Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Spring Security
7,006 Commits 29 Branches 320 Tags 104 MiB
Java 94.7%
Kotlin 4.8%
Groovy 0.3%
Go to file
Josh Cummings 998d1a064b Close Nimbus Information Leak 
This commit captures and remaps the exception that Nimbus throws
when a PlainJWT is presented to it.

While the surrounding classes are likely only used today by the
oauth2Login flow, since they are public, we'll patch them at this
point for anyone who may be using them directly.

Fixes: gh-5457
 		2018-07-03 10:28:31 -05:00
.github Add Security Vulnerabilities 2018-03-20 22:42:46 -05:00
acl Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
aspects Use diamond type 2017-12-21 15:09:00 -06:00
bom Use spring-build-conventions Bom plugin 2018-01-09 11:27:34 -06:00
buildSrc Make MIN_SPRING_VERSION Dynamic 2018-03-16 13:53:40 -05:00
cas Fix JDK 9 2018-03-27 09:30:56 -05:00
config InterceptUrlConfigTests groovy->java 2018-07-02 10:39:24 -06:00
core Add DelegatingReactiveAuthenticationManager 2018-06-18 16:03:41 -05:00
crypto Suppress deprecation warnings in spring-security-crypto 2018-05-04 21:02:57 -05:00
data Fix JDK 9 2018-03-27 09:30:56 -05:00
docs Add cross references to ReactorContextTestExecutionListener 2018-06-11 17:13:24 -05:00
etc Apply Checkstyle EmptyStatementCheck module 2017-11-16 20:18:21 -06:00
gradle Fix htmlunit 2018-06-12 17:12:52 -05:00
itest Add StrictHttpFirewall 2018-01-24 11:06:08 -06:00
ldap Use Supplier variants of Assert methods 2018-03-27 10:58:55 -05:00
messaging Use diamond type 2017-12-21 15:09:00 -06:00
oauth2 Close Nimbus Information Leak 2018-07-03 10:28:31 -05:00
openid Use diamond type 2017-12-21 15:09:00 -06:00
remoting Use diamond type 2017-12-21 15:09:00 -06:00
samples Rename @OAuth2Client to @RegisteredOAuth2AuthorizedClient 2018-06-08 17:33:21 -04:00
scripts Add update-dependencies.sh 2018-05-03 14:59:16 -05:00
taglibs Fix Security version tests -> 5.1 2018-03-02 16:29:22 -05:00
test Add cross references to ReactorContextTestExecutionListener 2018-06-11 17:13:24 -05:00
web Override toString() in all RequestMatcher 2018-06-15 11:27:28 -05:00
.editorconfig Improve EditorConfig file 2018-03-16 15:50:34 -05:00
.gitignore ignore s101 metadata 2017-10-26 19:22:39 -05:00
.travis.yml .travis continue on failure 2017-12-20 15:38:22 -06:00
CODE_OF_CONDUCT.adoc SEC-3209: Add Code of Conduct 2016-02-01 14:23:59 -06:00
CONTRIBUTING.md Use spring-projects for organization in GitHub URLs 2018-05-04 21:01:39 -05:00
Jenkinsfile Remove Spring IO Tests 2018-06-05 12:51:03 -05:00
README.adoc Fix Travis build URL in README 2017-12-20 15:36:10 -06:00
build.gradle Update to spring-build-conventions:0.0.17.RELEASE 2018-05-15 21:23:25 -05:00
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 2009-12-02 22:44:30 +00:00
gradle.properties Update to Spring Boot 2.0.3.RELEASE 2018-06-20 15:48:41 -05:00
gradlew Update to Gradle 4.2 2017-09-22 10:00:49 -05:00
gradlew.bat Update to Gradle 3.5 2017-04-21 10:51:49 -05:00
license.txt Change to Apache License version 2.0. 2004-03-23 04:44:48 +00:00
notice.txt Broaden list of names used and correct URL. 2007-12-03 04:39:17 +00:00
settings.gradle Polish settings.gradle 2018-05-18 11:27:06 -05:00

README.adoc 

image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]

image:https://travis-ci.org/spring-projects/spring-security.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-security"]

= Spring Security

Spring Security provides security services for the http://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit http://spring.io/projects[Spring projects].

== Code of Conduct
This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

== Downloading Artifacts
See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.

== Documentation
Be sure to read the http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the http://docs.spring.io/spring-security/site/docs/current/apidocs/[Spring Security API Documentation].

== Quick Start
We recommend you visit http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.

== Building from Source
Spring Security uses a http://gradle.org[Gradle]-based build system.
In the instructions below, http://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
http://help.github.com/set-up-git-redirect[Git] and the http://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.

=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----

=== Install all spring-\* jars into your local Maven cache
[indent=0]
----
./gradlew install
----

=== Compile and test; build all jars, distribution zips, and docs
[indent=0]
----
./gradlew build
----

Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].

== Getting Support
Check out the http://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
http://spring.io/services[Commercial support] is available too.

== Contributing
http://help.github.com/send-pull-requests[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.

== License
Spring Security is Open Source software released under the
http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].