spring-security

Commit Graph

Author	SHA1	Message	Date
Eleftheria Stein	d5eeec0ae6	Temporarily ignore RSocket integration tests Issue gh-8643	6 years ago
Rob Winch	24fd9579c5	Delay AuthenticationPrincipalArgumentResolver Creation Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its lookup. Closes gh-8613	6 years ago
Dávid Kovács	c399185365	Add ROLE_INFRASTRUCTURE to infrastructure beans Closes gh-8407	6 years ago
Rob Winch	7b34b223e6	Logout defaults to use Global SecurityContextServerLogoutHandler Closes gh-8375	6 years ago
hotire	f011c36ba4	Fix typo in Javadoc of ServerHttpSecurity#hasAuthority Closes gh-8336	6 years ago
Eleftheria Stein	bb654fdcdf	Fix HttpSecurity Javadoc Fixes gh-4404	6 years ago
Rob Winch	615f9a3f05	Fix HttpServlet3RequestFactory Logout Handlers Previously there was a problem with Servlet API logout integration when Servlet API was configured before log out. This ensures that logout handlers is a reference to the logout handlers vs copying the logout handlers. This ensures that the ordering does not matter. Closes gh-4760	6 years ago
Rob Winch	32c3353921	SpringTestContext returns ConfigurableWebApplicationContext Closes gh-8233	6 years ago
Josh Cummings	cb7786bf97	Malformed Bearer Token Returns 401 for WebFlux Fixes gh-7668	6 years ago
Joe Grandja	4706b16a2b	oauth2Login WebFlux does not auto-redirect for XHR request Fixes gh-8118	6 years ago
Eleftheria Stein	256aba7b37	Fix rsocket test Request route that exists; add additional error message verification Fixes gh-8154	6 years ago
Erik van Paassen	86e25ff2ab	Fix typo in Javadoc of HttpSecurity#csrf() `HttpSecurity#csrf()` obviously returns a `CsrfConfigurer`, while the Javadoc states that it returns the `ServletApiConfigurer`.	6 years ago
Markus Engelbrecht	75f22285c6	Fix typo 'properites' in documentation Fixes gh-8095	6 years ago
Josh Cummings	9092115b8a	Register Authentication Provider in Init Phase Fixes gh-8031	6 years ago
Stephane Maldini	0012e24c46	Don't force downcasting of RequestAttributes to ServletRequestAttributes Fixes gh-7953	6 years ago
Josh Cummings	c4ccc96655	Polish Error Messages for OpaqueTokenIntrospectors	6 years ago
Eleftheria Stein	9dd3dfe718	Fix requiresAuthenticationMatcher not being used The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863	6 years ago
Eleftheria Stein	edb6cd3729	Fix authenticationFailureHandler not being used The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782	6 years ago
Johannes Edmeier	cc956a66df	Don't cache requests with `Accept: text/event-stream` by default. The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..	6 years ago
Filip Hanik	b754a3d635	Use the custom ServerRequestCache that the user configures on for the default authentication entry point and authentication success handler Fixes gh-7721 https://github.com/spring-projects/spring-security/issues/7721 Set RequestCache on the Oauth2LoginSpec default authentication success handler import static ReflectionTestUtils.getField Feedback incorporated per https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359	6 years ago
Eleftheria Stein	0d24e2b8cf	Fix WebFlux logout disabling Fixes: gh-7682	6 years ago
Joe Grandja	e4aa3be4c5	WebFlux oauth2Login() redirects on failed authentication Fixes gh-5562 gh-6484	6 years ago
Alexey Nesterov	0babe7d930	Correctly configure authorization requests repository for OAuth2 login To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is correctly configured, but the latter always uses default, WebSession based repository. So authorization code created before redirect to authorization endpoint will never be found to complete OAuth2 login when custom ServerAuthorizationRequestRepository is used. This change also makes OAuth2Client and OAuth2Login authentication converters consistent. Fixes gh-7675	6 years ago
Eleftheria Stein	8a95e5798d	Update @MessageMapping to match input/output cardinality	6 years ago
Pim Moerenhout	cd0bec48de	Fix typo in log message.	6 years ago
Paul Pazderski	0d35194b47	Add sessionFixation Javadoc	6 years ago
Adrian Pena	ca8877c8c5	Updates javadoc for InitializeUserDetailsBeanManagerConfigurer	6 years ago
Eleftheria Stein	1188a3bb5f	Polish RememberMeConfigurer Issue: gh-4140	6 years ago
邓超	b13f750646	Retrieve remember-me key from service as fallback Fixes: gh-4140	6 years ago
Yanming Zhou	9f6a36444a	Add missing schemas	6 years ago
Josh Cummings	925bf48ec0	Polish OAuth2ResourceServerConfigurerTests To confirm that resource server only produces SCOPE_<scope> authorities by default. Issue gh-7596	6 years ago
Filip Hanik	0cafcf37e2	Make the loginProcessingUrl configurable for saml2Login() Fixes gh-7565 https://github.com/spring-projects/spring-security/issues/7565	6 years ago
Josh Cummings	5f17032ffd	Restore Removed Throws Clauses In a recent clean-up, certain exceptions were removed from various throws clauses. This PR re-introduces throws clauses that are important for one of the following reasons: 1. It's a method on a public interface 2. It's a method clearly designed for inheritance, for example, a method stub, an abstract method, or indicated as such in the docs. Fixes gh-7541	6 years ago
Rob Winch	635f7e1edd	CsrfWebFilter supports multipart/form-data Fixes gh-7576	6 years ago
Vitalii Mahas	0ac5f5456f	Fix typo 'is' -> 'if' in javadoc	6 years ago
Eleftheria Stein	de7cbc82b5	Clarify in Javadoc that expressionHandler should not be null Fixes: gh-2665	6 years ago
Josh Cummings	758af54796	ObjectPostProcessor Tests groovy->java Issue gh-4939	6 years ago
Josh Cummings	a08be5bf6f	UrlAuthorizationsTests groovy->java Issue gh-4939	6 years ago
Josh Cummings	870d83eb3e	PermitAllSupportTests groovy->java Issue gh-4939	6 years ago
Luis Felipe Vega Calle	350bce761f	Add hasAuthority method to RSocketSecurity Fixes gh-7435	6 years ago
Josh Cummings	5f905232cb	Polish CurrentSecurityContextArgumentResolvers Fixes gh-7487	6 years ago
Joe Grandja	5ef6e7ed6f	Add author for SecurityReactorContextConfiguration Issue gh-7422	6 years ago
Joe Grandja	0fea57d6a1	Optimize SecurityReactorContextConfiguration Issue gh-7422	6 years ago
Josh Cummings	33ba292fed	Resource Server w/ SecurityReactorContextSubscriber Fixes gh-7423	6 years ago
Joe Grandja	5a67971375	WebFluxSecurityConfiguration configures oauth2Client() by default Fixes gh-7470	6 years ago
Joe Grandja	08d2c93713	Polish gh-7466	6 years ago
Roman Chigvintsev	9bae0a4dbd	Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec Fixes gh-7466	6 years ago
Joe Grandja	2a5bd6e719	Align Servlet ExchangeFilterFunction CoreSubscriber Fixes gh-7422	6 years ago
Joe Grandja	d3b7a47ef8	Polish gh-4442	6 years ago
Mark Heckler	da9f027fa4	Add nonce to OIDC Authentication Request Fixes gh-4442	6 years ago

1 2 3 4 5 ...

1481 Commits (69ff2ab3fcac705182ec8febfb24a474aaa5b68e)