Commit Graph

9350 Commits

Author SHA1 Message Date
Josh Cummings fc6fa79c86
Update permission-policy Docs
Issue gh-9262
2021-04-29 16:52:29 -06:00
Josh Cummings ca2bc4feb3
Bump Schema Version
Closes gh-9694
2021-04-29 16:52:29 -06:00
Rob Winch 84d9629599 Add gitHubCheckMilestoneHasNoOpenIssues
Closes gh-9693
2021-04-29 16:15:02 -05:00
Rob Winch 23eee9aa03 Remove unused ratelimit code 2021-04-29 15:43:57 -05:00
Josh Cummings 4d564ffb50
Update AuthorizationManager references
Issue gh-9692
2021-04-28 11:58:30 -06:00
Josh Cummings df6ebc7051
Rename DelegatingAuthorizationManager
Closes gh-9692
2021-04-28 09:53:25 -06:00
Josh Cummings 17cfc6ade3
Inline ResourceKeyConverterAdapter
Closes gh-9689
Closes gh-9626
2021-04-28 09:39:12 -06:00
Eleftheria Stein 4d610ca80c Update MockK to 1.11.0
Closes gh-9691
2021-04-28 13:25:06 +02:00
Eleftheria Stein de0cd11a72 Fix PreAuthorize when returning Kotlin Flow
Closes gh-9676
2021-04-28 12:33:18 +02:00
Thomas Vitale e2993d93e1 Make Csrf cookie secure flag configurable (WebFlux)
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
2021-04-27 09:34:12 +02:00
Rob Winch 006b9b9607 master->main
Closes gh-9683
2021-04-26 16:55:43 -05:00
kevin 32ac31c101
Release ByteBuf
Closes gh-9661
2021-04-26 13:16:41 -06:00
Josh Cummings cb6e4f4a11
Add NPE Guards
- Like values, names are only validated if they are not null

Closes gh-9598
2021-04-22 11:22:19 -06:00
Josh Cummings b0011893d2
Update Copyright
Issue gh-9651
2021-04-20 10:43:20 -06:00
Tibor Koch 5da472f3be Fix ClassCastException
Closes gh-9651
2021-04-20 10:42:52 -06:00
Joe Grandja 53e94bca45 Add oauth2Login() tests
Issue gh-9548 gh-9660 gh-9266
2021-04-20 08:37:19 -04:00
Joe Grandja 5afeaa3ce7 WebFlux httpBasic() matches on XHR requests
Closes gh-9660
2021-04-20 08:36:42 -04:00
Craig Andrews 7dc4de05b1 Add guard around logger.debug statement
The log message involves string concatenation, the cost of which should only be incurred if debug logging is enabled
2021-04-16 10:32:58 -06:00
Rob Winch a31a855146 Fix HttpSecurity.addFilter* Ordering
Closes gh-9633
2021-04-14 17:47:31 -05:00
Denis Washington 2b4b856b32 Limit oauth2Login() links to redirect-based flows
This prevents the generated login page from showing links for
authorization grant types like "client_credentials" which are
not redirect-based, and thus not meant for interactive use in
the browser.

Closes gh-9457
2021-04-14 05:02:30 -04:00
Rob Winch a325216f19 Add RELEASE.adoc
Closes gh-9627
2021-04-12 21:52:34 -05:00
Rob Winch 82e47e8ae0 Next Development Version 2021-04-12 21:50:56 -05:00
Rob Winch c562b7d439 Release 5.5.0-RC1 2021-04-12 21:04:11 -05:00
Josh Cummings 501d5ff497
Removed Method Security AuthorizationManager from What's New
Issue gh-9596
2021-04-12 15:53:44 -06:00
Josh Cummings 163b5943ca
Revert AuthorizationManager Method Security 2021-04-12 15:53:22 -06:00
Josh Cummings b352c8f1da
Removed SAML SLO from What's New
Issue gh-9596
2021-04-12 14:49:33 -06:00
Josh Cummings 8c92eddbe5
Revert "Add Registration to Saml2Authentication"
This reverts commit efe42b93ce.
2021-04-12 14:44:36 -06:00
Josh Cummings 55047fd996
Revert "Add RelyingPartyRegistrationResolver"
This reverts commit 2f734a0975.
2021-04-12 14:44:19 -06:00
Josh Cummings 37b40476e7
Revert "Add Single Logout Support"
This reverts commit e807fae869.
2021-04-12 14:44:04 -06:00
Josh Cummings 404a6c5674
Revert "Publish CsrfTokenRepository as shared object"
This reverts commit d19ff12813.
2021-04-12 14:43:37 -06:00
Josh Cummings 4e81bbe386
Revert "Add Saml2LogoutConfigurer"
This reverts commit 6f52baba29.
2021-04-12 14:43:19 -06:00
Rob Winch 44763345d3 Update htmlunit-driver to 2.49.1
Closes gh-9624
2021-04-12 14:55:59 -05:00
Rob Winch 57d77c0cfb Update htmlunit to 2.49.1
Closes gh-9623
2021-04-12 14:55:57 -05:00
Rob Winch 8a13278c6d Update io.spring.nohttp to 0.0.6.RELEASE
Closes gh-9622
2021-04-12 14:55:54 -05:00
Rob Winch f30ee19ccc Update io.projectreactor to 2020.0.6
Closes gh-9620
2021-04-12 14:55:50 -05:00
Rob Winch ac288b8dc9 Update com.nimbusds to 9.3.3
Closes gh-9619
2021-04-12 14:55:48 -05:00
Rob Winch 7c4abdb4db Update jackson-bom to 2.12.3
Closes gh-9616
2021-04-12 14:55:41 -05:00
Josh Cummings 7da6077727
Update to commons-codec:1.15
Closes gh-9575
2021-04-10 10:11:32 -06:00
Josh Cummings 9b07b6a991
Added Sections to What's New
Closes gh-9596
2021-04-10 01:03:56 -06:00
Josh Cummings 6f52baba29
Add Saml2LogoutConfigurer
Closes gh-9497
2021-04-10 00:25:34 -06:00
Josh Cummings d19ff12813
Publish CsrfTokenRepository as shared object
Closes gh-9595
2021-04-10 00:25:34 -06:00
Josh Cummings e807fae869
Add Single Logout Support
Closes gh-8731
2021-04-10 00:25:34 -06:00
Josh Cummings 2f734a0975
Add RelyingPartyRegistrationResolver
Closes gh-9486
2021-04-10 00:12:38 -06:00
Josh Cummings efe42b93ce
Add Registration to Saml2Authentication
Closes gh-9487
2021-04-10 00:12:38 -06:00
Josh Cummings 88c1475a3b
Polish OpenSAML 4 support
Issue gh-9095
2021-04-10 00:12:15 -06:00
Josh Cummings 4f7d529c5d
Polish Csrf Tests
Issue gh-9561
2021-04-09 22:47:31 -06:00
佚名 87ed527023
Add null check in CsrfFilter and CsrfWebFilter
Solve the problem that CsrfFilter and CsrfWebFilter
throws NPE exception when comparing two byte array
is equal in low JDK version.

When JDK version is lower than 1.8.0_45, method
java.security.MessageDigest#isEqual does not verify
whether the two arrays are null. And the above two
class call this method without null judgment.

ZiQiang Zhao<1694392889@qq.com>
2021-04-09 21:43:19 -06:00
Josh Cummings df8abcfae7
Use Interceptors instead of Advice
- Interceptor is a more descriptive term for what
method security is doing
- This also allows the code to follow a delegate
pattern that unifies both before-method and after-
method authorization

Issue gh-9289
2021-04-09 18:45:31 -06:00
Josh Cummings 122346bd27
Document AuthorizationManager for Method Security
Issue gh-9289
2021-04-09 18:45:10 -06:00
Josh Cummings 6bcf479659
Polish Javadoc
Issue gh-9289
2021-04-09 18:44:25 -06:00