6129cfa61a
added scope-based authorities granter for introspections services, closes #835
9 years ago
96f4d5e8a8
fixed use of wrong constant, closes #940
9 years ago
a5701f4ea3
limit client pagination to 10 pages at a time, closes #886
9 years ago
8cc89e4e85
made token fetching lazy-loaded
9 years ago
c9358f348a
added transactional annotations, finally closes #926 addresses #862
9 years ago
e1e892377f
added cleaner for duplicate refresh tokens
9 years ago
542afca459
cleans duplicate access tokens from DB before other cleanup happens
9 years ago
9599642f3a
upgraded nimbus in uma module`
9 years ago
149e93e970
Disabled broken crypto tests, pending #938
9 years ago
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
9 years ago
c67611e975
added qualifier name to persistence unit and transaction manager, closes #883
9 years ago
d337e14de3
Remove transitive commons-logging dependencies
...
We use slf4j instead; jcl-over-slf4j needs to be a compile-time dependency because we use it in several classes.
Unfortunately Maven does not have a way to exclude commons-logging globally, so we need to figure out which dependencies include it through `mvn dependency:tree` and specify an `<exclusion>` for each of them.
Finally, we upgrade to slf4j 1.7.12: http://www.slf4j.org/news.html .
9 years ago
b89fa7028d
Use Maven BOM dependency for Spring
...
The Maven "bill of materials" dependency ensures that all Spring dependencies use the same version, without having to specify them all.
http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#overview-maven-bom
9 years ago
d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
9 years ago
98e1d26134
limited when login_hint is sent to the server, closes #963
9 years ago
301802abd3
Speed up servlet start
...
- Set metadata-complete="true" attribute on the <web-app> element.
- Add an empty <absolute-ordering /> element.
See:
https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Configure_your_web_ap
plication
On my (old) machine, this reduces startup time with Jetty from 137580ms
to 20166ms.
9 years ago
90e4cb97ff
Upgrade jetty-maven-plugin and configure war path
...
Configuring war path enables `mvn jetty:run-war`.
9 years ago
8b7fc5de68
Update HikariCP to 2.4.1
...
https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES
9 years ago
9117e7fe31
Add SQL indexes for PostgreSQL and HSQLDB
9 years ago
0269c24263
Travis build on JDK 7+8
...
Configures Travis to build on Oracle JDK 7+8 and OpenJDK 7.
Also enables migration to Travis' container-based infrastructure: http://docs.travis-ci.com/user/migrating-from-legacy/
9 years ago
7871ee0f26
Improve error message
9 years ago
58543ac9c4
Fix ID token icon description
9 years ago
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
9 years ago
8b362f23f3
[maven-release-plugin] prepare for next development iteration
9 years ago
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
9 years ago
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
9 years ago
3c222b0d79
rewrote blacklist UI, fixed delete functions on rest of UI, closes #905
9 years ago
43e9fbc29c
fixed issuer on login page, added CSRF to login / logout, closes #870 , closes #824 , closes #875
9 years ago
ca23521c3b
fixed entity relationship for address
9 years ago
e1af979995
don't load user info for anonymous authentications, closes #895
9 years ago
74f5a248c7
Added indexes to MySQL file, closes #902
9 years ago
acb3d03052
added 'kid' to all signed tokens, closes #899
9 years ago
48bc26901a
added JTI to client auth
9 years ago
d3f8ff2855
added JTI to ID tokens, closes #900
9 years ago
f43c94314c
Change Address model to be an interface. Will allow consuming projects
...
to override this funcitonality more easily.
9 years ago
c4726b09f0
Update to Spring Security 3.2.8
...
https://spring.io/blog/2015/07/23/spring-security-3-2-8-released
9 years ago
9822748209
grabbed additional places that mention updated_time/updated_at
9 years ago
719a714735
Addresses issue 910 by replacing update_time with update_at for JSON
...
objects.
9 years ago
31ea96ce27
Update DefaultOIDCTokenService.java
...
fixed typo
9 years ago
31374c0f7b
added spring security to logger configuration, closes #917
9 years ago
9fe98e0132
OIDCAuthenticationFilter: Make authenticationSignerService optional so
...
it must not be provided in Spring config
OIDCAuthenticationProvider: Setter for UserInfoFetcher, so own
implementation can be wired
UserInfoFetcher: Call to DefaultUserInfo.fromJson moved to method, so it
can be overwritten by own implementation to use own UserInfo
implementation
9 years ago
8d0355a513
Fix commented-out datasource config for postgresql and mysql to user HikariDataSource instead of Apache's BasicDataSource (since the class isn't in the project by default)
9 years ago
54d8d890e5
restricted access to /authorize to ROLE_USER accounts, closes #892
9 years ago
22c05ec51b
[maven-release-plugin] prepare for next development iteration
9 years ago
e6b64cd9cd
[maven-release-plugin] prepare release mitreid-connect-1.2.0
9 years ago
cd46994fb3
removed old DB upgrade scripts (use the upgrade API instead)
9 years ago
489450b1c2
automated code format cleanup
9 years ago
edda0218e1
added missing copyright statement.
9 years ago
8a4fb5f839
cleaned up imports
9 years ago
15c2b57730
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer