Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,517 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

8517 Commits

Author SHA1 Message Date
Ruby Hartono 401597c673 Improve OAuth2LoginAuthenticationProvider 
1. update OAuth2LoginAuthenticationProvider to use
OAuth2AuthorizationCodeAuthenticationProvider
2. apply fix gh-5368 for OAuth2AuthorizationCodeAuthenticationProvider
to return additionalParameters value from accessTokenResponse

Fixes gh-5633
 2020-03-30 21:09:17 -04:00
Josh Cummings 258627eaee
SwitchUserFilter Defaults to POST 
Fixes gh-4183
 2020-03-27 14:40:38 -06:00
Eleftheria Stein 01f8eb3961 Update Encryptors documentation 
Fixes gh-8208
 2020-03-27 10:20:04 -04:00
Martin Nemec a9a9c2c0fd OAuth2 ClientRegistrations NPE fix when userinfo missing 
Fixes gh-8187
 2020-03-27 06:15:25 -04:00
Josh Cummings cb7786bf97
Malformed Bearer Token Returns 401 for WebFlux 
Fixes gh-7668
 2020-03-26 12:59:22 -06:00
Joe Grandja 4706b16a2b oauth2Login WebFlux does not auto-redirect for XHR request 
Fixes gh-8118
 2020-03-26 05:09:45 -04:00
Josh Cummings 98bd1a3f60
Polish Resource Server JWT Docs 
Issue gh-5935
 2020-03-25 16:33:31 -06:00
Joe Grandja f06aa724bf OAuth2ErrorHttpMessageConverter handles JSON object parameters 
Fixes gh-8157
 2020-03-24 14:57:24 -04:00
Joe Grandja 512ad9e7e4 Document AuthorizedClientServiceOAuth2AuthorizedClientManager 
Fixes gh-8152
 2020-03-19 20:14:15 -04:00
Eleftheria Stein 256aba7b37 Fix rsocket test 
Request route that exists; add additional error message verification

Fixes gh-8154
 2020-03-19 17:36:20 -04:00
Erik van Paassen 86e25ff2ab
Fix typo in Javadoc of HttpSecurity#csrf() 
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
 2020-03-17 13:36:34 -06:00
Zeeshan Adnan a49a325db2 Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 16:06:52 -04:00
Markus Engelbrecht 75f22285c6
Fix typo 'properites' in documentation 
Fixes gh-8095
 2020-03-11 11:01:06 -06:00
Josh Cummings 8fa16ce63e
Update to Jetty 9.4.27 
Fixes gh-7507
 2020-03-09 10:03:18 -06:00
Clement Stoquart 32c02fbedb
Remove empty relay state from redirect url 2020-03-04 12:47:03 -07:00
AmitB 96ff3a54a9 Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:16:07 -06:00
Josh Cummings 9092115b8a
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 18:43:54 -07:00
Joe Grandja 3dbfef9ef1 OAuth2AccessTokenResponseHttpMessageConverter handles JSON object parameters 
Fixes gh-6463
 2020-02-24 15:58:25 -05:00
Joe Grandja 8acdb82e6a OAuth2AuthorizationCodeGrantWebFilter matches on query parameters 
Fixes gh-7966
 2020-02-10 15:28:06 -05:00
Rafael Renan Pacheco 5ce0ce3f38
Fix var typo and code readability 2020-02-10 12:06:30 -07:00
Joe Grandja 6141132cfa Fix test gh-7963 2020-02-10 05:53:00 -05:00
Joe Grandja cc7ea4acd3 OAuth2AuthorizationCodeGrantFilter matches on query parameters 
Fixes gh-7963
 2020-02-10 05:24:14 -05:00
Manuel Bleichenbacher 1e4736f9b3 Prevent double-escaping of authorize URL parameters 
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.

It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Fixes gh-7871
 2020-02-08 16:59:01 -05:00
Stephane Maldini 0012e24c46 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7953
 2020-02-07 20:18:50 -05:00
Joe Grandja 2dc8147106 Add release-notes-sections.yml 2020-02-05 15:18:32 -05:00
Joe Grandja 1da8e9df13 Next Development Version 2020-02-05 11:03:09 -05:00
Joe Grandja 9a2b71d931 Release 5.2.2.RELEASE 2020-02-05 10:56:00 -05:00
Josh Cummings c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors 2020-02-05 07:16:37 -07:00
Joe Grandja 6c310213a8 Update to Spring Boot 2.2.4 
Fixes gh-7909
 2020-02-04 15:07:16 -05:00
Joe Grandja a5b6b9a398 Update to org.slf4j 1.7.30 
Fixes gh-7908
 2020-02-04 15:04:46 -05:00
Joe Grandja 9e6910273c Update to org.powermock 2.0.5 
Fixes gh-7907
 2020-02-04 14:56:28 -05:00
Joe Grandja ea809b01a6 Update to hibernate-validator 6.1.2.Final 
Fixes gh-7906
 2020-02-04 14:53:08 -05:00
Joe Grandja 8054239a12 Update to hibernate-entitymanager 5.4.10.Final 
Fixes gh-7905
 2020-02-04 14:51:05 -05:00
Joe Grandja 46486194c2 Update to org.aspectj 1.9.5 
Fixes gh-7904
 2020-02-04 14:44:05 -05:00
Joe Grandja 00b08bc725 Update to httpclient 4.5.11 
Fixes gh-7903
 2020-02-04 14:39:27 -05:00
Joe Grandja 6e0fbfcccd Update to commons-codec 1.14 
Fixes gh-7899
 2020-02-04 14:31:31 -05:00
Joe Grandja 87ea083520 Update to com.squareup.okhttp3 3.14.6 
Fixes gh-7898
 2020-02-04 14:24:11 -05:00
Joe Grandja 9db3f51f2a Update to Jackson 2.10.2 
Fixes gh-7897
 2020-02-04 14:06:11 -05:00
Joe Grandja 3cc4a945c6 Update to Reactor Dysprosium SR4 
Fixes gh-7896
 2020-02-04 14:03:06 -05:00
Joe Grandja dbc43fb47d Update to Spring Data Moore SR3 
Fixes gh-7895
 2020-02-04 14:02:57 -05:00
Joe Grandja ce6a0368bd Update to Spring Framework 5.2.3 
Fixes gh-7894
 2020-02-04 13:38:17 -05:00
Eleftheria Stein 9dd3dfe718 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:56:59 +01:00
Eleftheria Stein edb6cd3729 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:52:01 +01:00
Peter Keller 2dbedf7af5 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 16:24:03 +01:00
Eleftheria Stein 630eb10704 Load LDIF file from classpath in unboundId mode 
Fixes: gh-7833
 2020-01-21 17:12:18 +01:00
Eleftheria Stein f4d4c08329 Fix LDIF file example in LDAP docs 
Fixes: gh-7832
 2020-01-20 11:32:53 +01:00
Johannes Edmeier cc956a66df Don't cache requests with `Accept: text/event-stream` by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:37:34 -08:00
Rob Winch 29182abb34 Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-10 08:46:47 -06:00
Filip Hanik b754a3d635 Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-18 08:44:27 -08:00
Eleftheria Stein 0d24e2b8cf Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-12-13 11:53:20 +01:00