Commit Graph

7711 Commits

Author SHA1 Message Date
Josh Cummings 2b960b074b Polish Eager Header Config Tests
In the Java config tests, there is a simplified way to configure
Spring, and that is with SpringTestRule.

Also, test names typically follow the when-then convention.

Issue: gh-6501
2019-02-18 09:24:17 -07:00
Ankur Pathak ac13b55ecd HeaderWriterFilter writes headers at beginning
Add support for HeaderWriterFilter to write headers at the beginning of the request

Fixes: gh-6501
2019-02-18 07:43:08 -07:00
Josh Cummings fba25614bf Reactive Opaque Token Support
Fixes: gh-6513
2019-02-15 15:59:25 -06:00
Rafiullah Hamedy 43587b4307 Fixed broken links
Fixes: gh-6521
2019-02-15 15:41:16 -06:00
Rob Winch 752733e8de Polish WebSessionOAuth2ServerAuthorizationRequestRepository Format
Issue: gh-6215
2019-02-15 15:01:11 -06:00
Zhanwei Wang a60fd43534 Fix OAuth2 Client with Ditributed Session
Fixes: gh-6215
2019-02-15 15:01:11 -06:00
Joe Grandja 0c27f64338 ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining
Fixes gh-6483
2019-02-13 11:19:44 -05:00
RusZh 0c2a7e03f7 Update resource-server.adoc
Fix typo in the code sample
2019-02-11 12:27:28 -07:00
Stephen Doxsee a7a9271313 Client OAuth2 properties to use scope not scopes
OAuth2ClientProperties.Registration (which captures .properties and
.yml for OAuth2 Client) has a member `scope` but not `scopes`. Samples
and documentation were using `scopes` and have now been updated to use
`scope`.

Fixes gh-6510
2019-02-08 11:54:18 -05:00
Fabien Arrault 17e774d8c7 Preserve existing refresh token if new refresh token not returned
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.

Fixes: gh-6503
2019-02-07 15:11:23 -05:00
Josh Cummings 0428906065 Resource Server Opaque Token Sample
Issue: gh-5200
2019-02-07 12:40:12 -07:00
Josh Cummings c59d40593b Introspect endpoint Authorization Server support
Issue: gh-5200
2019-02-07 12:40:12 -07:00
Josh Cummings ef9c3e4771 Opaque Token Support
Fixes: gh-5200
2019-02-07 12:40:12 -07:00
Joe Grandja 594a169798 Introduce OAuth2AuthorizationRequest.attributes
Fixes gh-5940
2019-02-07 11:49:17 -05:00
Josh Cummings 67fb936c7e
Polish Formatting in Tests
Issue: gh-6454
2019-02-06 20:16:53 -07:00
Ankur Pathak 93d6a38ffd
Consider having HeaderWriters check before writing
All HeadersWriter only write Header if its not already
written.

Fixes: gh-6454 gh-5193
2019-02-06 20:16:52 -07:00
James 4742c18e4b remove an unused import 2019-02-05 11:34:43 -06:00
James ed545941c9 parameter 'pricipal' is never used
parameter 'pricipal' is never used
2019-02-05 11:34:43 -06:00
Josh Cummings 5c2ee09bc3
Favor RestOperations in Resource Server Configurer
Also polished exposure of the JWK Set Uri for the tests where
MockWebServer is preferred.

Fixes: gh-6104
2019-01-29 15:43:09 -07:00
Josh Cummings c4b17475d9
Improve LDAP snippet formatting
Issue: gh-6486
2019-01-28 14:25:27 -07:00
Ankur Pathak 8e6bcc1c35 No RequestMatcher After AnyRequest
Don't allow any type of RequestMatchers
after any request by throwing IllegalStateException

Fixes: gh-6359
2019-01-25 11:14:33 -07:00
Gerardo Roza 95e0e7243d Save original request on oauth2Client filter
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
2019-01-25 09:15:44 -06:00
Bryan Kelly 5abe6ca718 Missing spring: prefix on jwk-set-uri example 2019-01-25 08:31:13 -06:00
Nick Bromfield b581bb7eae Add new configuration options for OAuth2LoginSpec
Fixes gh-5598
2019-01-24 10:37:52 -05:00
Aanuoluwapo Otitoola 976e763acb Update to nimbus-jose-jwt:6.7
Fixes: gh-6459
2019-01-22 16:41:08 -07:00
Ankur Pathak 2e70d66063 Improve CsrfBeanDefinitionParser xml parsing
1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests

Fixes: gh-6423
2019-01-22 13:56:20 -06:00
Ankur Pathak ffe602fdbe HTML markup fixed in DefaultLoginPageGeneratingFilter
Ending div moved  out of condition.

Fixes: gh-6417
2019-01-22 13:20:35 -06:00
Josh Cummings c82440ee82 Polish CompositeHeaderWriterTests
Changed test to favor mocks in order to provide a stronger
guarantee that the composite delegates to its components.

Issue: gh-6453
2019-01-21 14:50:09 -07:00
Josh Cummings bb1b9d9b86 Polish Javadoc and Whitespacing
Issue: gh-6453
2019-01-21 14:50:09 -07:00
Ankur Pathak 718641a1e5 Added CompositeHeaderWriter
1. Added new CompositeHeaderWriter
2. Improvement in HeaderWriterFilter using CompositeHeaderWriter.

Fixes: gh-6453
2019-01-21 14:50:09 -07:00
Josh Cummings ca02d8a4f8
NamespaceLogoutTests groovy->java
Issue: gh-4939
2019-01-18 16:56:13 -07:00
Josh Cummings e68b6f17de
NamespaceHttpBasicTests groovy->java
Issue: gh-4939
2019-01-18 15:41:26 -07:00
Andy Wilkinson 95ff451193 Fix formatting in Implicit OAuth2AuthorizedClient section 2019-01-18 10:24:01 -07:00
Ankur Pathak b7ed919cee Add preload support to Strict-Transport-Security
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
2019-01-16 11:10:06 -06:00
Rob Winch 739594dee8 Next Development Version 2019-01-15 21:02:38 -06:00
Rob Winch fdd22e5082 Release 5.2.0.M1 2019-01-15 21:02:01 -06:00
Denis Washington 3be11a22cd Save query parameters in WebSessionServerRequestCache
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.
2019-01-15 13:44:29 -06:00
guo fei c0e66a9ba1 1. add customization support for double forwardslash in StrickHttpFirewall
2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall

Fixes gh-6292
2019-01-15 13:42:33 -06:00
Mohammad Sadeq Dousti d099a62a6f hasRole should not be called on a string with "ROLE_" prefix (#6353)
Removed "ROLE_" from UrlAuthorizationConfigurer

This fixes IllegalArgumentException: ROLE_ANONYMOUS should not start
with ROLE_ since ROLE_
2019-01-15 08:59:34 -06:00
Joe Grandja 5fbf9532e1 Update to spring-build-conventions 0.0.23.RELEASE
Fixes gh-6440
2019-01-15 05:44:41 -05:00
Joe Grandja 4e4321fb07 Update to htmlunit-driver 2.33.3
Fixes gh-6434
2019-01-15 05:40:54 -05:00
Joe Grandja 9721ee9d4e Update to Spring Data Lovelace SR4
Fixes gh-6438
2019-01-14 17:43:10 -05:00
Joe Grandja 9d7f141b86 Update to Spring Framework 5.1.4
Fixes gh-6437
2019-01-14 17:43:10 -05:00
Joe Grandja 68e3bbdd03 Update to Reactor Californium-SR4
Fixes gh-6436
2019-01-14 17:43:10 -05:00
Joe Grandja 08b7479f4c Update to Spring Boot 2.1.2
Fixes gh-6435
2019-01-14 17:43:10 -05:00
Joe Grandja e864e63760 Update to org.powermock 2.0.0
Fixes gh-6433
2019-01-14 16:59:11 -05:00
Joe Grandja 6e14418937 Update to hibernate-entitymanager 5.4.0.Final
Fixes gh-6432
2019-01-14 16:56:32 -05:00
Joe Grandja 4d1a23b6b4 Update to ehcache 2.10.6
Fixes gh-6431
2019-01-14 16:53:59 -05:00
Joe Grandja f97d6f41ea Update to com.squareup.okhttp3 3.12.1
Fixes gh-6430
2019-01-14 16:52:00 -05:00
Joe Grandja 84a287d6ff Update to oauth2-oidc-sdk 6.5
Fixes gh-6429
2019-01-14 16:48:44 -05:00