2c1126c5aa
Improve AuthenticationManagerBeanDefinitionParser XML parsing
...
Closes gh-7282
2021-06-28 13:42:02 +02:00
f91608dcba
Disable default logout page when logout disabled
...
Closes gh-9475
2021-06-18 10:52:00 +02:00
5a4cfe1226
Fix Adding Filter Relative to Custom Filter
...
Closes gh-9787
2021-06-14 17:36:52 -03:00
99db0ca2c5
WebFlux httpBasic() matches on XHR requests
...
Closes gh-9660
2021-04-20 10:05:06 -04:00
adf3e94c9f
Fix HttpSecurity.addFilter* Ordering
...
Closes gh-9633
2021-04-14 21:18:51 -05:00
521706d496
Limit oauth2Login() links to redirect-based flows
...
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.
Closes gh-9457
2021-04-14 06:41:52 -04:00
005eca7bd9
Fix Test Configuration
...
- Typo in PlaceholderConfig was causing Windows builds to
resolve the CLASSPATH environment variable
Closes gh-9421
2021-02-10 11:37:32 -07:00
52ad49074d
Migrate SAML 2.0 Tests and Docs to PCFOne
...
Issue gh-9362
2021-01-25 08:32:17 -07:00
0462c42290
Update Test Controllers
...
Closes gh-9121
2020-10-12 18:12:02 -06:00
6dad918e7b
Replace expired msdn link with latest web archive copy
...
Initial link expired in March, 2016. Latest copy found in web archive is from February, 2016
2020-09-28 17:19:42 -06:00
0efdb2c92c
Polish WebSecurityConfigurerAdapter JavaDoc
...
Issue gh-8784
2020-07-20 15:24:23 -06:00
79d8b616f0
WebSecurityConfigurerAdapter JavaDoc
...
Closes gh-8784
2020-07-20 15:24:19 -06:00
bff6d82dd0
DefaultWebSecurityExpressionHandler uses RoleHierarchy bean
...
Fixes gh-7059
2020-06-10 17:08:50 -04:00
674e2c0a8e
OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
...
Issue gh-8609
2020-06-09 16:24:00 -04:00
0e37c722e2
Revert "Temporarily ignore RSocket integration tests"
...
This reverts commit d5eeec0ae6
2020-06-08 16:14:34 -04:00
d5eeec0ae6
Temporarily ignore RSocket integration tests
...
Issue gh-8643
2020-06-03 15:29:59 -04:00
24fd9579c5
Delay AuthenticationPrincipalArgumentResolver Creation
...
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.
Closes gh-8613
2020-05-29 16:51:47 -05:00
c399185365
Add ROLE_INFRASTRUCTURE to infrastructure beans
...
Closes gh-8407
2020-04-27 09:02:54 -05:00
7b34b223e6
Logout defaults to use Global SecurityContextServerLogoutHandler
...
Closes gh-8375
2020-04-13 16:38:05 -05:00
f011c36ba4
Fix typo in Javadoc of ServerHttpSecurity#hasAuthority
...
Closes gh-8336
2020-04-06 14:20:19 -05:00
bb654fdcdf
Fix HttpSecurity Javadoc
...
Fixes gh-4404
2020-04-02 11:41:15 -04:00
615f9a3f05
Fix HttpServlet3RequestFactory Logout Handlers
...
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.
This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.
Closes gh-4760
2020-03-30 20:51:25 -05:00
32c3353921
SpringTestContext returns ConfigurableWebApplicationContext
...
Closes gh-8233
2020-03-30 20:51:25 -05:00
cb7786bf97
Malformed Bearer Token Returns 401 for WebFlux
...
Fixes gh-7668
2020-03-26 12:59:22 -06:00
4706b16a2b
oauth2Login WebFlux does not auto-redirect for XHR request
...
Fixes gh-8118
2020-03-26 05:09:45 -04:00
256aba7b37
Fix rsocket test
...
Request route that exists; add additional error message verification
Fixes gh-8154
2020-03-19 17:36:20 -04:00
86e25ff2ab
Fix typo in Javadoc of HttpSecurity#csrf()
...
`HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.
2020-03-17 13:36:34 -06:00
75f22285c6
Fix typo 'properites' in documentation
...
Fixes gh-8095
2020-03-11 11:01:06 -06:00
9092115b8a
Register Authentication Provider in Init Phase
...
Fixes gh-8031
2020-02-28 18:43:54 -07:00
0012e24c46
Don't force downcasting of RequestAttributes to ServletRequestAttributes
...
Fixes gh-7953
2020-02-07 20:18:50 -05:00
c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors
2020-02-05 07:16:37 -07:00
9dd3dfe718
Fix requiresAuthenticationMatcher not being used
...
The custom server requiresAuthenticationMatcher was not always picked up
Fixes: gh-7863
2020-01-27 16:56:59 +01:00
edb6cd3729
Fix authenticationFailureHandler not being used
...
The custom server authenticationFailureHandler was not always picked up
Fixes: gh-7782
2020-01-27 13:52:01 +01:00
cc956a66df
Don't cache requests with `Accept: text/event-stream` by default.
...
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:37:34 -08:00
b754a3d635
Use the custom ServerRequestCache that the user configures
...
on for the default authentication entry point and authentication
success handler
Fixes gh-7721
https://github.com/spring-projects/spring-security/issues/7721
Set RequestCache on the Oauth2LoginSpec default authentication success handler
import static ReflectionTestUtils.getField
Feedback incorporated per
https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-18 08:44:27 -08:00
0d24e2b8cf
Fix WebFlux logout disabling
...
Fixes: gh-7682
2019-12-13 11:53:20 +01:00
e4aa3be4c5
WebFlux oauth2Login() redirects on failed authentication
...
Fixes gh-5562 gh-6484
2019-12-05 20:12:09 -05:00
0babe7d930
Correctly configure authorization requests repository for OAuth2 login
...
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.
This change also makes OAuth2Client and OAuth2Login authentication converters consistent.
Fixes gh-7675
2019-11-29 13:58:27 -05:00
8a95e5798d
Update @MessageMapping to match input/output cardinality
2019-11-22 15:07:38 -06:00
cd0bec48de
Fix typo in log message.
2019-11-21 15:55:27 -07:00
0d35194b47
Add sessionFixation Javadoc
2019-11-15 12:17:05 +01:00
ca8877c8c5
Updates javadoc for InitializeUserDetailsBeanManagerConfigurer
2019-11-13 10:34:10 +01:00
1188a3bb5f
Polish RememberMeConfigurer
...
Issue: gh-4140
2019-11-07 15:26:59 +01:00
b13f750646
Retrieve remember-me key from service as fallback
...
Fixes: gh-4140
2019-11-07 13:55:39 +01:00
9f6a36444a
Add missing schemas
2019-11-06 08:24:20 -06:00
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests
...
To confirm that resource server only produces SCOPE_<scope>
authorities by default.
Issue gh-7596
2019-11-04 11:39:54 -07:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
5f17032ffd
Restore Removed Throws Clauses
...
In a recent clean-up, certain exceptions were removed from various
throws clauses.
This PR re-introduces throws clauses that are important for one of the
following reasons:
1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.
Fixes gh-7541
2019-10-30 12:13:54 -06:00
635f7e1edd
CsrfWebFilter supports multipart/form-data
...
Fixes gh-7576
2019-10-28 14:06:10 -05:00
0ac5f5456f
Fix typo 'is' -> 'if' in javadoc
2019-10-25 13:27:11 -06:00
/usr/local/ΕΨΗΕΛΩΝ
Eleftheria Stein
Marcus Hert da Coregio
Joe Grandja
Rob Winch
Denis Washington
Josh Cummings
Artem Grankin
Romil Patel
Evgeniy Cheban
Eleftheria Stein
Dávid Kovács
hotire
Joe Grandja
Erik van Paassen
Markus Engelbrecht
Stephane Maldini
Johannes Edmeier
Filip Hanik
Alexey Nesterov
Pim Moerenhout
Paul Pazderski
Adrian Pena
邓超
Yanming Zhou
Vitalii Mahas