Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,578 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

7578 Commits

Author SHA1 Message Date
Rob Winch e9de49efef Polish URL Cleanup 
Fixes: gh-6626
 2019-03-19 19:04:51 -05:00
Spring Operator 2bf126f4cf URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://luke.taylor.openid.cn/ (200) with 1 occurrences could not be migrated:
   ([https](https://luke.taylor.openid.cn/) result SSLHandshakeException).

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://axschema.org/contact/email (UnknownHostException) with 2 occurrences migrated to:
  https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException).
* http://luke.taylor.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://luke.taylor.myopenid.com/ ([https](https://luke.taylor.myopenid.com/) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 2 occurrences migrated to:
  https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 1 occurrences migrated to:
  https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException).
* http://schema.openid.net/namePerson/friendly (UnknownHostException) with 1 occurrences migrated to:
  https://schema.openid.net/namePerson/friendly ([https](https://schema.openid.net/namePerson/friendly) result UnknownHostException).
* http://somehost/someUrl (UnknownHostException) with 1 occurrences migrated to:
  https://somehost/someUrl ([https](https://somehost/someUrl) result UnknownHostException).
* http://spring.security.test.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://spring.security.test.myopenid.com/ ([https](https://spring.security.test.myopenid.com/) result UnknownHostException).
* http://example.net/pkp-report (404) with 1 occurrences migrated to:
  https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404).
* http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng (404) with 1 occurrences migrated to:
  https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng ([https](https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng) result 404).
* http://www.puppycrawl.com/dtds/configuration_1_3.dtd (404) with 1 occurrences migrated to:
  https://www.puppycrawl.com/dtds/configuration_1_3.dtd ([https](https://www.puppycrawl.com/dtds/configuration_1_3.dtd) result 404).
* http://www.puppycrawl.com/dtds/suppressions_1_1.dtd (404) with 1 occurrences migrated to:
  https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ([https](https://www.puppycrawl.com/dtds/suppressions_1_1.dtd) result 404).
* http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller (404) with 1 occurrences migrated to:
  https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller ([https](https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller) result 404).

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://raykrueger.blogspot.com/ with 1 occurrences migrated to:
  https://raykrueger.blogspot.com/ ([https](https://raykrueger.blogspot.com/) result 200).
* http://www.infoq.com/presentations/code-organization-large-projects with 1 occurrences migrated to:
  https://www.infoq.com/presentations/code-organization-large-projects ([https](https://www.infoq.com/presentations/code-organization-large-projects) result 200).
* http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd with 1 occurrences migrated to:
  https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd ([https](https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd) result 200).
* http://www.springframework.org/dtd/spring-beans.dtd with 4 occurrences migrated to:
  https://www.springframework.org/dtd/spring-beans.dtd ([https](https://www.springframework.org/dtd/spring-beans.dtd) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.0.xsd with 5 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-3.0.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.0.xsd) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.2.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-3.2.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.2.xsd) result 200).
* http://www.springframework.org/schema/aop/spring-aop.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop.xsd ([https](https://www.springframework.org/schema/aop/spring-aop.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 20 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.1.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 267 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.0.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.0.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.1.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.1.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.2.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.2.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.2.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context.xsd with 6 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context.xsd ([https](https://www.springframework.org/schema/context/spring-context.xsd) result 200).
* http://www.springframework.org/schema/data/jpa/spring-jpa.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/data/jpa/spring-jpa.xsd ([https](https://www.springframework.org/schema/data/jpa/spring-jpa.xsd) result 200).
* http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd ([https](https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 10 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security-2.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security-2.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-2.0.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 266 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200).
* http://www.springframework.org/schema/tx/spring-tx-3.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/tx/spring-tx-3.0.xsd ([https](https://www.springframework.org/schema/tx/spring-tx-3.0.xsd) result 200).
* http://www.springframework.org/schema/tx/spring-tx.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/tx/spring-tx.xsd ([https](https://www.springframework.org/schema/tx/spring-tx.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util-3.0.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util-3.0.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.0.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util-3.1.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.1.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util.xsd with 4 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util.xsd ([https](https://www.springframework.org/schema/util/spring-util.xsd) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 6 occurrences migrated to:
  https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200).
* http://www.headwaysoftware.com with 1 occurrences migrated to:
  https://www.headwaysoftware.com ([https](https://www.headwaysoftware.com) result 301).
* http://java.sun.com/dtd/web-app_2_3.dtd with 2 occurrences migrated to:
  https://java.sun.com/dtd/web-app_2_3.dtd ([https](https://java.sun.com/dtd/web-app_2_3.dtd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 10 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302).

# Ignored
These URLs were intentionally ignored.

* http://appengine.google.com/ns/1.0 with 1 occurrences
* http://docbook.org/ns/docbook with 1 occurrences
* http://jakarta.apache.org/log4j/ with 1 occurrences
* http://java.sun.com/xml/ns/javaee with 22 occurrences
* http://www.springframework.org/schema/aop with 14 occurrences
* http://www.springframework.org/schema/beans with 576 occurrences
* http://www.springframework.org/schema/c with 6 occurrences
* http://www.springframework.org/schema/context with 18 occurrences
* http://www.springframework.org/schema/data/jpa with 2 occurrences
* http://www.springframework.org/schema/jdbc with 2 occurrences
* http://www.springframework.org/schema/mvc with 20 occurrences
* http://www.springframework.org/schema/p with 10 occurrences
* http://www.springframework.org/schema/security with 534 occurrences
* http://www.springframework.org/schema/tx with 10 occurrences
* http://www.springframework.org/schema/util with 16 occurrences
* http://www.springframework.org/schema/websocket with 12 occurrences
* http://www.w3.org/1999/xlink with 1 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 299 occurrences
 2019-03-19 17:33:29 -05:00
Josh Cummings a45df2c802 Move OIDC Reactive Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings 8f5493acce Move OIDC Servlet Packaging 2019-03-19 09:00:46 -06:00
Josh Cummings fba31dfb6a Reactive Oidc RP-Initiated Logout 
Issue: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings 248a8c030b Support for OIDC RP-Initiated Logout 
Fixes: gh-5350
 2019-03-19 09:00:46 -06:00
Josh Cummings 55e8df1efe NimbusReactiveJwtDecoder Takes Reactive Processor 
Fixes: gh-5937
 2019-03-18 12:32:44 -06:00
Josh Cummings 9478abebd2 Internalize Nimbus JwtDecoder Builder 
Issue: gh-6010
 2019-03-18 12:32:44 -06:00
Spring Operator b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Josh Cummings da0f969929
NamespaceExpressionHandlerTests groovy->java 
Issue: gh-4939
 2019-03-11 12:01:51 -06:00
Josh Cummings 9642d33a6b
NamespaceHttpX509Tests groovy->java 
Fixes: gh-4939
 2019-03-06 16:46:06 -07:00
Aanuoluwapo Otitoola ad9dc49d55 OAuth2LoginSpec discovers ReactiveOAuth2AccessTokenResponseClient @Bean 
Fixes: gh-6477
 2019-03-04 15:44:42 -05:00
Rob Winch 6bf45e53cc Polish URLs 
We have performed some polish on your URLs. We do not follow redirects to avoid expanding intentionally shorter URLs (i.e. URL shortened URLs)

# Fixed URLs
## Fixed Success
These URLs were fixed successfully.

| HTTP URL | Result URL | HTTPS Result | HTTP Result | Count |
| --- | --- | --- | --- | --- |
| http://www.apache.org/licenses/LICENSE-2.0 | https://www.apache.org/licenses/LICENSE-2.0 | HttpResponse(httpStatus = 200 OK) | null | 10 |
 2019-03-01 14:58:13 -06:00
Rob Winch c08b36221a Removed Unused Configuration 2019-02-28 20:10:19 -06:00
Josh Cummings d86550f64b
Polish Tests and Error Messages 
MockMvc matchers are best matched with the MockMvc execution API -
it's a little odd to try and use them inside of an AssertJ assertion
since they do their own asserting.

It's more readable to place "this." in front of member variables.

It's best to test just one class at a time in a unit test.

Issue: gh-4187
 2019-02-28 11:01:08 -07:00
Rafiullah Hamedy 82d527ed42
Add Support for Clear Site Data on Logout 
Added an implementation of HeaderWriter for Clear-Site-Data HTTP
response header as welll as an implementation of LogoutHanlder
that accepts an implementation of HeaderWriter to write headers.

- Added ClearSiteDataHeaderWriter and HeaderWriterLogoutHandler
that implements HeaderWriter and LogoutHandler respectively
- Added unit tests for both implementations's behaviours
- Integration tests for HeaderWriterLogoutHandler that uses
ClearSiteDataHeaderWriter
- Updated the documentation to include link to
HeaderWriterLogoutHandler

Fixes gh-4187
 2019-02-28 11:01:08 -07:00
Stephen Doxsee 7739a0e91a Add PKCE OAuth2 client support 
- Support has been added for "RFC7636: Proof Key for Code Exchange by OAuth Public Clients" (PKCE, pronounced "pixy") to mitigate against attacks targeting the interception of the authorization code
 - PkceParameterNames was added for the 3 additional parameters used by PKCE (i.e. code_verifier, code_challenge, and code_challenge_method)
 - Default code_verifier length has been set to 128 characters--the maximum allowed by RFC7636
 - ClientAuthenticationMethod.NONE was added to allow clients to request tokens without providing a client secret

Fixes gh-6446
 2019-02-28 11:38:48 -05:00
Josh Cummings 2b960b074b Polish Eager Header Config Tests 
In the Java config tests, there is a simplified way to configure
Spring, and that is with SpringTestRule.

Also, test names typically follow the when-then convention.

Issue: gh-6501
 2019-02-18 09:24:17 -07:00
Ankur Pathak ac13b55ecd HeaderWriterFilter writes headers at beginning 
Add support for HeaderWriterFilter to write headers at the beginning of the request

Fixes: gh-6501
 2019-02-18 07:43:08 -07:00
Josh Cummings fba25614bf Reactive Opaque Token Support 
Fixes: gh-6513
 2019-02-15 15:59:25 -06:00
Rafiullah Hamedy 43587b4307 Fixed broken links 
Fixes: gh-6521
 2019-02-15 15:41:16 -06:00
Rob Winch 752733e8de Polish WebSessionOAuth2ServerAuthorizationRequestRepository Format 
Issue: gh-6215
 2019-02-15 15:01:11 -06:00
Zhanwei Wang a60fd43534 Fix OAuth2 Client with Ditributed Session 
Fixes: gh-6215
 2019-02-15 15:01:11 -06:00
Joe Grandja 0c27f64338 ServletOAuth2AuthorizedClientExchangeFilterFunction supports chaining 
Fixes gh-6483
 2019-02-13 11:19:44 -05:00
RusZh 0c2a7e03f7 Update resource-server.adoc 
Fix typo in the code sample
 2019-02-11 12:27:28 -07:00
Stephen Doxsee a7a9271313 Client OAuth2 properties to use scope not scopes 
OAuth2ClientProperties.Registration (which captures .properties and
.yml for OAuth2 Client) has a member `scope` but not `scopes`. Samples
and documentation were using `scopes` and have now been updated to use
`scope`.

Fixes gh-6510
 2019-02-08 11:54:18 -05:00
Fabien Arrault 17e774d8c7 Preserve existing refresh token if new refresh token not returned 
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.

Fixes: gh-6503
 2019-02-07 15:11:23 -05:00
Josh Cummings 0428906065 Resource Server Opaque Token Sample 
Issue: gh-5200
 2019-02-07 12:40:12 -07:00
Josh Cummings c59d40593b Introspect endpoint Authorization Server support 
Issue: gh-5200
 2019-02-07 12:40:12 -07:00
Josh Cummings ef9c3e4771 Opaque Token Support 
Fixes: gh-5200
 2019-02-07 12:40:12 -07:00
Joe Grandja 594a169798 Introduce OAuth2AuthorizationRequest.attributes 
Fixes gh-5940
 2019-02-07 11:49:17 -05:00
Josh Cummings 67fb936c7e
Polish Formatting in Tests 
Issue: gh-6454
 2019-02-06 20:16:53 -07:00
Ankur Pathak 93d6a38ffd
Consider having HeaderWriters check before writing 
All HeadersWriter only write Header if its not already
written.

Fixes: gh-6454 gh-5193
 2019-02-06 20:16:52 -07:00
James 4742c18e4b remove an unused import 2019-02-05 11:34:43 -06:00
James ed545941c9 parameter 'pricipal' is never used 
parameter 'pricipal' is never used
 2019-02-05 11:34:43 -06:00
Josh Cummings 5c2ee09bc3
Favor RestOperations in Resource Server Configurer 
Also polished exposure of the JWK Set Uri for the tests where
MockWebServer is preferred.

Fixes: gh-6104
 2019-01-29 15:43:09 -07:00
Josh Cummings c4b17475d9
Improve LDAP snippet formatting 
Issue: gh-6486
 2019-01-28 14:25:27 -07:00
Ankur Pathak 8e6bcc1c35 No RequestMatcher After AnyRequest 
Don't allow any type of RequestMatchers
after any request by throwing IllegalStateException

Fixes: gh-6359
 2019-01-25 11:14:33 -07:00
Gerardo Roza 95e0e7243d Save original request on oauth2Client filter 
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").

Now we are storing the session attribute and getting redirected back to
the original URI as expected.

Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop

Fixes gh-6341
 2019-01-25 09:15:44 -06:00
Bryan Kelly 5abe6ca718 Missing spring: prefix on jwk-set-uri example 2019-01-25 08:31:13 -06:00
Nick Bromfield b581bb7eae Add new configuration options for OAuth2LoginSpec 
Fixes gh-5598
 2019-01-24 10:37:52 -05:00
Aanuoluwapo Otitoola 976e763acb Update to nimbus-jose-jwt:6.7 
Fixes: gh-6459
 2019-01-22 16:41:08 -07:00
Ankur Pathak 2e70d66063 Improve CsrfBeanDefinitionParser xml parsing 
1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests

Fixes: gh-6423
 2019-01-22 13:56:20 -06:00
Ankur Pathak ffe602fdbe HTML markup fixed in DefaultLoginPageGeneratingFilter 
Ending div moved  out of condition.

Fixes: gh-6417
 2019-01-22 13:20:35 -06:00
Josh Cummings c82440ee82 Polish CompositeHeaderWriterTests 
Changed test to favor mocks in order to provide a stronger
guarantee that the composite delegates to its components.

Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Josh Cummings bb1b9d9b86 Polish Javadoc and Whitespacing 
Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Ankur Pathak 718641a1e5 Added CompositeHeaderWriter 
1. Added new CompositeHeaderWriter
2. Improvement in HeaderWriterFilter using CompositeHeaderWriter.

Fixes: gh-6453
 2019-01-21 14:50:09 -07:00
Josh Cummings ca02d8a4f8
NamespaceLogoutTests groovy->java 
Issue: gh-4939
 2019-01-18 16:56:13 -07:00
Josh Cummings e68b6f17de
NamespaceHttpBasicTests groovy->java 
Issue: gh-4939
 2019-01-18 15:41:26 -07:00
Andy Wilkinson 95ff451193 Fix formatting in Implicit OAuth2AuthorizedClient section 2019-01-18 10:24:01 -07:00