Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,715 Commits 34 Branches 334 Tags 108 MiB
Commit Graph

1075 Commits

Author SHA1 Message Date
Joe Grandja 95155ddb0c Deprecate Resource Owner Password Credentials grant 
Closes gh-11590
 2022-07-15 16:28:47 -04:00
Joe Grandja 6ee1643bae Remove deprecations in ServerOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11589
 2022-07-15 15:13:40 -04:00
Joe Grandja 054791c26c Remove deprecations in ServletOAuth2AuthorizedClientExchangeFilterFunction 
Closes gh-11588
 2022-07-15 15:12:39 -04:00
Joe Grandja 65db5fa028 Remove deprecations in JwtAuthenticationConverter 
Closes gh-11587
 2022-07-15 14:43:08 -04:00
Joe Grandja 1ac6054e6f Remove deprecations in OidcUserInfo 
Closes gh-11586
 2022-07-15 14:42:54 -04:00
Joe Grandja 6b41faaf55 Remove deprecations in ClaimAccessor 
Closes gh-11585
 2022-07-15 14:42:33 -04:00
Joe Grandja 0859da5590 Remove deprecations in OAuth2AuthorizedClientArgumentResolver 
Closes gh-11584
 2022-07-15 14:42:03 -04:00
Joe Grandja 743b6a5bfe Remove deprecations in OidcClientInitiatedLogoutSuccessHandler 
Closes gh-11565
 2022-07-15 14:04:09 -04:00
Joe Grandja cae22867b2 Remove deprecated allowMultipleAuthorizationRequests 
Closes gh-11564
 2022-07-15 13:50:30 -04:00
Joe Grandja 0e291a3295 Remove deprecations in AuthorizationRequestRepository 
Closes gh-11519
 2022-07-15 08:15:52 -04:00
Joe Grandja e12823095f Remove deprecations in ClientRegistration 
Closes gh-11518
 2022-07-15 08:15:30 -04:00
Joe Grandja 61b034bf69 Remove deprecations in AbstractOAuth2AuthorizationGrantRequest 
Closes gh-11517
 2022-07-15 08:14:56 -04:00
Joe Grandja be58e2ac49 Remove deprecations in ClientAuthenticationMethod 
Closes gh-11516
 2022-07-15 07:45:33 -04:00
Joe Grandja 8c12c3dad0 Remove deprecated converters in OAuth2AccessTokenResponseHttpMessageConverter 
Closes gh-11513
 2022-07-14 16:55:53 -04:00
Joe Grandja 746d27eab1 Remove deprecated NimbusAuthorizationCodeTokenResponseClient 
Closes gh-11512
 2022-07-14 16:32:21 -04:00
Joe Grandja 42683693c0 Remove deprecated CustomUserTypesOAuth2UserService 
Closes gh-11511
 2022-07-14 14:28:41 -04:00
Joe Grandja 67b27a41c3 Remove deprecated UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Closes gh-11508
 2022-07-14 12:10:58 -04:00
Joe Grandja f5a436df80 Remove deprecated NimbusJwtDecoderJwkSupport 
Closes gh-11507
 2022-07-14 12:09:59 -04:00
Joe Grandja a3326fc0ee Remove deprecated implicit authorization grant type 
Closes gh-11506
 2022-07-14 10:05:15 -04:00
Joe Grandja 7df9c6eba5 Use OAuth2Token instead of AbstractOAuth2Token 
Closes gh-10959
 2022-07-13 16:48:28 -04:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor 
Closes gh-11499
 2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00
Marcus Da Coregio ecbfa84b39 Revert "Disable failing tests until r2dbc-h2 is upgraded" 
This reverts commit 614065bb3b.
 2022-07-13 10:55:12 -03:00
Marcus Da Coregio 8776f66fb9 Update io.r2dbc:r2dbc-h2 to 1.0.0.RC1 
Closes gh-11479
 2022-07-13 10:55:12 -03:00
Steve Riesenberg 614065bb3b
Disable failing tests until r2dbc-h2 is upgraded 
Issue gh-11479
 2022-07-11 10:32:38 -05:00
Rivaldi 757fb38147 Fix typo 
(cherry picked from commit 80c5ec459befd9292e08a43e30f4aae22f39eeed)
 2022-06-27 16:05:50 -06:00
Josh Cummings 1d72a05c32
Add SecurityContextHolderStrategy to OAuth2 
Issue gh-11060
 2022-06-27 13:05:12 -06:00
Josh Cummings 539a11d0a4
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:13:42 -06:00
Josh Cummings f035c30edb
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:12:13 -06:00
Josh Cummings 01513ab17e
Add placeholders to reactive post_logout_redirect_uri 
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
 2022-06-16 16:10:26 -06:00
Josh Cummings 6f69d85fcb
Reactive OAuth 2.0 logout handler resolves registrationId 
Closes gh-11378
 2022-06-16 16:09:57 -06:00
Josh Cummings 3f30de388a
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 16:09:56 -06:00
Michael e4505ed6c8
Add placeholders to post_logout_redirect_uri 
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
 2022-06-16 16:09:56 -06:00
Josh Cummings a8ab432aea
Add placeholders to reactive post_logout_redirect_uri 
Now also supports baseScheme, baseHost, basePort, and basePath

Issue gh-11229
 2022-06-16 15:58:44 -06:00
Josh Cummings ebb5746f6e
Reactive OAuth 2.0 logout handler resolves registrationId 
Closes gh-11378
 2022-06-16 15:58:44 -06:00
Josh Cummings 18f7cf5406
Encode postLogoutRedirectUri query params 
Closes gh-11379
 2022-06-16 15:58:43 -06:00
Michael cb0ab49adc
Add placeholders to post_logout_redirect_uri 
Now supports baseScheme, baseHost, basePort, and basePath in addition
to extant baseUrl.

Closes gh-11229
 2022-06-16 15:58:35 -06:00
Steve Riesenberg d18291676f
Update copyright year 
Issue gh-11372
 2022-06-15 13:14:07 -05:00
Steve Riesenberg c7df39a3e6
Fix tests using root cause for exception messages 
Closes gh-11372
 2022-06-14 17:12:15 -05:00
Jyri-Matti Lähteenmäki ca0a6d9777 Treat URLs as String before equals/hashcode 
java.net.URL performs DNS lookups whenever its equals/hashCode is
used. Thus attribute values of type java.net.URL need to be converted
to something else before they are used for equals/hashCode.

Closes gh-10673
 2022-06-03 11:36:00 -04:00
Kuby e28fcbfbbe
Change phoneNumberVerified with type Boolean 
Closes: gh-11315
 2022-06-03 10:23:53 -05:00
Kuby 759d799ddd Change phoneNumberVerified with type Boolean 
Closes: gh-11315
 2022-06-03 09:46:00 -05:00
Marcus Da Coregio b8b0661d73
Lock Dependencies for Release 2022-05-16 14:01:51 -06:00
Marcus Da Coregio 000b87f9aa Revert "Use Spring Framework version 6.0.0-M3" 
This reverts commit b803e845e7.
 2022-05-11 08:36:14 -03:00
Marcus Da Coregio 806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Marcus Da Coregio b803e845e7 Use Spring Framework version 6.0.0-M3 
Closes gh-11193
 2022-05-10 14:49:02 -03:00
Marcus Da Coregio 50f8df6f07 Use HttpStatusCode 
Closes gh-11091
 2022-04-11 09:19:56 -03:00
Marcus Da Coregio e1f649690b Adapt to changes in R2DBC 2022-04-11 09:19:47 -03:00
Steve Riesenberg 8aa7029d07 Fix checkstyle errors 
Issue gh-10989
 2022-03-18 22:53:29 -05:00
Steve Riesenberg e81990c44e
Update io.r2dbc to 0.9.1.RELEASE 
Closes gh-10988
 2022-03-18 18:11:49 -05:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Steve Riesenberg 428216b322 Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:50:25 -05:00
Joe Grandja 50a3bcf728 Remove unused code 2022-03-17 05:08:39 -04:00
Jánoky László Viktor a88b8bf980 ClientAuthenticationMethod equals and hashCode is consistent 
Closes gh-10559
 2022-03-17 05:05:47 -04:00
Joe Grandja 50d315d833 Remove unused code 2022-03-17 04:23:44 -04:00
Joe Grandja 54b033078b Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:36:10 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Simone Giannino 92a385ed05
OAuth 2.0 logout handler resolves uri placeholders 
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Closes gh-7900
 2022-03-15 14:05:26 -06:00
Simone Giannino 73003d59d6 OAuth 2.0 logout handler resolves uri placeholders 
- OidcClientInitiatedLogoutSuccessHandler can automatically resolve placeholders like baseUrl and registrationId inside the postLogoutRedirectUri

Issue gh-7900
 2022-03-15 12:54:39 -06:00
Rob Winch 9b380582dc BearerTokenAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:47:34 -06:00
Rob Winch 9db79aa5d7 BearerTokenAuthenticationFilter.securityContextRepository 
Issue gh-10953
 2022-03-09 15:33:42 -06:00
Josh Cummings 68e2586f06 Move UnmodifiableMapDeserializer 
Issue gh-10905
 2022-03-01 14:17:17 -07:00
Josh Cummings 931fb6a328 Move UnmodifiableMapDeserializer 
Issue gh-10905
 2022-03-01 14:03:41 -07:00
Marcus Da Coregio bebd615507 Update io.r2dbc to 0.9.1.RELEASE 
Closes gh-10883
 2022-02-21 10:35:20 -03:00
Marcus Da Coregio 883c480af0 Update r2dbc-h2 to 0.8.5.RELEASE 
Closes gh-10869
 2022-02-21 09:20:37 -03:00
Eleftheria Stein d655deb718 Update r2dbc-h2 to 0.8.5.RELEASE 
Closes gh-10856
 2022-02-21 12:24:24 +01:00
Rob Winch c67ee6f2a8 javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 15:32:12 -06:00
Rob Winch 8f64bb6c8c javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 
Issue gh-10501
 2022-01-19 14:33:53 -06:00
Marcus Da Coregio d99c08edce Fix failing test in NimbusReactiveJwtDecoderTests 2022-01-17 11:22:05 -03:00
Marcus Da Coregio e2d1bb6998 Update io.r2dbc to 0.9.0.RELEASE 
Closes gh-10745
 2022-01-17 10:50:47 -03:00
Steve Riesenberg 7c54f98944 Update io.r2dbc to 0.9.0.RELEASE 
Closes gh-10717
 2022-01-14 11:58:45 -06:00
Joe Grandja 525f40490c Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:59:14 -05:00
Joe Grandja 214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Eleftheria Stein 3389cf3ffc Revert "Lock dependencies" 
This reverts commit 83bb4603f8.
 2021-12-20 21:55:35 +02:00
Marcus Da Coregio cfbf28b8ba Revert "Lock Dependencies for Release" 
This reverts commit 3d4e90ba2a.
 2021-12-20 16:47:36 -03:00
Eleftheria Stein 83bb4603f8 Lock dependencies 2021-12-20 21:17:17 +02:00
Marcus Da Coregio 3d4e90ba2a Lock Dependencies for Release 2021-12-20 16:03:13 -03:00
Jonas Erbe 606bf6b38d Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request
error on claim validation failure.

But validators have to return invalid_token errors on failure
according to:

https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.

Closes gh-10337
 2021-11-29 13:30:38 -07:00
Jonas Erbe 5c732b9b7f Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:34:53 -07:00
Jonas Erbe aefd2d497c Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:22:30 -07:00
Jonas Erbe 8c063f8ccb Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:13:24 -07:00
Jonas Erbe dec858a5b7 Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:04:30 -07:00
Jonas Erbe 82426e20e1 Fix JwtClaimValidator wrong error code 
Previously JwtClaimValidator returned the invalid_request error on claim validation failure.
But validators have to return invalid_token errors on failure according to:
https://datatracker.ietf.org/doc/html/rfc6750#section-3.1.
Also see gh-10337

Closes gh-10337
 2021-11-29 12:02:02 -07:00
Marcus Da Coregio 25feedb870 Fix removal of framework deprecated code 
Issue https://github.com/spring-projects/spring-framework/issues/27686
 2021-11-19 13:06:13 -03:00
Dávid Kováč 17e28fa7aa Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 13:48:32 +01:00
Dávid Kováč aa1ef46d84 Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 13:33:05 +01:00
Dávid Kováč 862122a267 Update clockSkew javadoc according to implementation 
Closes gh-10174
 2021-11-19 08:13:12 +01:00
Khaled Hamlaoui 00fafd878c Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler 
Closes gh-10425
 2021-11-16 15:27:48 -06:00
Khaled Hamlaoui 498636e26b Allow custom OAuth2ErrorHttpMessageConverter with OAuth2ErrorResponseErrorHandler 
Closes gh-10425
 2021-11-16 14:52:08 -06:00
Josh Cummings 7b03fb5321 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 18:17:33 -07:00
Josh Cummings f89a34c30b Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 18:07:14 -07:00
Josh Cummings 72db6a20c9 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:44:15 -07:00
Josh Cummings 538541bf40 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:35:53 -07:00
Josh Cummings 2a6e00ceb0 Don't Cache ReactiveJwtDecoders Errors 
Closes gh-10444
 2021-11-10 17:33:03 -07:00
Steve Riesenberg 076c01daef Add missing @since 5.6 2021-11-09 14:07:05 -06:00
Steve Riesenberg ea352e1c59 Add missing @since 5.6 2021-11-09 14:02:35 -06:00
Marcus Da Coregio db60df2f9c Update to Spring Framework 6.0 
Issue gh-10360
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio 010f719344 Upgrade to JDK 17 
Closes gh-10343
 2021-11-01 09:02:42 -03:00
Marcus Da Coregio 560962649e Remove BlockHound dependency 
The dependency is not needed anymore and there is a issue when using OpenJDK 13 or higher https://github.com/reactor/BlockHound/issues/33

Issue gh-10343
 2021-11-01 09:02:42 -03:00
Rob Winch e4a76b0ec9 Checkstyle Fixes 
- Javadoc tag ordering
- Private constructors before inner classes

Issue gh-10394
 2021-10-22 10:19:34 -05:00