSecurity 2018-07-11 08:01:49 -05:00
Mahan Hashemizadeh 555512e1f0 HstsSpec methods return this 
HstsSpec methods maxAge and includeSubdomains use to return void
which broke using it as a fluent API.

The methods now return HstsSpec which fixes this issue.

Fixes: gh-5483
 2018-07-05 13:58:45 -05:00
Josh Cummings 1d0bb08398
InterceptUrlConfigTests groovy->java 
Issue: gh-4939
 2018-07-02 10:39:24 -06:00
Joe Grandja ec970c9b8e Improve message for NoUniqueBeanDefinitionException in OAuth2ClientConfigurerUtils 2018-06-25 15:20:02 -04:00
Joe Grandja b3a38fb0f6 OAuth2ClientWebMvcSecurityConfiguration handles multiple OAuth2AuthorizedClientService @Bean 
Fixes gh-5321
 2018-06-25 15:20:02 -04:00
Josh Cummings b437ce03b0
HttpHeadersConfigTests groovy->java 
Also, slightly modified the approach when asserting headers. In the
previous incarnation, the tests would assert an exact match against
the list of headers, which is more brittle than confirming that the
expected headers are there and the unexpected ones are not.

Now, should Spring Security add other headers that are outside the
purview of the secure headers configuration, the assertions won't
break.

Issue: gh-4939
 2018-06-20 07:53:22 -06:00
Joe Grandja 6081451fa3 Polish OAuth2Configurer 2018-06-19 06:10:30 -04:00
Rob Winch 3573167d77 ServerHttpSecurity oauth leverages OidcReactiveAuthenticationManager 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Joe Grandja 4fc6d96073 Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient 
Fixes gh-5360
 2018-06-08 17:33:21 -04:00
Joe Grandja 81a73e1f55 Fix package tangle in OAuth2Configurer 
Fixes gh-5342
 2018-06-08 11:09:16 -04:00
Rob Winch dd1b1b9cc3 Use Spring Framework 5.1.0 SNAPSHOT 
Fixes: gh-5408
 2018-06-05 12:28:51 -05:00
Josh Cummings 3332ccbe50
SecurityContextHolderAwareRequestConfig groovy->java 
Issue: gh-4939
 2018-05-30 17:37:45 -06:00
Rob Winch 73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Kazuki Shimizu 2c92496911 Polishing the OidcConfigurationProvider 
See gh-5355
 2018-05-21 12:20:58 -05:00
Rob Winch 9d55a64465 OidcConfigurationProvider validate returned issuer 
Validate the issuer that was returned matches the issuer that was
was requested.

Issue: gh-5355
 2018-05-18 13:15:27 -05:00
Rob Winch db889973a8 OidcConfigurationProvider improve invalid issuer error 
Issue: gh-5355
 2018-05-18 11:21:45 -05:00
Rob Winch 18c8af8f0d Add OidcConfigurationProvider ClientAuthenticationMethod.POST support 
Issue: gh-5355
 2018-05-18 10:35:53 -05:00
Rob Winch 7853c759d9 OidcConfigurationProvider uses OidcScopes.OPENID 
Issue: gh-5355
 2018-05-18 10:03:36 -05:00
Rob Winch cbf9a7b7a2 Polish OidcConfigurationProvider Javadoc 
Issue: gh-5355
 2018-05-18 10:02:07 -05:00
Rob Winch 9862c7bbef Move OidcConfigurationProvider to .oidc package 
Issue: gh-5355
 2018-05-18 09:57:12 -05:00
Rob Winch 0eedfc717a Revert "Revert "Add ClientRegistration from OpenID Connect Discovery"" 
This reverts commit 9fe0f50e3c.

The original commit was accidentally pushed prior to PR. We attempted
to revert the commit hoping the PR would open again. This did not work.
We are going to do a Polish commit instead.

Issue: gh-5355
 2018-05-18 09:40:43 -05:00
Rob Winch 9fe0f50e3c Revert "Add ClientRegistration from OpenID Connect Discovery" 
This reverts commit 0598d47732.
 2018-05-18 09:20:51 -05:00
Rob Winch 0598d47732 Add ClientRegistration from OpenID Connect Discovery 
Fixes: gh-4413
 2018-05-16 12:30:04 -05:00
Josh Cummings 658acf0332
PlaceHolderAndELConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings 428b0e45aa
HttpCorsConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Josh Cummings 306e9ed91c
HttpConfigTests groovy->java 
Issue: gh-4939
 2018-05-15 08:47:33 -06:00
Rob Winch 32e368d9b7 Single ClientRegistration redirects by default 
Fixes: gh-5339
 2018-05-14 16:38:13 -05:00
Rob Winch f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch 7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Johnny Lim b91ebf7090 Fix @since for MockEventListener 2018-05-07 16:53:26 -05:00
Denys Ivano fed15f2b01 Add accessDeniedHandler method to ExceptionHandlingSpec 
This allows to configure accessDeniedHandler in ExceptionTranslationWebFilter through ServerHttpSecurity.

Issue: gh-5257
 2018-05-07 16:22:29 -05:00
Johnny Lim 2a0f529ee4 Use spring-projects for organization in GitHub URLs 2018-05-04 21:01:39 -05:00
Josh Cummings 2273839aad
FormLoginConfigTests groovy->java 
Issue: gh-4939
 2018-05-01 08:11:04 -06:00
Rob Winch 9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch eb067bc3a1 DefaultWebSecurityExpressionHandler uses PermissionEvaluator Bean 
The default instance of DefaultWebSecurityExpressionHandler uses the
PermissionEvaluator Bean by default.

Fixes: gh-5272
 2018-04-30 12:15:50 -05:00
Josh Cummings 359a73eff2
Merge pull request #5260 from jzheaux/gh-4939-FormLoginBeanDefinitionParserTests 
FormLoginBeanDefinitionParserTests groovy->java
 2018-04-27 12:03:55 -06:00
Josh Cummings 3c1231efd3
CsrfConfigTests groovy->java 
Issue: gh-4939
 2018-04-25 11:41:32 -06:00
Josh Cummings 65326b1178
FormLoginBeanDefinitionParserTests groovy->java 
Issue: gh-4939
 2018-04-25 11:12:07 -06:00
Josh Cummings 9c0f2cc281
AccessDeniedConfigTests groovy->java 
Issue: gh-4939
 2018-04-24 08:11:47 -06:00
Joe Grandja 526e0fdd4f Add OAuth2 Client HandlerMethodArgumentResolver 
Fixes gh-4651
 2018-04-02 12:13:52 -04:00
Joe Grandja 982fc360b2 Add support for authorization_code grant 
Fixes gh-4928
 2018-04-02 12:13:06 -04:00
Rob Winch 234c20eb30 Polish XsdDocumentedTests 
- NicerNoce->XmlNode
- NicerXmlSupport->XmlSupport
- NicerXmlParser->XmlParser

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Josh Cummings 0c0abea3ad XsdDocumentedTests groovy->java 
Groovy has more extensive support for Xml parsing via XmlSlurper.
To replace it, this conversion also introduces a SAX wrapper,
NicerXmlParser, and a companion Node wrapper, NicerNode, that
allowed for less modification of the converted tests.

Issue: gh-4939
 2018-03-29 16:36:41 -05:00
Rob Winch fb7394c1de Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:57 -05:00
Rob Winch 6e1e977778 Polish HeadersSpec 
Fixes: gh-5187
 2018-03-29 15:33:57 -05:00
Rob Winch 7a204a5f58 Fixes for SPR-16624 
Fixes: gh-5164
 2018-03-27 22:35:08 -05:00
Josh Cummings ec46b7dbe1 WebSocketMessageBrokerConfigTests groovy->java 
Of note is that this commit unrolls three Spock @Unroll-parameterized
tests into a separate test for each parameter.

Issue: gh-4939
 2018-03-27 12:38:06 -05:00
Christoph Dreis d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch 018ab7d92c Fix Javadoc Typo uses->use 
Issue: gh-5113
 2018-03-19 15:36:31 -05:00
Rob Winch 01152ede41 Clarify HttpSecurity.registerFilterAt 
Fixes: gh-5113
 2018-03-19 14:41:03 -05:00
Rob Winch e86becc151 Relax assertions in HeaderSpecTests 
Fixes: gh-5116
 2018-03-15 08:30:37 -05:00
Rob Winch 4f709d47b9 Fix @since on GlobalAuthenticationConfigurerAdapter 
Fixes: gh-5106
 2018-03-13 14:23:36 -05:00
Rob Winch 452d855396 Fix appendix tests 2018-03-09 16:34:49 -06:00
Rob Winch a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Josh Cummings 3121f9c000 NamespaceGlobalMethodSecurity groovy->java 
Note that the `WhenUsingAspectJ` tests are still simply verifying structure instead of behavior. This is because the project appearsto be misconfigured in some way such that AspectJ advice isn't getting woven in at runtime. The original Groovy tests also only verified structure and they may be that way for a similar reason.

Either way, I will open up a ticket so we can review why that is the case and if there is a good fix.

Issue: gh-4939
 2018-03-08 16:53:54 -06:00
Josh Cummings c91ca0584c Sec2758Tests groovy->java 
Note that the old groovy test used a configuration of

```
http
    .authorizeRequests()
        .anyRequest().hasAnyAuthority("USER")
```

However, as I read the issue, gh-2984, the problem this issue
identifies is the non-passive change of defaulting to prefix
ROLE_ with all role-based configuration methods. So, the test now
does the following:

```
http
    .authorizeRequests()
        .anyRequest().access("hasAnyRole('USER')")
```

which demonstrates, given the configuration in this test, that
ROLE_ is correctly not prefixed in this expression, even though
it is a role-based configuration.

Issue: gh-4939
 2018-03-08 16:52:20 -06:00
Joe Grandja a5bd76b6ed Revert authorization_code grant support 
This reverts commit eae7afd9aa.
 2018-03-06 16:16:45 -05:00
Joe Grandja c922fe3be1 WebSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-03-06 09:24:52 -05:00
Joe Grandja b1f3d495d9 Sec2515Tests groovy->java 
Issue: gh-4939
 2018-03-05 15:16:52 -05:00
Joe Grandja 0aa87e8501 EnableWebSecurityTests groovy->java 
Issue: gh-4939
 2018-03-05 10:23:48 -05:00
Joe Grandja 5af1d1d936 Polish HttpConfigurationTests 2018-03-05 08:36:15 -05:00
Joe Grandja 2a678ebc6e Polish WebSecurityConfigurerAdapterTests 2018-03-05 06:20:27 -05:00
Joe Grandja eae7afd9aa Add support for authorization_code grant 
Fixes gh-4928
 2018-03-02 14:30:49 -05:00
Josh Cummings 1ed51033cc Migrate config-debug groovy->java 
All tests in `org.springframework.security.config.debug` are migrated.

Note that `SecurityDebugBeanFactoryPostProceessorTest` preserves the original structure-verifying strategy used in the Groovy test. Verifying debug behavior turns out to be fairly tricky since being behaviorally invisible is in its nature.

Issue: gh-4939
 2018-03-02 08:55:07 -06:00
Josh Cummings 1b69c62d20 PortMapperConfigurerTests groovy->java 
Issue: gh-4939
 2018-02-27 11:44:21 -05:00
Josh Cummings e08d4cc90c AnonymousConfigurerTests groovy->java 
This test now checks key and principal both, which differs from the original Groovy test

In order to keep from needing to execute logic internal to `AnonymousAuthenticationToken`, this test changed from the original Groovy test. In the Groovy test, `key` is tested; however in this new test, `principal` is tested instead.

A concern was raised that if `AnonymousAuthenticationProvider` were invoked in this test, then testing only `principal` would not confirm that `key` was correctly propagated to `AnonymousAuthenticationProvider`. So, the test now configures both `key` and `principal`. The former to confirm correct wiring of `AnonymousAuthenticationProvider` and the latter to confirm correct wiring of `AnonymousAuthenticationFilter`.

Issue: gh-4939
 2018-02-27 11:30:02 -05:00
Josh Cummings bb59733736 Sec2377Tests groovy->java 
Issue: gh-4939
 2018-02-22 10:48:18 -05:00
Joe Grandja dc9248e73c NamespaceHttpTests groovy->java 
Issue: gh-4939
 2018-02-22 10:29:48 -05:00
Joe Grandja fded710e04 HttpConfigurationTests groovy->java 
Issue: gh-4939
 2018-02-16 14:16:51 -05:00
Rob Winch 210a510bba Use HttpFirewall Bean 
Fixes: gh-5022
 2018-02-15 17:18:28 -06:00
Joe Grandja 52b5423b75 WebSecurityConfigurerAdapterTests groovy->java 
Issue: gh-4939
 2018-02-15 17:50:55 -05:00
Joe Grandja 7fc88a391f SampleWebSecurityConfigurerAdapterTests groovy->java 
Issue: gh-4939
 2018-02-14 15:40:46 -05:00
Joe Grandja c31c1a4616 AbstractConfiguredSecurityBuilderTests -> remove use of reflection 
Issue gh-4939
 2018-02-14 12:47:35 -05:00
Rob Winch 780c9dd455 Fix GlobalMethodSecurityConfigurationTests checkstyle 
Issue: gh-4939
 2018-02-13 09:41:07 -06:00
Rob Winch 8b6e77e5ab Fix SpringTestContext checkstyle 
Issue: gh-5015
 2018-02-13 09:40:47 -06:00
Rob Winch 6af1ac08db GlobalMethodSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-02-13 09:37:05 -06:00
Rob Winch 6c52eb6ee1 MethodSecurityService add additional methods 
Fixes: gh-5016
 2018-02-13 09:36:57 -06:00
Rob Winch ca5fb78ee1 Authz check(boolean result) 
Issue: gh-5016
 2018-02-13 09:36:48 -06:00
Rob Winch 1ad57adccc SpringTestContext allow setting Context 
Fixes: gh-5015
 2018-02-13 09:36:39 -06:00
Rob Winch 49e5b15ce2 Extract MockEventListener 
Fixes: gh-5014
 2018-02-13 09:36:27 -06:00
Rob Winch ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch 964a14b224 Document Reactive Method security requires Publisher return types 
Fixes: gh-4988
 2018-02-07 16:43:18 -06:00
Rob Winch ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch 2165cc72ef BaseAuthenticationConfig groovy->java 
Issue: gh-4939
 2018-02-07 14:40:55 -06:00
Rob Winch 2c519b7e74 NamespaceGlobalMethodSecurityTests groovy->java 
Issue: gh-4939
 2018-02-06 15:23:41 -06:00
Rob Winch 9587f3280e MethodSecurityServiceImpl groovy->java 
Issue: gh-4939
 2018-02-06 14:09:58 -06:00
Rob Winch 751130ba04 MethodSecurityService groovy->java 
Issue: gh-4939
 2018-02-06 14:08:43 -06:00
Rob Winch 9e23d684e7 Polish Imports in SpringTestRule 
Fixes: gh-5001
 2018-02-06 13:48:36 -06:00
Rob Winch 73f5e89e4c SpringTestRule clears SecurityContext 
Fixes: gh-5001
 2018-02-06 11:54:26 -06:00
Rob Winch 1efc7ef5d7 Issue50Tests groovy->java 
Issue: gh-4939
 2018-02-06 11:53:19 -06:00
Rob Winch d12d9ba538 SecurityConfig groovy->java 
Issue: gh-4939
 2018-02-06 11:53:07 -06:00
Rob Winch 9e3e7e9e29 ApplicationConfig groovy->java 
Issue: gh-4939
 2018-02-06 11:52:29 -06:00
Rob Winch 11c8d5ddfb UserRepository groovy->java 
Issue: gh-4939
 2018-02-06 11:51:58 -06:00
Rob Winch 1217547ebd User groovy->java 
Issue: gh-4939
 2018-02-06 11:51:38 -06:00
Rob Winch 12bd506ee7 AutowireBeanFactoryObjectPostProcessorTests groovy->java 
Issue: gh-4939
 2018-02-06 11:13:00 -06:00
Rob Winch eb6d84eb36 MyAdvisedBean groovy->java 
Issue: gh-4939
 2018-02-06 11:12:47 -06:00
Rob Winch 3cb06ec581 AroundMethodInterceptor groovy->java 
Issue: gh-4939
 2018-02-06 11:12:35 -06:00
Rob Winch 9df708dbba Add SpringTestRule.testConfigLocations 
Fixes: gh-5000
 2018-02-06 11:12:35 -06:00
Rob Winch 0d92adf1be PasswordEncoderConfigurerTests groovy->java 
Issue: gh-4939
 2018-02-05 17:13:21 -06:00
Rob Winch 886bfa3daa NamespacePasswordEncoderTests groovy->java 
Issue: gh-4939
 2018-02-05 16:46:42 -06:00
Rob Winch 70db508218 NamespaceJdbcUserServiceTests groovy->java 
Issue: gh-4939
 2018-02-05 15:27:28 -06:00
Rob Winch a0918dd6d4 NamespaceAuthenticationProviderTests groovy->java 
Issue: gh-4939
 2018-02-05 14:53:50 -06:00
Rob Winch 959f689e4e NamespaceAuthenticationManagerTests groovy->java 
Issue: gh-4939
 2018-02-02 16:56:45 -06:00
Joe Grandja 1cb581a0c6 AbstractConfiguredSecurityBuilderTests, AbstractRequestMatcherRegistryTests -> .java 
Issue gh-4939
 2018-02-02 16:45:44 -05:00
Rob Winch 87a216a6e6 AuthenticationManagerBuilderTests -> .java 
Issue: gh-4939
 2018-01-26 16:50:33 -06:00
Rob Winch 8d96e83767 Fix checkstyle 2018-01-26 15:31:24 -06:00
Rob Winch e5d40c0599 AuthenticationConfigurationTests -> java 
Issue: gh-4939
 2018-01-26 15:14:34 -06:00
Rob Winch 0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Joe Grandja 900ab1df81 Add javadoc for the OAuth 2.0 Security Configurer's 
Fixes gh-4972
 2018-01-24 06:18:08 -05:00
Joe Grandja 84679a5d64 Polish #4904 Support GrantedAuthoritiesMapper @Bean for oauth2Login 2018-01-23 12:14:57 -05:00
Kazuki Shimizu 444e2dade3 Support GrantedAuthoritiesMapper @Bean for oauth2Login 
Fixes gh-4880
 2018-01-23 09:51:14 -05:00
Rob Winch 91ef7ce1cf AuthenticationEventPublisher Bean used by Default 
Fixes: gh-4940
 2018-01-18 08:59:27 -06:00
Adolfo Eloy 196f02748d Migrate UserDetailsManagerConfigurerTests groovy->java 2018-01-10 16:13:08 -06:00
Johnny Lim f3830eec7d Rename userDetailsRepository to userDetailsService 2018-01-10 16:04:48 -06:00
Johnny Lim 921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Aygiz Shaymardanov cfe40358bd typo in java doc 2017-12-21 14:18:41 -06:00
Johnny Lim 316fd0572f Remove @Nullable annotations in UserDetailsMapFactoryBean 2017-12-21 14:08:05 -06:00
Eddú Meléndez c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Kazuki Shimizu 9f6af4f3b8 Remove address and phone from default scope for Google 
Fixes gh-4895
 2017-12-12 16:05:02 -05:00
Kazuki Shimizu bd5d0bc6fd Change default scope to 'read:user' for GitHub 
Fixes gh-4893
 2017-12-12 15:31:25 -05:00
Filip Hanik ab6df7d154 Format security ilters enums for readability 2017-11-28 14:06:55 -06:00
Joe Grandja 3f1b09c248 Update javadoc for HttpSecurity.oauth2Login() 
Fixes gh-4875
 2017-11-27 13:17:19 -05:00
Rob Winch 691bf2e11d PasswordEncoder Bean for AuthenticationManagerBuilder 
Issue: gh-4873
 2017-11-27 11:42:56 -06:00
Rob Winch 9afee9e4e2 PasswordEncoder as Bean default for XML 
Issue: gh-4873
 2017-11-27 11:42:56 -06:00
Rob Winch e377dcf81b Make SessionManagementConfigTests deterministic 
Fixes: gh-4871
 2017-11-27 11:42:56 -06:00
Rob Winch 5cf2883afc AuthenticationManagerBeanDefinitionParserTests uses SpringTestContext 
Issue: gh-4870
 2017-11-27 11:42:56 -06:00
Rob Winch 4d8f11a5a9 SpringTestContext improvements 
Fixes gh-4870
 2017-11-27 11:42:56 -06:00
Rob Winch d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim 701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Rob Winch cf3cba8f5f Ensure Chrome Still SC_MOVED_TEMPORARILY 
Issue: gh-4831
 2017-11-16 10:33:51 -06:00
Rob Winch 3e7e80a836 Accept */* triggers 401 by Default 
Fixes gh-4831
 2017-11-16 09:58:29 -06:00
Joe Grandja dd33f0a7de ClientRegistration.redirectUri -> redirectUriTemplate 
Fixes gh-4827
 2017-11-15 14:51:35 -05:00
Joe Grandja e098c3707e Update default redirect-uri to use 'baseUrl' template variable 
Fixes gh-4826
 2017-11-15 14:51:35 -05:00
Rob Winch 0b1618d8b4 Fix RequestCache 
Issue: gh-4789
 2017-11-15 12:50:54 -06:00
Rob Winch a6733fae50 Polish 2017-11-15 12:50:54 -06:00
Rob Winch 942b51dba7 Reactive Basic does not create session by default 
Fixes: gh-4825
 2017-11-15 12:50:29 -06:00
Rob Winch 5f79fdd3eb requiresLogoutMatcher naming polish 
Issue: gh-4822
 2017-11-14 16:42:41 -06:00
Rob Winch 11f6e0477c serverLogoutSuccessHandler->logoutSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:36 -06:00
Rob Winch bf570854b8 serverLogoutHandler->logoutHandler 
Issue: gh-4822
 2017-11-14 16:42:33 -06:00
Rob Winch 2cbdb4ba02 serverCsrfTokenRepository->csrfTokenRepository 
Issue: gh-4822
 2017-11-14 16:42:27 -06:00
Rob Winch 3bfda6cff7 serverAccessDeniedHandler->accessDeniedHandler 
Issue: gh-4822
 2017-11-14 16:42:24 -06:00
Rob Winch 9e82fc0b83 serverAuthenticationEntryPoint->authenticationEntryPoint 
Issue: gh-4822
 2017-11-14 16:42:20 -06:00
Rob Winch 520e0a5a68 serverAuthenticationSuccessHandler->authenticationSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:14 -06:00
Rob Winch 5c83f92ddc serverAuthenticationFailureHandler->authenticationFailureHandler 
Issue: gh-4822
 2017-11-14 16:42:10 -06:00
Rob Winch 692233e431 ServerSecurityContextRepository members to securityContextRepository 
Issue: gh-4822
 2017-11-14 16:42:06 -06:00
Rob Winch 9956de8f29 LogoutBuilder->LogoutSpec 
Issue: gh-4822
 2017-11-14 16:41:58 -06:00
Rob Winch 7619556066 FormLoginBuilder->FormLoginSpec 
Issue: gh-4822
 2017-11-14 16:41:55 -06:00
Rob Winch 83d4abb1c6 RequestCacheBuilder->RequestCacheSpec 
Issue: gh-4822
 2017-11-14 16:41:51 -06:00
Rob Winch eb7edf7092 HttpBasicBuilder->HttpBasicSpec 
Issue: gh-4822
 2017-11-14 16:41:47 -06:00
Rob Winch 01154614d1 ExceptionHandlingBuilder->ExceptionHandlingSpec 
Issue: gh-4822
 2017-11-14 16:41:38 -06:00
Rob Winch 903cbd7c35 CsrfBuilder->CsrfSpec 
Issue: gh-4822
 2017-11-14 16:41:31 -06:00
Rob Winch fd4726afaf HeadersBuilder-HeadersSpec 
Issue: gh-4822
 2017-11-14 16:41:25 -06:00
Rob Winch 53ddbfc0ab AuthorizedExchangeBuilder->AuthorizedExchangeSpec 
Issue: gh-4822
 2017-11-14 16:41:08 -06:00
Johnny Lim d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Joe Grandja 872a8f3189 Change constructor param order in oauth2 client filters 
Fixes gh-4818
 2017-11-13 17:32:22 -05:00
Rob Winch 1b70efce2b Add ServerRequestCache 
Fixes: gh-4789
 2017-11-13 15:49:34 -06:00
Rob Winch 1ea66378f5 ServerHttpSecurity uses RedirectServerAuthenticationFailureHandler 
Issue: gh-4816
 2017-11-13 15:49:26 -06:00
Rob Winch 3c7fb977fe WebTestClientHtmlUnitDriverBuilder uses WebTestClient for localhost 
Fixes gh-4815
 2017-11-13 15:48:52 -06:00
Joe Grandja aa9e057ba8 Fix CNF exception if oauth2-jose dependency not included 
Fixes gh-4753
 2017-11-12 12:27:18 -05:00
Rob Winch f2ccc53549 Add UserDetailsMapFactoryBean 
Fixes gh-4804
 2017-11-09 14:01:43 -06:00
Johnny Lim 99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch adec62cdf2 EnableWebFluxSecurity creates CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:48 -06:00
Rob Winch 7622826b69 WebSessionServerCsrfTokenRepository saves on getToken 
Fixes gh-4801
 2017-11-07 22:25:23 -06:00
Rob Winch 3f18881493 Remove additional attribute name from CsrfWebFilter 
Fixes gh-4799
 2017-11-07 22:24:42 -06:00
Rob Winch c7c84e0996 Fix CustomLoginPage test 
Fixes gh-4797
 2017-11-07 22:24:21 -06:00
Rob Winch 1506dcd413 SpringTestContext.getContext() 
Add accessor method for SpringTestContext.getContext()

Fixes gh-4796
 2017-11-07 22:24:15 -06:00
Rob Winch 21aec19d42 Add FormLoginBuilder.serverAuthenticationSuccessHandler 
Fixes: gh-4786
 2017-11-03 08:47:59 -05:00
Rob Winch 1d4c7da1e1 Fix WebTestClientWebConnection for redirects 2017-11-03 08:46:56 -05:00
Craig Walls 06c4bffc5f Use id field instead of name field for GitHub and Facebook providers. 
Fixes gh-4764
 2017-11-01 10:48:57 -04:00
Rob Winch d664ff2e26 Lookup HandlerMappingIntrospector from Bean 2017-10-30 16:27:50 -05:00
Joe Grandja ef9cd76607 Polish oauth2 
Fixes gh-4758
 2017-10-30 16:49:01 -04:00
Joe Grandja 511d702ee0 Remove JwtDecoderRegistry 
Fixes gh-4754
 2017-10-30 12:52:42 -04:00
Joe Grandja 727098d6c0 Fix NPE when configuring oauth2Login.loginPage 
Fixes gh-4752
 2017-10-30 06:26:07 -04:00
Rob Winch 5280ac40e9 WebMvcConfigurerAdapter->WebMvcConfigurer 
Fixes gh-4612
 2017-10-30 01:30:08 -05:00
Kazuki Shimizu 3d5989dea4 Change a default realm name 
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.

Fixes gh-4220
 2017-10-30 00:59:39 -05:00
Rob Winch 4295461830 ServerHttpSecurity extracts WebFilter from OrderedWebFilter 
Fixes gh-4736
 2017-10-30 00:45:26 -05:00
Antoine e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Eddú Meléndez 70165869b1 Add UnboundId LDAP inmemory support 
This commit adds the capability to run a LDAP inmemory different than
apacheds. Both providers `apacheds` and `unboundid` are supported.
 2017-10-29 21:59:55 -05:00
Joe Grandja 9a4513356d Configure default OAuth2AuthorizedClientService 
Fixes gh-4751
 2017-10-29 22:45:57 -04:00
Rob Winch 4fa9b4dd15 Add ServerHttpSecurity.exceptionHandling() 
Fixes gh-4750
 2017-10-29 21:00:10 -05:00
Joe Grandja 5fa822d114 Expose custom config for OidcUserService 
Fixes gh-4715
 2017-10-29 21:33:51 -04:00
Joe Grandja a261c9a047 Polish OAuth2LoginConfigurer 
Fixes gh-4747
 2017-10-29 21:33:51 -04:00
Rob Winch a3e38fec47 Remove AuthorizationRequestUriBuilder 
Make this API private since we don't have concrete use cases for exposing
it yet.

Fixes gh-4742
 2017-10-29 19:50:02 -05:00
Joe Grandja c3d2effc1d Polish OAuth2AuthorizedClientService 
Fixes gh-4746
 2017-10-29 20:25:03 -04:00
Joe Grandja e4887057bc Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient 
Fixes gh-4741
 2017-10-29 17:49:15 -04:00
Rob Winch e2dd037b4a Default WebFlux headers and Logout 2017-10-29 15:06:06 -05:00
Joe Grandja 6fbd435bdf OAuth2LoginAuthenticationFilter requires collaborators 
Fixes gh-4661
 2017-10-29 04:41:23 -04:00
Joe Grandja 5a7466512e Expose default constructor in AbstractAuthenticationFilterConfigurer 
Fixes gh-4737
 2017-10-29 04:41:23 -04:00
Rob Winch 5a5ec58ca4 Add LogoutPageGeneratingWebFilter 
Fixes gh-4735
 2017-10-29 00:12:23 -05:00
Rob Winch 0734d70d02 Logout requires POST 
Issue: gh-4734
 2017-10-29 00:11:59 -05:00
Rob Winch 8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch f040bd054d Javadoc @EnableWebFluxSecurity 2017-10-28 22:59:24 -05:00
Rob Winch b394ae5d5e Polish 
Restructure WebFluxSecurityConfiguration for easier copy paste of
default ServerHttpSecurity Bean
 2017-10-28 22:59:24 -05:00
Rob Winch 77acb34bcd Add spring-security-test to spring-security-config test dependencies 2017-10-28 22:58:55 -05:00
Joe Grandja b471dd1c54 Remove OAuth2TokenRepository 
Fixes gh-4727
 2017-10-28 21:40:33 -04:00
Joe Grandja 83dc902ff7 Map CustomUserTypesOAuth2UserService using clientRegistrationId 
Fixes gh-4692
 2017-10-28 18:11:39 -04:00
Joe Grandja ddf87b54f7 Polish OAuth2LoginConfigurer 
Fixes gh-4731
 2017-10-28 17:48:45 -04:00
Joe Grandja 0c68eb1821 Re-factor OAuth2AuthorizationCodeAuthenticationToken 
Fixes gh-4730
 2017-10-28 17:15:31 -04:00
Joe Grandja 64d8c8b8a9 Re-factor AuthorizationGrantTokenExchanger 
Fixes gh-4728
 2017-10-28 17:12:14 -04:00
Joe Grandja 16e69d06b4 Add OAuth2AuthorizedClientService 
Fixes gh-4726
 2017-10-28 17:12:14 -04:00
Joe Grandja 67bac28481 OAuth2UserService uses OAuth2UserRequest 
Fixes gh-4724
 2017-10-27 22:34:25 -04:00
Joe Grandja 3d319f7592 Make AuthorizationRequestRepository a Generic 
Fixes gh-4723
 2017-10-27 21:31:45 -04:00
Joe Grandja 9afefef3b9 Polish class names in oauth2-client 
Fixes gh-4722
 2017-10-27 21:00:52 -04:00
Joe Grandja 34668e05af Polish class names in oauth2-core 
Fixes gh-4720
 2017-10-27 20:42:58 -04:00
Rob Winch 2060125ebd ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:52 -05:00
Rob Winch 3281cea46a Default use WebSessionServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:47 -05:00
Rob Winch faa0bd7143 Update WebFilter ordering 
Issue: gh-4719
 2017-10-27 18:17:44 -05:00
Rob Winch 9c31041dce EnableWebFluxSecurityTests fixes 
Issue: gh-4719
 2017-10-27 18:17:25 -05:00
Rob Winch 437ba56415 ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter 
Issue: gh-4719
 2017-10-27 18:17:10 -05:00
Joe Grandja 8527daa22a Make OAuth2UserService Generic using OAuth2AuthorizedClient and OAuth2User types 
Fixes gh-4706
 2017-10-27 11:49:29 -04:00
Joe Grandja 3b80b6ded8 Move AuthorizationRequestUriBuilder to oauth2-client 
Fixes gh-4703
 2017-10-26 21:23:06 -04:00
Rob Winch 747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch e23134c3ed Add LogoutBuilder ServerLogoutSuccessHandler 
Fixes gh-4714
 2017-10-26 20:11:42 -05:00
Joe Grandja ef197d8215 Move JwtDecoderRegistry to oauth2.client.jwt package 
Fixes gh-4705
 2017-10-26 21:06:28 -04:00
Joe Grandja 70543dcb30 Move oidc package in oauth2-core and oauth2-client 
Fixes gh-4710
 2017-10-26 21:06:28 -04:00
Rob Winch 86875e117b Prevent ServerHttpSecurity from being built twice 
Issue: gh-4711
 2017-10-26 19:48:38 -05:00
Rob Winch 36501f4530 Remove ServerHttpSecurity duplicate build 
WebFluxSecurityConfiguration invoked build twice
which caused each WebFilter to be added twice

Fixes gh-4711
 2017-10-26 19:48:32 -05:00
Joe Grandja ef83bc8dd7 Move package client.authentication.userinfo -> client.userinfo 
Fixes gh-4708
 2017-10-26 15:39:04 -04:00
Joe Grandja 027ea78dab Revert "Move OAuth2LoginAuthenticationProvider into userinfo package" 
This reverts commit 54547f35b7.
 2017-10-26 14:55:25 -04:00
Joe Grandja 942b647c0d OAuth2LoginAuthenticationFilter processes uri /login/oauth2/code/* 
Issue gh-4687
 2017-10-26 14:20:19 -04:00
Rob Winch 54547f35b7 Move OAuth2LoginAuthenticationProvider into userinfo package 
Fix package tangles. OAuth2LoginAuthenticationProvider requires
OAuth2UserService which is in a child package. We should move
OAuth2LoginAuthenticationProvider to the same package.

Issue: gh-4614
 2017-10-26 11:22:21 -05:00
Johnny Lim 875aae012b Polish 2017-10-26 07:50:32 -05:00
Joe Grandja d0a4e49870 Map custom OAuth2User types using String 
Fixes gh-4691
 2017-10-25 17:13:44 -04:00
Joe Grandja 9fbea5a11e Refactor SecurityTokenRepository 
Fixes gh-4650
 2017-10-25 16:00:34 -04:00
Rob Winch 44b41e78cd Flux member variables in favor of Collections 
Fix gh-4694
 2017-10-25 07:41:37 -05:00