Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,578 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

7578 Commits

Author SHA1 Message Date
Ankur Pathak b7ed919cee Add preload support to Strict-Transport-Security 
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
 2019-01-16 11:10:06 -06:00
Rob Winch 739594dee8 Next Development Version 2019-01-15 21:02:38 -06:00
Rob Winch fdd22e5082 Release 5.2.0.M1 2019-01-15 21:02:01 -06:00
Denis Washington 3be11a22cd Save query parameters in WebSessionServerRequestCache 
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.
 2019-01-15 13:44:29 -06:00
guo fei c0e66a9ba1 1. add customization support for double forwardslash in StrickHttpFirewall 
2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall

Fixes gh-6292
 2019-01-15 13:42:33 -06:00
Mohammad Sadeq Dousti d099a62a6f hasRole should not be called on a string with "ROLE_" prefix (#6353) 
Removed "ROLE_" from UrlAuthorizationConfigurer

This fixes IllegalArgumentException: ROLE_ANONYMOUS should not start
with ROLE_ since ROLE_
 2019-01-15 08:59:34 -06:00
Joe Grandja 5fbf9532e1 Update to spring-build-conventions 0.0.23.RELEASE 
Fixes gh-6440
 2019-01-15 05:44:41 -05:00
Joe Grandja 4e4321fb07 Update to htmlunit-driver 2.33.3 
Fixes gh-6434
 2019-01-15 05:40:54 -05:00
Joe Grandja 9721ee9d4e Update to Spring Data Lovelace SR4 
Fixes gh-6438
 2019-01-14 17:43:10 -05:00
Joe Grandja 9d7f141b86 Update to Spring Framework 5.1.4 
Fixes gh-6437
 2019-01-14 17:43:10 -05:00
Joe Grandja 68e3bbdd03 Update to Reactor Californium-SR4 
Fixes gh-6436
 2019-01-14 17:43:10 -05:00
Joe Grandja 08b7479f4c Update to Spring Boot 2.1.2 
Fixes gh-6435
 2019-01-14 17:43:10 -05:00
Joe Grandja e864e63760 Update to org.powermock 2.0.0 
Fixes gh-6433
 2019-01-14 16:59:11 -05:00
Joe Grandja 6e14418937 Update to hibernate-entitymanager 5.4.0.Final 
Fixes gh-6432
 2019-01-14 16:56:32 -05:00
Joe Grandja 4d1a23b6b4 Update to ehcache 2.10.6 
Fixes gh-6431
 2019-01-14 16:53:59 -05:00
Joe Grandja f97d6f41ea Update to com.squareup.okhttp3 3.12.1 
Fixes gh-6430
 2019-01-14 16:52:00 -05:00
Joe Grandja 84a287d6ff Update to oauth2-oidc-sdk 6.5 
Fixes gh-6429
 2019-01-14 16:48:44 -05:00
Joe Grandja ce4a48e9c9 Update to nimbus-jose-jwt 6.5.1 
Fixes gh-6428
 2019-01-14 16:47:19 -05:00
Joe Grandja c725d220aa Update to jackson.core 2.9.8 
Fixes gh-6427
 2019-01-14 16:43:27 -05:00
Joe Grandja 5d72cdc104 Update to cglib-nodep 3.2.10 
Fixes gh-6426
 2019-01-14 16:40:59 -05:00
Rob Winch 802f3186a7 Fix ApacheDSContainer Checkstyle 
Issue: gh-6376
 2019-01-14 13:29:11 -06:00
Luke Butters 0b40d09fe6 Mark as ApacheDSContainer as deprecated 
Mark ApacheDSContainer as deprecated because ApacheDS have not released
a recent 'GA' version and the current 'GA' version does not work under
JDK11.

Fixes: gh-6002
 2019-01-14 13:29:11 -06:00
Joe Grandja 2a867997e2 Polish gh-6415 2019-01-14 13:33:58 -05:00
Rafael Dominguez fe5f10e9a2 Extract the ID Token JwtDecoderFactory to enable user customization 
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.

Fixes: gh-6379
 2019-01-14 13:33:58 -05:00
Adrian Javorski dd45a49f02 Update JwtTimestampValidator.java 
Changed MaxClockSkew variable to clockSkew to simplify the name.

Fixes gh-6380
 2019-01-14 10:33:38 -07:00
Ankur Pathak 4ff51491d7 fixes setting paramName only when it is not null 
Fixes: gh-6223
 2019-01-10 10:13:44 -06:00
Joe Grandja f234a5fbdb ID Token validation supports clock skew 
Fixes gh-5839
 2019-01-09 16:03:13 -05:00
Joe Grandja 575d943f1a Add GitHub Issue reply templates 2019-01-09 14:45:08 -05:00
Joe Grandja d878dbf30e Polish gh-6349 2019-01-09 10:15:02 -05:00
Rafael Dominguez 057ed616c4 Improve error messages in OidcIdTokenValidator 
This commit ensures that error messages contain more specific
information regarding the reported error.

Fixes: gh-6323
 2019-01-09 10:15:02 -05:00
Rafael Renan Pacheco 0656d2bc05 cconfigured -> configured 2019-01-08 13:18:14 -06:00
Rob Winch ae0f330f98 Add BCrypt Test for Empty Raw Password 
Issue: gh-5548
 2019-01-08 11:54:36 -06:00
Johnny Lim c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Josh Cummings 1a02cafe81
NamespaceHttpAnonymousTests groovy->java 
Issue: gh-4939
 2019-01-07 15:04:26 -07:00
Onur Kagan Ozcan fe40e6d65a Fix UsernamePasswordAuthenticationTokenDeserializer to handle customized object mapper inclusion settings 
Resolves #4698
 2019-01-07 14:17:24 -06:00
Joe Grandja 673a2adf26 Polish oauth2 client ExchangeFilterFunction's 
Fixes gh-6355
 2019-01-07 14:39:25 -05:00
Slava Semushin d8d9abed2a LazyCsrfTokenRepository: fix a typo in javadoc. 2019-01-07 13:35:00 -06:00
Joe Grandja 993e11dcd3 Polish gh-6127 2019-01-07 13:50:17 -05:00
Warren Bailey 1c9ab9197e When expired retrieve new Client Credentials token. 
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails

Fixes gh-5893
 2019-01-07 13:50:17 -05:00
Josh Cummings 9b65107922
NamespaceDebugTests groovy->java 
Issue: gh-4939
 2019-01-04 17:53:31 -07:00
Farooq Khan 5f33bbe512 Removed isServlet30 check 2019-01-04 08:27:26 -07:00
Ankur Pathak 6e1db1105b Fixes typo in x,rnc files 
1. Fixes type ammount to amount in *.rnc files
2. Regenerates *.xsd files from *.rnc files

Fixes: gh-6325
 2019-01-02 11:17:02 -07:00
Ankur Pathak f289ef8689 Fixes Documentation Problem 
Fixes documentation problem of Anonymous Authentication
in ServerHttpSecurity

Fixes: gh-6327
 2019-01-02 11:13:18 -07:00
Josh Cummings d77b12d229 authorization_uri Uses UriComponentsBuilder 
Because of this, authorization_uri can now be a fully-qualified url.

Fixes: gh-5760
 2018-12-21 13:23:47 -07:00
Joe Grandja 9c0d78da71 Extract OidcTokenValidator to an OAuth2TokenValidator 
Fixes gh-5930
 2018-12-21 11:06:40 -05:00
Josh Cummings 7a55af246e
Polish tests and javadoc 
When using AssertJ, it's easy to commit the following error

assertThat(some boolean condition)

The above actually does nothing. It at least needs to be

assertThat(some boolean condition).isTrue()

This commit refines some assertions that were missing a verify
condition.

Also, one Javadoc was just a little bit confusing, so this
clarifies it.

Issue: gh-6259
 2018-12-21 08:47:37 -07:00
Rafael Dominguez 086b105273
Remove Servlet 2.5 Support for Session Fixation 
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.

Fixes: gh-6259
 2018-12-21 08:47:37 -07:00
Panayiotis Vlissidis 4123d96cd5 JdbcUserDetailsManager handles extra UserDetails attributes 
Check ResutSetMetaData to see if extra columns are present in order to
also handle the UserDetails attributes: accountNonExpired,
accountNonLocked and credentialsNonExpired.

Fixes gh-4399
 2018-12-21 09:46:17 -06:00
Joe Grandja 12f320851d Set openid scope in OAuth2LoginTests 2018-12-21 09:24:55 -06:00
Joe Grandja 8f4f52edb9 Support configurable JwtDecoder for IdToken verification 
Fixes gh-5717
 2018-12-21 09:24:55 -06:00