Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,467 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

1507 Commits

Author SHA1 Message Date
Joe Grandja 4cd89b584f Polish gh-5184 2020-02-20 21:25:17 -05:00
Joe Grandja 8a4ff4452b Add XML namespace support for oauth2-client 
Fixes gh-5184
 2020-02-20 20:05:48 -05:00
Eleftheria Stein 171e0d048f Fix typo in WebSecurityConfigurer Javadoc 
Fixes: gh-7876
 2020-02-14 11:00:45 +01:00
Joe Grandja ff8002eb2e Polish gh-4557 2020-02-12 15:47:57 -05:00
Ruby Hartono 71a5c9521c Add XML namespace support for oauth2-login 
Fixes gh-4557
 2020-02-12 15:26:17 -05:00
Joe Grandja 40c0a452d7 Define oauth2-login xsd elements 
Issue gh-4557
 2020-02-12 15:26:17 -05:00
Eleftheria Stein fde3ccb8b3 Add marker to make Kotlin DSL type safe 
Fixes: gh-7971
 2020-02-12 11:35:45 +01:00
Eleftheria Stein 1d6fdd249b Add missing Javadoc to Kotlin class 2020-02-11 18:09:30 +01:00
Eleftheria Stein f37a4557e6 Fix typo in Kotlin Javadoc 2020-02-11 18:09:30 +01:00
Josh Cummings 5bdf57d1e5
Remove Groovy and Spock Dependencies 
Fixes gh-4939
 2020-02-10 10:38:40 -07:00
Eleftheria Stein a5210aaf9b Support custom filter in Kotlin DSL 
Fixes: gh-7951
 2020-02-10 12:03:32 +01:00
Stephane Maldini 851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes 
Fixes gh-7952
 2020-02-07 20:44:19 -05:00
Eleftheria Stein 8c0b754a49 Fix credentials precedence over introspector in Kotlin 
Fixes: gh-7878
 2020-02-06 11:01:42 +01:00
Eleftheria Stein 1fed688f05 Fix JWK Set URI precedence over decoder in Kotlin 
Fixes: gh-7877
 2020-02-06 10:48:42 +01:00
Eleftheria Stein 84b8a5abd7 Unlock dependencies for next development version 
This reverts commit 064616f1ef.
 2020-02-05 15:53:04 +01:00
Eleftheria Stein 064616f1ef Lock dependencies for 5.3.0.RC1 2020-02-05 10:20:05 +01:00
Rob Winch 1d7208f8ef Add RSocket Authentication Extension Support 
Fixes gh-7935
 2020-02-04 23:36:47 -06:00
Josh Cummings 209c81d65d
Add BadOpaqueTokenException 
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
 2020-02-04 17:33:08 -07:00
Josh Cummings 0c3754c811
Add BadJwtException 
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
 2020-02-04 17:33:08 -07:00
Josh Cummings 3e07b35611
Polish Bearer Token Error Handling 
Issue gh-7822
Issue gh-7823
 2020-02-03 17:54:39 -07:00
James ee6df1701b
Polish SessionManagementConfigurer 2020-01-31 11:24:36 -07:00
Josh Cummings cb9fd09150
Change AuthenticationWebFilter's constructor 
Fixes gh-7872
 2020-01-31 09:31:28 -07:00
Eleftheria Stein a512789a93 Fix requiresAuthenticationMatcher not being used 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
 2020-01-27 16:12:27 +01:00
Eleftheria Stein 29377545d9 Fix authenticationFailureHandler not being used 
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
 2020-01-27 13:10:03 +01:00
Johannes Edmeier bdc60a9128 Don't cache requests with `Accept: text/event-stream` by default. 
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
 2020-01-17 10:42:16 -08:00
Josh Cummings f1f158b37e AuthenticationEventPublisher DSL Lookup 
Fixes gh-4400
 2020-01-14 12:07:46 -07:00
Josh Cummings 5579846263 AuthenticationEventPublisher Bean Lookup 
Issue gh-7793
Fixes gh-7515
 2020-01-14 12:07:46 -07:00
James Howe fc9b97c94a Typo in doc 2020-01-14 08:32:26 -07:00
Vincent Ricard f0856c83a9 Migrate LDAP integration tests groovy->java 
This commit also removes BaseSpringSpec

Issue: gh-4939
 2020-01-13 14:18:25 +01:00
Josh Cummings a35ce77451
Add missing PowerMockIgnore annotation 
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
 2020-01-09 15:48:08 -07:00
Josh Cummings ba21c156dd
Polish WebSecurityConfigurerAdapter tests 
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
 2020-01-09 13:51:19 -07:00
Eleftheria Stein fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f1.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein 93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Josh Cummings de87675f6d Add JwtIssuerAuthenticationManagerResolver 
Fixes gh-7724
 2020-01-07 23:30:42 -07:00
Eleftheria Stein-Kousathana 2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security 
Issue: gh-5558
 2020-01-07 12:08:43 -05:00
Rob Winch 65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch 06d7443946 Use Gradle platform and constraints 
This was largely generated from the following script

wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy ./dsp.gradle
cat gradle/dependency-management.gradle | grep 'management "' | cut -d ':' -f 2 | xargs -I{} sh -c "rg {} -l -g '*.gradle' -g '\!dependency-management.gradle' > /dev/null || echo {}" | xargs -I{} sed -iE '/.*{}.*/d' gradle/dependency-management.gradle
rm ./dps.gradle

Fixes gh-7787
 2020-01-06 14:46:36 -06:00
Eleftheria Stein 924b9e95a1 Polish MethodSecurityEvaluationContext 
Issue: gh-6224
 2020-01-03 20:08:52 -05:00
Eleftheria Stein 8b8267e1fe Fix typo in LDAP Javadoc 2020-01-02 10:58:44 -05:00
BELHAKEL Ammar b4619f31ee
Fix return type 
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.

Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
 2019-12-30 12:01:56 -07:00
Eleftheria Stein 2c7f2c2117 Fix Javadoc error in oauth2ResourceServer 
Fixes: gh-7670
 2019-12-27 14:24:46 +01:00
Filip Hanik af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Filip Hanik 9aa333ca4d Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-17 13:33:56 -08:00
Josh Cummings 02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
Joe Grandja c40a17b4d1 WebFlux oauth2Login() redirects on failed authentication 
Fixes gh-5562 gh-6484
 2019-12-05 16:50:43 -05:00
Alexey Nesterov d8d59e97ac Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 12:05:15 -05:00
Eleftheria Stein b7cb93f671 Fix WebFlux logout disabling 
Fixes: gh-7682
 2019-11-28 14:40:25 +01:00
Ruslan Stelmachenko c38e57fa42 Fix class and variable names 2019-11-28 09:23:38 +01:00
Ruslan Stelmachenko 8ebc7ca0ea Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc 2019-11-28 09:23:38 +01:00
Eleftheria Stein 8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00