Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 07:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,057 Commits 34 Branches 337 Tags
Commit Graph

955 Commits

Author SHA1 Message Date
이경욱
52c7141aac
Save Request Before Response Is Committed 
Specifically important for cookie-based authorization request
repositories.

Closes gh-11602
 2022-11-30 14:33:08 -07:00
Steve Riesenberg
fde26e003a
Request user info when AS returns no scopes 
Closes gh-12144
 2022-11-10 16:29:43 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Steve Riesenberg
26a51ee198
Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg
e7fe778abc
Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg
3e2ac82612
Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg
5560bbaa80
Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg
75004587a4
Fix scope mapping 
Issue gh-12101
 2022-10-28 11:00:27 -05:00
Steve Riesenberg
7c7f9380c7
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:54:45 -05:00
tinolazreg
888715bbb2
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:54:45 -05:00
Josh Cummings
539a11d0a4
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:13:42 -06:00
Marcus Da Coregio
b8b0661d73
Lock Dependencies for Release 2022-05-16 14:01:51 -06:00
Marcus Da Coregio
883c480af0 Update r2dbc-h2 to 0.8.5.RELEASE 
Closes gh-10869
 2022-02-21 09:20:37 -03:00
Eleftheria Stein
d655deb718 Update r2dbc-h2 to 0.8.5.RELEASE 
Closes gh-10856
 2022-02-21 12:24:24 +01:00
Rob Winch
c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Eleftheria Stein
3389cf3ffc Revert "Lock dependencies" 
This reverts commit 83bb4603f89c27b97305f32a0237bb6c417e7843.
 2021-12-20 21:55:35 +02:00
Marcus Da Coregio
cfbf28b8ba Revert "Lock Dependencies for Release" 
This reverts commit 3d4e90ba2aa6bf026024da6c8a57672f4e08c920.
 2021-12-20 16:47:36 -03:00
Eleftheria Stein
83bb4603f8 Lock dependencies 2021-12-20 21:17:17 +02:00
Marcus Da Coregio
3d4e90ba2a Lock Dependencies for Release 2021-12-20 16:03:13 -03:00
Jonas Erbe
606bf6b38d Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request
error on claim validation failure.

But validators have to return invalid_token errors on failure
according to:

https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.

Closes gh-10337
 2021-11-29 13:30:38 -07:00
Jonas Erbe
5c732b9b7f Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:34:53 -07:00
Jonas Erbe
aefd2d497c Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:22:30 -07:00
Jonas Erbe
8c063f8ccb Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:13:24 -07:00
Dávid Kováč
aa1ef46d84 Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 13:33:05 +01:00
Josh Cummings
7b03fb5321 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 18:17:33 -07:00
Josh Cummings
f89a34c30b Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 18:07:14 -07:00
Josh Cummings
72db6a20c9 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:44:15 -07:00
Josh Cummings
538541bf40 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:35:53 -07:00
Steve Riesenberg
076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Rob Winch
e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00
Rob Winch
f836897190 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-18 21:03:35 -05:00
Rob Winch
0c088e278a Update r2dbc-spi-test to 0.8.6.RELEASE 
Closes gh-10393
 2021-10-18 21:03:12 -05:00
Steve Riesenberg
0704c709dc Revert "Lock Dependencies for Release" 
This reverts commit 03c2c49d66fe395374ecb3bed696087e882a6bbc.
 2021-10-18 17:38:07 -05:00
Steve Riesenberg
03c2c49d66 Lock Dependencies for Release 2021-10-18 17:34:42 -05:00
Steve Riesenberg
c83bd075a2 Revert "Lock Dependencies for Release" 
This reverts commit bedb569f0d41a46a92665a4e45adcc525cc10290.
 2021-10-18 16:49:15 -05:00
Steve Riesenberg
bedb569f0d Lock Dependencies for Release 2021-10-18 15:38:17 -05:00
Steve Riesenberg
b2db2bdb2a Update r2dbc-spi-test to 0.8.6.RELEASE 
Closes gh-10410
 2021-10-18 14:20:00 -05:00
Joe Grandja
5c8cd23a2d Revert "Lock dependencies" 
This reverts commit fc53f81d2ef873b319f02cfc30a3c0f15f5cc24e.
 2021-10-18 10:48:23 -04:00
Dávid Kováč
64e9ac995a getClaimAsBoolean() should not be falsy 
Closes gh-10148
 2021-10-14 11:28:09 -05:00
Eleftheria Stein
fc53f81d2e Lock dependencies 2021-10-14 15:44:09 +02:00
Philipp Neuschwander
6db58cbf8a Conditionally resolve bearer token from request parameters 
Before this commit, the DefaultBearerTokenResolver unconditionally
resolved the request parameters to check whether multiple tokens
are present in the request and reject those requests as invalid.

This commit changes this behaviour to resolve the request parameters
only if parameter token is supported for the specific request
according to spec (RFC 6750).

Closes gh-10326
 2021-10-13 17:10:50 -05:00
Dávid Kováč
eb0597154d Update JavaDoc according to implementation 
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
 2021-10-13 13:13:44 -06:00
Dávid Kováč
0299808b05 Add ClaimAccessor tests 
Add tests for ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList

Issue gh-10117
 2021-10-13 12:53:40 -06:00
Dávid Kováč
125d33e3cf Update JavaDoc according to implementation 
Update ClaimAccessor#getClaimAsMap and ClaimAccessor#getClaimAsStringList
JavaDoc according to the current implementation

Closes gh-10117
 2021-10-13 12:53:40 -06:00
Joe Grandja
e3abaf7999 Add OAuth2ErrorCodes.INVALID_REDIRECT_URI 
Closes gh-10370
 2021-10-13 14:12:44 -04:00
Steve Riesenberg
3b564b2026 Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient 
This adds support for configuring NimbusJwtClientAuthenticationParametersConverter to any AbstractWebClientReactiveOAuth2AccessTokenResponseClient as an additional parameters converter, which in turns adds reactive support for jwt client authentication.

Closes gh-10146
 2021-10-06 13:09:33 -05:00
Steve Riesenberg
9b24f66f1c Implement reactive support for JWT as an Authorization Grant 
Closes gh-10147
 2021-10-05 16:09:24 -05:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
Josh Cummings
dc95d8d705 Fix OAuth2 Error Code 
Closes gh-10319
 2021-09-28 15:23:53 -06:00