1ed3e2c47a
quieted logging on database cleanup tasks when no expired elements are found
2015-11-25 15:55:16 -05:00
fcfc620d51
updated client API with more useful errors, removed unused service reference
2015-11-25 15:42:09 -05:00
c59f722cc2
enforce pairwise identifier consistency in UI, closes #969
2015-11-25 15:36:15 -05:00
2496dc114c
allow language system to be loaded from multiple files. closes #817 closes #876
2015-11-24 20:33:55 -05:00
e255fc1a10
change default behavior of message source, closes #964
2015-11-24 20:33:54 -05:00
70751a3d4a
updated configuration to comment out optional property value in example
2015-11-24 12:17:32 -05:00
7b34a666d9
Make the dual client support configurable
2015-11-24 12:10:27 -05:00
a80953a2d4
Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted).
2015-11-24 12:10:27 -05:00
dce80d488b
Clean up ScopeClaimTranslationService
...
`getFieldNameForClaim` method is never used.
2015-11-23 21:35:16 -05:00
f27673a5f5
Align user profile claims
...
Especially helps when `<dd>` collapses due to an empty claim value.
2015-11-23 21:34:54 -05:00
4f9ea0b474
Improve state handling in handleAuthorizationCodeResponse
...
Fail fast when there is no state in session, e.g. because the session
cookie was removed.
Resolves #949
2015-11-23 21:34:35 -05:00
6d2b73a7ef
added JSPs to filter
2015-11-23 21:25:02 -05:00
4c1e6866ce
Filter only `*.tag` files
...
Instead of excluding all binary files, just filter `*.tag` files.
http://maven.apache.org/plugins/maven-resources-plugin/examples/filter.html
2015-11-23 21:03:23 -05:00
a3d01727f9
Make FILTER_PROCESSES_URL public
...
Currently hardcoded in the filter and the client's Spring Security config; would be nicer to reference the value instead.
c5e70ebd5c/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml (L54)
2015-11-23 21:03:08 -05:00
abff7421c1
Upgrade to Spring Framework 4.1.8
...
http://spring.io/blog/2015/10/15/spring-framework-4-2-2-4-1-8-and-3-2-15-available-now
2015-11-23 21:02:46 -05:00
5f24685f17
removed problematic (and not very useful) unit test, closes #742
2015-10-19 15:00:41 -04:00
f04face41e
updated to nimbus 4.3, check JCE policy and algorithm availability before running unit tests, closes #938
2015-10-19 14:47:56 -04:00
2deec98b58
[maven-release-plugin] prepare for next development iteration
2015-10-13 18:56:47 -04:00
d96b2dc130
[maven-release-plugin] prepare release mitreid-connect-1.2.2
2015-10-13 18:56:44 -04:00
6129cfa61a
added scope-based authorities granter for introspections services, closes #835
2015-10-13 18:51:21 -04:00
96f4d5e8a8
fixed use of wrong constant, closes #940
2015-10-13 18:08:56 -04:00
a5701f4ea3
limit client pagination to 10 pages at a time, closes #886
2015-10-13 17:55:18 -04:00
8cc89e4e85
made token fetching lazy-loaded
2015-10-13 17:04:36 -04:00
c9358f348a
added transactional annotations, finally closes #926 addresses #862
2015-10-13 16:59:11 -04:00
e1e892377f
added cleaner for duplicate refresh tokens
2015-10-13 15:38:07 -04:00
542afca459
cleans duplicate access tokens from DB before other cleanup happens
2015-10-13 15:33:23 -04:00
9599642f3a
upgraded nimbus in uma module`
2015-10-13 12:13:07 -04:00
149e93e970
Disabled broken crypto tests, pending #938
2015-10-13 11:57:41 -04:00
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
2015-10-13 04:40:01 -04:00
c67611e975
added qualifier name to persistence unit and transaction manager, closes #883
2015-10-12 21:15:30 -04:00
d337e14de3
Remove transitive commons-logging dependencies
...
We use slf4j instead; jcl-over-slf4j needs to be a compile-time dependency because we use it in several classes.
Unfortunately Maven does not have a way to exclude commons-logging globally, so we need to figure out which dependencies include it through `mvn dependency:tree` and specify an `<exclusion>` for each of them.
Finally, we upgrade to slf4j 1.7.12: http://www.slf4j.org/news.html .
2015-10-12 20:17:51 -04:00
b89fa7028d
Use Maven BOM dependency for Spring
...
The Maven "bill of materials" dependency ensures that all Spring dependencies use the same version, without having to specify them all.
http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#overview-maven-bom
2015-10-12 20:17:51 -04:00
d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
2015-10-12 20:04:02 -04:00
98e1d26134
limited when login_hint is sent to the server, closes #963
2015-10-12 17:56:31 -04:00
301802abd3
Speed up servlet start
...
- Set metadata-complete="true" attribute on the <web-app> element.
- Add an empty <absolute-ordering /> element.
See:
https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Configure_your_web_ap
plication
On my (old) machine, this reduces startup time with Jetty from 137580ms
to 20166ms.
2015-10-12 13:10:04 -04:00
90e4cb97ff
Upgrade jetty-maven-plugin and configure war path
...
Configuring war path enables `mvn jetty:run-war`.
2015-10-12 13:10:04 -04:00
8b7fc5de68
Update HikariCP to 2.4.1
...
https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES
2015-10-12 13:08:32 -04:00
9117e7fe31
Add SQL indexes for PostgreSQL and HSQLDB
2015-10-12 13:08:16 -04:00
0269c24263
Travis build on JDK 7+8
...
Configures Travis to build on Oracle JDK 7+8 and OpenJDK 7.
Also enables migration to Travis' container-based infrastructure: http://docs.travis-ci.com/user/migrating-from-legacy/
2015-10-12 13:07:43 -04:00
7871ee0f26
Improve error message
2015-10-12 13:07:18 -04:00
58543ac9c4
Fix ID token icon description
2015-10-12 12:59:44 -04:00
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
2015-10-09 17:09:46 +02:00
8b362f23f3
[maven-release-plugin] prepare for next development iteration
2015-10-02 18:53:48 -04:00
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
2015-10-02 18:53:45 -04:00
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
2015-10-02 18:48:11 -04:00
3c222b0d79
rewrote blacklist UI, fixed delete functions on rest of UI, closes #905
2015-10-02 18:37:57 -04:00
43e9fbc29c
fixed issuer on login page, added CSRF to login / logout, closes #870 , closes #824 , closes #875
2015-10-01 21:16:38 -04:00
ca23521c3b
fixed entity relationship for address
2015-10-01 20:52:01 -04:00
e1af979995
don't load user info for anonymous authentications, closes #895
2015-10-01 19:12:50 -04:00
74f5a248c7
Added indexes to MySQL file, closes #902
2015-10-01 18:59:28 -04:00
Justin Richer