e5d2aaf6fe
Deprecate OpenID 2.0 support
...
Deprecate OpenID 2.0 support
2020-05-12 09:37:56 -05:00
86ca6b013c
Unlock dependencies
...
This reverts commit 206960cf44
2020-05-06 17:27:35 -04:00
206960cf44
Lock dependencies for 5.4.0-M1
2020-05-06 17:13:04 -04:00
545286188d
Update SAML2 errors in integration tests
2020-05-06 11:46:54 -04:00
339d44b5a1
Deprecate openID 2.0 support
...
This commit puts deprecation notice on docs, sample applications and configurations (java and xml)
Fixes gh-7153
2020-05-02 10:18:31 +02:00
420737fa88
Add Kotlin WebFlux sample
...
Issue: gh-5558
2020-04-07 16:51:42 -04:00
8cf4ada7de
Update Spring Kotlin plugin in sample
2020-04-07 16:17:42 -04:00
1a1be6a946
Polish SAML 2.0 Login Sample
...
Fixes gh-8163
2020-03-20 16:50:48 -06:00
6eadf7b140
Unlock dependencies for 5.3.0.RELEASE
...
This reverts commit 147d7dadd7
2020-03-04 12:02:48 -07:00
147d7dadd7
Lock dependencies for 5.3.0.RELEASE
2020-03-04 10:28:39 -07:00
62d01d2dfc
Add oauth2login xml sample
...
Fixes gh-8060
2020-03-04 07:50:47 -05:00
3bc1b7a933
Simplify opaqueToken support
...
Remove scopes convenience method to alleviate potential confusion with
the "scope" attribute.
Issue gh-7827
Issue gh-7712
2020-03-03 16:24:43 -07:00
689fc9df0c
Align Test Support Claims
...
Make all sub claims 'user' and all scopes 'read' to align with
existing support for JWT
Issue gh-7828
Issue gh-7789
Issue gh-7680
Issue gh-7618
2020-03-03 16:24:43 -07:00
3257349045
Support POST binding for AuthNRequest
...
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
a51a202925
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 13:30:48 -08:00
43098d41cc
Revert "Correct signature handling for SAML2 AuthNRequest"
...
This reverts commit a3e09fadd7
2020-02-12 13:30:48 -08:00
a3e09fadd7
Correct signature handling for SAML2 AuthNRequest
...
Implements the following bindings for AuthNRequest
- REDIRECT
- POST (future PR)
Has been tested with
- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp
Fixes gh-7711
2020-02-12 11:40:19 -08:00
7c4d56319f
cassample groovy->java
...
Issue gh-4939
2020-02-07 16:44:08 -07:00
f23ab6f716
Updated Tests for oauth2webclient-webflux Sample
...
Issue gh-7910
2020-02-05 15:56:18 -07:00
84b8a5abd7
Unlock dependencies for next development version
...
This reverts commit 064616f1ef
2020-02-05 15:53:04 +01:00
064616f1ef
Lock dependencies for 5.3.0.RC1
2020-02-05 10:20:05 +01:00
1d7208f8ef
Add RSocket Authentication Extension Support
...
Fixes gh-7935
2020-02-04 23:36:47 -06:00
187c76e610
Update Tests in oauth2webclient Sample
...
Issue gh-7886
2020-02-03 17:08:04 -07:00
df8feb8919
Update JettyCasService
...
Align with changes to Jetty's SslContextFactory
Issue gh-7874
2020-01-30 11:25:44 -07:00
50d8200348
Update cas-server-webapp to 4.0.7
...
Did not update to the latest as there is some work involved in
aligning the casserver sample's XML configuration with the latest
cas-server-webapp.
Fixes gh-7874
2020-01-30 11:24:16 -07:00
982f3f902c
Add oauth2Login Reactive Test Support
...
Fixes gh-7828
2020-01-13 17:49:52 -07:00
8f1d0cf528
opaqueToken MockMvc Configuration Order
...
Fixes gh-7800
2020-01-10 16:47:31 -07:00
1e33627d87
Use standard lambda syntax in documentation
...
Fixes: gh-7774
2020-01-10 13:12:17 +01:00
fcc6457bef
Unlock dependencies for next development version
...
This reverts commit 93acf8f0f1
2020-01-08 22:15:17 +01:00
93acf8f0f1
Lock dependencies for 5.3.0.M1
2020-01-08 19:41:10 +01:00
84ba3ddf26
Add oauth2Login MockMvc Support
...
Fixes gh-7789
2020-01-07 14:09:36 -07:00
2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security
...
Issue: gh-5558
2020-01-07 12:08:43 -05:00
e1fdb24b5d
Add opaqueToken MockMvc Test Support
...
Fixes gh-7712
2019-12-20 15:34:11 -07:00
b7eebabce6
Ensure that both matchers carry the same pattern.
...
AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final,
so there is a risk that the underlying matcher can become different if one is not careful.
2019-12-17 13:34:27 -08:00
24500fa3ca
Remove redundant validation for redirect-uri
...
Fixes gh-7706
2019-12-06 11:55:31 -05:00
d102cae243
oidcLogin MockMvc Documentation
...
Remove documentation requiring a valid ClientRegistrationRepository
Issue: gh-7618
2019-12-02 22:49:17 -07:00
8c32d5fe48
Add oidcLogin WebFlux Test Support
...
Fixes: gh-7680
2019-12-02 22:28:24 -07:00
b35e18ff31
Add oidcLogin MockMvc Test Support
...
Fixes gh-7618
2019-11-26 16:12:06 -07:00
4954a229d6
Polish oauth2Login Sample Test
...
Issue: gh-7618
2019-11-26 14:19:14 -07:00
7cbd1665a6
Isolate Jwt Test Support
...
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.
Fixes gh-7641
2019-11-22 15:07:05 -07:00
27aa61b02f
Use LocalRSocketServerPort annotation
2019-11-06 10:10:32 +01:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
4489163163
Use Spring Boot configuration for saml2Login()
...
Fixes gh-7521
https://github.com/spring-projects/spring-security/issues/7521
2019-10-25 08:22:40 -07:00
5345aecd7f
Align RSocket sample with new Spring Boot configuration
2019-10-25 08:22:40 -07:00
03e2efacf4
Add Hello RSocket Sample
...
Fixes gh-7504
2019-09-30 13:58:03 -05:00
83b5f5c7ae
Improve the Saml2AuthenticationRequest object
...
- introduce the AssertionConsumerServiceURL attribute
- add javadoc
- align property name with SAML XML for AuthNRequest
2019-09-30 11:01:34 -07:00
9731386de5
Correctly set "Destination" in AuthNRequest message
...
Fixes gh-7494
https://github.com/spring-projects/spring-security/issues/7494
2019-09-30 11:01:34 -07:00
7adb4da3ef
Always require signature on either response or assertion
...
Fixes gh-7490
https://github.com/spring-projects/spring-security/issues/7490
2019-09-30 09:22:36 -07:00
e6d40e8280
Merge pull request #7477 from fhanik/feature/propagate_saml_authentication_exception
...
propagate saml authentication exception #7375
2019-09-27 09:38:57 -07:00
22da2b45c9
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
Clean up code
- Authentication request factory should only throw Saml2Exception
- OpenSamlImplementation should only throw Saml2Exception
- Move the OpenSamlImplementation package private methods to the right
section
2019-09-27 09:07:25 -07:00
a11e61432e
Document OAuth2 Client behind proxy and redirect_uri
...
Fixes gh-7312
2019-09-26 14:09:21 -04:00
adde18b873
Revert "Merge pull request #7432 from fhanik/feature/propagate_saml_authentication_exception"
...
This reverts commit e9619fb0e745a1490d5d
2019-09-24 16:05:09 -07:00
d472e99528
SAML Assertion validation should propagate errors: #7375 and #7375
...
Fixes gh-7377
Fixes gh-7375
https://github.com/spring-projects/spring-security/issues/7377
https://github.com/spring-projects/spring-security/issues/7375
2019-09-24 14:40:39 -07:00
00f8991fac
Merge Remove Redudant Throws
...
Fixes gh-7301
2019-09-19 11:04:53 -05:00
bdaf530511
Remove Stray @MockBean
...
Issue gh-7170
2019-09-16 06:56:58 -06:00
b55b2914c2
Mock Jwt Disables CSRF
...
Fixes gh-7170
2019-09-13 19:04:05 +01:00
a60446836b
OAuth2AuthorizeRequest supports attributes
...
Fixes gh-7341
2019-09-05 21:04:25 -04:00
e9a44bc0ce
HttpSecurity.saml2login() - MVP Core Code
...
Implements minimal SAML 2.0 login/authentication functionality with the
following feature set:
- Supports IDP initiated login at the default url of /login/saml2/sso/{registrationId}
- Supports SP initiated login at the default url of /saml2/authenticate/{registrationId}
- Supports basic java-configuration via DSL
- Provides an integration sample using Spring Boot
Not implemented with this MVP
- Single Logout
- Dynamic Service Provider Metadata
Fixes gh-6019
2019-09-05 14:40:08 -07:00
dcd997ea43
Add support for Resource Owner Password Credentials grant
...
Fixes gh-6003
2019-09-04 14:07:45 -04:00
82ae4db4cc
Update Multi Tenancy Sample to Convert Jwts
...
Issue gh-7346
2019-09-03 15:58:05 -06:00
068f4f0147
Polish Opaque Token
...
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.
Fixes gh-7344
Fixes gh-7345
2019-09-03 15:58:05 -06:00
95511331fa
fix checkstyle
2019-08-26 22:42:26 +02:00
34dd5fea30
Remove redundant throws clauses
...
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
2019-08-23 01:03:54 +02:00
2ddab8b23e
Use UserDetailsService bean in sample app
...
Fixes: gh-7283
2019-08-22 10:06:56 -04:00
46756d2e6b
Introduce Reactive OAuth2AuthorizedClient Manager/Provider
...
Fixes gh-7116
2019-08-21 14:12:38 -04:00
95caa4715f
Add Reactive Mock Jwt Sample Tests
...
Fixes gh-7278
2019-08-19 13:14:58 -06:00
10a9207cd5
Pivot Resource Server Sample
...
Changed sample to manage its own JwtDecoder, allowing the Nimbus
Jwt Decoder Builder API to evolve during milestone development.
2019-08-17 00:26:39 -06:00
0ecffb0840
Multi-tenancy Sample AuthenticationManagers
...
Fixes gh-7272
2019-08-17 00:26:39 -06:00
9735a718cc
Remove MultiTenantAuthenticationManagerResolver
...
Fixes gh-7259
2019-08-14 11:14:47 -06:00
cb4f3d2f44
Use UTF-8 for Java sources and XML
2019-08-14 08:47:00 -05:00
4ed197e515
Rename OAuth2TokenIntrospectionClient
...
Renamed to OpaqueTokenIntrospector
Fixes gh-7245
2019-08-12 18:05:28 -04:00
39d2b32603
Polish io.freefair.aspectj Usage
...
Consistent aspectj version throughout
2019-08-12 14:19:50 -05:00
c1db1aad91
Cleanup Code Style Issues
...
Cleanup Code Style Issues
2019-08-12 13:06:49 -05:00
a51318eb95
Use the 'io.freefair.aspectj' gradle plugin
2019-08-12 11:46:28 -05:00
ff1070df36
remove redundant modifiers found by checkstyle
2019-08-10 00:18:56 +02:00
25c06be1eb
Java 7: Identical 'catch' branches in 'try' statement
2019-08-09 16:59:07 -05:00
35bdf1f009
Unnecessary semicolon
2019-08-09 00:43:13 +02:00
d9c1f03b84
Unnecessary interface modifier
2019-08-09 00:42:35 +02:00
fb39d9c255
Anonymous type can be replaced with lambda
2019-08-08 17:09:09 -04:00
da62c31fdc
Add test examples for the resource server sample
...
- Add a post endpoint in /messages
- Changes the security config to require the read scope to GET a message and the write scope
to POST a new message.
- Changes the jwks of the mock server so I could create a new access token with the write scope.
- Creates tests and integration-tests for the POST endpoint.
- Changes the README to add an example of a POST request.
Fixes gh-7118
2019-08-06 14:27:29 -04:00
2056834432
Cleanup unnecessary unboxing
...
Unboxing is unnecessary under Java 5 and newer, and can be safely removed.
2019-08-06 10:17:38 -04:00
2306d987e9
Cleanup unnecessary boxing
2019-08-06 10:17:38 -04:00
776a4c3760
Use org.mockito.ArgumentMatchers in favor of org.mockito.Matchers
2019-08-03 12:28:37 -04:00
0b4502b2c5
Remove exceptions from lambda security configuration
...
Fixes: gh-7128
2019-07-30 08:31:37 -05:00
c05b0765c1
Introduce OAuth2AuthorizedClient Manager/Provider
...
Fixes gh-6845
2019-07-25 11:12:54 -04:00
a288ce4b00
Support nested builder in DSL for reactive apps
...
Fixes: gh-7107
2019-07-23 15:57:10 -05:00
ea54d9014d
DSL nested builder for HTTP security
...
DSL nested builder for HTTP security
Fixes gh-5557
2019-07-12 16:09:19 -05:00
a0ca45e4b8
Use http security nested builder in samples
...
Issue: gh-5557
2019-07-12 14:00:07 -04:00
3ea9d376b2
Cleanup explicit type arguments
2019-07-10 09:32:41 -05:00
c5b5cc507c
Cleanup redundant type casts
2019-07-10 09:31:09 -05:00
43737a56bd
Use foreach where possible
2019-07-09 06:11:45 -06:00
cd54808718
Update Opaque Token Sample and tests
...
Issue: gh-6498
2019-07-02 07:45:56 -06:00
f5da63118e
Add MultiTenantAuthenticationManagerResolver
...
A class with a number of handy request-based implementations of
AuthenticationManagerResolver targeted at common multi-tenancy
scenarios.
Fixes: gh-6976
2019-06-25 17:21:38 -06:00
ecb13aa8cc
Resource Server JWE Sample
...
Issue: gh-4435
2019-06-25 16:54:15 -06:00
d0f5b42884
Mock Jwt Test Support and Jwt.Builder Polish
...
Simplified the initial support to introduce fewer classes and only the
features described in the ticket.
Changed tests to align with existing patterns in the repository.
Added JavaDoc to remaining public methods introduced for this feature.
Issue: gh-6634
Issue: gh-6851
2019-05-22 14:23:02 -06:00
e59d8a529b
Mock Jwt Test Support and Jwt.Builder
...
Fixes: gh-6634
Fixes: gh-6851
2019-05-22 14:23:02 -06:00
c4b6cdea3f
Fix OAuth2 multitenancy sample
...
Allowing requests with valid tokens, and fixed documentation.
Fixes: gh-6834
2019-05-03 15:37:26 -06:00
b1195e7789
Opaque Token Intermediate Type
...
Introducing OAuth2TokenIntrospectionClient and also
ReactiveOAuth2TokenIntrospectionClient as configuration points.
The DSL looks in the application context for these types in the same
way it looks for JwtDecoder and ReactiveJwtDecoder, and exposes
similar configuration methods.
Fixes: gh-6632
2019-04-29 13:39:53 -06:00
a21fa1494a
Add an example and basic integration test for x509 authentication
...
[gh #5038 ]
2019-04-26 12:15:18 -05:00
b252371de7
Resource Server Static Sample Uses @Value For Key
...
Issue: gh-6494
2019-04-13 19:39:11 -06:00
Rob Winch
Joe Grandja
Eleftheria Stein
Dávid Kovács
Josh Cummings
Filip Hanik
Eddú Meléndez
Ivo Smid
Lars Grefer
Henrique Luis Schmidt
Clement Ng
Jérôme Wacongne
Alexey Nesterov