Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,629 Commits 33 Branches 333 Tags 109 MiB
Commit Graph

7629 Commits

Author SHA1 Message Date
Rob Winch 078df64c30 Update to unboundid 4.0.9 
Fixes: gh-6157
 2018-11-28 08:23:00 -06:00
Rob Winch 44dbcbdf4c Update to Powermock 2.0.0-RC.4 
Fixes: gh-6156
 2018-11-28 08:23:00 -06:00
Rob Winch fe13571f4c Update to cglib-nodep:3.2.9 
Fixes: gh-6155
 2018-11-28 08:23:00 -06:00
Rob Winch a5abbac398 Update to Spring Data Lovelace-SR3 
Fixes: gh-6154
 2018-11-28 08:23:00 -06:00
Rob Winch 38be0849cd Update to Spring 5.1.3 
Fixes: gh-6153
 2018-11-28 08:23:00 -06:00
Rob Winch be5a368dfd Update to Reactor Californium-SR3 
Fixes: gh-6152
 2018-11-28 08:23:00 -06:00
John Coyne 7618d236c4 CookieClearingLogoutHandler updates based on comments 
Changed the implementation to use an anonymous function
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne 14c2d96c86 Clean up code to conform to basic checkstyle 
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne d05ad19276 CookieClearingLogoutHandler enhancement 
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
Joe Grandja bcee22d2f9 Update com.squareup.okhttp3 deps to 3.12.0 
Fixes gh-6142
 2018-11-26 13:26:38 -05:00
Rafael Dominguez b8a96b1f21 Enable Code Coverage Reports in Sonar 
This commit ensures that jacocoTestReport task is called when running the Sonar stage.
Additionally, a variable is passed instructing Sonar where to find the test result data.

Fixes: gh-6092
 2018-11-26 09:06:30 -07:00
Valeriy.Vyrva 0a86ed8717 Add space in exception message 2018-11-26 09:04:55 -07:00
Rafael Dominguez 8e648deda0 Replace slf4j dependencies with logback-classic 
This commit removes explicit declaration of slf4j dependencies.
Instead, logback classic is declared that will pull them transitively.

Fixes: gh-6130
 2018-11-23 09:59:29 -05:00
Rafael Dominguez d1492afc0c
Replace deprecated Gradle Task method in AspectJPlugin.groovy 
This commit ensures that the method Task.deleteAllActions is not used

Fixes: gh-6128
 2018-11-22 23:18:14 -06:00
Rafael Dominguez e60e17109c Update to Gradle 4.10.2 
Fixes gh-6106
 2018-11-21 09:57:26 -06:00
Josh Cummings 2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose 
Issue: gh-6025
 2018-11-20 14:02:10 -07:00
Josh Cummings 9ee291e659
AesBytesEncryptorTests Check Key Strength 
Fixes: gh-6121
 2018-11-20 11:45:45 -07:00
Satish Sharma 7232dabd48
Update to oauth2-oidc-sdk:6.2 
Fixes: gh-6101
 2018-11-20 11:05:27 -07:00
Josh Cummings 3a43ed8f1c Register NullRequestCache When Disabled 
Fixes: gh-6102
 2018-11-20 07:15:09 -07:00
Josh Cummings 80e13bad41
Remove PowerMock from oauth2-client 
Issue: gh-6025
 2018-11-19 18:09:00 -07:00
Josh Cummings 39933b10ff
Add scopes method to TestOAuth2AccessTokens 
Issue: gh-6025
 2018-11-19 18:06:40 -07:00
dperezcabrera f6414e9a52 Make InMemory*ClientRegistrationRepository Consistent 
The previous builders with the list argument were inconsistent with their
respective builders of var args.
 2018-11-19 15:09:30 -06:00
Rafael Dominguez e1d68e4f6b WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code 
This ensures that token response is only extracted when ClientResponse has a successful status

Fixes: gh-6089
 2018-11-19 10:50:33 -06:00
Josh Cummings f30fcdda6b
RequestCacheConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 15:40:12 -07:00
Josh Cummings 686393ed5c
ExceptionHandlingConfigurerTests groovy->java 
Issue: gh-4939
 2018-11-16 14:51:26 -07:00
Josh Cummings 1ea73e7d8e Jwt Decoder Local Key Configuration 
Adds support for configuring Resource Server DSL with a local public
key.

Fixes: gh-5131
 2018-11-16 13:07:19 -06:00
Rafael Dominguez 75a2c2b729 OAuth2AccessTokenResponseBodyExtractor supports Object values 
This commit ensures the token response is parsed correctly if the values are not a String.

Fixes: gh-6087
 2018-11-15 13:23:36 -06:00
Daniel Bustamante Ospina 808fbfa161 Update webflux-form sample to use Built in CSRF Support 
Remove the CsrfControllerAdvice class and update dependencies to add
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

Issue: gh-6061
 2018-11-14 17:38:37 -06:00
Josh Cummings d28e32b000 NimbusJwtDecoder Builder 
A Builder to simply common construction patterns for NimbusJwtDecoder

Issue: gh-6010
 2018-11-14 15:53:47 -06:00
Josh Cummings fbcf48cea0 Low-level Nimbus Jwt Decoder 
Introduces a JwtDecoder which takes a raw Nimbus JWTProcessor
configuration.

Fixes: gh-5648
 2018-11-14 15:53:47 -06:00
Karl Goffin db5e54266c #3912 lazyBean method respects @Primary annotation 2018-11-14 14:31:29 -06:00
Dongmin Shin b2c2f84f00 Fix Typo in Reference Docs 
Fixes gh-6076
 2018-11-14 11:36:27 -06:00
Rafael Dominguez ac026e23fe Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE 2018-11-14 10:51:38 -06:00
Krzysztof Szmytkowski b5455b0bec
Make AesByesEncryptor public 
Fixes: gh-5099
 2018-11-13 16:05:59 -07:00
Josh Cummings 13de580632
AesBytesEncryptorTests 
Issue: gh-5099
 2018-11-13 16:03:47 -07:00
Johnny Lim 95c824cb2a Upgrade to neko-htmlunit 2.33 2018-11-13 15:48:52 -06:00
Josh Cummings ae74f22e30 Reactive Jwt Claim Set Converter Support 
Exposes setClaimSetConverter on NimbusReactiveJwtDecoder, lining it up
with the same support on NimbusJwtDecoder.

Fixes: gh-6015
 2018-11-13 15:31:08 -06:00
Gunnar Hillert 11b6b63364 Docs: Fix Maven Property example `spring-security.version` 2018-11-13 15:08:00 -06:00
Josh Cummings 2769b7ffb0
Leave Issuer As String - Documentation 
Update documentation that indicated the iss claim is proactively
coerced into a URL.

Issue: gh-6073
 2018-11-13 12:40:41 -07:00
Josh Cummings 19649db9ce
Leave Issuer As String 
Since StringOrURI is a valid issuer, MappedJwtClaimSetConverter and
JwtIssuerValidator no longer assume it.

Issue: gh-6073
 2018-11-13 11:39:15 -07:00
Josh Cummings c70b65c5df
Favor URL.toExternalForm 
Converts URLs to Strings before comparing them. Uses toString(),
which delegates to toExternalForm().

Fixes: gh-6073
 2018-11-13 08:20:18 -07:00
Josh Cummings a32d19ec7d
Polish NimbusReactiveJwtDecoderTests 
Issue: gh-5650
 2018-11-12 15:04:00 -07:00
Josh Cummings 8eedb3919e
Policy OAuth2ResourceServerSpecTests 
Issue: gh-6052
 2018-11-12 15:01:15 -07:00
Josh Cummings dca3645850
Update to spring-build-conventions:0.0.22.RELEASE 
Fixes: gh-6064
 2018-11-09 10:55:35 -07:00
dperezcabrera 898d005a53 InMemoryUserDetailsManager.updatePassword case-insenstive 
Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
 2018-11-09 11:39:58 -06:00
Erik van Paassen 3a6582d2a6 Fix csrf:token-repository-ref XSD documentation 
The documentation of the token-repository-ref attribute of the csrf
element in the schema has been updated to make clear the default
repository is lazy. Targets versions 4.2, 5.0 and 5.1.

Fixes gh-6037
 2018-11-08 10:14:49 -06:00
Josh Cummings 9a13f9acde Custom Bearer Token Error Handling Support 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
 2018-11-07 16:29:56 -06:00
Josh Cummings 78e27ca17f
Update Reactive Resource Server Docs 
Resource Server documentation for both Servlet and Reactive now have a
similar feel and offer deeper exposure to common use cases.

Fixes: gh-6054
 2018-11-07 12:05:21 -07:00
Josh Cummings 8a475e39be Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 09:27:25 -05:00
Paul Wheeler ccc4e1c876 Made AclClassIdUtils genuinely package level by injecting the conversionService instead of AclClassIdUtils 
Fixes gh-4814
 2018-10-31 09:24:35 -05:00