spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-18 06:50:24 +00:00

Author	SHA1	Message	Date
Joe Grandja	ff8002eb2e	Polish gh-4557	2020-02-12 15:47:57 -05:00
Ruby Hartono	71a5c9521c	Add XML namespace support for oauth2-login Fixes gh-4557	2020-02-12 15:26:17 -05:00
Joe Grandja	40c0a452d7	Define oauth2-login xsd elements Issue gh-4557	2020-02-12 15:26:17 -05:00
Josh Cummings	5bdf57d1e5	Remove Groovy and Spock Dependencies Fixes gh-4939	2020-02-10 10:38:40 -07:00
Stephane Maldini	851be025e9	Don't force downcasting of RequestAttributes to ServletRequestAttributes Fixes gh-7952	2020-02-07 20:44:19 -05:00
Rob Winch	1d7208f8ef	Add RSocket Authentication Extension Support Fixes gh-7935	2020-02-04 23:36:47 -06:00
Josh Cummings	209c81d65d	Add BadOpaqueTokenException Updated NimbusOpaqueTokenIntrospector and NimbusReactiveOpaqueTokenIntrospector to throw. Updated OpaqueTokenAuthenticationProvider and OpaqueTokenReactiveAuthenticationManager to catch. Fixes gh-7902	2020-02-04 17:33:08 -07:00
Josh Cummings	0c3754c811	Add BadJwtException Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw. Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager to catch. Fixes gh-7885	2020-02-04 17:33:08 -07:00
Josh Cummings	3e07b35611	Polish Bearer Token Error Handling Issue gh-7822 Issue gh-7823	2020-02-03 17:54:39 -07:00
Josh Cummings	cb9fd09150	Change AuthenticationWebFilter's constructor Fixes gh-7872	2020-01-31 09:31:28 -07:00
Eleftheria Stein	a512789a93	Fix requiresAuthenticationMatcher not being used The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863	2020-01-27 16:12:27 +01:00
Eleftheria Stein	29377545d9	Fix authenticationFailureHandler not being used The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782	2020-01-27 13:10:03 +01:00
Johannes Edmeier	bdc60a9128	Don't cache requests with `Accept: text/event-stream` by default. The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..	2020-01-17 10:42:16 -08:00
Josh Cummings	f1f158b37e	AuthenticationEventPublisher DSL Lookup Fixes gh-4400	2020-01-14 12:07:46 -07:00
Josh Cummings	5579846263	AuthenticationEventPublisher Bean Lookup Issue gh-7793 Fixes gh-7515	2020-01-14 12:07:46 -07:00
Josh Cummings	a35ce77451	Add missing PowerMockIgnore annotation WebSecurityConfigurerAdapterPowermockTests needs to exclude javax.xml.transform.* from Powermock configuration.	2020-01-09 15:48:08 -07:00
Josh Cummings	ba21c156dd	Polish WebSecurityConfigurerAdapter tests Moved Powermock-dependent test over to WebSecurityConfigurerAdapterPowermockTests.	2020-01-09 13:51:19 -07:00
Josh Cummings	de87675f6d	Add JwtIssuerAuthenticationManagerResolver Fixes gh-7724	2020-01-07 23:30:42 -07:00
Rob Winch	65981444f1	Use Version Ranges Fixes gh-7788	2020-01-06 14:46:48 -06:00
Eleftheria Stein	924b9e95a1	Polish MethodSecurityEvaluationContext Issue: gh-6224	2020-01-03 20:08:52 -05:00
Filip Hanik	af415948b1	Allow configuration of AuthenticationManagerResolver in saml2Login() Fixes gh-7654 https://github.com/spring-projects/spring-security/issues/7654	2019-12-17 13:34:27 -08:00
Filip Hanik	9aa333ca4d	Use the custom ServerRequestCache that the user configures on for the default authentication entry point and authentication success handler Fixes gh-7721 https://github.com/spring-projects/spring-security/issues/7721 Set RequestCache on the Oauth2LoginSpec default authentication success handler import static ReflectionTestUtils.getField Feedback incorporated per https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359	2019-12-17 13:33:56 -08:00
Josh Cummings	02f161aba7	Use OidcIdToken.Builder Issue gh-7592	2019-12-12 07:37:15 -07:00
Joe Grandja	c40a17b4d1	WebFlux oauth2Login() redirects on failed authentication Fixes gh-5562 gh-6484	2019-12-05 16:50:43 -05:00
Alexey Nesterov	d8d59e97ac	Correctly configure authorization requests repository for OAuth2 login To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is correctly configured, but the latter always uses default, WebSession based repository. So authorization code created before redirect to authorization endpoint will never be found to complete OAuth2 login when custom ServerAuthorizationRequestRepository is used. This change also makes OAuth2Client and OAuth2Login authentication converters consistent. Fixes gh-7675	2019-11-29 12:05:15 -05:00
Eleftheria Stein	b7cb93f671	Fix WebFlux logout disabling Fixes: gh-7682	2019-11-28 14:40:25 +01:00
Eleftheria Stein	8a95e5798d	Update @MessageMapping to match input/output cardinality	2019-11-22 15:07:38 -06:00
Eleftheria Stein	1188a3bb5f	Polish RememberMeConfigurer Issue: gh-4140	2019-11-07 15:26:59 +01:00
邓超	b13f750646	Retrieve remember-me key from service as fallback Fixes: gh-4140	2019-11-07 13:55:39 +01:00
Josh Cummings	925bf48ec0	Polish OAuth2ResourceServerConfigurerTests To confirm that resource server only produces SCOPE_<scope> authorities by default. Issue gh-7596	2019-11-04 11:39:54 -07:00
Eleftheria Stein	de7cbc82b5	Clarify in Javadoc that expressionHandler should not be null Fixes: gh-2665	2019-10-23 15:10:39 -04:00
Rob Winch	3051a79188	Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access	2019-09-30 14:33:41 -05:00
Rob Winch	a911f3d52f	Merge Add hasAnyRole method in AuthorizePayloadsSpec.Access	2019-09-30 14:14:59 -05:00
Rob Winch	3854afad61	Merge Add denyAll method in AuthorizePayloadsSpec.Access	2019-09-30 14:05:42 -05:00
Josh Cummings	758af54796	ObjectPostProcessor Tests groovy->java Issue gh-4939	2019-09-27 16:36:33 -06:00
Josh Cummings	a08be5bf6f	UrlAuthorizationsTests groovy->java Issue gh-4939	2019-09-27 16:23:33 -06:00
Josh Cummings	870d83eb3e	PermitAllSupportTests groovy->java Issue gh-4939	2019-09-27 16:23:33 -06:00
Luis Felipe Vega Calle	350bce761f	Add hasAuthority method to RSocketSecurity Fixes gh-7435	2019-09-27 16:48:25 -05:00
Josh Cummings	33ba292fed	Resource Server w/ SecurityReactorContextSubscriber Fixes gh-7423	2019-09-27 11:01:04 -06:00
Joe Grandja	08d2c93713	Polish gh-7466	2019-09-26 22:11:53 -04:00
Roman Chigvintsev	9bae0a4dbd	Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec Fixes gh-7466	2019-09-26 17:19:32 -04:00
Joe Grandja	2a5bd6e719	Align Servlet ExchangeFilterFunction CoreSubscriber Fixes gh-7422	2019-09-26 16:17:17 -04:00
Joe Grandja	d3b7a47ef8	Polish gh-4442	2019-09-25 21:37:31 -04:00
Mark Heckler	da9f027fa4	Add nonce to OIDC Authentication Request Fixes gh-4442	2019-09-25 14:57:54 -04:00
Joe Grandja	9f18c2e21a	OAuth2AuthorizationCodeGrantWebFilter matches on registered redirect-uri Fixes gh-7036	2019-09-24 11:07:36 -04:00
Rob Winch	00f8991fac	Merge Remove Redudant Throws Fixes gh-7301	2019-09-19 11:04:53 -05:00
Ebert Toribio	3a66191756	Add hasAnyAuthority method in AuthorizePayloadsSpec.Access See Fixes gh-7437 Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>	2019-09-18 21:17:09 -05:00
Onur Kagan Ozcan	034b5e9e93	Introduce LogoutSuccessEvent LogoutSuccessEvent is a simple AbstractAuthenticationEvent implementation which indicates successful logout. By default, LogoutConfigurer will add a new LogoutHandler called LogoutSuccessEventPublishingLogoutHandler to publish this event. This PR will also fix ConcurrentSessionFilter's composite logoutHandler, now will get LogoutHandler instances from LogoutConfigurer for consistency. Fixes gh-2900	2019-09-18 10:57:16 -05:00
Manuel Tejeda	9926ad68b8	add hasAnyRole method in AuthorizePayloadsSpec.Access	2019-09-18 07:59:20 -05:00
Jesús Ascama	daf6b53e3a	Add denyAll method in AuthorizePayloadsSpec.Access See gh-7437 Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>	2019-09-17 20:17:10 -05:00

1 2 3 4 5 ...

690 Commits