Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,258 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

7258 Commits

Author SHA1 Message Date
Rob Winch 0c26d1b98a ServerHttpBasicAuthenticationConverter Validates Scheme Name 
Fixes: gh-5414
 2018-07-31 09:10:23 -05:00
Rob Winch e3d4d66917 BasicAuthenticationFilter case insenstive 
Fixes: gh-5586
 2018-07-31 09:10:10 -05:00
Rob Winch 2cd2bab818 Use HttpHeaders.setBasicAuth 
Issue: gh-5612
 2018-07-30 15:34:48 -05:00
Rob Winch afa2d9cbc7 Remove ExchangeFilterFunctions 
Issue: gh-5612
 2018-07-30 15:34:44 -05:00
Rob Winch 262c1a77c6 Remove SecurityHeaders 
We no longer need this since Spring Framework now provides
HttpHeaders.setBearerAuth

Issue: gh-5612
 2018-07-30 15:34:40 -05:00
Rob Winch c26d7dc859 Update to Spring Boot 2.1.0.M1 
Fixes: gh-5613
 2018-07-30 15:34:35 -05:00
Joe Grandja b5abb99908 ClaimAccessor.getClaimAsString() checks null claim value 
Fixes gh-5608
 2018-07-30 15:31:41 -04:00
Joe Grandja e243f93eed Default to server_error when OAuth2Error.errorCode is null 
Fixes gh-5594
 2018-07-30 13:20:58 -04:00
Rob Winch aea861e2f9 Fix Imports 
Issue: gh-5599
 2018-07-30 12:15:53 -05:00
Rob Winch 6d0369647b Add OAuth2LoginSpec.and() 
Fixes: gh-5609
 2018-07-30 12:07:51 -05:00
Rob Winch a01dc3a5f6 WebFlux Handles Undefined State Parameter 
Currently if a state exists, but an undefined state parameter is provided
a NullPointerException occurs.

This commit handles the null value.

Fixes: gh-5599
 2018-07-30 12:02:42 -05:00
Rob Winch dd1fa7f709 Add Sample 
Issue: gh-5605
 2018-07-30 11:39:50 -05:00
Rob Winch e215d2733f Add OAuth2Spec 
Issue: gh-5605
 2018-07-30 11:39:45 -05:00
Rob Winch 2056b3440f Add ServerBearerTokenAuthenticationConverter 
Issue: gh-5605
 2018-07-30 11:39:40 -05:00
Rob Winch 4f417f01a7 BearerTokenServerAuthenticationEntryPoint 
Issue: gh-5605
 2018-07-30 11:39:34 -05:00
Rob Winch da73242d60 Add JwtReactiveAuthenticationManager 
Issue: gh-5605
 2018-07-30 11:39:28 -05:00
Rob Winch b8308c9ae0 Extract JwtConverter 
Issue: gh-5605
 2018-07-30 11:37:56 -05:00
Rob Winch e6bd5357df Next Development Version 2018-07-26 20:11:59 -05:00
Rob Winch b5ae0c86d0 Release 5.1.0.M2 2018-07-26 19:38:11 -05:00
Rob Winch a699cccda1 Disable Snapshot for release 2018-07-26 19:37:40 -05:00
Rob Winch 1c308ecb44 Next Development Version 2018-07-26 15:22:02 -05:00
Rob Winch ff06fcb1ab Release 5.1.0.M2 2018-07-26 15:21:11 -05:00
Rob Winch f3c9cce56d Rename to WebClientAuthorizationCodeTokenResponseClient 
Rename NimbusReactiveAUthorizationCodeTokenResponseClient to
WebClientReactiveAuthorizationCodeTokenResponseClient

Fixes: gh-5529
 2018-07-26 15:14:11 -05:00
Rob Winch 1c8a931e33 Rename to OidcAuthorizationCodeReactiveAuthenticationManager 
Renamed OidcReactiveAuthenticationManager to
OidcAuthorizationCodeReactiveAuthenticationManager since it only handles
authorization code flow.

Fixes: gh-5530
 2018-07-26 15:14:11 -05:00
Rob Winch 5f20bb3d50 Update to Spring Data Lovelace RC1 
Fixes: gh-5589
 2018-07-26 15:14:11 -05:00
Rob Winch 44578e5539 Update to Spring Framework 5.1.0.RC1 
Fixes: gh-5588
 2018-07-26 15:14:11 -05:00
Rob Winch 1f3fe624c8 Update to Reactor Californium M1 
Fixes: gh-5587
 2018-07-26 15:14:11 -05:00
Rob Winch 483e25f821 HttpSessionRequestCache Allow Any SavedRequest 
Fixes: gh-5585
 2018-07-26 15:14:11 -05:00
Rob Winch 7b2b1a877d Default RequestCache as @Bean 
Fixes: gh-5583
 2018-07-26 15:14:11 -05:00
Rob Winch 8ce244f5d2 Simplify Configuring RequestCache 
Now the RequestCache is configured on any default success handler.

Fixes: gh-5582
 2018-07-26 15:14:11 -05:00
Rob Winch 6012bfdc6e Rename FormLoginConfigurerTests to FormLoginConfigurerSpec 
Rename so can add new Java based tests for gh-5582

Issue: gh-5582
 2018-07-26 15:14:11 -05:00
Rob Winch fa0565109b Add SimpleSavedRequest 
Fixes: gh-5581
 2018-07-26 15:14:11 -05:00
Joe Grandja 2c1c2c78c3 Add HttpServletResponse param to removeAuthorizationRequest 
Fixes gh-5313
 2018-07-26 14:15:56 -04:00
Johnny Lim 887db71333 Fix typo (#5580) 2018-07-26 10:04:21 -04:00
Joe Grandja 3d4e5836f2 Update to selenium-support:3.13.0 
Fixes gh-5578
 2018-07-24 20:35:14 -04:00
Joe Grandja 82c9931377 Update to selenium-java:3.13.0 
Fixes gh-5577
 2018-07-24 20:35:14 -04:00
Joe Grandja c3acdb36a6 Update to hibernate-validator:6.0.11.Final 
Fixes gh-5576
 2018-07-24 20:35:13 -04:00
Joe Grandja 21302b7e39 Update to hibernate-entitymanager:5.3.3.Final 
Fixes gh-5575
 2018-07-24 20:35:13 -04:00
Joe Grandja c502f668da Update to bcpkix-jdk15on:1.60 
Fixes gh-5574
 2018-07-24 20:35:13 -04:00
Joe Grandja 1468fee3d5 Update to org.apache.httpcomponents:httpclient:4.5.6 
Fixes gh-5573
 2018-07-24 20:35:13 -04:00
Joe Grandja c111f5902f Update to ehcache:2.10.5 
Fixes gh-5572
 2018-07-24 20:35:13 -04:00
Joe Grandja 67ee011866 Update to javax.servlet.jsp.jstl-api:1.2.2 
Fixes gh-5571
 2018-07-24 20:35:12 -04:00
Joe Grandja 45a2607cd0 Update to oauth2-oidc-sdk:5.64.2 
Fixes gh-5569
 2018-07-24 16:23:22 -04:00
Joe Grandja aad66fb094 Update to nimbus-jose-jwt:5.14 
Fixes gh-5568
 2018-07-24 16:21:12 -04:00
Joe Grandja 0d9f4b3a0a Update to cglib-nodep:3.2.7 
Fixes gh-5567
 2018-07-24 16:16:52 -04:00
Josh Cummings fc5083ae0c Bearer Token Exception Handling Configuration 
This exposes #authenticationEntryPoint(), #accessDeniedHandler, on
the Resource Server DSL.

With these, a user can customize the error responses when a bearer
token request fails.

Fixes: gh-5497
 2018-07-24 12:49:26 -06:00
Josh Cummings 6a45ecd4bb Bearer Token Resolver Configuration 
This introduces #bearerTokenResolver(BearerTokenResolver) to the
Resource Server DSL, allowing users to configure the resolver to allow
the access token as part of the request body or a query parameter. It
also allows the user to replace the resolver with a completely custom
one.

This also introduces the same ability by exposing a bean of type
BearerTokenResolver

Fixes: gh-5496
 2018-07-24 13:12:16 -04:00
mhyeon.lee ba29b363fc Fix OAuth2AuthorizationRequestRedirectWebFilter baseurl exclude querystring 
To create redirect_uri in OAuth2AuthorizationRequestRedirectWebFilter,
queryParam is included in the current request-based baseUrl.
So when binding to the redirectUriTemplate,
the wrong type of redirect_uri may be created.

Fixed: gh-5520
 2018-07-23 15:42:15 -04:00
Josh Cummings 195a6943e2
OpenIDConfigTests groovy->java 
For the remember me test, there is some hand configuration that was
carried over from the groovy test as there isn't a way via the xml
config to achieve the same result.

For the attribute exchange test, in order to reduce the amount of
endpoint configuration, the test uses a bit of reflection to disable
the OpenID association step. This is because the xml config does not
support wiring a custom ConsumerManager, like the java configurer
does.

Issue: gh-4939
 2018-07-23 12:43:23 -06:00
Joe Grandja 36cbdfe013 Fix NPE when null Authentication in authorization_code grant 
Fixes gh-5560
 2018-07-23 12:28:48 -04:00