Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 23:10:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,269 Commits 49 Branches 376 Tags
Commit Graph

666 Commits

Author SHA1 Message Date
Alexey Nesterov
d8d59e97ac Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 12:05:15 -05:00
Eleftheria Stein
b7cb93f671 Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-11-28 14:40:25 +01:00
Eleftheria Stein
8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Eleftheria Stein
1188a3bb5f Polish RememberMeConfigurer 
Issue: gh-4140
 2019-11-07 15:26:59 +01:00
邓超
b13f750646 Retrieve remember-me key from service as fallback 
Fixes: gh-4140
 2019-11-07 13:55:39 +01:00
Josh Cummings
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests 
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
 2019-11-04 11:39:54 -07:00
Eleftheria Stein
de7cbc82b5 Clarify in Javadoc that expressionHandler should not be null 
Fixes: gh-2665
 2019-10-23 15:10:39 -04:00
Rob Winch
3051a79188 Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 2019-09-30 14:33:41 -05:00
Rob Winch
a911f3d52f Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-30 14:14:59 -05:00
Rob Winch
3854afad61 Merge Add denyAll method in AuthorizePayloadsSpec.Access 2019-09-30 14:05:42 -05:00
Josh Cummings
758af54796
ObjectPostProcessor Tests groovy->java 
Issue gh-4939
 2019-09-27 16:36:33 -06:00
Josh Cummings
a08be5bf6f
UrlAuthorizationsTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Josh Cummings
870d83eb3e
PermitAllSupportTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle
350bce761f Add hasAuthority method to RSocketSecurity 
Fixes gh-7435
 2019-09-27 16:48:25 -05:00
Josh Cummings
33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja
08d2c93713 Polish gh-7466 2019-09-26 22:11:53 -04:00
Roman Chigvintsev
9bae0a4dbd Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec 
Fixes gh-7466
 2019-09-26 17:19:32 -04:00
Joe Grandja
2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja
d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler
da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Joe Grandja
9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Rob Winch
00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Ebert Toribio
3a66191756 Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 
See Fixes gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-18 21:17:09 -05:00
Onur Kagan Ozcan
034b5e9e93 Introduce LogoutSuccessEvent 
LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout.

By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event.

This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency.

Fixes gh-2900
 2019-09-18 10:57:16 -05:00
Manuel Tejeda
9926ad68b8 add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-18 07:59:20 -05:00
Jesús Ascama
daf6b53e3a Add denyAll method in AuthorizePayloadsSpec.Access 
See gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
 2019-09-17 20:17:10 -05:00
Josh Cummings
05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings
1176d0cfdb
Polish DefaultFilters,Issue55Tests 
Formatted HttpSecurity and WebSecurity configuration stacks
Removed unnecessary code

Issue gh-4939
 2019-09-16 13:56:17 -06:00
kostya05983
950e6422a1
Migrate DefaultFilters,Issue55Tests groovy->java 
Issue gh-4939
 2019-09-16 13:37:22 -06:00
Josh Cummings
101e0a21a8 Bearer WebClient Filter Authentication Propagation 
Fixes: gh-7418
 2019-09-11 16:27:21 +01:00
Rob Winch
96d44cd4b7 Add Default RSocketSecurity 
Fixes gh-7361
 2019-09-09 16:10:55 -05:00
Rob Winch
5d0815bc76 Allow RSocketMessageHandlerITests to timeout 
Fixes gh-7415
 2019-09-09 16:10:50 -05:00
Rob Winch
6296e6e896 RSocketSecurity delegates to correct matcher 
Fixes gh-7414
 2019-09-09 16:09:23 -05:00
Rob Winch
1b699a49fb Polish RSocket packaging 
Fixes gh-7413
 2019-09-09 16:07:14 -05:00
Rob Winch
9639962e27 Fix RSocket Package Tangle 
Issue gh-7360
 2019-09-05 16:27:57 -05:00
Rob Winch
7ad641d106 RSocket Tests use Available Port 
Issue gh-7360
 2019-09-05 09:16:07 -05:00
Josh Cummings
26a65249f9
Remove invalid characters 2019-09-05 04:32:34 -06:00
Rob Winch
5a4eded696 Add RSocket Support 
Fixes gh-7360
 2019-09-04 19:24:01 -05:00
Josh Cummings
de672e3ae9
Polish oauth2ResourceServer() Error Messaging 
Fixes: gh-6876
 2019-09-04 11:49:22 -06:00
Josh Cummings
1fc5b27fa2
Update LogoutConfigurerClearSiteData Tests 
Issue gh-7347
 2019-09-04 03:30:37 -06:00
Josh Cummings
068f4f0147 Polish Opaque Token 
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.

Fixes gh-7344
Fixes gh-7345
 2019-09-03 15:58:05 -06:00
Eddú Meléndez
8773c7994f Allow to set default securityContextRepository for each authentication mechanisms 
Fixes gh-7249
 2019-09-03 07:46:59 -06:00
Josh Cummings
d6d0d89ff8
NamespaceRememberMeTests groovy->java 
Issue gh-4939
 2019-09-02 13:08:21 -06:00
Josh Cummings
bf5b693549
NamespaceHttpOpenIDLoginTests groovy->java 
Issue gh-4939
 2019-08-30 15:54:43 -06:00
Lars Grefer
95511331fa fix checkstyle 2019-08-26 22:42:26 +02:00
Lars Grefer
34dd5fea30 Remove redundant throws clauses 
Removes exceptions that are declared in a method's signature but never thrown by the method itself or its implementations/derivatives.
 2019-08-23 01:03:54 +02:00
Rob Winch
71444ff5dc RequestCache ignores multipart requests 
Fixes gh-7060
 2019-08-15 09:21:41 -05:00
Ahmed Sayed
1ab05dae02 added test 2019-08-14 21:35:34 +02:00
Rob Winch
abc90280e0
Add unbounid support in xml 
Add unbounid support in xml

Fixes gh-6011
 2019-08-14 10:05:49 -05:00
Lars Grefer
cb4f3d2f44 Use UTF-8 for Java sources and XML 2019-08-14 08:47:00 -05:00