Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,844 Commits 30 Branches 330 Tags 114 MiB
Commit Graph

1027 Commits

Author SHA1 Message Date
Spring Operator 2bf126f4cf URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.

* http://luke.taylor.openid.cn/ (200) with 1 occurrences could not be migrated:
   ([https](https://luke.taylor.openid.cn/) result SSLHandshakeException).

# Fixed URLs

## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.

* http://axschema.org/contact/email (UnknownHostException) with 2 occurrences migrated to:
  https://axschema.org/contact/email ([https](https://axschema.org/contact/email) result UnknownHostException).
* http://axschema.org/namePerson (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson ([https](https://axschema.org/namePerson) result UnknownHostException).
* http://axschema.org/namePerson/first (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson/first ([https](https://axschema.org/namePerson/first) result UnknownHostException).
* http://axschema.org/namePerson/last (UnknownHostException) with 1 occurrences migrated to:
  https://axschema.org/namePerson/last ([https](https://axschema.org/namePerson/last) result UnknownHostException).
* http://luke.taylor.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://luke.taylor.myopenid.com/ ([https](https://luke.taylor.myopenid.com/) result UnknownHostException).
* http://schema.openid.net/contact/email (UnknownHostException) with 2 occurrences migrated to:
  https://schema.openid.net/contact/email ([https](https://schema.openid.net/contact/email) result UnknownHostException).
* http://schema.openid.net/namePerson (UnknownHostException) with 1 occurrences migrated to:
  https://schema.openid.net/namePerson ([https](https://schema.openid.net/namePerson) result UnknownHostException).
* http://schema.openid.net/namePerson/friendly (UnknownHostException) with 1 occurrences migrated to:
  https://schema.openid.net/namePerson/friendly ([https](https://schema.openid.net/namePerson/friendly) result UnknownHostException).
* http://somehost/someUrl (UnknownHostException) with 1 occurrences migrated to:
  https://somehost/someUrl ([https](https://somehost/someUrl) result UnknownHostException).
* http://spring.security.test.myopenid.com/ (UnknownHostException) with 1 occurrences migrated to:
  https://spring.security.test.myopenid.com/ ([https](https://spring.security.test.myopenid.com/) result UnknownHostException).
* http://example.net/pkp-report (404) with 1 occurrences migrated to:
  https://example.net/pkp-report ([https](https://example.net/pkp-report) result 404).
* http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng (404) with 1 occurrences migrated to:
  https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng ([https](https://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng) result 404).
* http://www.puppycrawl.com/dtds/configuration_1_3.dtd (404) with 1 occurrences migrated to:
  https://www.puppycrawl.com/dtds/configuration_1_3.dtd ([https](https://www.puppycrawl.com/dtds/configuration_1_3.dtd) result 404).
* http://www.puppycrawl.com/dtds/suppressions_1_1.dtd (404) with 1 occurrences migrated to:
  https://www.puppycrawl.com/dtds/suppressions_1_1.dtd ([https](https://www.puppycrawl.com/dtds/suppressions_1_1.dtd) result 404).
* http://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller (404) with 1 occurrences migrated to:
  https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller ([https](https://www.se-radio.net/transcript-82-organization-large-code-bases-juergen-hoeller) result 404).

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://raykrueger.blogspot.com/ with 1 occurrences migrated to:
  https://raykrueger.blogspot.com/ ([https](https://raykrueger.blogspot.com/) result 200).
* http://www.infoq.com/presentations/code-organization-large-projects with 1 occurrences migrated to:
  https://www.infoq.com/presentations/code-organization-large-projects ([https](https://www.infoq.com/presentations/code-organization-large-projects) result 200).
* http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd with 1 occurrences migrated to:
  https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd ([https](https://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd) result 200).
* http://www.springframework.org/dtd/spring-beans.dtd with 4 occurrences migrated to:
  https://www.springframework.org/dtd/spring-beans.dtd ([https](https://www.springframework.org/dtd/spring-beans.dtd) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.0.xsd with 5 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-3.0.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.0.xsd) result 200).
* http://www.springframework.org/schema/aop/spring-aop-3.2.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop-3.2.xsd ([https](https://www.springframework.org/schema/aop/spring-aop-3.2.xsd) result 200).
* http://www.springframework.org/schema/aop/spring-aop.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/aop/spring-aop.xsd ([https](https://www.springframework.org/schema/aop/spring-aop.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.0.xsd with 20 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.0.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.0.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans-3.1.xsd ([https](https://www.springframework.org/schema/beans/spring-beans-3.1.xsd) result 200).
* http://www.springframework.org/schema/beans/spring-beans.xsd with 267 occurrences migrated to:
  https://www.springframework.org/schema/beans/spring-beans.xsd ([https](https://www.springframework.org/schema/beans/spring-beans.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.0.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.0.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.1.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.1.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context-3.2.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context-3.2.xsd ([https](https://www.springframework.org/schema/context/spring-context-3.2.xsd) result 200).
* http://www.springframework.org/schema/context/spring-context.xsd with 6 occurrences migrated to:
  https://www.springframework.org/schema/context/spring-context.xsd ([https](https://www.springframework.org/schema/context/spring-context.xsd) result 200).
* http://www.springframework.org/schema/data/jpa/spring-jpa.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/data/jpa/spring-jpa.xsd ([https](https://www.springframework.org/schema/data/jpa/spring-jpa.xsd) result 200).
* http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd ([https](https://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd) result 200).
* http://www.springframework.org/schema/mvc/spring-mvc.xsd with 10 occurrences migrated to:
  https://www.springframework.org/schema/mvc/spring-mvc.xsd ([https](https://www.springframework.org/schema/mvc/spring-mvc.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security-2.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security-2.0.xsd ([https](https://www.springframework.org/schema/security/spring-security-2.0.xsd) result 200).
* http://www.springframework.org/schema/security/spring-security.xsd with 266 occurrences migrated to:
  https://www.springframework.org/schema/security/spring-security.xsd ([https](https://www.springframework.org/schema/security/spring-security.xsd) result 200).
* http://www.springframework.org/schema/tx/spring-tx-3.0.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/tx/spring-tx-3.0.xsd ([https](https://www.springframework.org/schema/tx/spring-tx-3.0.xsd) result 200).
* http://www.springframework.org/schema/tx/spring-tx.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/tx/spring-tx.xsd ([https](https://www.springframework.org/schema/tx/spring-tx.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util-3.0.xsd with 3 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util-3.0.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.0.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util-3.1.xsd with 1 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util-3.1.xsd ([https](https://www.springframework.org/schema/util/spring-util-3.1.xsd) result 200).
* http://www.springframework.org/schema/util/spring-util.xsd with 4 occurrences migrated to:
  https://www.springframework.org/schema/util/spring-util.xsd ([https](https://www.springframework.org/schema/util/spring-util.xsd) result 200).
* http://www.springframework.org/schema/websocket/spring-websocket.xsd with 6 occurrences migrated to:
  https://www.springframework.org/schema/websocket/spring-websocket.xsd ([https](https://www.springframework.org/schema/websocket/spring-websocket.xsd) result 200).
* http://www.headwaysoftware.com with 1 occurrences migrated to:
  https://www.headwaysoftware.com ([https](https://www.headwaysoftware.com) result 301).
* http://java.sun.com/dtd/web-app_2_3.dtd with 2 occurrences migrated to:
  https://java.sun.com/dtd/web-app_2_3.dtd ([https](https://java.sun.com/dtd/web-app_2_3.dtd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd with 10 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd) result 302).
* http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd with 2 occurrences migrated to:
  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ([https](https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd) result 302).

# Ignored
These URLs were intentionally ignored.

* http://appengine.google.com/ns/1.0 with 1 occurrences
* http://docbook.org/ns/docbook with 1 occurrences
* http://jakarta.apache.org/log4j/ with 1 occurrences
* http://java.sun.com/xml/ns/javaee with 22 occurrences
* http://www.springframework.org/schema/aop with 14 occurrences
* http://www.springframework.org/schema/beans with 576 occurrences
* http://www.springframework.org/schema/c with 6 occurrences
* http://www.springframework.org/schema/context with 18 occurrences
* http://www.springframework.org/schema/data/jpa with 2 occurrences
* http://www.springframework.org/schema/jdbc with 2 occurrences
* http://www.springframework.org/schema/mvc with 20 occurrences
* http://www.springframework.org/schema/p with 10 occurrences
* http://www.springframework.org/schema/security with 534 occurrences
* http://www.springframework.org/schema/tx with 10 occurrences
* http://www.springframework.org/schema/util with 16 occurrences
* http://www.springframework.org/schema/websocket with 12 occurrences
* http://www.w3.org/1999/xlink with 1 occurrences
* http://www.w3.org/2001/XMLSchema-instance with 299 occurrences
 2019-03-19 17:33:29 -05:00
Josh Cummings 248a8c030b Support for OIDC RP-Initiated Logout 
Fixes: gh-5350
 2019-03-19 09:00:46 -06:00
Spring Operator b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Josh Cummings d86550f64b
Polish Tests and Error Messages 
MockMvc matchers are best matched with the MockMvc execution API -
it's a little odd to try and use them inside of an AssertJ assertion
since they do their own asserting.

It's more readable to place "this." in front of member variables.

It's best to test just one class at a time in a unit test.

Issue: gh-4187
 2019-02-28 11:01:08 -07:00
Rafiullah Hamedy 82d527ed42
Add Support for Clear Site Data on Logout 
Added an implementation of HeaderWriter for Clear-Site-Data HTTP
response header as welll as an implementation of LogoutHanlder
that accepts an implementation of HeaderWriter to write headers.

- Added ClearSiteDataHeaderWriter and HeaderWriterLogoutHandler
that implements HeaderWriter and LogoutHandler respectively
- Added unit tests for both implementations's behaviours
- Integration tests for HeaderWriterLogoutHandler that uses
ClearSiteDataHeaderWriter
- Updated the documentation to include link to
HeaderWriterLogoutHandler

Fixes gh-4187
 2019-02-28 11:01:08 -07:00
Ankur Pathak ac13b55ecd HeaderWriterFilter writes headers at beginning 
Add support for HeaderWriterFilter to write headers at the beginning of the request

Fixes: gh-6501
 2019-02-18 07:43:08 -07:00
Josh Cummings 67fb936c7e
Polish Formatting in Tests 
Issue: gh-6454
 2019-02-06 20:16:53 -07:00
Ankur Pathak 93d6a38ffd
Consider having HeaderWriters check before writing 
All HeadersWriter only write Header if its not already
written.

Fixes: gh-6454 gh-5193
 2019-02-06 20:16:52 -07:00
Ankur Pathak ffe602fdbe HTML markup fixed in DefaultLoginPageGeneratingFilter 
Ending div moved  out of condition.

Fixes: gh-6417
 2019-01-22 13:20:35 -06:00
Josh Cummings c82440ee82 Polish CompositeHeaderWriterTests 
Changed test to favor mocks in order to provide a stronger
guarantee that the composite delegates to its components.

Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Josh Cummings bb1b9d9b86 Polish Javadoc and Whitespacing 
Issue: gh-6453
 2019-01-21 14:50:09 -07:00
Ankur Pathak 718641a1e5 Added CompositeHeaderWriter 
1. Added new CompositeHeaderWriter
2. Improvement in HeaderWriterFilter using CompositeHeaderWriter.

Fixes: gh-6453
 2019-01-21 14:50:09 -07:00
Ankur Pathak b7ed919cee Add preload support to Strict-Transport-Security 
1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
 2019-01-16 11:10:06 -06:00
Denis Washington 3be11a22cd Save query parameters in WebSessionServerRequestCache 
Previously, URL query parameters were lost when saving a request
in WebSessionServerRequestCache. Now it is properly saved and
restored.
 2019-01-15 13:44:29 -06:00
guo fei c0e66a9ba1 1. add customization support for double forwardslash in StrickHttpFirewall 
2. add getEncodedUrlBlacklist() and getDecodedUrlBlacklist() method in StrickHttpFirewall

Fixes gh-6292
 2019-01-15 13:42:33 -06:00
Johnny Lim c94f13a971 Polish tests 2019-01-08 11:16:22 -06:00
Slava Semushin d8d9abed2a LazyCsrfTokenRepository: fix a typo in javadoc. 2019-01-07 13:35:00 -06:00
Josh Cummings 7a55af246e
Polish tests and javadoc 
When using AssertJ, it's easy to commit the following error

assertThat(some boolean condition)

The above actually does nothing. It at least needs to be

assertThat(some boolean condition).isTrue()

This commit refines some assertions that were missing a verify
condition.

Also, one Javadoc was just a little bit confusing, so this
clarifies it.

Issue: gh-6259
 2018-12-21 08:47:37 -07:00
Rafael Dominguez 086b105273
Remove Servlet 2.5 Support for Session Fixation 
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.

Fixes: gh-6259
 2018-12-21 08:47:37 -07:00
finke-ba b838f7c7b7 Add WebFlux support for spring security web jackson module. 
Fixes: gh-6303
 2018-12-19 10:11:17 -06:00
Shawn Biesan a919b4e916 Remove servlet getHeader check and test 
Fixes: gh-6265
 2018-12-18 13:25:10 -07:00
finke-ba 9c7cab835f Add conditionally servlet based support for spring security web jackson module. 2018-12-18 14:21:31 -06:00
Dongmin Shin 3230cd653c Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository 
Fixes: gh-6261
 2018-12-17 12:56:33 -07:00
Dongmin Shin 733a380bc7 Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter 
Fixes: gh-6260
 2018-12-17 12:52:59 -07:00
Rob Winch a90c217446 Fix LoginPageGeneratingWebFilter Markup 
Fixes: gh-6295
 2018-12-17 11:15:59 -06:00
Ian He 9818da79fe Fix DefaultLoginPageGeneratingFilter Markup 
the `</h3>` should be `</h2>`.
 2018-12-17 10:50:03 -06:00
Dongmin Shin fc802e1a7c Remove Servlet 2.5 and 3.0 Support for Remember Me and CSRF 
Fixes: gh-6263, Fixes: gh-6262
 2018-12-14 06:47:21 -07:00
Dongmin Shin 0d2af416aa Add cookieDomain to CookieCsrfTokenRepository 
Fixes: gh-4315
 2018-12-13 15:01:24 -07:00
Ankur Pathak 2b369cfe98 Added support for Anonymous Authentication 
1. Created new WebFilter AnonymousAuthenticationWebFilter to
for anonymous authentication
2. Created class AnonymousSpec, method anonymous to configure
anonymous authentication in ServerHttpSecurity
3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for
anonymous authentication in SecurityWebFiltersOrder
4. Added tests for anonymous authentication in
AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests
5. Added support for Controller in WebTestClientBuilder

Fixes: gh-5934
 2018-12-12 16:05:30 -06:00
lmagyar 3c35f4cfab SecurityContextCallableProcessingInterceptor thread visibility fix 
Within class SecurityContextCallableProcessingInterceptor field securityContext should volatile.

Fixes gh-6143
 2018-12-03 15:45:56 -06:00
Bhavik Kumar 90b9cfaf55 Use SpringUtils to check scheme 
Fixes 6183
 2018-11-29 20:42:39 -06:00
John Coyne 7618d236c4 CookieClearingLogoutHandler updates based on comments 
Changed the implementation to use an anonymous function
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne 14c2d96c86 Clean up code to conform to basic checkstyle 
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
John Coyne d05ad19276 CookieClearingLogoutHandler enhancement 
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path
Issue: gh-6078
 2018-11-26 14:33:08 -06:00
Josh Cummings 8a475e39be Write Security Headers Before Servlet Include 
HeaderWriterFilter wraps request dispatcher so it can write security
headers before the include occurs.

Fixes: gh-5499
 2018-10-31 09:27:25 -05:00
sunflower-seed 2e6ff72c31 Update SubjectDnX509PrincipalExtractor.java 
Added missing asterisk
 2018-10-17 14:56:45 -05:00
Eric Deandrea b060ec050a Automatically add CsrfServerLogoutHandler if csrf enabled 
The configuration DSL should automatically add CsrfServerLogoutHandler if csrf is enabled

Fixes gh-5337
 2018-09-21 00:59:36 -05:00
Rob Winch e4597b5213 WebSessionServerRequestCache ignores favicon and html 
Fixes: gh-5874
 2018-09-19 14:28:05 -05:00
Rob Winch 8e4d540bfb Default Log Out Pages Use HTTPS for CSS 
Fixes: gh-5873
 2018-09-19 13:52:35 -05:00
Rob Winch 9c749bf556 Fix SwitchUserFilter matchers 
Fixes: gh-4249
 2018-09-14 09:45:41 -05:00
Rob Winch 8b19f7a71a AntPathRequestMatcher supports UrlPathHelper 
Fixes: gh-5846
 2018-09-14 09:45:41 -05:00
Rob Winch 96d85ad2b5 Polish HttpsRedirectWebFilter 
Issue: gh-5749
 2018-09-07 14:29:46 -05:00
Josh Cummings 2c982a4168 Reactive Redirect to Https 
This introduces the capability to configure Reactive Spring Security
to upgrade requests to HTTPS

Fixes: gh-5749
 2018-09-07 14:25:58 -05:00
Josh Cummings 21e62683ab
Polish Commit on Reactive Http Basic Test 2018-09-07 10:01:11 -06:00
Tim Koopman 6df4dfe47b
Reactive HttpBasic Support For Coloned Passwords 
This makes so that reactive httpBasic supports passwords containing
one or more colons.
 2018-09-07 10:01:11 -06:00
Josh Cummings 1c74706232 Delegating ServerAccessDeniedHandler by exchange 
Fixes: gh-5747
 2018-08-31 10:33:11 -05:00
Vedran Pavic cb0ba58b58 Fix WhitespaceAfterCheck Checkstyle check 2018-08-27 10:45:35 -05:00
Rob Winch 1640a1f462 Polish ServerAuthenticationConverter 
Fix package tangles

Issue: gh-5338
 2018-08-24 09:44:27 -05:00
Josh Cummings 416a276436
Expose Default Reactive CsrfProtectionMatcher 
Make so that users can augment the default protection logic with
their own.

Fixes: gh-5725
 2018-08-22 13:02:02 -06:00
Rob Winch f5701b5fe0 Fix OptimizeAntPathRequestMatcher 
Previously the logic for determining if the pathInfo should be appended
was inverted.

This correctly concatenates url + pathInfo if url is a non empty String.

Fixes: gh-5473
 2018-08-21 11:52:55 -05:00
Christoph Dreis 4ccd2f7ebd Optimize AntPathRequestMatcher.getRequestPath() 2018-08-21 11:46:37 -05:00
Vedran Pavic f382b69507 Add reactive support for Referrer-Policy security header 2018-08-20 10:10:59 -05:00
Vedran Pavic 10621a0f2c Add reactive support for Content-Security-Policy security header 2018-08-20 10:03:42 -05:00
Vedran Pavic 29cfc3dd1d Add reactive support for Feature-Policy security header 
Closes gh-5672
 2018-08-20 09:02:12 -05:00
Rob Winch f843da1942 Add OAuth2LoginAuthenticationWebFilter 
This is necessary so that the saving of the authorized client occurs
outside of the ReactiveAuthenticationManager. It will allow for
saving with the ServerWebExchange when ReactiveOAuth2AuthorizedClientRepository
is added.

Issue: gh-5621
 2018-08-19 21:11:43 -05:00
Rob Winch e3eaa99ad0 Polish ServerAuthenticationConverter 
Update changes for ServerAuthenticationConverter to be passive.

Issue: gh-5338
 2018-08-18 19:55:39 -05:00
Eric Deandrea b6afe66d32 Add ServerAuthenticationConverter interface 
- Adding an ServerAuthenticationConverter interface
- Retro-fitting ServerOAuth2LoginAuthenticationTokenConverter,
 ServerBearerTokenAuthentivationConverter, ServerFormLoginAuthenticationConverter,
 and ServerHttpBasicAuthenticationConverter to implement ServerAuthenticationConverter
- Deprecate existing AuthenticationWebFilter.setAuthenticationConverter
and add overloaded one which takes ServerAuthenticationConverter

Fixes gh-5338
 2018-08-18 19:55:39 -05:00
Vedran Pavic c6ea447cc0 Add support for Feature-Policy security header 2018-08-16 09:31:02 -05:00
Johnny Lim 68878a1675 Replace isEqualTo(null) with isNull() 2018-08-09 18:04:48 -06:00
Johnny Lim 973af94b42 Fix typo 2018-08-07 22:52:59 -05:00
Rob Winch 0c26d1b98a ServerHttpBasicAuthenticationConverter Validates Scheme Name 
Fixes: gh-5414
 2018-07-31 09:10:23 -05:00
Rob Winch e3d4d66917 BasicAuthenticationFilter case insenstive 
Fixes: gh-5586
 2018-07-31 09:10:10 -05:00
Rob Winch afa2d9cbc7 Remove ExchangeFilterFunctions 
Issue: gh-5612
 2018-07-30 15:34:44 -05:00
Rob Winch 262c1a77c6 Remove SecurityHeaders 
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612
 2018-07-30 15:34:40 -05:00
Rob Winch 483e25f821 HttpSessionRequestCache Allow Any SavedRequest 
Fixes: gh-5585
 2018-07-26 15:14:11 -05:00
Rob Winch fa0565109b Add SimpleSavedRequest 
Fixes: gh-5581
 2018-07-26 15:14:11 -05:00
Rob Winch f48404a6a0 Default Log In Pages Use HTTPS for CSS 
Fixes: gh-5539
 2018-07-18 20:06:17 -05:00
Rob Winch d468d7e6da Cache Control disabled for 304 
Fixes: gh-5534
 2018-07-17 22:13:33 -05:00
Rob Winch d595098823 Rename @TransientAuthentication to @Transient 
It is quite likely we will need to prevent certain Exceptions from being
saved or from triggering a saved request. When we add support for this,
we can now leverage @Transient vs creating a new annotation.

Issue: gh-5481
 2018-07-16 11:31:10 -05:00
Josh Cummings 28afb4e3d7 Access Denied Handling Defaults 
This introduces the capability for users to wire denial handling
by request matcher, similar to how users can already do with
authentication entry points.

This is handy for when denial behavior differs based on the contents
of the request, for example, when the Authorization header indicates
an OAuth2 Bearer Token request vs Basic authentication.

Fixes: gh-5478
 2018-07-16 10:40:46 -05:00
Josh Cummings 3c46727be1 Transient Authentication Tokens 
This commit introduces support for transient authentication tokens
which indicate to the filter chain, specifically the
HttpSessionSecurityContextRepository, whether or not the token ought
to be persisted across requests.

To leverage this, simply annotate any Authentication implementation
with @TransientAuthentication, extend from an Authentication that uses
this annotation, or annotate a custom annotation.

Implementations of SecurityContextRepository may choose to not persist
tokens that are marked with @TransientAuthentication in the same way
that HttpSessionSecurityContextRepository does.

Fixes: gh-5481
 2018-07-16 10:40:45 -05:00
Rob Winch a3210c96d9 Default Log Out Page 
Fixes: gh-5516
 2018-07-15 19:45:20 -05:00
Rob Winch 05ed028f9d Modernize Default Log In Page 
Fixes: gh-5515
 2018-07-15 19:43:42 -05:00
Rob Winch c3177a84a3 Override toString() in all RequestMatcher 
It makes it easier to debug having custom
toString().

Fixes: gh-5446
 2018-06-15 11:27:28 -05:00
Joe Grandja 48ef7c966d DefaultLoginPageGeneratingFilter escapes OAuth2 ClientRegistrations 
Fixes gh-5394
 2018-05-29 10:14:50 -04:00
Rob Winch b3ca598679 Add WebClient Bearer token support 
Fixes: gh-5389
 2018-05-25 15:17:08 -05:00
Rob Winch 6a12415d23 Add DelegatingServerLogoutHandler(List<ServerLogoutHandler> delegates) 
Issue: gh-4839
 2018-05-24 09:44:29 -05:00
Eric Deandrea 8c3fdb3bcf DelegatingServerLogoutHandler 
Create a ServerLogoutHandler which delegates to a group of
ServerLogoutHandler implementations.

Fixes gh-4839
 2018-05-24 09:39:12 -05:00
Rob Winch 73345e7434 Add Cross Site Tracing (XST) & HTTP Method Tampering Protection 
Fixes: gh-5377
 2018-05-24 09:35:40 -05:00
Rob Winch f29e4cf91f LoginPageGeneratingWebFilter conditionally renders formLogin 
Issue: gh-4807
 2018-05-14 16:38:13 -05:00
Rob Winch 7013c6fd76 Add OAuth2LoginSpec 
Issue: gh-4807
 2018-05-11 04:19:50 -05:00
Rob Winch ca9cd20832 Add DelegatingServerAuthenticationSuccessHandler 
Fixes: gh-5332
 2018-05-11 04:19:50 -05:00
Rob Winch d874c4954e AuthenticationWebFilter handle empty Authentication 
Fixes: gh-5333
 2018-05-11 04:19:50 -05:00
Rob Winch e78457d3a1 Fix checkstyle for CsrfServerLogoutHandlerTests 
Issue: gh-4840
 2018-05-11 04:16:48 -05:00
Eric Deandrea 26f53a20b3 Add CsrfServerLogoutHandler 
Create a CsrfServerLogoutHandler which invalidates the current CsrfToken

Fixes gh-4840
 2018-05-11 04:16:48 -05:00
Eric Deandrea 21750242cf Add HttpStatusReturningServerLogoutSuccessHandler 
An HttpStatusReturningServerLogoutSuccessHandler is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusReturningLogoutSuccessHandler.

Fixes gh-5081
 2018-05-11 04:03:21 -05:00
Eric Deandrea bc9f8ec430 Add HttpStatusServerEntryPoint 
An HttpStatusServerEntryPoint is missing on the
reactive side - essentially the reactive equivalent of
HttpStatusEntryPoint.

Fixes gh-5082
 2018-05-11 04:00:49 -05:00
Artyom Emelyanenko 902fc0f657 Fixed confused word in the class javadoc 2018-05-07 16:54:40 -05:00
Eric Deandrea b3c5bfe4db CookieServerCsrfTokenRepository fails when cookie is null/empty 
The CookieServerCsrfTokenRepository fails with an IllegalArgumentException
 when a cookie is present but the value is null or empty.

Fixes gh-5315
 2018-05-07 16:16:51 -05:00
Rob Winch 3ba15a16bf Polish CookieServerCsrfTokenRepository 
- Only do work if subscribed to
- use test naming conventions
- Refactor tests to avoid extracting
  - Uses String for member names which are not type safe
  - Uses long argument list which makes assertions difficult to read

Issue: gh-5083
 2018-05-04 16:54:48 -05:00
Rob Winch 37b1136c0c Remove CookieServerCsrfTokenRepository builder methods 
This is inconsistent with the rest of the code base.

Issue: gh-5083
 2018-05-04 16:54:48 -05:00
Eric Deandrea 1eaecc12ec Add CookieServerCsrfTokenRepository 
A cookie implementation of ServerCsrfTokenRepository (like CookieCsrfTokenRepository)
is missing. In this implementation it would be nice to allow the setting of the domain as well.

Fixes: gh-5083
 2018-05-04 16:54:48 -05:00
Alexander Münch 0570cebbce Avoid unnecessary grow of ArrayList 
Adapted ArrayList size in CacheControlHeadersWriter::createHeaders()
 2018-05-04 14:23:31 -05:00
XYUU 3740d33e64 The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
XYUU 23dd136efb The HttpHeader's ContentLength is a byte unit 2018-05-04 14:18:03 -05:00
Rob Winch 9bb841ac67 ExceptionTranslationFilter does not handle committed responses 
Fixes: gh-5273
 2018-04-30 16:49:51 -05:00
Rob Winch afdefe7b13 Fixes: gh-5190 2018-04-16 17:52:27 -05:00
Rob Winch 8fbec3f0f1 Polish NegatedServerWebExchangeMatcher 
Issue: gh-5170
 2018-03-29 21:17:40 -05:00
Tao Qian d83b67e4cb Add NegatedServerWebExchangeMatcher 
Fixes: gh-5170
 2018-03-29 21:16:11 -05:00
Rob Winch fb7394c1de Polish Javadoc 
Fixes: gh-5186
 2018-03-29 15:33:57 -05:00
Mark Hobson 3c07d99b0a Close quoted expected path in log when matching 2018-03-27 11:14:14 -05:00
Johnny Lim d20ed9f5c9 Fix @since for StrictHttpFirewall 2018-03-27 11:01:26 -05:00
Christoph Dreis d07cfe655d Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
Rob Winch b1d013e8f0 Fix JDK 9 
Issue: gh-5160
 2018-03-27 09:30:56 -05:00
Rob Winch 7e6ed52603 CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-2325
 2018-03-19 16:51:22 -05:00
Rob Winch d21338d212 Support errorOnInvalidType for Reactive AuthenticationPrincipal 
Fixes: gh-5096
 2018-03-09 12:05:55 -06:00
Rob Winch a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Rob Winch 949c7d68b8 Fix StrictHttpFirewall rules 
Fixes: gh-5044
 2018-03-08 21:30:23 -06:00
Rob Winch 055a2ca917 Polish Javadoc HttpStatusServerAccessDeniedHandler 2018-03-07 12:35:25 -06:00
Rob Winch 9f23212e43 HttpStatusServerAccessDeniedHandler use injected HttpStatus 
Fixes: gh-5078
 2018-03-07 12:35:25 -06:00
Rob Winch 8d75554b6b Lazily Create Throwables 
Fixes: gh-5040
 2018-02-26 16:24:40 -06:00
Rob Winch 0fc67f765a Polish StrictHttpFirewall Javadoc 
Also cleanup DefaultHttpFirewall Javadoc

Issue: gh-5008
 2018-02-15 17:18:28 -06:00
Rob Winch fcf967687b Add FilterSecurityInterceptor once per request test 
Issue: gh-4997
 2018-02-08 17:11:37 -06:00
json20080301 40a1281c66 FilterSecurityInterceptor once per request set attr 
Only set the attribute if once per request is true
 2018-02-08 17:10:45 -06:00
Rob Winch ce5fb51b20 Remove Mono.defer in ReactorContextWebFilter 
Fixes: gh-5010
 2018-02-08 16:19:10 -06:00
Rob Winch 66298dcf5d Clean ReactorContextWebFilterTests imports 
Issue: gh-4962
 2018-02-08 16:15:29 -06:00
Rob Winch 141e3f581f ReactorContextWebFilter preserves main Context 
Previously ReactorContextWebFilter overrode
the main Context.

Fixes: gh-4962
 2018-02-08 14:58:08 -06:00
Rob Winch c399987450 Polish StrictHttpFirewall Javadoc 
Fixes: gh-5008
 2018-02-08 14:08:54 -06:00
Rob Winch ea3dd336aa Cache headers only if no cache headers set 
Fixes: gh-5004
 2018-02-07 14:56:34 -06:00
Rob Winch 8b7f772761 Update to Jackson 2.9.4 
Fixes: gh-4985
 2018-02-01 13:45:06 -06:00
Rob Winch 0eef5b4b42 Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
Rob Winch 6a0833165a AuthorizationWebFilter handles null Authentication 
If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966
 2018-01-22 15:16:58 -06:00
Johnny Lim 921157cdcd Remove explicit super() calls 2017-12-21 15:11:51 -06:00
Johnny Lim 57353d18e5 Use diamond type 2017-12-21 15:09:00 -06:00
Eddú Meléndez c16456623f Remove unused imports 2017-12-20 16:05:38 -06:00
Rob Winch 70be0f3619 Mono<CsrfToken> saveToken->Mono<Void> 
Issue: gh-4856
 2017-11-20 16:30:29 -06:00
Rob Winch d55db837e1 CsrfWebFilter places Mono<CsrfToken> 
Fixes: gh-4855
 2017-11-20 16:30:29 -06:00
Johnny Lim 701933c7f7 Fix copyright start years 
See gh-4655
See gh-4725
 2017-11-17 10:14:32 -06:00
Johnny Lim 5f518d00e5 Apply Checkstyle EmptyStatementCheck module 
This commit adds Checkstyle `EmptyStatementCheck` module and aligns code with it.
 2017-11-16 20:18:21 -06:00
Rob Winch be397b8b33 WebSessionServerSecurityContextRepository Polish 
- map(WebSession::getAttributes)
- use Mono.justOrEmpty

Issue: gh-4843
 2017-11-16 15:54:33 -06:00
Rob Winch 8d30d6110b WebSessionSecurityContextRepository custom session attribute name 
Fixes: gh-4843
 2017-11-16 15:54:21 -06:00
Rob Winch b7529be3d0 WebSessionSecurityContextRepository changes session id 
Fixes: gh-4842
 2017-11-16 15:46:26 -06:00
Rob Winch b19e14330f WebSessionServerCsrfTokenRepository session fixation protection 
Issue: gh-4842
 2017-11-16 15:45:57 -06:00
Rob Winch 75a7c5268a ServerRequestCache.removeMatchingRequest 
Issue: gh-4789
 2017-11-16 15:44:32 -06:00
Benedikt Ritter fffd781b03 Add localization to error messages from ExceptionTranslationFilter 
Fixes gh-4504
 2017-11-16 11:25:56 -06:00
Johnny Lim b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Rob Winch 64ad08e96d ServerRedirectCache.getRequest->getRedirectUri 
Issue: gh-4789
 2017-11-15 15:10:47 -06:00
Rob Winch 1d9b0760d5 ServerRequestCache uses URI 
Issue: gh-4789
 2017-11-15 12:54:05 -06:00
Rob Winch 942b51dba7 Reactive Basic does not create session by default 
Fixes: gh-4825
 2017-11-15 12:50:29 -06:00
Rob Winch 5f79fdd3eb requiresLogoutMatcher naming polish 
Issue: gh-4822
 2017-11-14 16:42:41 -06:00
Rob Winch c1f94156f9 serverWebExchange->exchange 
Issue: gh-4822
 2017-11-14 16:42:38 -06:00
Rob Winch 11f6e0477c serverLogoutSuccessHandler->logoutSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:36 -06:00
Rob Winch bf570854b8 serverLogoutHandler->logoutHandler 
Issue: gh-4822
 2017-11-14 16:42:33 -06:00
Rob Winch 1c977ca15f serverRedirectStrategy->redirectStrategy 
Issue: gh-4822
 2017-11-14 16:42:30 -06:00
Rob Winch 2cbdb4ba02 serverCsrfTokenRepository->csrfTokenRepository 
Issue: gh-4822
 2017-11-14 16:42:27 -06:00
Rob Winch 3bfda6cff7 serverAccessDeniedHandler->accessDeniedHandler 
Issue: gh-4822
 2017-11-14 16:42:24 -06:00
Rob Winch 9e82fc0b83 serverAuthenticationEntryPoint->authenticationEntryPoint 
Issue: gh-4822
 2017-11-14 16:42:20 -06:00
Rob Winch 9cf0dc6b38 serverWebExchange->webExchange 
Issue: gh-4822
 2017-11-14 16:42:17 -06:00
Rob Winch 520e0a5a68 serverAuthenticationSuccessHandler->authenticationSuccessHandler 
Issue: gh-4822
 2017-11-14 16:42:14 -06:00
Rob Winch 5c83f92ddc serverAuthenticationFailureHandler->authenticationFailureHandler 
Issue: gh-4822
 2017-11-14 16:42:10 -06:00
Rob Winch 692233e431 ServerSecurityContextRepository members to securityContextRepository 
Issue: gh-4822
 2017-11-14 16:42:06 -06:00
Johnny Lim d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Rob Winch 1b70efce2b Add ServerRequestCache 
Fixes: gh-4789
 2017-11-13 15:49:34 -06:00
Rob Winch 8f6491b281 Add RedirectServerAuthenticationFailureHandler 
Fixes gh-4816
 2017-11-13 15:49:20 -06:00
Rob Winch 060d8689fe Make RedirectServer*Tests less specific 
Issue: gh-4816
 2017-11-13 15:49:06 -06:00
Johnny Lim 99df632f24 Add missing @Override annotations 
This commit also adds MissingOverrideCheck module to Checkstyle configuration.
 2017-11-08 13:27:24 -06:00
Rob Winch 676020321e Add reactive CsrfRequestDataValueProcessor 
Fixes gh-4762
 2017-11-07 22:25:36 -06:00
Rob Winch 7622826b69 WebSessionServerCsrfTokenRepository saves on getToken 
Fixes gh-4801
 2017-11-07 22:25:23 -06:00
Rob Winch 776364d403 ServerCsrfTokenRepository.saveToken return Mono<CsrfToken> 
Fixes gh-4800
 2017-11-07 22:24:53 -06:00
Rob Winch 3f18881493 Remove additional attribute name from CsrfWebFilter 
Fixes gh-4799
 2017-11-07 22:24:42 -06:00
Frank Pavageau 35706ad60a Deserialize the principal in a neutral way 
When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
 2017-10-30 00:53:31 -05:00
Frank Pavageau 6fd9ff254b Map values directly from the JSON nodes 
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
 2017-10-30 00:53:31 -05:00
SignleMR a1fdb7dcb3 Update AbstractRememberMeServices.java 
this file`s file encode is unkown,maybe is "Eddu Melendez"
 2017-10-30 00:50:23 -05:00
Jeremy Waters 832f5c39c1 SEC-3190: Add support for colons in remember-me token values 
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons.  so this 
change urlencodes the individual tokens when creating the cookie 
string; and urldecodes them decoding the cookie and extracting the 
tokens.  This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
 2017-10-30 00:33:14 -05:00
Rob Winch 93ac706d86 Polish XFrameOptionsHeaderWriter 
Issue: gh-4559
 2017-10-29 23:32:53 -05:00
Nathan Wong 02a78b17b9 Add check to see if return value is DENY 
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.

This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
 2017-10-29 23:32:53 -05:00
Antoine bed4ec7d18 Fix leading space characters reported by checkstyle 2017-10-29 22:22:34 -05:00
Antoine 0771778b81 Polish more AssertJ assertions 2017-10-29 22:22:34 -05:00
Antoine e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch 5a5ec58ca4 Add LogoutPageGeneratingWebFilter 
Fixes gh-4735
 2017-10-29 00:12:23 -05:00
Rob Winch 0734d70d02 Logout requires POST 
Issue: gh-4734
 2017-10-29 00:11:59 -05:00
Rob Winch 8da2c7f657 Add WebFlux CSRF Protection 
Fixes gh-4734
 2017-10-28 22:59:24 -05:00
Rob Winch 192776858d HttpStatusServerAccessDeniedHandler write error message 2017-10-28 22:59:24 -05:00
Rob Winch e63c53e267 Add AuthorizationWebFilterTests 2017-10-28 22:58:55 -05:00
Rob Winch 2060125ebd ServerWebExchangeAttributeServerSecurityContextRepository->NoOpNoOpServerSecurityContextRepository 
Issue: gh-4719
 2017-10-27 18:17:52 -05:00
Rob Winch 4777a869bc Logout at the end of logout method 
Issue: gh-4719
 2017-10-27 18:17:40 -05:00
Rob Winch 5bcf3c559b Remove wrappedExchange from AuthenticationWebFilter 
Issue: gh-4719
 2017-10-27 18:17:29 -05:00
Rob Winch 437ba56415 ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter 
Issue: gh-4719
 2017-10-27 18:17:10 -05:00
Rob Winch c63b258b16 AuthorizeWebFilter uses ReactiveSecurityContextHolder 
Issue gh-4719
 2017-10-27 18:16:59 -05:00
Rob Winch 747473257f Use ReactorSecurityContextHolder 
Issue gh-4713
 2017-10-26 20:11:42 -05:00
Rob Winch 44b41e78cd Flux member variables in favor of Collections 
Fix gh-4694
 2017-10-25 07:41:37 -05:00
Rob Winch fcc1152f78 WebFilterChainProxy not matched continues WebFilterChain 
Fixes gh-4668
 2017-10-24 16:22:07 -05:00
Rob Winch b81c1ce2c0 Move spring-security-webflux into spring-security-web 
Fixes gh-4662
 2017-10-18 16:20:09 -05:00
Rob Winch a74f7c6faa Fix CSRF / DefaultLoginPageGeneratingFilter package tangle 
Issue: gh-4636
 2017-10-16 16:36:49 -05:00
Andreas Gebhardt 0c830f9ba8 fix JavaDoc typo on `BasicAuthenticationEntryPoint` 2017-10-12 07:42:58 -05:00
Rob Winch 23f56f568c Update MockitJunitRunner import 
Issue: gh-4608
 2017-10-09 16:13:33 -05:00
Rob Winch 445834784a Update to Mockito 2.10.0 
Issue: gh-4608
 2017-10-09 16:13:11 -05:00
Rob Winch f3828924ff Fix equals and hashCode alignment 
Fixes gh-4588
 2017-09-28 17:25:00 -05:00
Rob Winch 646b3e48b3 Avoid Exception Message in HTTP Response 
Fixes gh-4587
 2017-09-28 17:24:49 -05:00
Stephan Schroevers 9e719bc313 Drop the `aopalliance:aopalliance` dependency 
As of Spring 4.3 RC1 the `org.aopalliance` interfaces are once again bundled
with `spring-aop` [1]. Moreover, all modules with a dependency on
`aopalliance:aopalliance` directly or indirectly also depend on `spring-aop`.

This change drops the `aopalliance:aopalliance` dependency in all places it's
declared. Where applicable an explicit dependency on `spring-aop` was added in
its place. (This dependency was already present in most places; in one case the
module didn't require `aopalliance:aopalliance` in the first place.)

The documentation is updated accordingly.

[1] https://jira.spring.io/browse/SPR-13984
 2017-09-22 11:11:04 -05:00
Vedran Pavic 95de158909 Add `ForwardLogoutSuccessHandler` 2017-09-06 15:15:02 -05:00
Joe Grandja 4951550d7d Add context path to authorization request URI 
Fixes gh-4510
 2017-08-26 18:55:23 -04:00
Rob Winch e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Kyle Anderson d8a678df6f Removed Unicode Character from Parameter Name 2017-06-29 16:03:29 -05:00
Takuma Setoguchi f2c04dd9b1 fix typo 2017-06-20 08:17:15 -05:00
Rob Winch d81b436e5d Remove pom.xml from build 
Gradle is easy enough to import into IDEs, so pom.xml should no
longer be necessary.

This commit removes the pom.xml files from the build.

Fixes gh-4283
 2017-05-11 14:32:36 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
Joe Grandja 829c386756 Add support for OAuth 2.0 Login 
Fixes gh-3907
 2017-04-28 10:58:59 -04:00
Rob Winch dd6fc48dd8 Standardize Build 
The build now uses spring build conventions to simplify the build

Fixes gh-4284
 2017-04-21 10:55:05 -05:00
Rob Winch 5a65da400d Use ReflectionTestUtils rather than Whitebox 
This is better because it no longer uses Mockito's internal API

Fixes gh-4305
 2017-04-21 10:54:58 -05:00