Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,357 Commits 32 Branches 333 Tags 110 MiB
Commit Graph

8357 Commits

Author SHA1 Message Date
Erik van Paassen 86e25ff2ab
Fix typo in Javadoc of HttpSecurity#csrf() 
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
 2020-03-17 13:36:34 -06:00
Zeeshan Adnan a49a325db2 Fix exception for empty basic auth header token 
fixes spring-projectsgh-7976
 2020-03-16 16:06:52 -04:00
Markus Engelbrecht 75f22285c6
Fix typo 'properites' in documentation 
Fixes gh-8095
 2020-03-11 11:01:06 -06:00
Josh Cummings 8fa16ce63e
Update to Jetty 9.4.27 
Fixes gh-7507
 2020-03-09 10:03:18 -06:00
Clement Stoquart 32c02fbedb
Remove empty relay state from redirect url 2020-03-04 12:47:03 -07:00
AmitB 96ff3a54a9 Fix typo in AntPathRequestMatcher contructor comment 2020-03-02 07:16:07 -06:00
Josh Cummings 9092115b8a
Register Authentication Provider in Init Phase 
Fixes gh-8031
 2020-02-28 18:43:54 -07:00
Joe Grandja 3dbfef9ef1 OAuth2AccessTokenResponseHttpMessageConverter handles JSON object parameters 
Fixes gh-6463
 2020-02-24 15:58:25 -05:00
Joe Grandja 8acdb82e6a OAuth2AuthorizationCodeGrantWebFilter matches on query parameters 
Fixes gh-7966
 2020-02-10 15:28:06 -05:00
Rafael Renan Pacheco 5ce0ce3f38
Fix var typo and code readability 2020-02-10 12:06:30 -07:00
Joe Grandja 6141132cfa Fix test gh-7963 2020-02-10 05:53:00 -05:00
Joe Grandja cc7ea4acd3 OAuth2AuthorizationCodeGrantFilter matches on query parameters 
Fixes gh-7963
 2020-02-10 05:24:14 -05:00
Manuel Bleichenbacher 1e4736f9b3 Prevent double-escaping of authorize URL parameters 
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.

It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Fixes gh-7871
 2020-02-08 16:59:01 -05:00
Stephane Maldini 0012e24c46 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7953
 2020-02-07 20:18:50 -05:00
Joe Grandja 2dc8147106 Add release-notes-sections.yml 2020-02-05 15:18:32 -05:00
Joe Grandja 1da8e9df13 Next Development Version 2020-02-05 11:03:09 -05:00
Joe Grandja 9a2b71d931 Release 5.2.2.RELEASE 2020-02-05 10:56:00 -05:00
Josh Cummings c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors 2020-02-05 07:16:37 -07:00
Joe Grandja 6c310213a8 Update to Spring Boot 2.2.4 
Fixes gh-7909
 2020-02-04 15:07:16 -05:00
Joe Grandja a5b6b9a398 Update to org.slf4j 1.7.30 
Fixes gh-7908
 2020-02-04 15:04:46 -05:00
Joe Grandja 9e6910273c Update to org.powermock 2.0.5 
Fixes gh-7907
 2020-02-04 14:56:28 -05:00
Joe Grandja ea809b01a6 Update to hibernate-validator 6.1.2.Final 
Fixes gh-7906
 2020-02-04 14:53:08 -05:00
Joe Grandja 8054239a12 Update to hibernate-entitymanager 5.4.10.Final 
Fixes gh-7905
 2020-02-04 14:51:05 -05:00
Joe Grandja 46486194c2 Update to org.aspectj 1.9.5 
Fixes gh-7904
 2020-02-04 14:44:05 -05:00
Joe Grandja 00b08bc725 Update to httpclient 4.5.11 
Fixes gh-7903
 2020-02-04 14:39:27 -05:00
Joe Grandja 6e0fbfcccd Update to commons-codec 1.14 
Fixes gh-7899
 2020-02-04 14:31:31 -05:00
Joe Grandja 87ea083520 Update to com.squareup.okhttp3 3.14.6 
Fixes gh-7898
 2020-02-04 14:24:11 -05:00
Joe Grandja 9db3f51f2a Update to Jackson 2.10.2 
Fixes gh-7897
 2020-02-04 14:06:11 -05:00
Joe Grandja 3cc4a945c6 Update to Reactor Dysprosium SR4 
Fixes gh-7896
 2020-02-04 14:03:06 -05:00
Joe Grandja dbc43fb47d Update to Spring Data Moore SR3 
Fixes gh-7895
 2020-02-04 14:02:57 -05:00
Joe Grandja ce6a0368bd Update to Spring Framework 5.2.3 
Fixes gh-7894
 2020-02-04 13:38:17 -05:00
Eleftheria Stein 9dd3dfe718 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:56:59 +01:00
Eleftheria Stein edb6cd3729 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:52:01 +01:00
Peter Keller 2dbedf7af5 Set charset of BasicAuthenticationFilter converter 
Allow BasicAuthenticationFilter to pick up the given credentials charset.

Fixes: gh-7835
 2020-01-23 16:24:03 +01:00
Eleftheria Stein 630eb10704 Load LDIF file from classpath in unboundId mode 
Fixes: gh-7833
 2020-01-21 17:12:18 +01:00
Eleftheria Stein f4d4c08329 Fix LDIF file example in LDAP docs 
Fixes: gh-7832
 2020-01-20 11:32:53 +01:00
Johannes Edmeier cc956a66df Don't cache requests with `Accept: text/event-stream` by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:37:34 -08:00
Rob Winch 29182abb34 Fix HttpHeaderWriterWebFilterTests 
Ensure setComplete() is subscribed to
 2020-01-10 08:46:47 -06:00
Filip Hanik b754a3d635 Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-18 08:44:27 -08:00
Eleftheria Stein 0d24e2b8cf Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-12-13 11:53:20 +01:00
Rob Winch b00999deed Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor 
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name

Fixes gh-7737
 2019-12-12 15:30:56 -06:00
Eleftheria Stein 59ca2ddf65 Polish SAML2 principal classes 
Update @since

Issue: gh-7681
 2019-12-12 20:27:24 +01:00
Clement Stoquart 0782228914 fix: make Saml2Authentication serializable 2019-12-12 20:25:26 +01:00
Rob Winch 29eb8b9177 CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:28:23 -06:00
Rob Winch bd6ff1f319 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:33:14 -06:00
Rob Winch 6db7b457b7 DelegatingServerLogoutHandler Executes Sequentially 
Fixes gh-7723
 2019-12-11 15:39:56 -06:00
Phil Clay 840d3aa986 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 14:37:34 -05:00
Ankur Pathak 4c5c4f6cce Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 14:37:25 -05:00
Joe Grandja 148b570a98 Remove redundant validation for redirect-uri 
Fixes gh-7706
 2019-12-06 12:01:19 -05:00
Joe Grandja 752d5f29aa Display general error message when WebFlux oauth2Login() fails 
Issue gh-5562 gh-6484
 2019-12-05 20:12:38 -05:00