github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,492 Commits
17 Branches
69 Tags
78 MiB
Commit Graph

2492 Commits (fa122e7ad65abbb1998e663cba4a2eccfd2eca41)

Author SHA1 Message Date
Justin Richer 2deec98b58 [maven-release-plugin] prepare for next development iteration 2015-10-13 18:56:47 -04:00
Justin Richer d96b2dc130 [maven-release-plugin] prepare release mitreid-connect-1.2.2 2015-10-13 18:56:44 -04:00
Justin Richer 6129cfa61a added scope-based authorities granter for introspections services, closes #835 2015-10-13 18:51:21 -04:00
Justin Richer 96f4d5e8a8 fixed use of wrong constant, closes #940 2015-10-13 18:08:56 -04:00
Justin Richer a5701f4ea3 limit client pagination to 10 pages at a time, closes #886 2015-10-13 17:55:18 -04:00
Justin Richer 8cc89e4e85 made token fetching lazy-loaded 2015-10-13 17:04:36 -04:00
Justin Richer c9358f348a added transactional annotations, finally closes #926 addresses #862 2015-10-13 16:59:11 -04:00
Justin Richer e1e892377f added cleaner for duplicate refresh tokens 2015-10-13 15:38:07 -04:00
Justin Richer 542afca459 cleans duplicate access tokens from DB before other cleanup happens 2015-10-13 15:33:23 -04:00
Justin Richer 9599642f3a upgraded nimbus in uma module` 2015-10-13 12:13:07 -04:00
Justin Richer 149e93e970 Disabled broken crypto tests, pending #938 2015-10-13 11:57:41 -04:00
Justin Richer ebb4f2c3d4 Upgraded to nimbus 4.2, closes #934 2015-10-13 04:40:01 -04:00
Justin Richer c67611e975 added qualifier name to persistence unit and transaction manager, closes #883 2015-10-12 21:15:30 -04:00
Mark Janssen d337e14de3 Remove transitive commons-logging dependencies 
We use slf4j instead; jcl-over-slf4j needs to be a compile-time dependency because we use it in several classes.

Unfortunately Maven does not have a way to exclude commons-logging globally, so we need to figure out which dependencies include it through `mvn dependency:tree` and specify an `<exclusion>` for each of them.

Finally, we upgrade to slf4j 1.7.12: http://www.slf4j.org/news.html.
 2015-10-12 20:17:51 -04:00
Mark Janssen b89fa7028d Use Maven BOM dependency for Spring 
The Maven "bill of materials" dependency ensures that all Spring dependencies use the same version, without having to specify them all.
http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#overview-maven-bom
 2015-10-12 20:17:51 -04:00
Justin Richer d280ca40a4 login hints now handled in a slightly smarter (and more pluggable) manner, closes #851 2015-10-12 20:04:02 -04:00
Justin Richer 98e1d26134 limited when login_hint is sent to the server, closes #963 2015-10-12 17:56:31 -04:00
Mark Janssen 301802abd3 Speed up servlet start 
- Set metadata-complete="true" attribute on the <web-app> element.
- Add an empty <absolute-ordering /> element.

See:
https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Configure_your_web_ap
plication

On my (old) machine, this reduces startup time with Jetty from 137580ms
to 20166ms.
 2015-10-12 13:10:04 -04:00
Mark Janssen 90e4cb97ff Upgrade jetty-maven-plugin and configure war path 
Configuring war path enables `mvn jetty:run-war`.
 2015-10-12 13:10:04 -04:00
Mark Janssen 8b7fc5de68 Update HikariCP to 2.4.1 
https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES
 2015-10-12 13:08:32 -04:00
Mark Janssen 9117e7fe31 Add SQL indexes for PostgreSQL and HSQLDB 2015-10-12 13:08:16 -04:00
Mark Janssen 0269c24263 Travis build on JDK 7+8 
Configures Travis to build on Oracle JDK 7+8 and OpenJDK 7.

Also enables migration to Travis' container-based infrastructure: http://docs.travis-ci.com/user/migrating-from-legacy/
 2015-10-12 13:07:43 -04:00
Mark Janssen 7871ee0f26 Improve error message 2015-10-12 13:07:18 -04:00
Mark Janssen 58543ac9c4 Fix ID token icon description 2015-10-12 12:59:44 -04:00
Mark Janssen b5c298e0ca Remove legacy CSRF protection for approve page 
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
 2015-10-09 17:09:46 +02:00
Justin Richer 8b362f23f3 [maven-release-plugin] prepare for next development iteration 2015-10-02 18:53:48 -04:00
Justin Richer e384a6257b [maven-release-plugin] prepare release mitreid-connect-1.2.1 2015-10-02 18:53:45 -04:00
Justin Richer 4063f7f94f user info endpoint response uses correct client algorithms, addresses #921 2015-10-02 18:48:11 -04:00
Justin Richer 3c222b0d79 rewrote blacklist UI, fixed delete functions on rest of UI, closes #905 2015-10-02 18:37:57 -04:00
Justin Richer 43e9fbc29c fixed issuer on login page, added CSRF to login / logout, closes #870, closes #824, closes #875 2015-10-01 21:16:38 -04:00
Justin Richer ca23521c3b fixed entity relationship for address 2015-10-01 20:52:01 -04:00
Justin Richer e1af979995 don't load user info for anonymous authentications, closes #895 2015-10-01 19:12:50 -04:00
Justin Richer 74f5a248c7 Added indexes to MySQL file, closes #902 2015-10-01 18:59:28 -04:00
Justin Richer acb3d03052 added 'kid' to all signed tokens, closes #899 2015-10-01 18:54:38 -04:00
Justin Richer 48bc26901a added JTI to client auth 2015-10-01 18:54:15 -04:00
Justin Richer d3f8ff2855 added JTI to ID tokens, closes #900 2015-10-01 17:24:47 -04:00
Tony Fendall f43c94314c Change Address model to be an interface. Will allow consuming projects 
to override this funcitonality more easily.
 2015-10-01 15:57:34 -04:00
Mark Janssen c4726b09f0 Update to Spring Security 3.2.8 
https://spring.io/blog/2015/07/23/spring-security-3-2-8-released
 2015-10-01 15:55:31 -04:00
Justin Richer 9822748209 grabbed additional places that mention updated_time/updated_at 2015-10-01 15:53:21 -04:00
John Brooks 719a714735 Addresses issue 910 by replacing update_time with update_at for JSON 
objects.
 2015-10-01 15:43:31 -04:00
Sarah Squire 31ea96ce27 Update DefaultOIDCTokenService.java 
fixed typo
 2015-10-01 15:34:01 -04:00
Justin Richer 31374c0f7b added spring security to logger configuration, closes #917 2015-10-01 15:32:55 -04:00
Bernd Frey 9fe98e0132 OIDCAuthenticationFilter: Make authenticationSignerService optional so 
it must not be provided in Spring config

OIDCAuthenticationProvider: Setter for UserInfoFetcher, so own
implementation can be wired

UserInfoFetcher: Call to DefaultUserInfo.fromJson moved to method, so it
can be overwritten by own implementation to use own UserInfo
implementation
 2015-08-21 17:33:23 -04:00
Stephen Doxsee 8d0355a513 Fix commented-out datasource config for postgresql and mysql to user HikariDataSource instead of Apache's BasicDataSource (since the class isn't in the project by default) 2015-08-21 17:27:12 -04:00
Justin Richer 54d8d890e5 restricted access to /authorize to ROLE_USER accounts, closes #892 2015-08-21 10:20:26 -04:00
Justin Richer 22c05ec51b [maven-release-plugin] prepare for next development iteration 2015-08-05 12:07:47 -04:00
Justin Richer e6b64cd9cd [maven-release-plugin] prepare release mitreid-connect-1.2.0 2015-08-05 12:07:44 -04:00
Justin Richer cd46994fb3 removed old DB upgrade scripts (use the upgrade API instead) 2015-08-05 12:04:14 -04:00
Justin Richer 489450b1c2 automated code format cleanup 2015-08-05 12:04:14 -04:00
Justin Richer edda0218e1 added missing copyright statement. 2015-08-05 09:58:41 -04:00