Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,343 Commits 34 Branches 337 Tags
Commit Graph

345 Commits

Author SHA1 Message Date
Josh Cummings
6e67c0dcea Remap Nimbus JSON Parsing Errors 
When Nimbus fails to parse either a JWK response or a JWT response,
the error message contains information that either should or cannot be
included in a Bearer Token response.

For example, if the response from a JWK endpoint is invalid JSON, then
Nimbus will send the entire response from the authentication server in
the resulting exception message.

This commit captures these exceptions and removes the parsing detail,
replacing it with more generic information about the nature of the
error.

Fixes: gh-5517
 2018-07-16 10:40:46 -05:00
Joe Grandja
371221d729 Support anonymous Principal for OAuth2AuthorizedClient 
Fixes gh-5064
 2018-07-16 10:15:41 -05:00
Joe Grandja
779597af2a Add support for custom authorization request parameters 
Fixes gh-4911
 2018-07-16 09:39:06 -05:00
mhyeon.lee
1d920680bf Enhance OAuth2AccessToken to be serializable 
Change the TokenType to Serializable
so that the OAuth2AccessToken can be serialized.
(org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType)

Fixes gh-5492
 2018-07-13 11:36:11 -04:00
Rob Winch
a5ae714ed5 NimbusReactiveJwtDecoder propagates errors looking up keys 
Fixes: gh-5490
 2018-07-06 16:39:59 -05:00
Josh Cummings
998d1a064b Close Nimbus Information Leak 
This commit captures and remaps the exception that Nimbus throws
when a PlainJWT is presented to it.

While the surrounding classes are likely only used today by the
oauth2Login flow, since they are public, we'll patch them at this
point for anyone who may be using them directly.

Fixes: gh-5457
 2018-07-03 10:28:31 -05:00
Rob Winch
f7dc76de5f Fix OAuth2BodyExtractorsTests for JDK9 
Issue: gh-5475
 2018-07-02 16:29:07 -05:00
Rob Winch
ba489af354 Fix OAuth2AuthorizedClientExchangeFilterFunctionTests on JDK9 
Issue: gh-4371
 2018-07-02 16:16:16 -05:00
Rob Winch
127a32bd81 Fix checkstyle OAuth2AuthorizedClientExchangeFilterFunctionTests 
Issue: gh-4371
 2018-07-02 15:47:24 -05:00
Rob Winch
73689ecfd7 Fix Imports of OAuth2AccessTokenResponse 
Issue: gh-5474
 2018-07-02 15:46:33 -05:00
Rob Winch
0116c65c0e OAuth2AuthorizedClientExchangeFilterFunction Refresh Support 2018-07-02 14:14:17 -05:00
Rob Winch
1f1fb1a801 Add MockExchangeFunction getResponse 
This allows setting up the mock

Issue: gh-5386
 2018-07-02 12:43:00 -05:00
Rob Winch
0910e04bdf MockExchangeFunction Support Multiple Requests 
Issue: gh-5386
 2018-07-02 12:42:54 -05:00
Rob Winch
e27e1cd637 Add OAuth2AccessTokenResponseBodyExtractor 
This externalizes converting a OAuth2AccessTokenResponse from a
ReactiveHttpInputMessage.

Fixes: gh-5475
 2018-07-02 12:41:44 -05:00
Rob Winch
ab61732e17 Add OAuth2AccessTokenResponse.withResponse 
Add ability to build a new OAuth2AccessTokenResponse from another
OAuth2AccessTokenResponse.

Fixes: gh-5474
 2018-07-02 12:37:45 -05:00
Josh Cummings
d7ebe5be86
Rename createJwkSet method typo 
Actually, it is creating a claims set, just a typo.

Issue: gh-5330
 2018-06-28 11:31:21 -06:00
Rob Winch
8ef4a5ba92 Add NimbusReactiveJwtDecoder RSAPublicKey Support 
Fixes: gh-5460
 2018-06-25 21:30:49 -05:00
Joe Grandja
d32aa3c6d6 Validate sub claim in UserInfo Response 
Fixes gh-5447
 2018-06-25 16:44:04 -04:00
Rob Winch
81350ca3c3 Add NimbusJwkReactiveJwtDecoderTests 
Issue: gh-5330
 2018-06-25 12:13:08 -05:00
Rob Winch
7b406e89e4 Fixes in decoder 2018-06-25 10:08:13 -05:00
Rob Winch
a5f7713d9f adding a test 2018-06-25 10:03:53 -05:00
Rob Winch
d521d5e066 Add OidcReactiveAuthenticationManager 
Fixes: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
f7a2a41241 Add OidcReactiveOAuth2UserService 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
5ed319b11a Add NimbusReactiveJwtDecoder 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
0d23aad911 Add ReactiveRemoteJWKSource 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
7898ce2ded Add JWKContextJWKSource 
Issue: gh-5330
 2018-06-18 16:08:07 -05:00
Rob Winch
aa0ea4a8eb Add JWKContext 
Issue: gh-5330
 2018-06-18 16:06:32 -05:00
Rob Winch
923e23d05b Add JWKSelectorFactory 
Issue: gh-5330
 2018-06-18 16:06:26 -05:00
Rob Winch
3ddde473f2 Extract OidcTokenValidator 
Issue: gh-5330
 2018-06-18 16:06:19 -05:00
Rob Winch
adb8c60173 Extract OidcUserRequestUtils 
This logic is shared by both reactive and non-reactive clients.

Issue: gh-5330
 2018-06-18 16:06:01 -05:00
Rob Winch
a3db6fc993 Polish OidcUserService 
Fixes: gh-5449
 2018-06-18 16:03:41 -05:00
Joe Grandja
02d29887fb Associate Refresh Token to OAuth2AuthorizedClient 
Fixes gh-5416
 2018-06-12 11:31:43 -04:00
Joe Grandja
4fc6d96073 Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient 
Fixes gh-5360
 2018-06-08 17:33:21 -04:00
Rob Winch
dd1b1b9cc3 Use Spring Framework 5.1.0 SNAPSHOT 
Fixes: gh-5408
 2018-06-05 12:28:51 -05:00
Joe Grandja
fe979aa996 OidcUserService leverages DefaultOAuth2UserService 
Fixes gh-5390
 2018-05-31 16:17:47 -04:00
Joe Grandja
82e4abdd32 OAuth2ClientArgumentResolver uses AnnotatedElementUtils 
Fixes gh-5335
 2018-05-29 21:29:33 -04:00
Joe Grandja
32c33d1def Add OAuth2AuthenticationException constructor that takes only OAuth2Error 
Fixes gh-5374
 2018-05-29 21:10:34 -04:00
Rob Winch
b3ca598679 Add WebClient Bearer token support 
Fixes: gh-5389
 2018-05-25 15:17:08 -05:00
Rob Winch
c68cf991ae Add OAuth2AuthorizedClientExchangeFilterFunction 
Fixes: gh-5386
 2018-05-25 11:01:55 -05:00
Rob Winch
2658577396 OAuth2AuthorizationRequestRedirectWebFilter handles ClientAuthorizationRequiredException 
Fixes: gh-5383
 2018-05-24 16:40:41 -05:00
Rob Winch
0eedfc717a Revert "Revert "Add ClientRegistration from OpenID Connect Discovery"" 
This reverts commit 9fe0f50e3ced98357bfaceee88c4539f03d11e45.

The original commit was accidentally pushed prior to PR. We attempted
to revert the commit hoping the PR would open again. This did not work.
We are going to do a Polish commit instead.

Issue: gh-5355
 2018-05-18 09:40:43 -05:00
Rob Winch
9fe0f50e3c Revert "Add ClientRegistration from OpenID Connect Discovery" 
This reverts commit 0598d4773257d96ed323f98cbc7e78b55dfd516c.
 2018-05-18 09:20:51 -05:00
Rob Winch
0598d47732 Add ClientRegistration from OpenID Connect Discovery 
Fixes: gh-4413
 2018-05-16 12:30:04 -05:00
Rob Winch
7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
23f4b9d3d1 Add OAuth2AuthorizationRequestRedirectWebFilter 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
de959dbff6 Add OAuth2ClientArgumentResolver 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
c1e9785a48 Add OAuth2LoginReactiveAuthenticationManager 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
7401cb2b51 Add ServerOAuth2LoginAuthenticationTokenConverter 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
3cd2ddf793 Add NimbusReactiveAuthorizationCodeTokenResponseClient 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch
3220e9560a Add DefaultReactiveOAuth2UserService 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00