Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-09-08 20:51:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,665 Commits 43 Branches 354 Tags
Commit Graph

557 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux
bea7761a1c
ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Rob Winch
32dbaceec5 Fix mockito 4.7.0 merge 
Issue gh-11748
 2022-08-24 08:58:00 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Igor Bolic
efaee4e56b Allow customization of redirect strategy 
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.

Closes gh-11373
 2022-08-08 15:35:49 -05:00
Joe Grandja
95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Josh Cummings
1d72a05c32
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-06-27 13:05:12 -06:00
Josh Cummings
01513ab17e
Add placeholders to reactive post_logout_redirect_uri 
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
 2022-06-16 16:10:26 -06:00
Josh Cummings
6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId 
Closes gh-11378
 2022-06-16 16:09:57 -06:00
Josh Cummings
3f30de388a
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:09:56 -06:00
Michael
e4505ed6c8
Add placeholders to post_logout_redirect_uri 
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
 2022-06-16 16:09:56 -06:00
Steve Riesenberg
f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Joe Grandja
50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja
a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Simone Giannino
73003d59d6 OAuth 2.0 logout handler resolves uri placeholders 
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
 2022-03-15 12:54:39 -06:00
Josh Cummings
931fb6a328 Move UnmodifiableMapDeserializer 
Issue gh-10905
 2022-03-01 14:03:41 -07:00
Marcus Da Coregio
bebd615507 Update io.r2dbc to 0.9.1.RELEASE 
Closes gh-10883
 2022-02-21 10:35:20 -03:00
Rob Winch
8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Steve Riesenberg
7c54f98944 Update io.r2dbc to 0.9.0.RELEASE 
Closes gh-10717
 2022-01-14 11:58:45 -06:00
Joe Grandja
214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Dávid Kováč
17e28fa7aa Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 13:48:32 +01:00
Khaled Hamlaoui
00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler 
Closes gh-10425
 2021-11-16 15:27:48 -06:00
Steve Riesenberg
076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch
0c088e278a Update r2dbc-spi-test to 0.8.6.RELEASE 
Closes gh-10393
 2021-10-18 21:03:12 -05:00
Steve Riesenberg
3b564b2026 Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient 
This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
 2021-10-06 13:09:33 -05:00
Steve Riesenberg
9b24f66f1c Implement reactive support for JWT as an Authorization Grant 
Closes gh-10147
 2021-10-05 16:09:24 -05:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Joe Grandja
97c949d929 oauth2Login() AuthenticationProvider's preserve root cause exception when rethrown 
Closes gh-10228
 2021-09-24 10:41:31 -04:00
Joe Grandja
5830fda2fa Introduce JwtEncoder 
Closes gh-9208
 2021-09-24 05:13:40 -04:00
bishoy basily
860690491a Add setBodyExtractor 
Closes gh-10260
 2021-09-22 15:32:19 -06:00
Rujun Chen
9b4ddd7e0a Make AuthorizationGrantTypeConverter support custom grant type 
Closes gh-10155
 2021-08-19 13:13:20 -04:00
Steve Riesenberg
6d6dc113d8 Add converter for authentication result in OAuth2LoginAuthenticationFilter 
Closes gh-10033
 2021-08-10 16:50:19 -05:00
Steve Riesenberg
fc553bf19a Add gh-10130 to tests 2021-08-09 15:33:54 -05:00
Steve Riesenberg
acca3dba69 Polish gh-10131 2021-08-09 11:07:12 -05:00
Vincent Boulaye
044157061f Enable customizing headers in token requests 
Adds the possibility to customize the headers of the access token request in AbstractWebClientReactiveOAuth2AccessTokenResponseClient, similarly to what is done in the AbstractOAuth2AuthorizationGrantRequestEntityConverter.

Closes gh-10130
 2021-08-09 10:50:37 -05:00
Rob Winch
f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch
b6ff4d3674 Fix mockito UnnecessaryStubbingException 2021-07-09 14:35:10 -05:00
Rob Winch
3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Rob Winch
14240b2559 Remove Powermock 
Powermock does not support JUnit5 yet, so we need to remove it
to support JUnit 5. Additionally, maintaining additional libraries
adds extra work for the team.

Mockito now supports final classes and static method mocking. This
commit replaces Powermock with mockito-inline.

Closes gh-6025
 2021-07-08 12:35:32 -05:00
Josh Cummings
d4c3cea0e6
Update Copyright 
Issue gh-9901
 2021-06-17 08:34:31 -06:00
Arnaud Mergey
1d606ccedb fix typo preventing full exception to be displayed in log 
closes gh-9901
 2021-06-17 08:33:32 -06:00
Steve Riesenberg
807ce30948 Support additional client authentication methods 
Closes gh-9780
 2021-06-16 15:48:03 -05:00
Steve Riesenberg
0cba0874f3 Handle missing authorization endpoint uri 
Closes gh-9795
 2021-06-16 15:38:53 -05:00
Steve Riesenberg
9b05afdee8 Remove validation for unsupported grant types 
Closes gh-9828
 2021-06-16 14:54:33 -05:00
Joe Grandja
eb6ed283e0 Jwt client authentication converter detects new key 
Closes gh-9814
 2021-06-16 12:55:12 -04:00
Steve Riesenberg
aed993f3e5
Store one request by default in WebSessionOAuth2ServerAuthorizationRequestRepository 
Related to gh-9649
Closes gh-9857
 2021-06-15 11:03:30 -05:00
Eleftheria Stein
36805c7192 Revert "Use strict equality for timestamp comparison in JDBC tests" 
This reverts commit 09a0670cb68032beacb399e0abe6d671967f3702.

This appears to still be an issue in Windows

Issue gh-8782
 2021-06-08 10:13:53 +03:00
Eleftheria Stein
09a0670cb6 Use strict equality for timestamp comparison in JDBC tests 
This is possible because of the update to HSQLDB 2.6.0
This reverts commit eb7b27695d3f9fce869eb3fb1c0ec56c32a9cb2b.

Closes gh-8782
 2021-06-08 09:31:55 +03:00
Steve Riesenberg
ac9b137cad URL encode client credentials 
Closes gh-9610
 2021-06-01 12:57:06 -05:00