1da8e9df13
Next Development Version
2020-02-05 11:03:09 -05:00
9a2b71d931
Release 5.2.2.RELEASE
2020-02-05 10:56:00 -05:00
c4ccc96655
Polish Error Messages for OpaqueTokenIntrospectors
2020-02-05 07:16:37 -07:00
6c310213a8
Update to Spring Boot 2.2.4
...
Fixes gh-7909
2020-02-04 15:07:16 -05:00
a5b6b9a398
Update to org.slf4j 1.7.30
...
Fixes gh-7908
2020-02-04 15:04:46 -05:00
9e6910273c
Update to org.powermock 2.0.5
...
Fixes gh-7907
2020-02-04 14:56:28 -05:00
ea809b01a6
Update to hibernate-validator 6.1.2.Final
...
Fixes gh-7906
2020-02-04 14:53:08 -05:00
8054239a12
Update to hibernate-entitymanager 5.4.10.Final
...
Fixes gh-7905
2020-02-04 14:51:05 -05:00
46486194c2
Update to org.aspectj 1.9.5
...
Fixes gh-7904
2020-02-04 14:44:05 -05:00
00b08bc725
Update to httpclient 4.5.11
...
Fixes gh-7903
2020-02-04 14:39:27 -05:00
6e0fbfcccd
Update to commons-codec 1.14
...
Fixes gh-7899
2020-02-04 14:31:31 -05:00
87ea083520
Update to com.squareup.okhttp3 3.14.6
...
Fixes gh-7898
2020-02-04 14:24:11 -05:00
9db3f51f2a
Update to Jackson 2.10.2
...
Fixes gh-7897
2020-02-04 14:06:11 -05:00
3cc4a945c6
Update to Reactor Dysprosium SR4
...
Fixes gh-7896
2020-02-04 14:03:06 -05:00
dbc43fb47d
Update to Spring Data Moore SR3
...
Fixes gh-7895
2020-02-04 14:02:57 -05:00
ce6a0368bd
Update to Spring Framework 5.2.3
...
Fixes gh-7894
2020-02-04 13:38:17 -05:00
9dd3dfe718
Fix requiresAuthenticationMatcher not being used
...
The custom server requiresAuthenticationMatcher was not always picked up
Fixes: gh-7863
2020-01-27 16:56:59 +01:00
edb6cd3729
Fix authenticationFailureHandler not being used
...
The custom server authenticationFailureHandler was not always picked up
Fixes: gh-7782
2020-01-27 13:52:01 +01:00
2dbedf7af5
Set charset of BasicAuthenticationFilter converter
...
Allow BasicAuthenticationFilter to pick up the given credentials charset.
Fixes: gh-7835
2020-01-23 16:24:03 +01:00
630eb10704
Load LDIF file from classpath in unboundId mode
...
Fixes: gh-7833
2020-01-21 17:12:18 +01:00
f4d4c08329
Fix LDIF file example in LDAP docs
...
Fixes: gh-7832
2020-01-20 11:32:53 +01:00
cc956a66df
Don't cache requests with `Accept: text/event-stream` by default.
...
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:37:34 -08:00
29182abb34
Fix HttpHeaderWriterWebFilterTests
...
Ensure setComplete() is subscribed to
2020-01-10 08:46:47 -06:00
b754a3d635
Use the custom ServerRequestCache that the user configures
...
on for the default authentication entry point and authentication
success handler
Fixes gh-7721
https://github.com/spring-projects/spring-security/issues/7721
Set RequestCache on the Oauth2LoginSpec default authentication success handler
import static ReflectionTestUtils.getField
Feedback incorporated per
https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-18 08:44:27 -08:00
0d24e2b8cf
Fix WebFlux logout disabling
...
Fixes: gh-7682
2019-12-13 11:53:20 +01:00
b00999deed
Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor
...
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name
Fixes gh-7737
2019-12-12 15:30:56 -06:00
59ca2ddf65
Polish SAML2 principal classes
...
Update @since
Issue: gh-7681
2019-12-12 20:27:24 +01:00
0782228914
fix: make Saml2Authentication serializable
2019-12-12 20:25:26 +01:00
29eb8b9177
CompositeServerHttpHeadersWriter Executes Sequentially
...
Fixes gh-7731
2019-12-12 11:28:23 -06:00
bd6ff1f319
DelegatingServerAuthenticationSuccessHandler Executes Sequentially
...
Fixes gh-7728
2019-12-12 08:33:14 -06:00
6db7b457b7
DelegatingServerLogoutHandler Executes Sequentially
...
Fixes gh-7723
2019-12-11 15:39:56 -06:00
840d3aa986
Polish #7589
...
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.
Handle empty mono returned from contextAttributesMapper.
Handle empty map returned from contextAttributesMapper.
Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.
Fix unit tests so that they pass.
Use StepVerifier in unit tests, rather than .subscribe().
Fixes gh-7569
2019-12-10 14:37:34 -05:00
4c5c4f6cce
Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager
...
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager
Fixes: gh-7569
2019-12-10 14:37:25 -05:00
148b570a98
Remove redundant validation for redirect-uri
...
Fixes gh-7706
2019-12-06 12:01:19 -05:00
752d5f29aa
Display general error message when WebFlux oauth2Login() fails
...
Issue gh-5562 gh-6484
2019-12-05 20:12:38 -05:00
e4aa3be4c5
WebFlux oauth2Login() redirects on failed authentication
...
Fixes gh-5562 gh-6484
2019-12-05 20:12:09 -05:00
0babe7d930
Correctly configure authorization requests repository for OAuth2 login
...
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.
This change also makes OAuth2Client and OAuth2Login authentication converters consistent.
Fixes gh-7675
2019-11-29 13:58:27 -05:00
b905cb8aaa
Polish OAuth2AuthorizedClientArgumentResolver
2019-11-28 10:31:29 -05:00
19c2209a12
ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository
...
Fixes gh-7544
2019-11-28 10:31:18 -05:00
18f48e4a16
DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange
...
Issue gh-7544
2019-11-28 10:31:06 -05:00
42ab6736e1
typo fix: consecutive-word duplications ( #7673 )
...
* fix typo: require require
* more typo fix: consecutive-word duplications
Following previously finding, I then used `rg` to find other similar
typos, with false positives manually excluded, using the following
command:
rg -t asciidoc -Pp '\b(\w+)\s+\1\b'
2019-11-26 18:35:28 +01:00
af47e730a0
Only Hello Spring Security Boot
...
For those getting started, we really need to send the message of using
Spring Boot.
Fixes gh-7627
2019-11-26 08:38:29 -06:00
c5b36664ce
Polish PrincipalSid
...
Remove reduntant UserDetails check and add tests
2019-11-26 15:09:44 +01:00
ea148d5fee
Avoid toString in favor of getName for extract sid
...
There are some more sophisticated implementations of `getName` in `AbstractAuthenticationToken` and other `Authentication` classes.
2019-11-26 15:09:44 +01:00
b3d177fc7e
Extract HTTPS Documentation
...
Fixes gh-7626
2019-11-25 15:49:51 -06:00
7cbd1665a6
Isolate Jwt Test Support
...
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.
Fixes gh-7641
2019-11-22 15:07:05 -07:00
8a95e5798d
Update @MessageMapping to match input/output cardinality
2019-11-22 15:07:38 -06:00
cd0bec48de
Fix typo in log message.
2019-11-21 15:55:27 -07:00
0d35194b47
Add sessionFixation Javadoc
2019-11-15 12:17:05 +01:00
22ae3eb765
Polish Error-handling Tests
...
Tests should assert the error message content that Spring Security
controls.
Fixes gh-7647
2019-11-14 16:13:39 -07:00
Joe Grandja
Josh Cummings
Eleftheria Stein
Peter Keller
Johannes Edmeier
Rob Winch
Filip Hanik
Clement Stoquart
Phil Clay
Ankur Pathak
Alexey Nesterov
ryenus
杨博 (Yang Bo)
Pim Moerenhout
Paul Pazderski