Spring Security
Go to file
Manuel Bleichenbacher d3490b0f87 Prevent double-escaping of authorize URL parameters
If the authorization URL in the OAuth2 provider configuration contained query parameters with escaped characters, these characters were escaped a second time. This commit fixes it.

It is relevant to support the OIDC claims parameter (see https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).

Fixes gh-7871
2020-02-08 16:40:15 -05:00
.github Use https link to Stack Overflow 2019-06-19 12:44:43 -05:00
.idea Add Checkstyle configuration for IntelliJ IDEA 2019-08-09 16:21:30 -05:00
acl Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
aspects Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
bom Use spring-build-conventions Bom plugin 2018-01-09 11:27:34 -06:00
buildSrc Add Gradle Lock Plugin 2020-01-06 14:46:48 -06:00
cas Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
config Don't force downcasting of RequestAttributes to ServletRequestAttributes 2020-02-07 20:44:19 -05:00
core Polish DefaultAuthenticationEventPublisher 2020-02-06 14:13:05 -07:00
crypto Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
data Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
docs Add Dave Syer to Authors 2020-02-07 15:54:32 -06:00
etc Polish LDAP Authentication 2020-01-16 09:38:40 -06:00
gradle Update to Gradle 6.1.1 2020-02-04 23:36:47 -06:00
itest Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
ldap Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
messaging Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
oauth2 Prevent double-escaping of authorize URL parameters 2020-02-08 16:40:15 -05:00
openid Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
remoting Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
rsocket Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
saml2/saml2-service-provider Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
samples cassample groovy->java 2020-02-07 16:44:08 -07:00
scripts Add custom release notes configuration file 2019-12-31 14:19:40 -05:00
taglibs Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
test Add oauth2Client WebTestClient Support 2020-02-05 15:33:57 -07:00
web Unlock dependencies for next development version 2020-02-05 15:53:04 +01:00
.editorconfig Use UTF-8 for Java sources and XML 2019-08-14 08:47:00 -05:00
.gitignore Ignore Lock Files 2020-02-07 13:59:05 -06:00
.travis.yml Build using openjdk8 2019-08-05 09:35:41 -06:00
CODE_OF_CONDUCT.adoc URL Cleanup 2019-03-19 23:53:23 -05:00
CONTRIBUTING.md Use UTF-8 for Java sources and XML 2019-08-14 08:47:00 -05:00
Jenkinsfile Disable locks in snapshot pipeline task 2020-01-08 21:12:19 +01:00
README.adoc URL Cleanup 2019-03-19 23:53:23 -05:00
build.gradle Fix Checkstyle 2020-02-07 15:31:09 -06:00
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 2009-12-02 22:44:30 +00:00
gradle.properties Next development version 2020-02-05 15:51:25 +01:00
gradlew Update to Gradle 6.1.1 2020-02-04 23:36:47 -06:00
gradlew.bat Update to Gradle 5.5 2019-07-11 22:15:42 -04:00
license.txt URL Cleanup 2019-03-14 15:46:20 -05:00
notice.txt URL Cleanup 2019-03-19 23:53:23 -05:00
settings.gradle Idiomatic Kotlin DSL for configuring HTTP security 2020-01-07 12:08:43 -05:00

README.adoc

image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]

image:https://travis-ci.org/spring-projects/spring-security.svg?branch=master["Build Status", link="https://travis-ci.org/spring-projects/spring-security"]

= Spring Security

Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].

== Code of Conduct
This project adheres to the Contributor Covenant link:CODE_OF_CONDUCT.adoc[code of conduct].
By participating, you  are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.

== Downloading Artifacts
See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information.

== Documentation
Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].

== Quick Start
We recommend you visit https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page.

== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download.

=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----

=== Install all spring-\* jars into your local Maven cache
[indent=0]
----
./gradlew install
----

=== Compile and test; build all jars, distribution zips, and docs
[indent=0]
----
./gradlew build
----

Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].

== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/services[Commercial support] is available too.

== Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.md[contributor guidelines] for details.

== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].