Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,737 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

8737 Commits

Author SHA1 Message Date
Erik Bakker cd3fd6762f
Don't Consume Request Body 
Per the servlet spec, getParameter(name) consumes the request body for
POST requests.

This commit prevents DefaultOAuth2AuthorizationRequestResolver from
consuming the request body for non-Authorization requests.

Closes gh-8650
 2020-06-05 14:21:00 -06:00
Rob Winch 24a04f9c5f Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:22:19 -05:00
Parikshit Dutta 28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter 
Fixes gh-8536
 2020-06-02 21:54:09 -04:00
Josh Cummings aa84c79e87
Use Nimbus Multiple Algorithm Support 
Closes gh-8623
 2020-06-02 12:49:21 -06:00
Dayan d8aa208a9f Fix broken link in spring security reference document 
Fixes:#8593
 2020-06-02 05:36:19 -06:00
Rob Winch 748538d19f Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:49:01 -05:00
Eleftheria Stein a63a0e3765 Add reactive CSRF samples to docs 
Issue gh-8172
 2020-05-28 13:16:35 -04:00
Josh Cummings da05543ef6
Update OAuth 2.0 Client Testing Docs 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 42a8635cde
Remove @MockBean ClientRegistrationRepository 
Fixes gh-8606
 2020-05-28 10:33:02 -06:00
Josh Cummings d5b8981678
Polish OAuth 2.0 Samples 
- Favor @TestConfiguration so as to not disable Spring Boot's
auto-configuration of ClientRegistrationRepository and
OAuth2AuthorizedClientRepository
 2020-05-28 10:33:02 -06:00
Josh Cummings 8d84bc58f6
Remove Unneeded OAuth2AuthorizedClientRepository 
Issue gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings 900f551890
Inject TestOAuth2AuthorizedClientRepository 
Fixes gh-8603
 2020-05-28 10:33:02 -06:00
Josh Cummings d014d29199
Update to Spring Boot 2.3.0 
Fixes gh-8605
 2020-05-27 16:12:23 -06:00
Josh Cummings b6f5464fb4
Update to Latest rsocket-core 
Now that the RSocket Authentication Extension is GA, it's no longer
necessary to override the version locally in the sample.

Issue gh-7935
 2020-05-27 16:12:23 -06:00
Josh Cummings 23db372962
Update to Gradle 6.4.1 
Fixes gh-8604
 2020-05-27 16:12:23 -06:00
Eleftheria Stein 61060b3a4f Add multipart configuration to CSRF Kotlin DSL 
Fixes gh-8602
 2020-05-27 17:01:12 -04:00
Eleftheria Stein 6f5947cab7 Fix test warnings 2020-05-27 17:00:48 -04:00
Eleftheria Stein fa11ae3c33 Remove unused import 2020-05-27 14:27:29 -04:00
Markus Engelbrecht 7463583c1b Fix typos in BCryptPasswordEncoder documentation 
Resolves gh-8585
 2020-05-27 10:35:49 -05:00
Spencer Gilson 551f9114a9 Fixing typo in README 
@pivotal-issuemaster This is an Obvious Fix
 2020-05-27 07:50:33 -05:00
Eleftheria Stein 67d2efde1c Resolve package tangles with security marker annotation 2020-05-27 07:33:24 -05:00
Eleftheria Stein bc272ddf73 Resolve package tangles in Kotlin server package 2020-05-27 07:33:24 -05:00
Eleftheria Stein 0a42aa26c8 Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 10:16:56 -04:00
Craig Andrews f1db7167cb Polish 
Use `getBeanOrNull` in `registerDelegateApplicationListener` to simplify implementation.

This change does not alter behavior.
 2020-05-22 20:33:32 -05:00
Craig Andrews dbdeec4216 Check for an existing SessionRegistry bean 
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
 2020-05-22 20:33:32 -05:00
Evgeniy Cheban 0fa339f75b Allow port=0 for ApacheDSContainer 
Fixes gh-8144
 2020-05-21 16:14:01 -05:00
justmehyp 06254a4fd4 Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.
 2020-05-21 11:19:03 -05:00
Mazharul Islam bf9e8295d6 mentioning the default strength of BCryptPasswordEncoder 2020-05-21 11:15:45 -05:00
Thomas Turrell-Croft 014df98ebb Polish 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager
 2020-05-21 11:09:31 -05:00
Maksim Vinogradov 4f58576952 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 09:53:35 -05:00
Astushi Yoshikawa f08ca4e688 Throw exception if URL does not include context path when context relative 
Issue: gh-8399
 2020-05-20 14:02:17 -04:00
Rob Winch dc514b369e FilterInvocation Support Default Methods on HttpServletRequest 
Closes gh-8566
 2020-05-20 10:13:59 -05:00
Andreas Volkmann 16b0a268d9 Update index.adoc 2020-05-20 08:01:56 -05:00
Josh Cummings 9a72654b8d
Update to jQuery 3.5.1 
Fixes gh-8557
 2020-05-19 13:02:04 -06:00
Josh Cummings c519d726ed
Polish hellojs Sample 
- Apply timestamp to composed messages
- Remove unnecessary $.map call
- Add password encoder prefix to password

Fixes gh-8555
Fixes gh-8556
 2020-05-19 13:02:04 -06:00
Josh Cummings b04b34ba85
Fix Logout in OpenID Sample 
Fixes gh-8554
 2020-05-19 13:02:04 -06:00
Dávid Kovács 4ab9da1c53 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:43:00 -05:00
Josh Cummings 51a0cffd36
Post-process AuthenticationRequestFilter 
Fixes gh-8552
 2020-05-18 21:08:23 -06:00
Josh Cummings 8e7c4c143c
Add TestSaml2AuthenticationRequestContexts 
Issue gh-8552
 2020-05-18 21:08:03 -06:00
Josh Cummings 9241cd2892
Move TestRelyingPartyRegistrations 
Fixes gh-8551
 2020-05-18 16:38:40 -06:00
Josh Cummings 7c7934c052
Remove Extra TestSaml2X509Credentials 
This class is a duplicate of the one already in
org.springframework.security.saml2.credentials

Issue gh-8404
 2020-05-18 10:08:27 -06:00
cbornet bfb401eeed Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:04:54 -05:00
Parikshit Dutta 1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter 
Fixes gh-8120
 2020-05-15 15:13:15 -04:00
Joe Grandja c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale 78fa859798 Add issuerUri to ClientRegistration.providerDetails 
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
 2020-05-14 17:13:07 -04:00
Dávid Kovács db4ca1f756 Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:13 -05:00
Rob Winch bb05603b3c AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:07:24 -05:00
Rob Winch e5d2aaf6fe
Deprecate OpenID 2.0 support 
Deprecate OpenID 2.0 support
 2020-05-12 09:37:56 -05:00
Mathieu Ouellet cd08102b93 Add debug logging 
Goal is to provide insight to devs on:
- Authentication & Authorization success/failures
- WebSession & SecurityContext
- Request matchers, cache & authn/authz flow

Fixes gh-5758
 2020-05-12 09:03:24 -05:00
Rob Winch 8d447633f4 Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:20:27 -05:00