ca8877c8c5
Updates javadoc for InitializeUserDetailsBeanManagerConfigurer
2019-11-13 10:34:10 +01:00
bc2aedac69
Update to nimbus-jose-jwt 7.8.1
...
Fixes gh-7570
2019-11-11 12:56:29 -07:00
58ca81d500
Make jwks_uri optional for RFC 8414 and Required for OpenID Connect
...
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata
response is expected to return a valid jwks_uri, however, this field is
optional in the Authorization Server Metadata response as per RFC 8414
specification.
Fixes gh-7512
2019-11-11 10:34:06 -07:00
e1fad001d9
Extract HTTP Response Headers Documentation
...
Fixes gh-7625
2019-11-07 10:55:40 -06:00
1188a3bb5f
Polish RememberMeConfigurer
...
Issue: gh-4140
2019-11-07 15:26:59 +01:00
b13f750646
Retrieve remember-me key from service as fallback
...
Fixes: gh-4140
2019-11-07 13:55:39 +01:00
4b4c6e612b
Remove unnecessary instantiation in root
...
Fixes: gh-7635
2019-11-07 10:26:02 +01:00
97fd3d7c84
Clarify usage of hasAnyRole and hasAnyAuthority
2019-11-07 10:07:42 +01:00
9f6a36444a
Add missing schemas
2019-11-06 08:24:20 -06:00
27aa61b02f
Use LocalRSocketServerPort annotation
2019-11-06 10:10:32 +01:00
4f82be7e68
Support URI vars in formLogin and logout MockMvc requests
2019-11-05 09:46:50 +01:00
8722a4b0d0
Revert "Update to AspectJ 1.9.4"
...
This reverts commit 90c475e6b8
2019-11-04 13:10:26 -06:00
925bf48ec0
Polish OAuth2ResourceServerConfigurerTests
...
To confirm that resource server only produces SCOPE_<scope>
authorities by default.
Issue gh-7596
2019-11-04 11:39:54 -07:00
2d9e4d6c0b
Next Development Version
2019-11-04 11:19:15 -06:00
5b8369b7c3
Release 5.2.1.RELEASE
2019-11-04 11:18:41 -06:00
63647e9546
Add Resource Server Multi-tenancy Docs
...
Fixes: gh-7532
2019-11-04 10:15:56 -07:00
bd4f2057ca
Update to blockound 1.0.1.RELEASE
...
Fixes gh-7613
2019-11-04 11:12:57 -06:00
0310cc112e
Update to hibernate-validator 6.1.0.Final
...
Fixes gh-7612
2019-11-04 11:12:45 -06:00
6c23d567b9
Update to hibernate-entitymanager 5.4.8.Final
...
Fixes gh-7611
2019-11-04 11:12:35 -06:00
dfefaa94b5
Update to Unbounded 4.0.12
...
Fixes gh-7610
2019-11-04 11:12:24 -06:00
9558fbdaf1
Update to powermock 2.0.4
...
Fixes gh-7609
2019-11-04 11:12:10 -06:00
a8db3eb0f2
Update to Bouncy Castle 1.64
...
Fixes gh-7608
2019-11-04 11:11:56 -06:00
2608bc0bd2
Update to Reactor Dysprosium-SR1
...
Fixes gh-7607
2019-11-04 11:11:41 -06:00
b57ec7d066
Update to GAE 1.9.76
...
Fixes gh-7606
2019-11-04 11:11:31 -06:00
90c475e6b8
Update to AspectJ 1.9.4
...
Fixes gh-7605
2019-11-04 11:11:20 -06:00
34daf4eeba
Update to Spring Data Moore-SR1
...
Fixes gh-7604
2019-11-04 11:11:05 -06:00
f5704a8960
Update to Spring 5.2.1.RELEASE
...
Fixes gh-7603
2019-11-04 11:10:44 -06:00
0cafcf37e2
Make the loginProcessingUrl configurable for saml2Login()
...
Fixes gh-7565
https://github.com/spring-projects/spring-security/issues/7565
2019-10-31 08:20:12 -07:00
5f17032ffd
Restore Removed Throws Clauses
...
In a recent clean-up, certain exceptions were removed from various
throws clauses.
This PR re-introduces throws clauses that are important for one of the
following reasons:
1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.
Fixes gh-7541
2019-10-30 12:13:54 -06:00
a4430aa21b
Fix variable reference in sample code
2019-10-29 14:04:05 -06:00
0f14844acf
We will not validate IP addresses as part of assertion validation
...
Fixes gh-7514
https://github.com/spring-projects/spring-security/issues/7514
2019-10-28 20:08:42 -07:00
ed02ef9773
Add Test for Malformed Scope
...
Fixes gh-7563
2019-10-28 16:55:56 -06:00
badb0a08c6
Fix exploits indendation
...
Issue gh-2567
2019-10-28 16:00:51 -05:00
2827af15e0
Document Reactive CSRF Support
...
Fixes gh-6487
2019-10-28 15:14:14 -05:00
635f7e1edd
CsrfWebFilter supports multipart/form-data
...
Fixes gh-7576
2019-10-28 14:06:10 -05:00
387f765595
Catch Malformed BearerTokenError Descriptions
...
Fixes gh-7549
2019-10-28 12:30:27 -06:00
0ac5f5456f
Fix typo 'is' -> 'if' in javadoc
2019-10-25 13:27:11 -06:00
4489163163
Use Spring Boot configuration for saml2Login()
...
Fixes gh-7521
https://github.com/spring-projects/spring-security/issues/7521
2019-10-25 08:22:40 -07:00
5345aecd7f
Align RSocket sample with new Spring Boot configuration
2019-10-25 08:22:40 -07:00
bcaa8bc7e9
Upgrade to Spring Boot 2.2.0.RELEASE
2019-10-25 08:22:40 -07:00
9b4c170af0
Create Exploits Section for Reactive
...
Issue gh-2567
2019-10-24 15:03:05 -05:00
bbda755a07
Fix Servlet exploits leveloffset
...
Fixes gh-2567
2019-10-24 14:14:02 -05:00
08fb9c960b
Fix invalid ids
...
Issue gh-2567
2019-10-24 14:06:23 -05:00
55a98b9969
CSRF Documentation
...
Issue gh-2567
2019-10-24 13:24:44 -05:00
02aaba37cd
Documentation TOC on the left
...
This better aligns with other documentation
Issue gh-2567
2019-10-24 13:24:36 -05:00
de7cbc82b5
Clarify in Javadoc that expressionHandler should not be null
...
Fixes: gh-2665
2019-10-23 15:10:39 -04:00
b9f122230b
Align javadoc of continueFilterChainOnUnsuccessfulAuthentication with actual behaviour
2019-10-23 14:50:57 -04:00
8584b12c8d
Make saveAuthorizedClient save the authorized client
...
Previously, saveAuthorizedClient never actually saved the authorized
client, because it ignored the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient.
Now, it does not ignore the Mono<Void> returned from
authorizedClientRepository.saveAuthorizedClient, and includes it in
the stream, and therefore it will properly save the authorized client.
Fixes gh-7546
2019-10-23 12:12:23 -04:00
d26f40f062
DefaultRedirectStrategy should redirect to root if the context-relative URL does not contain the context-path.
2019-10-23 09:41:00 -04:00
1c53a7859b
Fix access token expiry check with clock skew
...
Fixes gh-7511
2019-10-22 21:54:55 -04:00
Adrian Pena
Josh Cummings
Rafiullah Hamedy
Rob Winch
Eleftheria Stein
邓超
LeeHainie
Kristine Jetzke
Yanming Zhou
Eddú Meléndez
Drummond Dawson
Filip Hanik
Mike Truso
Vitalii Mahas
Filip Hrisafov
Phil Clay
Michel Palourdio
Joe Grandja