Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-24 16:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,328 Commits 34 Branches 337 Tags
Commit Graph

8328 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eleftheria Stein
fcc6457bef Unlock dependencies for next development version 
This reverts commit 93acf8f0f11e2811b7d4241b26f712674978f3f7.
 2020-01-08 22:15:17 +01:00
Eleftheria Stein
d68a82e716 Next Development Version 2020-01-08 22:10:35 +01:00
Eleftheria Stein
7af26f12dc Release 5.3.0.M1 5.3.0.M1 2020-01-08 21:42:46 +01:00
Eleftheria Stein
3cc9dfcd9f Disable locks in snapshot pipeline task 
Fixes: gh-7798
 2020-01-08 21:12:19 +01:00
Eleftheria Stein
c0d78a32f1 Allow disabling dependency locking 
Fixes: gh-7799
 2020-01-08 21:11:00 +01:00
Eleftheria Stein
93acf8f0f1 Lock dependencies for 5.3.0.M1 2020-01-08 19:41:10 +01:00
Eleftheria Stein
2cf9e57fa4 Restrict cas-server version 
Issue: gh-7788
 2020-01-08 17:18:30 +01:00
Eleftheria Stein
20483c2314 Update to Spring Boot 2.2.2.RELEASE 
Fixes: gh-7797
 2020-01-08 17:01:23 +01:00
Josh Cummings
de87675f6d Add JwtIssuerAuthenticationManagerResolver 
Fixes gh-7724
 2020-01-07 23:30:42 -07:00
Josh Cummings
09810b8df9
oidcLogin Test Configuration Flow 
Fixes gh-7794
 2020-01-07 17:37:48 -07:00
Josh Cummings
84ba3ddf26
Add oauth2Login MockMvc Support 
Fixes gh-7789
 2020-01-07 14:09:36 -07:00
Eleftheria Stein-Kousathana
2df1099da5
Idiomatic Kotlin DSL for configuring HTTP security 
Issue: gh-5558
 2020-01-07 12:08:43 -05:00
artmiar
e306482a96 Fix description of PasswordEncoder 2020-01-07 06:17:39 -05:00
Rob Winch
f639e17491 Resolve Current Spring Version 
Issue gh-7788
 2020-01-06 15:12:04 -06:00
Rob Winch
65981444f1 Use Version Ranges 
Fixes gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch
1bb1e74a9d Add Gradle Lock Plugin 
Issue gh-7788
 2020-01-06 14:46:48 -06:00
Rob Winch
06d7443946 Use Gradle platform and constraints 
This was largely generated from the following script

wget bd9f8eb541/src/main/groovy/io/spring/gradle/convention/DependencySetPlugin.groovy ./dsp.gradle
cat gradle/dependency-management.gradle | grep 'management "' | cut -d ':' -f 2 | xargs -I{} sh -c "rg {} -l -g '*.gradle' -g '\!dependency-management.gradle' > /dev/null || echo {}" | xargs -I{} sed -iE '/.*{}.*/d' gradle/dependency-management.gradle
rm ./dps.gradle

Fixes gh-7787
 2020-01-06 14:46:36 -06:00
Eleftheria Stein
924b9e95a1 Polish MethodSecurityEvaluationContext 
Issue: gh-6224
 2020-01-03 20:08:52 -05:00
Daniel Bustamante Ospina
150b66824d Make MethodSecurityEvaluationContext Delegate to MethodBasedEvaluationContext 
Spring Security's MethodSecurityEvaluationContext should delegate to Spring Framework's
MethodBasedEvaluationContext

Fixes: gh-6224
 2020-01-03 19:49:41 -05:00
Rafael Renan Pacheco
96d82ecbf2 Fix docs that cause unchecked assignment and NPE 2020-01-02 11:29:05 -05:00
Eleftheria Stein
8b8267e1fe Fix typo in LDAP Javadoc 2020-01-02 10:58:44 -05:00
Matthias Stock
5fde3044f7 Resolve JavaType only once for whitelisted class 2020-01-02 10:30:51 -05:00
Filip Hanik
9d26f12e86 Add an example of Base64 encoding that failed with java.util.Base64 
Revert usage to Apache Commons Codec (dependency by OpenSaml)
 2020-01-01 15:45:10 -08:00
Eleftheria Stein
22c222005b Add custom release notes configuration file 2019-12-31 14:19:40 -05:00
BELHAKEL Ammar
b4619f31ee
Fix return type 
AbstractConfiguredSecurityBuilder.objectPostProcessor() should cast to
B, the type of SecurityBuilder, instead of O, the type of object being
built.

Without this change, calls like
http.objectPostProcessor(...).getFilters() will fail with a
ClassCastException.
 2019-12-30 12:01:56 -07:00
Eleftheria Stein
f109388211 Use lambda DSL in all samples in documentation 
Issue: gh-7774
 2019-12-30 17:49:35 +01:00
Rafael Renan Pacheco
0295b51e78 Fix var typo and code readability 2019-12-27 15:25:04 +01:00
Eleftheria Stein
2c7f2c2117 Fix Javadoc error in oauth2ResourceServer 
Fixes: gh-7670
 2019-12-27 14:24:46 +01:00
Josh Cummings
e1fdb24b5d
Add opaqueToken MockMvc Test Support 
Fixes gh-7712
 2019-12-20 15:34:11 -07:00
Onur Kağan Özcan
2015f392ef Set secure when cancelling remember-me cookie 
AbstractRememberMeServices is setting remember-me cookie with checking request is secure or secure usage is independently set to a fixed flag.
But when cancelling a cookie, cookie is not being marked secure or not. It produces an inconsistency when using secure flag as a part to identity of cookie.
 2019-12-20 16:04:31 +01:00
Josh Cummings
40d4dce329
Polish Documentation 
Changed indentation on saml2Login() snippets to align more closely
with surrounding documentation.

Also removed call to super.configure as this would enable formLogin as
well as httpBasic. Replaced with default endpoint authorization
statement.

Issue gh-7654
 2019-12-18 10:53:59 -07:00
Josh Cummings
c745889ae7
Update to nimbus-jose-jwt:8.3 
Fixes gh-7720
 2019-12-18 10:23:51 -07:00
Tao Sun
f18d0fd1a7 Test details using isEqualTo 2019-12-18 17:35:51 +01:00
Tao Sun
6b0981549b Add test for details deserialization 2019-12-18 17:35:51 +01:00
Tao Sun
156fc294bf Deserialize details field in UsernamePasswordAuthenticationToken 
Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482
 2019-12-18 17:35:51 +01:00
Filip Hanik
af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login() 
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
 2019-12-17 13:34:27 -08:00
Filip Hanik
b7eebabce6 Ensure that both matchers carry the same pattern. 
AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final,
so there is a risk that the underlying matcher can become different if one is not careful.
 2019-12-17 13:34:27 -08:00
Filip Hanik
9aa333ca4d Use the custom ServerRequestCache that the user configures 
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
 2019-12-17 13:33:56 -08:00
Rafael Garcia
65f5c29316 Check hashes of byte array passwords 
Fixes gh-7661
 2019-12-13 17:57:49 +01:00
Rob Winch
83d796cf1a Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor 
The documentation incorrectly used ServerRSocketFactoryCustomizer which
was renamed to ServerRSocketFactoryProcessor. The docs now use the correct
class name

Fixes gh-7737
 2019-12-12 15:30:33 -06:00
Eleftheria Stein
da3f18017d Polish SAML2 principal classes 
Update @since

Issue: gh-7681
 2019-12-12 20:22:58 +01:00
Rob Winch
a8331ba7ed CompositeServerHttpHeadersWriter Executes Sequentially 
Fixes gh-7731
 2019-12-12 11:23:56 -06:00
Clement Stoquart
31b999e9b4 fix: make Saml2Authentication serializable 2019-12-12 17:11:00 +01:00
Josh Cummings
02f161aba7
Use OidcIdToken.Builder 
Issue gh-7592
 2019-12-12 07:37:15 -07:00
David Herberth
64e063d948 switches web authentication principal resolver to use reactive context 
gh #6598

Signed-off-by: David Herberth <github@dav1d.de>
 2019-12-12 15:33:23 +01:00
Rob Winch
8e53c3f269 DelegatingServerAuthenticationSuccessHandler Executes Sequentially 
Fixes gh-7728
 2019-12-12 08:32:44 -06:00
Rafael Garcia
c71e84bdac Replace test vectors with list of objects 2019-12-12 12:42:44 +01:00
Rob Winch
73babc3314 DelegatingServerLogoutHandler Executes Sequentially 
Fixes gh-7723
 2019-12-11 15:39:27 -06:00
Phil Clay
cffad1be02 Polish #7589 
Rename OAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager to AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.

Handle empty mono returned from contextAttributesMapper.

Handle empty map returned from contextAttributesMapper.

Fix DefaultContextAttributesMapper so that it doesn't access ServerWebExchange.

Fix unit tests so that they pass.

Use StepVerifier in unit tests, rather than .subscribe().

Fixes gh-7569
 2019-12-10 13:59:51 -05:00
Ankur Pathak
c29309d744 Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager 
ReactiveOAuth2AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager is reactive
version of AuthorizedClientServiceOAuth2AuthorizedClientManager

Fixes: gh-7569
 2019-12-10 13:59:51 -05:00