925bf48ec0
Polish OAuth2ResourceServerConfigurerTests
...
To confirm that resource server only produces SCOPE_<scope>
authorities by default.
Issue gh-7596
2019-11-04 11:39:54 -07:00
2d9e4d6c0b
Next Development Version
2019-11-04 11:19:15 -06:00
5b8369b7c3
Release 5.2.1.RELEASE
2019-11-04 11:18:41 -06:00
63647e9546
Add Resource Server Multi-tenancy Docs
...
Fixes: gh-7532
2019-11-04 10:15:56 -07:00
bd4f2057ca
Update to blockound 1.0.1.RELEASE
...
Fixes gh-7613
2019-11-04 11:12:57 -06:00
0310cc112e
Update to hibernate-validator 6.1.0.Final
...
Fixes gh-7612
2019-11-04 11:12:45 -06:00
6c23d567b9
Update to hibernate-entitymanager 5.4.8.Final
...
Fixes gh-7611
2019-11-04 11:12:35 -06:00
dfefaa94b5
Update to Unbounded 4.0.12
...
Fixes gh-7610
2019-11-04 11:12:24 -06:00
9558fbdaf1
Update to powermock 2.0.4
...
Fixes gh-7609
2019-11-04 11:12:10 -06:00
a8db3eb0f2
Update to Bouncy Castle 1.64
...
Fixes gh-7608
2019-11-04 11:11:56 -06:00
2608bc0bd2
Update to Reactor Dysprosium-SR1
...
Fixes gh-7607
2019-11-04 11:11:41 -06:00
b57ec7d066
Update to GAE 1.9.76
...
Fixes gh-7606
2019-11-04 11:11:31 -06:00
90c475e6b8
Update to AspectJ 1.9.4
...
Fixes gh-7605
2019-11-04 11:11:20 -06:00
34daf4eeba
Update to Spring Data Moore-SR1
...
Fixes gh-7604
2019-11-04 11:11:05 -06:00
f5704a8960
Update to Spring 5.2.1.RELEASE
...
Fixes gh-7603
2019-11-04 11:10:44 -06:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
5f17032ffd
Restore Removed Throws Clauses
...
In a recent clean-up, certain exceptions were removed from various
throws clauses.
This PR re-introduces throws clauses that are important for one of the
following reasons:
1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.
Fixes gh-7541
2019-10-30 12:13:54 -06:00
a4430aa21b
Fix variable reference in sample code
2019-10-29 14:04:05 -06:00
0f14844acf
We will not validate IP addresses as part of assertion validation
...
Fixes gh-7514
https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
ed02ef9773
Add Test for Malformed Scope
...
Fixes gh-7563
2019-10-28 16:55:56 -06:00
badb0a08c6
Fix exploits indendation
...
Issue gh-2567
2019-10-28 16:00:51 -05:00
2827af15e0
Document Reactive CSRF Support
...
Fixes gh-6487
2019-10-28 15:14:14 -05:00
635f7e1edd
CsrfWebFilter supports multipart/form-data
...
Fixes gh-7576
2019-10-28 14:06:10 -05:00
387f765595
Catch Malformed BearerTokenError Descriptions
...
Fixes gh-7549
2019-10-28 12:30:27 -06:00
0ac5f5456f
Fix typo 'is' -> 'if' in javadoc
2019-10-25 13:27:11 -06:00
4489163163
Use Spring Boot configuration for saml2Login()
...
Fixes gh-7521
https://github.com/spring-projects/spring-security/issues/7521
2019-10-25 08:22:40 -07:00
5345aecd7f
Align RSocket sample with new Spring Boot configuration
2019-10-25 08:22:40 -07:00
bcaa8bc7e9
Upgrade to Spring Boot 2.2.0.RELEASE
2019-10-25 08:22:40 -07:00
9b4c170af0
Create Exploits Section for Reactive
...
Issue gh-2567
2019-10-24 15:03:05 -05:00
bbda755a07
Fix Servlet exploits leveloffset
...
Fixes gh-2567
2019-10-24 14:14:02 -05:00
08fb9c960b
Fix invalid ids
...
Issue gh-2567
2019-10-24 14:06:23 -05:00
55a98b9969
CSRF Documentation
...
Issue gh-2567
2019-10-24 13:24:44 -05:00
02aaba37cd
Documentation TOC on the left
...
This better aligns with other documentation
Issue gh-2567
2019-10-24 13:24:36 -05:00
de7cbc82b5
Clarify in Javadoc that expressionHandler should not be null
...
Fixes: gh-2665
2019-10-23 15:10:39 -04:00
b9f122230b
Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour
2019-10-23 14:50:57 -04:00
8584b12c8d
Make saveAuthorizedClient save the authorized client
...
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.
Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.
Fixes gh-7546
2019-10-23 12:12:23 -04:00
d26f40f062
DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.
2019-10-23 09:41:00 -04:00
1c53a7859b
Fix access token expiry check with clock skew
...
Fixes gh-7511
2019-10-22 21:54:55 -04:00
62c7de03c3
Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter
...
Moved the existing auth check logic to the matcher.
Issue: gh-5928
2019-10-22 16:55:54 -04:00
63607ee213
Add configurable mapping function to map authorities
2019-10-22 13:45:34 -04:00
2d26be9446
Remove redundant public modifier
2019-10-21 16:28:39 -04:00
2cc05550fc
rename comparison method to isGranted and add test
2019-10-21 16:00:33 -04:00
a4ea989e9c
remove trailing whitespace
2019-10-21 16:00:33 -04:00
a449d6c316
extract permission mask comparison for subclasses to override
2019-10-21 16:00:33 -04:00
6ad328f909
Add Clock Skew Tests
...
Fixes gh-7511
Co-authored-by: Isaac Cummings <josh.cummings+zac@gmail.com>
2019-10-17 20:19:47 -06:00
264daec697
Test context relative URL with multiple schemes
2019-10-16 15:32:02 -04:00
1081066d60
Polish AuthorityUtils
...
Changed parameter name to authorities
Added JavaDoc
Fixes gh-4805
Co-authored-by: Everett Irwin <everettirwin77@gmail.com>
2019-10-16 10:44:00 -06:00
0387723334
fix webflux samples documentation path
...
The documentation of webflux integration sample projects was pointing to the `javaconfig` instead of `boot` folder.
2019-10-16 10:52:08 -04:00
f4b9abdbb1
Fix typo in Javadoc
2019-10-16 10:46:17 -04:00
8ebfba3019
Support configuration of protocol binding for authentication requests
2019-10-15 15:57:45 -05:00
Josh Cummings
Rob Winch
Filip Hanik
Mike Truso
Vitalii Mahas
Eleftheria Stein
Filip Hrisafov
Phil Clay
Michel Palourdio
Joe Grandja
Tadaya Tsuyukubo
Giovanni Lovato
Markus Öllinger
Everett Irwin
Isaac Cummings
Ramon Pires da Silva
Roland Weisleder
Brendt Lucas