Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,251 Commits 32 Branches 333 Tags 110 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
Olivier Délèze 9535566f84 Update multitenancy.adoc 
The Java example at line 421 should use the injected `jwtValidator` and not from the current class referenced by `this. jwtValidator`.
 2023-01-05 10:32:57 -07:00
Marcus Da Coregio 2fdf762726 Merge branch '5.8.x' into 6.0.x 2022-12-05 14:41:59 -08:00
Marcus Da Coregio 7aaa25b88e Merge branch '5.7.x' into 5.8.x 2022-12-05 14:40:54 -08:00
Marcus Da Coregio fc25b87967 Merge branch '5.6.x' into 5.7.x 2022-12-05 14:40:38 -08:00
Sellami 626e53d121 Fix: Replace tenantRepository with tenants 2022-12-05 14:31:24 -08:00
Marcus Da Coregio c7b9b33cd1 Merge branch '5.8.x' 2022-11-03 08:23:50 -03:00
Marcus Da Coregio 4d646a2978 Merge branch '5.7.x' into 5.8.x 2022-11-03 08:23:26 -03:00
Marcus Da Coregio 067fc1678c Merge branch '5.6.x' into 5.7.x 2022-11-03 08:22:09 -03:00
Rivaldi 01a37dd678 Fix typo 
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
 2022-11-03 08:21:48 -03:00
Josh Cummings cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Marcus Da Coregio 38a7bbd2eb Merge branch '5.8.x' 2022-10-05 13:20:12 -03:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs 
Issue gh-11347
 2022-10-05 13:19:37 -03:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Steve Riesenberg 2431dd1103
Merge branch '5.8.x' 2022-09-13 17:38:10 -05:00
Steve Riesenberg 355ef21117
Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy 1efb63387f
Add authentication converter for introspected tokens 
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
 2022-09-13 16:45:36 -05:00
Rob Winch a5069d7e35 Fix Add @Configuration to @Enable*Security Usage 
Issue gh-6613
 2022-08-09 17:00:16 -05:00
Joshua Sattler 040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
André Luis Gomes aca3fc2412 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:51:44 -03:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
André Luis Gomes 24701b547f Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:49:47 -03:00
André Luis Gomes b9acdd5058 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 13:43:42 +02:00
Pascal Verdage b71d9bfdc2 Fix typo 2022-04-06 11:09:41 +02:00
Pascal Verdage ed8887e0fc Fix typo 2022-04-06 11:09:15 +02:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Steve Riesenberg 428216b322 Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:50:25 -05:00
Joe Grandja 54b033078b Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:36:10 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Yuriy Savchenko f64181ab41 Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 17:18:48 +01:00
Yuriy Savchenko 77ba94e1db Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 11:07:42 +01:00
Eleftheria Stein 4142f06259 Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs 
Closes gh-10003
 2022-02-08 18:10:58 +01:00
Eleftheria Stein 4492e5b667 Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs 
Closes gh-10003
 2022-02-08 16:12:10 +01:00
Joe Grandja 525f40490c Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:59:14 -05:00
Joe Grandja 214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Rob Winch 2fb056b5c1 Merge Clean up Reference Documentation 
Closes gh-9668
 2021-12-13 16:57:36 -06:00
Jeff Maxwell 32d79f3f4e Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:42 -07:00
Jeff Maxwell b7cc667d21 Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:33:27 -07:00
Jeff Maxwell 879b2d089f Fix setJWTClaimSetJWSKeySelector Typo 
Closes gh-10504
 2021-11-16 15:29:23 -07:00
Jeff Maxwell 088a24cf59 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:18:42 -07:00
Jeff Maxwell 3fb1565cc0 Fix jwtDecoder Documentation Usage 
Closes gh-10505
 2021-11-16 15:17:37 -07:00
Jeff Maxwell 5913501e1a #10505 Fix jwtDecoder 
Fixed jwtDecoder(JWTProcessor jwtProcessor, OAuth2TokenValidator<Jwt> jwtValidator)
 2021-11-16 14:05:43 -07:00
Steve Riesenberg 73e1506e5e Consistency update for servlet docs 2021-11-11 14:24:29 -06:00
Steve Riesenberg ab794bf67a Consistency update for servlet docs 2021-11-11 10:41:12 -06:00
Josh Cummings b60020a40c Use authorizeHttpRequests in Docs 
Issue gh-8900
 2021-11-10 16:09:50 -07:00
Josh Cummings 812d6f7b18 Use authorizeHttpRequests in Docs 
Issue gh-8900
 2021-11-10 16:08:57 -07:00
Josh Cummings 7708418fae Separate OAuth 2.0 Login Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00
Josh Cummings 82696918ae Separate OAuth 2.0 Client Servlet Docs 
Issue gh-10367
 2021-11-05 12:45:46 -06:00