f18d0fd1a7
Test details using isEqualTo
2019-12-18 17:35:51 +01:00
6b0981549b
Add test for details deserialization
2019-12-18 17:35:51 +01:00
156fc294bf
Deserialize details field in UsernamePasswordAuthenticationToken
...
Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.
Fixes gh-7482
2019-12-18 17:35:51 +01:00
af415948b1
Allow configuration of AuthenticationManagerResolver in saml2Login()
...
Fixes gh-7654
https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
b7eebabce6
Ensure that both matchers carry the same pattern.
...
AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final,
so there is a risk that the underlying matcher can become different if one is not careful.
2019-12-17 13:34:27 -08:00
9aa333ca4d
Use the custom ServerRequestCache that the user configures
...
on for the default authentication entry point and authentication
success handler
Fixes gh-7721
https://github.com/spring-projects/spring-security/issues/7721
Set RequestCache on the Oauth2LoginSpec default authentication success handler
import static ReflectionTestUtils.getField
Feedback incorporated per
https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-17 13:33:56 -08:00
65f5c29316
Check hashes of byte array passwords
...
Fixes gh-7661
2019-12-13 17:57:49 +01:00
83d796cf1a
Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor
...
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name
Fixes gh-7737
2019-12-12 15:30:33 -06:00
da3f18017d
Polish SAML2 principal classes
...
Update @since
Issue: gh-7681
2019-12-12 20:22:58 +01:00
a8331ba7ed
CompositeServerHttpHeadersWriter Executes Sequentially
...
Fixes gh-7731
2019-12-12 11:23:56 -06:00
31b999e9b4
fix: make Saml2Authentication serializable
2019-12-12 17:11:00 +01:00
02f161aba7
Use OidcIdToken.Builder
...
Issue gh-7592
2019-12-12 07:37:15 -07:00
64e063d948
switches web authentication principal resolver to use reactive context
...
gh #6598
Signed-off-by: David Herberth <github@dav1d.de>
2019-12-12 15:33:23 +01:00
8e53c3f269
DelegatingServerAuthenticationSuccessHandler Executes Sequentially
...
Fixes gh-7728
2019-12-12 08:32:44 -06:00
c71e84bdac
Replace test vectors with list of objects
2019-12-12 12:42:44 +01:00
73babc3314
DelegatingServerLogoutHandler Executes Sequentially
...
Fixes gh-7723
2019-12-11 15:39:27 -06:00
cffad1be02
Polish #7589
...
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
Handle empty mono returned from contextAttributesMapper.
Handle empty map returned from contextAttributesMapper.
Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.
Fix unit tests so that they pass.
Use StepVerifier in unit tests, rather than .subscribe().
Fixes gh-7569
2019-12-10 13:59:51 -05:00
c29309d744
Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager
...
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager
Fixes: gh-7569
2019-12-10 13:59:51 -05:00
0c47bfb1e3
Remove empty relay state from redirect url
2019-12-10 09:49:54 -08:00
24500fa3ca
Remove redundant validation for redirect-uri
...
Fixes gh-7706
2019-12-06 11:55:31 -05:00
9c991a5430
Start Servlet Authentication Cleanup
...
Issue gh-7628
2019-12-06 10:52:38 -06:00
4d9cee116c
Display general error message when WebFlux oauth2Login() fails
...
Issue gh-5562 gh-6484
2019-12-05 16:54:31 -05:00
c40a17b4d1
WebFlux oauth2Login() redirects on failed authentication
...
Fixes gh-5562 gh-6484
2019-12-05 16:50:43 -05:00
d102cae243
oidcLogin MockMvc Documentation
...
Remove documentation requiring a valid ClientRegistrationRepository
Issue: gh-7618
2019-12-02 22:49:17 -07:00
8c32d5fe48
Add oidcLogin WebFlux Test Support
...
Fixes: gh-7680
2019-12-02 22:28:24 -07:00
bb8706977d
Polish DefaultOAuth2AuthorizedClientManager
2019-12-02 16:05:17 -07:00
55f1c695e1
Include security configuration context in test sample
...
Fixes: gh-7688
2019-12-02 10:13:24 +01:00
d8d59e97ac
Correctly configure authorization requests repository for OAuth2 login
...
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.
This change also makes OAuth2Client and OAuth2Login authentication converters consistent.
Fixes gh-7675
2019-11-29 12:05:15 -05:00
65513f2e3b
Polish OAuth2AuthorizedClientArgumentResolver
2019-11-28 09:48:01 -05:00
80f256e425
ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository
...
Fixes gh-7544
2019-11-28 09:48:01 -05:00
07b8aa0b1f
DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange
...
Issue gh-7544
2019-11-28 09:48:01 -05:00
b7cb93f671
Fix WebFlux logout disabling
...
Fixes: gh-7682
2019-11-28 14:40:25 +01:00
c38e57fa42
Fix class and variable names
2019-11-28 09:23:38 +01:00
8ebc7ca0ea
Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc
2019-11-28 09:23:38 +01:00
af01fdce7e
Fix security.tld
2019-11-27 10:20:00 -06:00
17449cbf60
Fix next development version
2019-11-27 08:16:23 -06:00
a7871cfce4
Next Development Version
2019-11-27 08:06:16 -06:00
e5932131a9
Next Development Version
2019-11-27 08:05:44 -06:00
796859333f
Log full failed authentication exception in BasicAuthenticationFilter
2019-11-27 14:56:24 +01:00
56f5242595
Fix minor typo.
2019-11-27 09:43:41 +01:00
b35e18ff31
Add oidcLogin MockMvc Test Support
...
Fixes gh-7618
2019-11-26 16:12:06 -07:00
6ff71d8113
Add OidcUserInfo.Builder
...
Fixes gh-7593
2019-11-26 16:12:06 -07:00
c76775159c
Add OidcIdToken.Builder
...
Fixes gh-7592
2019-11-26 16:12:06 -07:00
4954a229d6
Polish oauth2Login Sample Test
...
Issue: gh-7618
2019-11-26 14:19:14 -07:00
42ab6736e1
typo fix: consecutive-word duplications ( #7673 )
...
* fix typo: require require
* more typo fix: consecutive-word duplications
Following previously finding, I then used `rg` to find other similar
typos, with false positives manually excluded, using the following
command:
rg -t asciidoc -Pp '\b(\w+)\s+\1\b'
2019-11-26 18:35:28 +01:00
af47e730a0
Only Hello Spring Security Boot
...
For those getting started, we really need to send the message of using
Spring Boot.
Fixes gh-7627
2019-11-26 08:38:29 -06:00
c5b36664ce
Polish PrincipalSid
...
Remove reduntant UserDetails check and add tests
2019-11-26 15:09:44 +01:00
ea148d5fee
Avoid toString in favor of getName for extract sid
...
There are some more sophisticated implementations of `getName` in `AbstractAuthenticationToken` and other `Authentication` classes.
2019-11-26 15:09:44 +01:00
b3d177fc7e
Extract HTTPS Documentation
...
Fixes gh-7626
2019-11-25 15:49:51 -06:00
7cbd1665a6
Isolate Jwt Test Support
...
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.
Fixes gh-7641
2019-11-22 15:07:05 -07:00
Tao Sun
Filip Hanik
Rafael Garcia
Rob Winch
Eleftheria Stein
Clement Stoquart
Josh Cummings
David Herberth
Phil Clay
Ankur Pathak
Clement Stoquart
Joe Grandja
Alexey Nesterov
Ruslan Stelmachenko
Filip Hrisafov
David Eisner
ryenus
杨博 (Yang Bo)