Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-22 22:46:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,340 Commits 33 Branches 337 Tags
Commit Graph

1479 Commits

Author SHA1 Message Date
Vincent Ricard
f0856c83a9 Migrate LDAP integration tests groovy->java 
This commit also removes BaseSpringSpec

Issue: gh-4939
 2020-01-13 14:18:25 +01:00
Josh Cummings
a35ce77451
Add missing PowerMockIgnore annotation 
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
 2020-01-09 15:48:08 -07:00
Josh Cummings
ba21c156dd
Polish WebSecurityConfigurerAdapter tests 
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
 2020-01-09 13:51:19 -07:00
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f11e2811b7d4241b26f712674978f3f7.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings
de87675f6d Add JwtIssuerAuthenticationManagerResolver 
Fixes gh-7724
 2020-01-07 23:30:42 -07:00
Eleftheria Stein-Kousathana
2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security 
Issue: gh-5558
 2020-01-07 12:08:43 -05:00
Rob Winch
65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch
06d7443946 Use Gradle platform and constraints 
This was largely generated from the following script

wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy ./dsp.gradle
cat gradle/dependency-management.gradle | grep 'management "' | cut -d ':' -f 2 | xargs -I{} sh -c "rg {} -l -g '*.gradle' -g '\!dependency-management.gradle' > /dev/null || echo {}" | xargs -I{} sed -iE '/.*{}.*/d' gradle/dependency-management.gradle
rm ./dps.gradle

Fixes gh-7787
 2020-01-06 14:46:36 -06:00
Eleftheria Stein
924b9e95a1 Polish MethodSecurityEvaluationContext 
Issue: gh-6224
 2020-01-03 20:08:52 -05:00
Eleftheria Stein
8b8267e1fe Fix typo in LDAP Javadoc 2020-01-02 10:58:44 -05:00
BELHAKEL Ammar
b4619f31ee
Fix return type 
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.

Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
 2019-12-30 12:01:56 -07:00
Eleftheria Stein
2c7f2c2117 Fix Javadoc error in oauth2ResourceServer 
Fixes: gh-7670
 2019-12-27 14:24:46 +01:00
Filip Hanik
af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Filip Hanik
9aa333ca4d Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-17 13:33:56 -08:00
Josh Cummings
02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Joe Grandja
c40a17b4d1 WebFlux oauth2Login() redirects on failed authentication 
Fixes gh-5562 gh-6484
 2019-12-05 16:50:43 -05:00
Alexey Nesterov
d8d59e97ac Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 12:05:15 -05:00
Eleftheria Stein
b7cb93f671 Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-11-28 14:40:25 +01:00
Ruslan Stelmachenko
c38e57fa42 Fix class and variable names 2019-11-28 09:23:38 +01:00
Ruslan Stelmachenko
8ebc7ca0ea Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc 2019-11-28 09:23:38 +01:00
Eleftheria Stein
8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Pim Moerenhout
cd0bec48de Fix typo in log message. 2019-11-21 15:55:27 -07:00
Paul Pazderski
0d35194b47 Add sessionFixation Javadoc 2019-11-15 12:17:05 +01:00
Adrian Pena
ca8877c8c5 Updates javadoc for InitializeUserDetailsBeanManagerConfigurer 2019-11-13 10:34:10 +01:00
Eleftheria Stein
1188a3bb5f Polish RememberMeConfigurer 
Issue: gh-4140
 2019-11-07 15:26:59 +01:00
邓超
b13f750646 Retrieve remember-me key from service as fallback 
Fixes: gh-4140
 2019-11-07 13:55:39 +01:00
Yanming Zhou
9f6a36444a Add missing schemas 2019-11-06 08:24:20 -06:00
Josh Cummings
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests 
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
 2019-11-04 11:39:54 -07:00
Filip Hanik
0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Josh Cummings
5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Rob Winch
635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Vitalii Mahas
0ac5f5456f Fix typo 'is' -> 'if' in javadoc 2019-10-25 13:27:11 -06:00
Eleftheria Stein
de7cbc82b5 Clarify in Javadoc that expressionHandler should not be null 
Fixes: gh-2665
 2019-10-23 15:10:39 -04:00
Rob Winch
3051a79188 Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access 2019-09-30 14:33:41 -05:00
Rob Winch
a911f3d52f Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access 2019-09-30 14:14:59 -05:00
Rob Winch
3854afad61 Merge Add denyAll method in AuthorizePayloadsSpec.Access 2019-09-30 14:05:42 -05:00
Josh Cummings
758af54796
ObjectPostProcessor Tests groovy->java 
Issue gh-4939
 2019-09-27 16:36:33 -06:00
Josh Cummings
a08be5bf6f
UrlAuthorizationsTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Josh Cummings
870d83eb3e
PermitAllSupportTests groovy->java 
Issue gh-4939
 2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle
350bce761f Add hasAuthority method to RSocketSecurity 
Fixes gh-7435
 2019-09-27 16:48:25 -05:00
Josh Cummings
5f905232cb
Polish CurrentSecurityContextArgumentResolvers 
Fixes gh-7487
 2019-09-27 13:19:08 -06:00
Joe Grandja
5ef6e7ed6f Add author for SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 15:17:20 -04:00
Joe Grandja
0fea57d6a1 Optimize SecurityReactorContextConfiguration 
Issue gh-7422
 2019-09-27 14:46:39 -04:00
Josh Cummings
33ba292fed
Resource Server w/ SecurityReactorContextSubscriber 
Fixes gh-7423
 2019-09-27 11:01:04 -06:00
Joe Grandja
5a67971375 WebFluxSecurityConfiguration configures oauth2Client() by default 
Fixes gh-7470
 2019-09-27 10:04:19 -04:00
Joe Grandja
08d2c93713 Polish gh-7466 2019-09-26 22:11:53 -04:00
Roman Chigvintsev
9bae0a4dbd Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec 
Fixes gh-7466
 2019-09-26 17:19:32 -04:00
Joe Grandja
2a5bd6e719 Align Servlet ExchangeFilterFunction CoreSubscriber 
Fixes gh-7422
 2019-09-26 16:17:17 -04:00
Joe Grandja
d3b7a47ef8 Polish gh-4442 2019-09-25 21:37:31 -04:00