Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,288 Commits 33 Branches 337 Tags
Commit Graph

527 Commits

Author SHA1 Message Date
Josh Cummings
02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Phil Clay
cffad1be02 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 13:59:51 -05:00
Ankur Pathak
c29309d744 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 13:59:51 -05:00
Joe Grandja
24500fa3ca Remove redundant validation for redirect-uri 
Fixes gh-7706
 2019-12-06 11:55:31 -05:00
Josh Cummings
bb8706977d
Polish DefaultOAuth2AuthorizedClientManager 2019-12-02 16:05:17 -07:00
Joe Grandja
65513f2e3b Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 09:48:01 -05:00
Joe Grandja
80f256e425 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-7544
 2019-11-28 09:48:01 -05:00
Joe Grandja
07b8aa0b1f DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange 
Issue gh-7544
 2019-11-28 09:48:01 -05:00
Josh Cummings
6ff71d8113
Add OidcUserInfo.Builder 
Fixes gh-7593
 2019-11-26 16:12:06 -07:00
Josh Cummings
c76775159c
Add OidcIdToken.Builder 
Fixes gh-7592
 2019-11-26 16:12:06 -07:00
Josh Cummings
22ae3eb765
Polish Error-handling Tests 
Tests should assert the error message content that Spring Security
controls.

Fixes gh-7647
 2019-11-14 16:13:39 -07:00
Rafiullah Hamedy
58ca81d500 Make jwks_uri optional for RFC 8414 and Required for OpenID Connect 
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata 
response is expected to return a valid jwks_uri, however, this field is 
optional in the Authorization Server Metadata response as per RFC 8414
specification.

Fixes gh-7512
 2019-11-11 10:34:06 -07:00
Josh Cummings
ed02ef9773
Add Test for Malformed Scope 
Fixes gh-7563
 2019-10-28 16:55:56 -06:00
Josh Cummings
387f765595
Catch Malformed BearerTokenError Descriptions 
Fixes gh-7549
 2019-10-28 12:30:27 -06:00
Phil Clay
8584b12c8d Make saveAuthorizedClient save the authorized client 
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.

Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.

Fixes gh-7546
 2019-10-23 12:12:23 -04:00
Joe Grandja
1c53a7859b Fix access token expiry check with clock skew 
Fixes gh-7511
 2019-10-22 21:54:55 -04:00
Everett Irwin
6ad328f909 Add Clock Skew Tests 
Fixes gh-7511

Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
 2019-10-17 20:19:47 -06:00
Josh Cummings
adf9769eed
Add ClientRegistration.withClientRegistration 
Fixes gh-7486
 2019-09-27 14:17:50 -06:00
Josh Cummings
33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja
7217bb5eb0 Remove FIXME in OAuth2LoginReactiveAuthenticationManager 2019-09-27 12:13:13 -04:00
Joe Grandja
2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja
d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00
Mark Heckler
da9f027fa4 Add nonce to OIDC Authentication Request 
Fixes gh-4442
 2019-09-25 14:57:54 -04:00
Joe Grandja
9f18c2e21a OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri 
Fixes gh-7036
 2019-09-24 11:07:36 -04:00
Rob Winch
ff54eb878a Use Schedulers.boundedElastic() 
Fixes gh-7457
 2019-09-19 13:51:06 -05:00
Rob Winch
00f8991fac Merge Remove Redudant Throws 
Fixes gh-7301
 2019-09-19 11:04:53 -05:00
Josh Cummings
05caf3d8fb
Use Jwt.Builder 
Fixes gh-7443
 2019-09-16 14:00:25 -06:00
Josh Cummings
40901fe072
Jwt.Builder#notBefore Value Is Instant 
Fixes gh-7442
 2019-09-16 14:00:25 -06:00
Joe Grandja
88c749263b Polish javadoc for OAuth2AuthorizedClientManager 2019-09-12 19:25:49 -04:00
Josh Cummings
101e0a21a8 Bearer WebClient Filter Authentication Propagation 
Fixes: gh-7418
 2019-09-11 16:27:21 +01:00
Joe Grandja
dcdeab596d DefaultReactiveOAuth2AuthorizedClientManager defaults ServerWebExchange 
Fixes gh-7390
 2019-09-10 11:40:28 -04:00
Eddú Meléndez
91bf1c782a Make OAuth2User extends OAuth2AuthenticatedPrincipal 
Fixes gh-7378
 2019-09-09 14:36:35 +01:00
Joe Grandja
93cda94969 Add attributes Consumer to OAuth2AuthorizationContext 
Fixes gh-7385
 2019-09-06 08:01:59 -04:00
Joe Grandja
f7d03858f1 OAuth2AuthorizedClientManager implementation works outside of request 
Fixes gh-6780
 2019-09-06 06:10:36 -04:00
Joe Grandja
a60446836b OAuth2AuthorizeRequest supports attributes 
Fixes gh-7341
 2019-09-05 21:04:25 -04:00
Rob Winch
2a3bf9b6bb DefaultReactiveOAuth2UserService IOException 
Improve handling of IOException to report an
AuthenticationServiceExceptionThere are many reasons that a
DefaultReactiveOAuth2UserService might fail due to an IOException
(i.e. SSLHandshakeException). In those cases we should use a
AuthenticationServiceException so that users are aware there is likely
some misconfiguration.

Fixes gh-7370
 2019-09-05 13:31:30 -05:00
Andreas Kluth
c46b224ec4 Remove OAuth2AuthorizationRequest when a distributed session is used 
Dirties the WebSession by putting the amended AUTHORIZATION_REQUEST map into
the WebSession even it was already in the map. This causes common SessionRepository
implementations like Redis to persist the updated attribute.

Fixes gh-7327

Author: Andreas Kluth <mail@andreaskluth.net>
 2019-09-05 09:31:32 -04:00
Josh Cummings
099d49aa40 Simplify currentAuthentication() 2019-09-04 15:33:41 -06:00
Josh Cummings
40ff837713 Polish Server|ServletBearerExchangeFilterFunction 
Fixes gh-7353
 2019-09-04 15:33:41 -06:00
Joe Grandja
e6618d4d50 Removed unused OAuth2AuthorizedClientResolver 
Fixes gh-7357
 2019-09-04 16:56:40 -04:00
Josh Cummings
833bfd0c22 Add Authorities from Access Token 2019-09-04 14:15:28 -06:00
Josh Cummings
aa1c80c801 Grant Individual Authorities From Claims 
Fixes gh-7339
 2019-09-04 14:15:28 -06:00
Joe Grandja
409285fb3d Fix test 
Issue gh-7350
 2019-09-04 14:27:01 -04:00
Joe Grandja
0ac8618eac Align DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper 
Fixes gh-7350
 2019-09-04 14:07:45 -04:00
Joe Grandja
dcd997ea43 Add support for Resource Owner Password Credentials grant 
Fixes gh-6003
 2019-09-04 14:07:45 -04:00
Josh Cummings
d7f7e9d4b7 Add Jwt to BearerTokenAuthentication Converter 
Fixes gh-7346
 2019-09-03 15:58:05 -06:00
Josh Cummings
068f4f0147 Polish Opaque Token 
Use OAuth2AuthenticatedPrincipal
Use BearerTokenAuthentication
Update names to reflect more generic approach.

Fixes gh-7344
Fixes gh-7345
 2019-09-03 15:58:05 -06:00
Josh Cummings
c019507770 Add BearerTokenAuthentication 
Fixes gh-7343
 2019-09-03 15:58:05 -06:00
Josh Cummings
346b8c2cff Add OAuth2AuthenticatedPrincipal 
Fixes gh-7342
 2019-09-03 15:58:05 -06:00
Josh Cummings
f350988285 Add Servlet and ServerBearerExchangeFilterFunction 
Fixes gh-5334
Fixes gh-7284
 2019-09-03 15:29:06 -06:00