Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,641 Commits 34 Branches 337 Tags
Commit Graph

8641 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dávid Kováč
d104490cb8 Resolve Bearer token after subscribing to publisher 
Bearer token was resolved immediately after calling method convert. In situations when malformed token was provided or authorization header and access token query param were present in request exception was thrown instead of signalling error.
After this change Bearer token is resolved on subscription and invalid states are handled by signaling error to subscriber.

Closes gh-8865
 2020-08-03 11:09:48 -05:00
Josh Cummings
c2612a2f41
Remove unused import 
Issue gh-8589
 2020-07-31 08:45:17 -06:00
Josh Cummings
f3695932de
Polish to Avoid NPE 
Issue gh-5648

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:28:07 -06:00
Josh Cummings
950769fa00
Additional Jwt Validation Debug Messages 
Closes gh-8589

Co-authored-by: MattyA <mat.auburn@gmail.com>
 2020-07-30 17:21:58 -06:00
Dennis Neufeld
57db8e5d4a Add OAuth2AuthenticationException to allowlist 
Add mixins for
- OAuth2AuthenticationException
- OAuth2Error

Closes gh-8797
 2020-07-21 10:15:44 -04:00
Josh Cummings
5d8bac1971
Polish WebSecurityConfigurerAdapter JavaDoc 
Issue gh-8784
 2020-07-20 15:23:43 -06:00
Romil Patel
a55267f867
WebSecurityConfigurerAdapter JavaDoc 
Closes gh-8784
 2020-07-20 15:23:36 -06:00
Josh Cummings
9045636a4b
Polish Bearer Token Padding 
Issue gh-8502
 2020-07-16 11:56:55 -06:00
kothasa
09e154d8f2
Bearer Token Padding 
Closes gh-8502
 2020-07-16 11:53:36 -06:00
wangsong
6584b84b60 Fix ProviderManager Javadoc typo 
Closes gh-8800
 2020-07-07 17:12:38 -05:00
Rob Winch
070706d948 LoginPageGeneratingWebFilter honors context path 
Closes gh-8807
 2020-07-07 13:36:35 -05:00
Julian Müller
4fec451196 Enables empty authorityPrefix 
- docs stated that empty authorityPrefix are allowed but implementation denied to use `""`
- commit removes the `hasText`-limitation but restricts to `notNull`

Fixes gh-8421
 2020-07-07 15:24:38 +02:00
Eleftheria Stein
7af5804d56 Compare Timestamps up to the millisecond 
Issue gh-8782
 2020-07-01 11:30:27 +02:00
Ellie Bahadori
8904b3b19b Use Github Actions workflow for PRs and remove Travis 
Closes gh-8719
 2020-06-30 10:14:04 -04:00
Rob Winch
8dea578959 Update to spring-build-conventions:0.0.33.RELEASE 
Closes gh-8759
 2020-06-25 11:28:15 -05:00
Dávid Kovács
c16db27670 formLogin() and login() implement Mergable 
This is necessary so that default requests like Spring REST Docs work.

Closes gh-7572
 2020-06-22 14:56:07 -05:00
Evgeniy Cheban
eb90857d6e DefaultWebSecurityExpressionHandler uses RoleHierarchy bean 
Fixes gh-7059
 2020-06-10 16:56:15 -04:00
Joe Grandja
38c1e3ffa8 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException 
Issue gh-8609
 2020-06-09 15:27:32 -04:00
Joe Grandja
acf56f24a6 OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException 
Fixes gh-8609
 2020-06-09 15:21:07 -04:00
Eleftheria Stein
7a7707b899 Revert "Temporarily ignore RSocket integration tests" 
This reverts commit 8dd9cb2b3352285237d1019673400833e8df9700.

Fixes gh-8643
 2020-06-08 16:43:12 -04:00
Rob Winch
5a5bed49f6 Add subscriberContext to PayloadSocketAcceptor delegate.accept 
Closes gh-8654
 2020-06-05 12:54:26 -05:00
Josh Cummings
8ff3d6606b
Next Development Version 2020-06-03 16:13:07 -06:00
Josh Cummings
bbd2a9ebae
Revert "Lock Dependencies for 5.3.3.RELEASE" 
This reverts commit 116bfe01e6de3bf7cfa06a94f20373f6345b89f0.
 2020-06-03 16:11:59 -06:00
Josh Cummings
4246b0ae0a
Release 5.3.3.RELEASE 5.3.3.RELEASE 2020-06-03 13:58:56 -06:00
Eleftheria Stein
8dd9cb2b33
Temporarily ignore RSocket integration tests 
Issue gh-8643
 2020-06-03 13:58:13 -06:00
Josh Cummings
116bfe01e6
Lock Dependencies for 5.3.3.RELEASE 2020-06-03 13:14:07 -06:00
Josh Cummings
04079fca69
Update to Latest rsocket-core 
Now that the RSocket Authentication Extension is GA, it's no longer
necessary to override the version locally in the sample.

Issue gh-7935
 2020-06-03 13:14:07 -06:00
Josh Cummings
35cf443431
Update to Kotlin 1.3.72 
Closes gh-8645
 2020-06-03 13:14:32 -06:00
Josh Cummings
4213046653
Update to Spring Boot 2.2.7.RELEASE 
Closes gh-8646
 2020-06-03 13:14:26 -06:00
Josh Cummings
16723e55b1
Update to AppEngine 1.9.80 
Closes gh-8647
 2020-06-03 13:14:07 -06:00
Josh Cummings
977642b0ce
Change Reactor Constraint to Take Latest SR 
Issue gh-8531
 2020-06-03 12:25:52 -06:00
Josh Cummings
94737df378
Pull Latest Minor Releases for Nimbus 
Closes gh-8608
 2020-06-03 12:25:30 -06:00
Rob Winch
cf142ef024 Delay AuthenticationPrincipalArgumentResolver Creation 
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
 2020-05-29 16:51:23 -05:00
Markus Engelbrecht
258bd8fa09 Fix typos in BCryptPasswordEncoder documentation 
Closes gh-8586
 2020-05-27 10:37:46 -05:00
Spencer Gilson
30736184ca Fixing typo in README 
Closes gh-8581
 2020-05-27 07:57:29 -05:00
Eleftheria Stein
2ebbb6f80a Mock request with non-standard HTTP method in test 
Fixes gh-8594
 2020-05-26 15:38:53 -04:00
justmehyp
5bcfaaf94d Remove unused field 'digester' in Md4PasswordEncoder 
`private Digester digester;`  defined in Md4PasswordEncoder is never used. So remove it.

Closes gh-8553
 2020-05-21 11:19:28 -05:00
Mazharul Islam
e1f01c6d77 mentioning the default strength of BCryptPasswordEncoder 
Fixes gh-8542
 2020-05-21 11:16:12 -05:00
Thomas Turrell-Croft
c1f737c842 Polish JDBC Authentication Doc 
* Correct documented default schema to match default schema exposed as classpath resource
* Fix Java example of adding users to JdbcUserDetailsManager

Fixes gh-8550
 2020-05-21 11:10:06 -05:00
Maksim Vinogradov
892f2f8843 Prevent StackOverflowError for AccessControlEntryImpl.hashCode 
Getting StackOverflowError when invoke AclImpl.hashCode because of
cross-references between AclImpl and AccessControlEntryImpl

Remove from AccessControlEntryImpl.hashCode method invocation of
acl.hashCode

fixes gh-5401
 2020-05-21 10:07:20 -05:00
Andreas Volkmann
5eeeac8e51 Update index.adoc 2020-05-20 08:02:50 -05:00
Dávid Kovács
8399375a86 Object ID Identicy conversion to long fails on old schema 
This change fixed a bug which tried to convert non-string object as string

Fixes gh-7621
 2020-05-19 13:44:57 -05:00
cbornet
b6efd5ba76 Create the CSRF token on the bounded elactic scheduler 
The CSRF token is created with a call to UUID.randomUUID which is blocking.
This change ensures this blocking call is done on the bounded elastic scheduler which supports blocking calls.

Fixes gh-8128
 2020-05-18 11:05:50 -05:00
Rob Winch
e945b3414a Try Reactor BUILD-SNAPSHOTs 
Issue gh-8531
 2020-05-15 13:51:49 -05:00
Rob Winch
bf88065002 Try Reactor SNAPSHOTs 
Trying to determine if this is related to reactor/reactor-core#2152

Issue gh-8531
 2020-05-15 13:45:41 -05:00
Artyom Tarynin
9e665388d2 Update AntPathRequestMatcher.java 
Fixes gh-8512
 2020-05-13 17:07:45 -04:00
Dávid Kovács
d6f827c50d Document NoOpPasswordEncoder will not be removed 
This commit adds extension to deprecation notice.

Fixes gh-8506
 2020-05-13 12:54:56 -05:00
Rob Winch
0f13c5e44d AbstractUserDetailsReactiveAuthenticationManager uses boundidElastic() 
Some JVMs have blocking operations when accessing SecureRandom and thus
this needs to be performed in a pool that is larger than the number of
CPUs

Closes gh-7522
 2020-05-12 13:23:07 -05:00
Rob Winch
06a02ed4bb Fix non-standard HTTP method for CsrfWebFilter 
Closes gh-8452
 2020-05-11 17:28:40 -05:00
Joe Grandja
716583f9bb Next development version 2020-05-06 15:51:37 -04:00