Commit Graph

1079 Commits

Author SHA1 Message Date
Steve Riesenberg
ce065a87da Merge branch '5.8.x'
Closes gh-12207
2022-11-14 12:25:05 -06:00
Steve Riesenberg
71eb71d185 Merge branch '5.7.x' into 5.8.x
Closes gh-12206
2022-11-14 12:11:59 -06:00
Steve Riesenberg
67a1f0836b Merge branch '5.6.x' into 5.7.x
Closes gh-12205
2022-11-14 12:10:55 -06:00
Steve Riesenberg
fde26e003a Request user info when AS returns no scopes
Closes gh-12144
2022-11-10 16:29:43 -06:00
Josh Cummings
5fe59cc635 Revert "Add configurable authorities split regex"
This reverts commit e93ed6d94c.

This can't be merged until after the 6.0 release
2022-11-01 17:39:26 -06:00
Patrick Walter
e93ed6d94c Add configurable authorities split regex
Before this commit splitting the authorities claim was done by a
hardcoded regex " ". This commit allows to configure to set any regex
to split the authorities claim while keeping the previously
hardcoded regex as a default.
2022-11-01 17:38:47 -06:00
Josh Cummings
cca999c57d Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings
d29ab8bcae Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8 Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza
8315545144 Update RP-Initiated Logout target URLs.
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
2022-11-01 12:35:39 -06:00
Steve Riesenberg
801ceb0832 Merge branch '5.8.x' 2022-10-31 08:58:14 -05:00
Steve Riesenberg
66f2f1cde7 Merge branch '5.7.x' into 5.8.x 2022-10-31 08:55:03 -05:00
Steve Riesenberg
2915a70bf7 Merge branch '5.6.x' into 5.7.x 2022-10-28 13:05:48 -05:00
Steve Riesenberg
26a51ee198 Merge branch '5.5.x' into 5.6.x 2022-10-28 11:15:33 -05:00
Steve Riesenberg
e7fe778abc Merge branch '5.4.x' into 5.5.x 2022-10-28 11:13:33 -05:00
Steve Riesenberg
3e2ac82612 Merge branch '5.3.x' into 5.4.x 2022-10-28 11:10:39 -05:00
Steve Riesenberg
5560bbaa80 Merge branch '5.2.x' into 5.3.x 2022-10-28 11:07:51 -05:00
Steve Riesenberg
75004587a4 Fix scope mapping
Issue gh-12101
2022-10-28 11:00:27 -05:00
Josh Cummings
f4cc27c375 Change Default for (Server)AuthenticationEntryPointFailureHandler
Closes gh-9429
2022-10-13 20:03:03 -06:00
Josh Cummings
5afc7cb04f Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Josh Cummings
099aaa33ff Remove Deprecation Markers
Since Spring Security still needs these methods and classes, we
should wait on deprecating them if we can.

Instead, this commit changes the original classes to have a
boolean property that is currently false, but will switch to true
in 6.0.

At that time, BearerTokenAuthenticationFilter can change to use
the handler.

Closes gh-11932
2022-10-13 19:47:22 -06:00
Daniel Garnier-Moiroux
200b7fecd3 Add (Server)AuthenticationEntryPointFailureHandlerAdapter
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
2022-10-13 19:25:04 -06:00
Josh Cummings
14584b0562 Add SecurityContextHolderStrategy to OAuth2
Issue gh-11060
2022-10-05 23:50:54 -06:00
Marcus Da Coregio
7f0140278e Add native hint for OAuth2 Client's schemas
Closes gh-11920
2022-09-29 10:01:51 -03:00
Steve Riesenberg
181ee7410b Change default authority for oauth2Login()
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
2022-09-26 10:06:31 -05:00
Steve Riesenberg
7527fd811c Merge branch '5.8.x' 2022-09-26 09:56:55 -05:00
Steve Riesenberg
bbac85e20b Reduce severity of invalid registrationId to warn
This prevents filling the log file with error messages when routine
scans are being performed.

Closes gh-11344
2022-09-26 09:56:20 -05:00
Josh Cummings
ae6fb8c681 Add Deprecated Versions of Original Classes
Issue gh-7349
2022-09-23 16:31:22 -06:00
Josh Cummings
37a160245f Adjust OAuth2 Resource Server packaging
Closes gh-7349
2022-09-23 16:31:21 -06:00
Josh Cummings
53dbcfd457 Add Deprecated Versions of Original Classes
Issue gh-7349
2022-09-23 12:06:59 -06:00
Steve Riesenberg
3c66ef6305 Change default SecurityContextRepository
Save SecurityContext in request attributes for stateless session
management using RequestAttributeSecurityContextRepository.

Closes gh-11026
2022-09-22 17:31:14 -05:00
Josh Cummings
70460ca009 Adjust OAuth2 Resource Server packaging
Closes gh-7349
2022-09-20 17:44:05 -06:00
Marcus Da Coregio
fee1ffa422 Fix JSONObject and JSONArray imports in tests
Issue gh-11858
2022-09-16 15:57:43 -03:00
Steve Riesenberg
67a00bcaa0 Fix JSONObject and JSONArray imports in tests 2022-09-16 13:38:57 -05:00
Steve Riesenberg
c6458c35aa Merge branch '5.8.x' 2022-09-14 15:12:21 -05:00
Daniel Garnier-Moiroux
bea7761a1c ClientRegistrations#rest defines 30s connect and read timeouts 2022-09-14 15:10:34 -05:00
Steve Riesenberg
2431dd1103 Merge branch '5.8.x' 2022-09-13 17:38:10 -05:00
Steve Riesenberg
355ef21117 Polish gh-11665 2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f Add authentication converter for introspected tokens
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).

The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).

The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.

Closes gh-11661
2022-09-13 16:45:36 -05:00
Rob Winch
f84f08c4b9 Default HttpSessionRequestCache.matchingRequestParameterName=continue
Closes gh-11757
2022-08-26 14:44:55 -05:00
Rob Winch
32dbaceec5 Fix mockito 4.7.0 merge
Issue gh-11748
2022-08-24 08:58:00 -05:00
Rob Winch
670b71363d Merge branch '5.8.x'
Closes gh-11749
2022-08-23 16:03:50 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations
Issue gh-11748
2022-08-23 15:59:52 -05:00
Steve Riesenberg
7c7f9380c7 Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:54:45 -05:00
tinolazreg
888715bbb2 Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:54:45 -05:00
Steve Riesenberg
53a3ff8932 Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:53:45 -05:00
tinolazreg
77d11a3f9f Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:53:44 -05:00
Steve Riesenberg
51dc672625 Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:48:42 -05:00
tinolazreg
d1c742d7aa Add tests for unknown KID error
Issue gh-11621
2022-08-18 16:48:41 -05:00
Steve Riesenberg
9c02e835e8 Refresh remote JWK when unknown KID error occurs
Closes gh-11621
2022-08-18 16:42:57 -05:00