d3af4f7354
Limit oauth2Login() links to redirect-based flows
...
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
2021-04-14 06:16:43 -04:00
a5117506a5
Next Development Version
2021-04-12 14:43:21 -04:00
26c6570b10
Revert "Lock Dependencies"
...
This reverts commit b3250c06a9
2021-04-12 14:42:38 -04:00
dd4e8eb36f
Release 5.3.9.RELEASE
2021-04-12 14:24:06 -04:00
b3250c06a9
Lock Dependencies
2021-04-12 14:19:19 -04:00
aa0edfa1c7
Update to Spring Boot 2.2.13
...
Closes gh-9614
2021-04-12 14:19:01 -04:00
22d7043d01
Add null check in CsrfFilter and CsrfWebFilter
...
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.
When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.
ZiQiang Zhao<1694392889@qq.com>
Closes gh-9561
2021-04-09 21:55:30 -06:00
2009b5faf0
Next Development Version
2021-02-11 13:39:20 -06:00
71f9876c48
Revert "Lock dependencies"
...
This reverts commit dca4858d81
2021-02-11 13:38:50 -06:00
461f1f6b38
Release 5.3.8.RELEASE
2021-02-11 13:00:32 -06:00
dca4858d81
Lock dependencies
2021-02-11 13:00:32 -06:00
419839d05c
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 13:00:31 -06:00
38e9e8ca52
Optimize HttpSessionSecurityContextRepository
...
Closes gh-9387
2021-02-11 13:00:31 -06:00
996ccc08a4
Next Development Version
2021-02-11 09:52:42 -06:00
ec8f6014d4
Revert "Lock dependencies"
...
This reverts commit fa5f789beb
2021-02-11 09:51:54 -06:00
b3815dfc20
Release 5.3.7.RELEASE
2021-02-11 08:54:19 -06:00
fa5f789beb
Lock dependencies
2021-02-11 08:53:40 -06:00
87cc4d4519
Fix Test Configuration
...
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable
Closes gh-9421
2021-02-10 11:36:44 -07:00
10946e8153
Polish Tests
...
Issue gh-9331
2021-02-03 09:30:27 -07:00
3cb98ebed0
Configure CurrentSecurityContextArgumentResolver BeanResolver
...
Closes gh-9331
2021-02-03 09:24:22 -07:00
e7acd1219d
Allow null or empty authorities for DefaultOAuth2User
...
Make DefaultOAuth2User more inline with other part of
spring-security.
For example,
- DefaultOAuth2AuthenticatedPrincipal
- AbstractAuthenticationToken
Closes gh-9366
2021-02-02 04:35:39 -05:00
84b560919c
Change Example Name
...
Closes gh-9379
2021-01-28 11:24:19 -07:00
c23b0da607
Use spring-build-conventions:0.0.37
2021-01-25 20:44:27 -06:00
0f7360e8fa
Make user info response status check error only
...
Closes gh-9336
2021-01-25 10:46:07 -05:00
d722ac7757
Fix SAML 2.0 Sample Test
...
Issue gh-9362
2021-01-22 15:13:02 -07:00
2985d805b0
Migrate SAML 2.0 Test and Docs to PCFOne
...
Issue gh-9362
2021-01-22 15:12:31 -07:00
e974c93f72
Migrate SAML 2.0 Samples to PCFOne
...
Closes gh-9362
2021-01-22 11:50:49 -07:00
7aeda7c8d8
Fix SAML 2.0 Javaconfig Sample
...
Issue gh-9362
2021-01-22 11:33:40 -07:00
02e13dc93e
Provide artifactoryUsername/Password in docs and schema jobs
2021-01-22 14:55:14 +01:00
5315b2eeca
Resolve artifacts from Maven Central first
...
- Use spring-build-conventions:0.0.36
- Add https://repo.spring.io/release to reference
Closes gh-9367
2021-01-22 13:54:47 +01:00
e6d6b39767
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:17:25 -06:00
b08075a721
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:30:12 -06:00
0fc80a6a65
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:12:29 -07:00
7d31837af3
OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
...
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
2020-12-03 11:20:11 -05:00
17276ad787
Next Development Version
2020-12-02 19:32:48 -07:00
7c2010f507
Revert "Lock Dependencies for 5.3.6"
...
This reverts commit a153012056
2020-12-02 19:32:03 -07:00
2975923a1d
Release 5.3.6.RELEASE
2020-12-02 16:31:52 -07:00
a153012056
Lock Dependencies for 5.3.6
2020-12-02 16:31:52 -07:00
a8fe846e7f
Update to Google App Engine 1.9.83
...
Closes gh-9247
2020-12-02 16:31:46 -07:00
02a9ee54a2
Update to Spring Boot 2.2.11
...
Closes gh-9246
2020-12-02 16:31:40 -07:00
0f76a16ae5
Provide artifactoryUsername/Password
2020-11-17 08:52:38 -06:00
82ba28ac74
Fix Snapshot Versions
2020-11-16 17:28:40 -06:00
78f0f7bd33
Use artifactoryUsername/Password for plugin repositories
2020-11-16 17:11:28 -06:00
ad4ed45cd7
Provide artifactoryUsername/Password
2020-11-16 17:11:20 -06:00
0f9de738df
Update to spring-build-conventions:0.0.35.RELEASE
2020-11-16 17:09:01 -06:00
3ba441ef50
add white space before strong notation.
2020-10-30 15:50:44 -06:00
9ab21f88cd
Closes gh-8196
...
Add leveloffset
2020-10-28 15:05:29 -06:00
93c37e6b15
Update Test Controllers
...
Closes gh-9121
2020-10-12 18:08:52 -06:00
2dcfda7fac
Revert "Lock Dependencies for 5.3.5.RELEASE"
...
This reverts commit 846a5a962c
2020-10-07 16:39:28 -06:00
8525ae0410
Next Development Version
2020-10-07 14:05:07 -06:00
Denis Washington
Joe Grandja
佚名
Rob Winch
Josh Cummings
happier233
Benjamin Faal
Eleftheria Stein
Rob Winch
Ovidiu Popa
Hideaki Matsunami
Ayush Kohli