Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 18:59:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,321 Commits 42 Branches 362 Tags
Commit Graph

260 Commits

Author SHA1 Message Date
Mario Petrovski
926f4a75ba Set the import order correctly 2023-10-02 17:23:49 -06:00
Mario Petrovski
81a708e25f Closes #13754 Add hasScope and hasAnyScope for authorization rules 2023-10-02 17:23:49 -06:00
Marcus Da Coregio
07b6c451fd Merge branch '6.1.x' 
Closes gh-13884
 2023-09-29 11:47:38 -03:00
Marcus Da Coregio
8adfc9b463 Merge branch '6.0.x' into 6.1.x 
Closes gh-13883
 2023-09-29 11:46:48 -03:00
Marcus Da Coregio
92c82191c9 Merge branch '5.8.x' into 6.0.x 
Closes gh-13882
 2023-09-29 11:46:00 -03:00
Marcus Da Coregio
64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Josh Cummings
cb33fd7850
Add OIDC Back-Channel Logout Support 
Closes gh-12570
 2023-09-16 15:12:21 -06:00
Tim te Beek
9df9cb5aed refactor: AssertJ best practices 
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D

Co-authored-by: Moderne <team@moderne.io>
 2023-09-12 16:18:14 -06:00
Josh Cummings
a77ef9ecf4
Add ClientAuthenticationMethod#toString 
Closes gh-13497
 2023-07-12 14:24:26 -06:00
Joe Grandja
55224b58e0 Polish gh-12853 2023-03-20 15:47:00 -04:00
Josh Cummings
a7562ad950
Update io.spring.javaformat to 0.0.38 
Closes gh-12891
 2023-03-20 10:44:35 -06:00
Steve Riesenberg
8c17b978c8
Add support for device authorization response 
Closes gh-12852
 2023-03-08 17:07:56 -06:00
luamas
7409d14504 fix javax.json.bind.Jsonb to jakarta.json.bind.Jsonb 
Closes gh-12616
 2023-02-03 12:30:17 -03:00
Steve Riesenberg
ce065a87da
Merge branch '5.8.x' 
Closes gh-12207
 2022-11-14 12:25:05 -06:00
Steve Riesenberg
71eb71d185
Merge branch '5.7.x' into 5.8.x 
Closes gh-12206
 2022-11-14 12:11:59 -06:00
Steve Riesenberg
fde26e003a
Request user info when AS returns no scopes 
Closes gh-12144
 2022-11-10 16:29:43 -06:00
Steve Riesenberg
181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Marcus Da Coregio
fee1ffa422 Fix JSONObject and JSONArray imports in tests 
Issue gh-11858
 2022-09-16 15:57:43 -03:00
Steve Riesenberg
67a00bcaa0
Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Joe Grandja
b5b3ddd6b4 Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:45:00 -04:00
Joe Grandja
95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Joe Grandja
1ac6054e6f Remove deprecations in OidcUserInfo 
Closes gh-11586
 2022-07-15 14:42:54 -04:00
Joe Grandja
6b41faaf55 Remove deprecations in ClaimAccessor 
Closes gh-11585
 2022-07-15 14:42:33 -04:00
Joe Grandja
be58e2ac49 Remove deprecations in ClientAuthenticationMethod 
Closes gh-11516
 2022-07-15 07:45:33 -04:00
Joe Grandja
8c12c3dad0 Remove deprecated converters in OAuth2AccessTokenResponseHttpMessageConverter 
Closes gh-11513
 2022-07-14 16:55:53 -04:00
Joe Grandja
a3326fc0ee Remove deprecated implicit authorization grant type 
Closes gh-11506
 2022-07-14 10:05:15 -04:00
Joe Grandja
7df9c6eba5 Use OAuth2Token instead of AbstractOAuth2Token 
Closes gh-10959
 2022-07-13 16:48:28 -04:00
Joe Grandja
7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00
Jyri-Matti Lähteenmäki
ca0a6d9777 Treat URLs as String before equals/hashcode 
java.net.URL performs DNS lookups whenever its equals/hashCode is
used. Thus attribute values of type java.net.URL need to be converted
to something else before they are used for equals/hashCode.

Closes gh-10673
 2022-06-03 11:36:00 -04:00
Kuby
e28fcbfbbe
Change phoneNumberVerified with type Boolean 
Closes: gh-11315
 2022-06-03 10:23:53 -05:00
Kuby
759d799ddd Change phoneNumberVerified with type Boolean 
Closes: gh-11315
 2022-06-03 09:46:00 -05:00
Jánoky László Viktor
a88b8bf980 ClientAuthenticationMethod equals and hashCode is consistent 
Closes gh-10559
 2022-03-17 05:05:47 -04:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Dávid Kováč
64e9ac995a getClaimAsBoolean() should not be falsy 
Closes gh-10148
 2021-10-14 11:28:09 -05:00
Dávid Kováč
0299808b05 Add ClaimAccessor tests 
Add tests for ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList

Issue gh-10117
 2021-10-13 12:53:40 -06:00
Dávid Kováč
125d33e3cf Update JavaDoc according to implementation 
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
 2021-10-13 12:53:40 -06:00
Joe Grandja
e3abaf7999 Add OAuth2ErrorCodes.INVALID_REDIRECT_URI 
Closes gh-10370
 2021-10-13 14:12:44 -04:00
Dávid Kováč
3ff825576b Move and rename OAuth2IntrospectionClaimAccessor/Names 
Introduced OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
with copied implementation from OAuth2IntrospectionClaimAccessor/Names.
OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames are
now deprecated.

Also method getScopes() returning list of scopes was introduced
and getScope() is now deprecated.

Closes gh-9647
 2021-08-12 16:51:33 -06:00
Josh Cummings
b83a4c2985
Polish Preserve Null Claim Values 
Preserves the original behavior of ClaimTypeConverter so that its
converters can maintain their default behavior of null meaning that
conversion failed.

Issue gh-10135
 2021-08-12 10:22:44 -06:00
Fabio Guenci
30a1c1af7c
Preserve Null Claim Values 
Prior to this commit ClaimTypeConverter returned the claims with the
original value for all the claims with a null converted value.
The changes allows ClaimTypeConverter to overwrite and return claims
with converted value of null.

Closes gh-10135
 2021-08-12 10:09:34 -06:00
Steve Riesenberg
f5266c7511 Remove wildcard from generics in converter 
Polish gh-9779
 2021-07-12 23:42:47 -05:00
Rob Winch
98bd772b67 format 2021-07-09 14:49:47 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Steve Riesenberg
10de63ce89 Access Token Response supports any data type 
Changed the converter used to convert a map into an OAuth2AccessTokenResponse to
support any object as the value, including json numbers and nested objects. Also
deprecated old classes/setters and added new classes/setters.

Closes gh-9685
 2021-06-01 14:38:14 -05:00
Joe Grandja
b556655290 Make OAuth2AuthorizationResponseType constructor public 
Closes gh-9584
 2021-04-09 08:01:08 -04:00
Joe Grandja
dca7e03b91 Deprecate OAuth2AuthorizationResponseType.TOKEN 
Closes gh-9582
 2021-04-09 07:46:21 -04:00
Joe Grandja
eff4cdc924 Polish gh-9505 2021-04-09 06:22:29 -04:00
Hassene Laaribi
7694aa27cf Add jwt-bearer authorization grant 
Closes gh-6053
 2021-04-09 06:22:29 -04:00
Joe Grandja
9c97970e26 Add Jwt Client Authentication support 
Closes gh-8175
 2021-04-08 15:44:33 -04:00
Mayur Patel
75706f118c Allow null or empty authorities for DefaultOAuth2User 
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken

Closes gh-9366
 2021-02-01 17:09:07 -05:00