Commit Graph

716 Commits

Author SHA1 Message Date
Rob Winch
a907026eae Deprecate X-FRAME-OPTIONS ALLOW-FROM Directive
Closes gh-8677
2020-06-10 11:48:56 -05:00
Joe Grandja
da4b626bf1 OAuth2LoginAuthenticationWebFilter should handle OAuth2AuthorizationException
Issue gh-8609
2020-06-09 17:28:21 -04:00
Parikshit Dutta
28d2cfa14a Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter
Fixes gh-8536
2020-06-02 21:54:09 -04:00
Rob Winch
748538d19f Delay AuthenticationPrincipalArgumentResolver Creation
Use ObjectProvider<AuthenticationPrincipalArgumentResolver> to delay its
lookup.

Closes gh-8613
2020-05-29 16:49:01 -05:00
Craig Andrews
dbdeec4216 Check for an existing SessionRegistry bean
If a SessionRegistry is necessary, check for one in the ApplicationContext before creating one.
2020-05-22 20:33:32 -05:00
Josh Cummings
51a0cffd36 Post-process AuthenticationRequestFilter
Fixes gh-8552
2020-05-18 21:08:23 -06:00
Josh Cummings
9241cd2892 Move TestRelyingPartyRegistrations
Fixes gh-8551
2020-05-18 16:38:40 -06:00
Parikshit Dutta
1e211b6558 Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter
Fixes gh-8120
2020-05-15 15:13:15 -04:00
Joe Grandja
c1abc9b134 Polish gh-8501 2020-05-15 13:26:09 -04:00
Thomas Vitale
78fa859798 Add issuerUri to ClientRegistration.providerDetails
- Add "issuerUri" attribute to ClientRegistration.providerDetails for OpenID Connect Discovery 1.0 or OAuth 2.0 Authorization Server Metadata.
- Validate OidcIdToken "iss" claim against the OpenID Provider "issuerUri" value.
- Update documentation for client registration: it includes issuer-uri property now.

Fixes gh-8326
2020-05-14 17:13:07 -04:00
Eleftheria Stein
1aadbb2f4d Remove "/path/**/other" patterns in tests
Fixes gh-8513
2020-05-11 17:00:25 -04:00
Rob Winch
d91b153cad Explicitly set useSuffixPatternMatch for Tests
Spring MVC changed their default behavior in
https://github.com/spring-projects/spring-framework/issues/23915 This
causes failures in some of Spring Security's tests.

This explicitly sets useSuffixPatternMatch=true to ensure that Spring
Security still works if users have modified their defaults.

Closes gh-8493
2020-05-08 16:43:56 -05:00
Rob Winch
4a9fa0337a Allow Configure RequestRjectedHandler in XML
Issue gh-5007
2020-05-01 10:51:11 -05:00
Evgeniy Cheban
a70d55552b Resource Server Finds JwtAuthenticationConverter Beans
Fixes gh-8185
2020-04-13 22:47:20 -06:00
Rob Winch
9a42a028e7 Logout defaults to use Global SecurityContextServerLogoutHandler
Closes gh-8375
2020-04-13 16:36:12 -05:00
Rob Winch
91728ef53b Fix HttpServlet3RequestFactory Logout Handlers
Previously there was a problem with Servlet API logout integration
when Servlet API was configured before log out.

This ensures that logout handlers is a reference to the logout handlers
vs copying the logout handlers. This ensures that the ordering does not
matter.

Closes gh-4760
2020-03-30 17:50:28 -05:00
Rob Winch
b055f8bb25 SpringTestContext returns ConfigurableWebApplicationContext
Closes gh-8233
2020-03-30 17:46:25 -05:00
Joe Grandja
e27e548215 oauth2Login WebFlux does not auto-redirect for XHR request
Fixes gh-8118
2020-03-26 04:36:23 -04:00
Eleftheria Stein
97085ef310 Fix rsocket test
Request route that exists; add additional error message verification

Fixes gh-8154
2020-03-19 17:27:14 -04:00
Josh Cummings
f438bdfbcf Add spring-security-5.4.xsd
Issue gh-8138
2020-03-18 09:45:10 -06:00
Josh Cummings
c729fee7bc Malformed Bearer Token Returns 401 for WebFlux
Fixes gh-7668
2020-03-03 15:42:02 -07:00
Josh Cummings
e97396b9c7 Add Resource Server XML Support
Fixes gh-5185
2020-03-02 11:51:40 -07:00
Josh Cummings
19584884b3 Register Authentication Provider in Init Phase
Fixes gh-8031
2020-02-28 15:32:27 -07:00
Filip Hanik
3257349045 Support POST binding for AuthNRequest
Has been tested with

- Keycloak
- SSOCircle
- Okta
- SimpleSAMLPhp

This PR extends (builds on previous commits and adds user configuration
options)
https://github.com/spring-projects/spring-security/pull/7758
2020-02-28 09:15:26 -08:00
Ankur Pathak
480c5bc87e Custom ServerHttpHeadersWriter to HeaderSpec
Add the ability to have a custom ServerHttpHeadersWriter to HeaderSpec
Fixes gh-7636
2020-02-27 07:55:30 -06:00
Joe Grandja
8a4ff4452b Add XML namespace support for oauth2-client
Fixes gh-5184
2020-02-20 20:05:48 -05:00
Joe Grandja
ff8002eb2e Polish gh-4557 2020-02-12 15:47:57 -05:00
Ruby Hartono
71a5c9521c Add XML namespace support for oauth2-login
Fixes gh-4557
2020-02-12 15:26:17 -05:00
Joe Grandja
40c0a452d7 Define oauth2-login xsd elements
Issue gh-4557
2020-02-12 15:26:17 -05:00
Josh Cummings
5bdf57d1e5 Remove Groovy and Spock Dependencies
Fixes gh-4939
2020-02-10 10:38:40 -07:00
Stephane Maldini
851be025e9 Don't force downcasting of RequestAttributes to ServletRequestAttributes
Fixes gh-7952
2020-02-07 20:44:19 -05:00
Rob Winch
1d7208f8ef Add RSocket Authentication Extension Support
Fixes gh-7935
2020-02-04 23:36:47 -06:00
Josh Cummings
209c81d65d Add BadOpaqueTokenException
Updated NimbusOpaqueTokenIntrospector and
NimbusReactiveOpaqueTokenIntrospector to throw.
Updated OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager to catch.

Fixes gh-7902
2020-02-04 17:33:08 -07:00
Josh Cummings
0c3754c811 Add BadJwtException
Updated NimbusJwtDecoder and NimbusReactiveJwtDecoder to throw.
Updated JwtAuthenticationProvider and JwtReactiveAuthenticationManager
to catch.

Fixes gh-7885
2020-02-04 17:33:08 -07:00
Josh Cummings
3e07b35611 Polish Bearer Token Error Handling
Issue gh-7822
Issue gh-7823
2020-02-03 17:54:39 -07:00
Josh Cummings
cb9fd09150 Change AuthenticationWebFilter's constructor
Fixes gh-7872
2020-01-31 09:31:28 -07:00
Eleftheria Stein
a512789a93 Fix requiresAuthenticationMatcher not being used
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
2020-01-27 16:12:27 +01:00
Eleftheria Stein
29377545d9 Fix authenticationFailureHandler not being used
The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
2020-01-27 13:10:03 +01:00
Johannes Edmeier
bdc60a9128 Don't cache requests with Accept: text/event-stream by default.
The eventstream requests is typically not directly invoked by the browser.
And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
2020-01-17 10:42:16 -08:00
Josh Cummings
f1f158b37e AuthenticationEventPublisher DSL Lookup
Fixes gh-4400
2020-01-14 12:07:46 -07:00
Josh Cummings
5579846263 AuthenticationEventPublisher Bean Lookup
Issue gh-7793
Fixes gh-7515
2020-01-14 12:07:46 -07:00
Josh Cummings
a35ce77451 Add missing PowerMockIgnore annotation
WebSecurityConfigurerAdapterPowermockTests needs to exclude
javax.xml.transform.* from Powermock configuration.
2020-01-09 15:48:08 -07:00
Josh Cummings
ba21c156dd Polish WebSecurityConfigurerAdapter tests
Moved Powermock-dependent test over to
WebSecurityConfigurerAdapterPowermockTests.
2020-01-09 13:51:19 -07:00
Josh Cummings
de87675f6d Add JwtIssuerAuthenticationManagerResolver
Fixes gh-7724
2020-01-07 23:30:42 -07:00
Rob Winch
65981444f1 Use Version Ranges
Fixes gh-7788
2020-01-06 14:46:48 -06:00
Eleftheria Stein
924b9e95a1 Polish MethodSecurityEvaluationContext
Issue: gh-6224
2020-01-03 20:08:52 -05:00
Filip Hanik
af415948b1 Allow configuration of AuthenticationManagerResolver in saml2Login()
Fixes gh-7654

https://github.com/spring-projects/spring-security/issues/7654
2019-12-17 13:34:27 -08:00
Filip Hanik
9aa333ca4d Use the custom ServerRequestCache that the user configures
on for the default authentication entry point and authentication
success handler

Fixes gh-7721

https://github.com/spring-projects/spring-security/issues/7721

Set RequestCache on the Oauth2LoginSpec default authentication success handler

import static ReflectionTestUtils.getField

Feedback incorporated per

https://github.com/spring-projects/spring-security/pull/7734#pullrequestreview-332150359
2019-12-17 13:33:56 -08:00
Josh Cummings
02f161aba7 Use OidcIdToken.Builder
Issue gh-7592
2019-12-12 07:37:15 -07:00
Joe Grandja
c40a17b4d1 WebFlux oauth2Login() redirects on failed authentication
Fixes gh-5562 gh-6484
2019-12-05 16:50:43 -05:00