Commit Graph

9139 Commits

Author SHA1 Message Date
Josh Cummings c066e23a86
Add @since attributes
Issue gh-8900
2020-12-16 15:58:53 -07:00
Evgeniy Cheban 34b4b1054f Add AuthorizationManager
Closes gh-8900
2020-12-16 15:58:36 -07:00
Nick McKinney 5306d4c4d5 Minor cleanup on Ant / Regex Request Matchers
- Removed duplicative code for transforming String into HttpMethod
 - Removed an unnecessary array initialization
2020-12-14 14:19:23 +01:00
Nick McKinney 6be25df1db Introduced DispatcherType request matcher
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.

Closes gh-9205
2020-12-14 14:19:23 +01:00
Josh Cummings 2566abec31
Add Type Parameter
Closes gh-8412
2020-12-11 10:20:18 -07:00
Christophe Gilles 54d3839f63 Add permissionsPolicy http header 2020-12-11 12:32:18 +01:00
Serdar Kuzucu 48ef27b80a Make assertion messages in CookieCsrfTokenRepository clearer
Changes assertion message format from 'X is not null' to
'X cannot be null' since this is more meaningful when the error
occurs and the message is printed in the logs.

Closes gh-9195
2020-12-09 10:45:22 -06:00
Serdar Kuzucu 76e117a67a Allow maximum age of csrf cookie to be configured
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.

Prior to this commit, maximum age was set with a value of -1.

After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.

An IllegalArgumentException will be thrown when
this value is set to zero.

Closes gh-9195
2020-12-09 10:45:22 -06:00
Eleftheria Stein 90b48554e4 Fix Custom DSL sample in docs 2020-12-09 10:48:15 +01:00
Josh Cummings f614a8230c
Polish getRemoteUser
- Corrected instanceof check

Issue gh-3357
2020-12-03 13:08:40 -07:00
Stephen Joyner 9c373ef4f8
getRemoteUser() returns principal name
Closes gh-3357
2020-12-03 13:08:40 -07:00
Ovidiu Popa d5d0be36f4 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
2020-12-03 09:58:30 -05:00
Eleftheria Stein d3ef340b26 Fix typos 2020-12-03 11:05:22 +01:00
olivier.antoine 808b8c3256 Avoid ClassCastException if principalClaim value is not a String
Closes gh-9212
2020-12-02 16:15:10 -07:00
Josh Cummings fe93326087
Update SAML 2.0 Metadata URL Docs
Closes gh-9133
2020-12-02 14:13:02 -07:00
Eleftheria Stein 7f482eda7d Fix CookieRequestCache for URL encoded query parameters
Avoid populating the saved request parameters with encoded values. Since the query strings of the request and saved URL are compared and must be equal, we can just use the parameters from the incoming request.

Closes gh-9203
2020-11-26 18:16:42 +01:00
Joe Grandja 58e3235093 Deprecate ClientAuthenticationMethod BASIC and POST
Closes gh-9220
2020-11-25 15:13:28 -05:00
grimsa c002c6f9f3
Add ClaimAccessor#hasClaim
The new method is intended to replace ClaimAccessor#containsClaim, the
return type of which was non-primitive Boolean. The existing
containsClaim method is now deprecated.

Closes gh-9201
2020-11-25 11:58:17 -07:00
Loic Guibert 050e4a98b4 Fix javadoc in Pbkdf2PasswordEncoder
- Add @author Loïc Guibert
- Add @since 5.5 to new constructors

See PR gh-9147
2020-11-25 11:45:21 -07:00
Josh Cummings b0d4e500a8
Polish Add DelegatingJwtGrantedAuthoritiesConverter
- Adjusted internal logic to follow DelegatingOAuth2TokenValidator
- Changed JavaDoc to align more closely with
JwtGrantedAuthoritiesConverter
- Polished test names to follow Spring Security naming convention
- Updated test class name to follow Spring Security naming convention
- Polished tests to use TestJwts
- Added tests to address additional use cases

Closes gh-7596
2020-11-24 15:31:07 -07:00
Ropi 97cc119d86
Add DelegatingJwtGrantedAuthoritiesConverter
Closes gh-7596
2020-11-24 14:18:40 -07:00
Joe Grandja 40b2118d36 Fix checkstyle rules could not be parsed
Closes gh-9214
2020-11-23 14:33:18 -05:00
Rob Winch ef3b4d49d9 Add artifactoryUsername/Password to other workflow steps
Added artifactoryUsername/Password to other CI workflow steps to ensure
all steps will pass if a new dependency is added.
2020-11-16 13:11:07 -06:00
Rob Winch 47bb9b945c Add artifactoryUsername/Password to download new dependencies 2020-11-16 13:02:11 -06:00
Rob Winch 791857ba5c Update to spring-build-conventions:0.0.35.BUILD-SNAPSHOT 2020-11-16 12:26:36 -06:00
Aditya Sekhar 4cc3c25a0e removed whitespace formatting 2020-11-13 15:01:17 -06:00
Aditya Sekhar a26975f780 cleanup compatibility method based on spring-projects#8868 2020-11-13 15:01:17 -06:00
Josh Cummings 4602e9a661
Use HttpBasicConfigurer's Conneg Strategy
Closes gh-9100
2020-11-12 16:26:10 -07:00
Josh Cummings af669a2166
Remove Reliance on BearerTokenResolver
Closes gh-9186
2020-11-12 15:40:55 -07:00
Loic Guibert ad489495dc Make salt length configurable in Pbkdf2PasswordEncoder
Add constructors with a salt length input parameter.
Default salt length is still 8-byte long like before when
saltGenerator was initialized with call to
KeyGenerators#secureRandom() which use
SecureRandomBytesKeyGenerator#DEFAULT_KEY_LENGTH.

Closes gh-4372
2020-11-11 10:12:17 -06:00
Angel Aguilera d7612e346e
Fix typo in Javadoc 2020-11-11 06:48:22 -05:00
Ellie Bahadori 649443f67e
Build GitHub Actions CI pipeline 2020-11-10 10:25:16 -05:00
zhuang ff58ac836e
Decode cookie once in AbstractRememberMeServices
Issue gh-9192
2020-11-09 08:14:20 -05:00
Eleftheria Stein 34a21cd80c Fix formatting 2020-11-09 13:46:09 +01:00
Eleftheria Stein 5661e06e9c Fix typo UserDetailService -> UserDetailsService 2020-11-09 13:13:32 +01:00
Rob Winch 4515c86beb WithSecurityContextTestExecutionListener Respects @NestedTestConfiguration
Previously WithSecurityContextTestExecutionListener did not respect
@NestedTestConfiguration.

This commit switches to using TestContextAnnotationUtils to ensure that
@NestedTestConfiguration is respected.

Closes gh-9193
2020-11-06 15:11:50 -06:00
Arnaud Mergey 2b9efccc50 Implement MessageSourceAware where missing
Closes gh-8951
2020-11-05 10:57:33 -07:00
Joe Grandja 61550f8a48 Add convenience constructor in OAuth2AuthenticationException
Closes gh-9190
2020-11-04 13:37:14 -05:00
Joe Grandja f0a3f91f86 Next development version 2020-11-03 19:54:28 -05:00
Joe Grandja b95e1aa209 Revert "Lock dependencies for 5.5.0-M1"
This reverts commit 25a7482c8c.
2020-11-03 19:53:28 -05:00
Joe Grandja 3cba4eccdc Release 5.5.0-M1 2020-11-03 19:06:19 -05:00
Rob Winch 4e1f97a525 Document WithSecurityContextTestExecutionListener Nested Support
Issue gh-9179
2020-11-03 17:53:59 -06:00
Rob Winch 87d8741730 WithSecurityContextTestExecutionListener Supports Nested Classes
WithSecurityContextTestExecutionListener now supports nested classes. If
the class is nested WithSecurityContext is not found, then the enclosing
class is looked at until there is no enclosing class.

Closes gh-9179
2020-11-03 17:36:37 -06:00
Arvid Ottenberg d0d655e18d
Allow Customization of Bearer Token Resolution
Closes gh-8535
2020-11-03 14:34:46 -07:00
Joe Grandja 9d1637d2cd Add unsupported_token_type to OAuth2ErrorCodes
Closes gh-9184
2020-11-03 14:11:01 -05:00
Joe Grandja dafedf93fa Fix format gh-9183 2020-11-03 14:00:07 -05:00
Joe Grandja aeb999eae2 Add token and token_type_hint to OAuth2ParameterNames
Closes gh-9183
2020-11-03 13:42:28 -05:00
Joe Grandja 0c25b8c1f9 Introduce JwaAlgorithm
Closes gh-9182
2020-11-03 13:03:50 -05:00
Joe Grandja c069692ab9 Extract OAuth2Token from AbstractOAuth2Token
Closes gh-5502
2020-11-02 20:35:08 -05:00
Josh Cummings 8b7751f5f4
Polish Multiple Filter Chains Docs
Issue gh-9178
2020-11-02 13:49:24 -07:00