d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
2015-10-12 20:04:02 -04:00
98e1d26134
limited when login_hint is sent to the server, closes #963
2015-10-12 17:56:31 -04:00
301802abd3
Speed up servlet start
...
- Set metadata-complete="true" attribute on the <web-app> element.
- Add an empty <absolute-ordering /> element.
See:
https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Configure_your_web_ap
plication
On my (old) machine, this reduces startup time with Jetty from 137580ms
to 20166ms.
2015-10-12 13:10:04 -04:00
90e4cb97ff
Upgrade jetty-maven-plugin and configure war path
...
Configuring war path enables `mvn jetty:run-war`.
2015-10-12 13:10:04 -04:00
8b7fc5de68
Update HikariCP to 2.4.1
...
https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES
2015-10-12 13:08:32 -04:00
9117e7fe31
Add SQL indexes for PostgreSQL and HSQLDB
2015-10-12 13:08:16 -04:00
0269c24263
Travis build on JDK 7+8
...
Configures Travis to build on Oracle JDK 7+8 and OpenJDK 7.
Also enables migration to Travis' container-based infrastructure: http://docs.travis-ci.com/user/migrating-from-legacy/
2015-10-12 13:07:43 -04:00
7871ee0f26
Improve error message
2015-10-12 13:07:18 -04:00
58543ac9c4
Fix ID token icon description
2015-10-12 12:59:44 -04:00
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
2015-10-09 17:09:46 +02:00
8b362f23f3
[maven-release-plugin] prepare for next development iteration
2015-10-02 18:53:48 -04:00
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
2015-10-02 18:53:45 -04:00
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
2015-10-02 18:48:11 -04:00
3c222b0d79
rewrote blacklist UI, fixed delete functions on rest of UI, closes #905
2015-10-02 18:37:57 -04:00
43e9fbc29c
fixed issuer on login page, added CSRF to login / logout, closes #870 , closes #824 , closes #875
2015-10-01 21:16:38 -04:00
ca23521c3b
fixed entity relationship for address
2015-10-01 20:52:01 -04:00
e1af979995
don't load user info for anonymous authentications, closes #895
2015-10-01 19:12:50 -04:00
74f5a248c7
Added indexes to MySQL file, closes #902
2015-10-01 18:59:28 -04:00
acb3d03052
added 'kid' to all signed tokens, closes #899
2015-10-01 18:54:38 -04:00
48bc26901a
added JTI to client auth
2015-10-01 18:54:15 -04:00
d3f8ff2855
added JTI to ID tokens, closes #900
2015-10-01 17:24:47 -04:00
f43c94314c
Change Address model to be an interface. Will allow consuming projects
...
to override this funcitonality more easily.
2015-10-01 15:57:34 -04:00
c4726b09f0
Update to Spring Security 3.2.8
...
https://spring.io/blog/2015/07/23/spring-security-3-2-8-released
2015-10-01 15:55:31 -04:00
9822748209
grabbed additional places that mention updated_time/updated_at
2015-10-01 15:53:21 -04:00
719a714735
Addresses issue 910 by replacing update_time with update_at for JSON
...
objects.
2015-10-01 15:43:31 -04:00
31ea96ce27
Update DefaultOIDCTokenService.java
...
fixed typo
2015-10-01 15:34:01 -04:00
31374c0f7b
added spring security to logger configuration, closes #917
2015-10-01 15:32:55 -04:00
9fe98e0132
OIDCAuthenticationFilter: Make authenticationSignerService optional so
...
it must not be provided in Spring config
OIDCAuthenticationProvider: Setter for UserInfoFetcher, so own
implementation can be wired
UserInfoFetcher: Call to DefaultUserInfo.fromJson moved to method, so it
can be overwritten by own implementation to use own UserInfo
implementation
2015-08-21 17:33:23 -04:00
8d0355a513
Fix commented-out datasource config for postgresql and mysql to user HikariDataSource instead of Apache's BasicDataSource (since the class isn't in the project by default)
2015-08-21 17:27:12 -04:00
54d8d890e5
restricted access to /authorize to ROLE_USER accounts, closes #892
2015-08-21 10:20:26 -04:00
22c05ec51b
[maven-release-plugin] prepare for next development iteration
2015-08-05 12:07:47 -04:00
e6b64cd9cd
[maven-release-plugin] prepare release mitreid-connect-1.2.0
2015-08-05 12:07:44 -04:00
cd46994fb3
removed old DB upgrade scripts (use the upgrade API instead)
2015-08-05 12:04:14 -04:00
489450b1c2
automated code format cleanup
2015-08-05 12:04:14 -04:00
edda0218e1
added missing copyright statement.
2015-08-05 09:58:41 -04:00
8a4fb5f839
cleaned up imports
2015-08-05 09:46:36 -04:00
15c2b57730
[maven-release-plugin] prepare for next development iteration
2015-07-30 14:00:20 -04:00
8317c759f1
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2
2015-07-30 14:00:18 -04:00
0740443768
added claims redirect uri set to client model for UMA usage
2015-07-30 13:56:14 -04:00
658b5e1456
updated all available javascript libraries to latest versions
2015-07-10 16:04:36 -04:00
99fbda3d13
fix scope icon overlay in scope editor for safari/chrome/IE, closes #867
2015-07-10 11:40:50 -04:00
71c52d1a39
restored default scopes
2015-07-10 11:39:49 -04:00
a4e75ed733
[maven-release-plugin] prepare for next development iteration
2015-07-09 18:29:14 -04:00
58a47d0e46
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1
2015-07-09 18:29:12 -04:00
e18fa60054
database sync
2015-07-09 18:24:56 -04:00
0714ed514e
fixed errant unit test
...
why do they always get away like that??
2015-07-09 18:16:42 -04:00
62f6b7c45b
Upgrade Spring versions
2015-07-09 18:12:32 -04:00
064f36ef6c
clean up resource sets when clients are deleted
2015-07-09 18:07:19 -04:00
f6c20ad314
changed to using merge() in JPA instead of persist()
2015-07-09 18:06:25 -04:00
d1c069ad1e
clean up permissions and access tokens when a resource set is revoked
2015-07-09 16:40:07 -04:00
Justin Richer