summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2022-04-19test(http): add second SSL client authentication testThomas1-24/+17
INFO: SSL Client-Authentication with keys from HSM-Facade only works with BCJSSE Provider >= 1.70 and SystemD Parameter: -Dorg.bouncycastle.jsse.client.acceptRenegotiation=true if HTTP Server requires re-negotiation. Hint: do not enable SSL Debugging in BCJSSE Probider, because it throws a NullPointerException with HSM-Facade keys!!!!
2022-04-19chore(core): update IAIK JCE to v5.63Thomas1-1/+1
2022-04-19chore(http): add missing parameter into log messageThomas1-1/+1
2022-04-19feat(http): add request interceptor configuration into Apache HTTP Client ↵Thomas2-1/+17
factory
2022-04-19refact(http): reorder keyStore configuration-builder to optimize log messagesThomas1-1/+1
2022-04-12refact(config): split IConfigurationWithSP into two interfacesThomas6-195/+228
2022-04-12chore(core): update third-party lib to remove double declaration of APIsThomas3-1/+10
2022-03-31chore(core): update some more third-party libsThomas3-12/+19
2022-03-31fix(core): switch to Spring-Core 5.3.18 and Spring-Boot 2.6.5 to fix ↵Thomas1-2/+2
cve-2022-22965
2022-03-31chore(core): add log message to DataBinderControllerAdvice -> ↵Thomas1-3/+9
setDisallowedFields
2022-03-31build(core): switch to next snapshot versionThomas12-12/+12
2022-03-31build(core): switch to next release version1.3.1Thomas12-12/+12
2022-03-31feature(spring): add Spring controller advice to set default set of ↵Thomas1-0/+27
disallowed files for DataBinder This code protects Spring Core from a "Remote Code Execution" attack (dubbed "Spring4Shell").This is a midigation for For more details, see this post: https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
2022-03-01chore: switch to next snapshot versionThomas12-12/+12
2022-03-01build: switch to next release version1.3.0Thomas12-12/+12
2022-03-01chore(core): update third-party libsThomas1-6/+6
2022-03-01refactor(ux): provide method to extract Locale from HTTP request by using ↵Thomas1-5/+12
Spring locale-resolver
2022-02-11chore(core): remove old HttpServlet implementation, because we only use Java ↵Thomas1-148/+0
Spring now
2022-01-27build(test): fix wrong scope of jUnit dependenciesThomas1-1/+2
2022-01-19test(core): add extension of ↵Thomas4-59/+115
'AuthenticatedEncryptionPendingRequestIdGenerationStrategy' that allows generation of already expired tokens
2022-01-19build(CI): optimize source-code analysing and dependency scanningThomas1-0/+10
2022-01-19refactor(core): change API parameters from 'Date' to 'Instant'Thomas7-36/+43
2022-01-19build: switch to new snapshot versionThomas12-12/+12
2022-01-09chore(SAML2): update implementation to remove usage of deprecated ↵Thomas8-37/+37
openSAML4.x API
2022-01-09test(core): fix invalid test for TransactionId attribute-builderThomas1-1/+8
2022-01-09fix(core): change validation of loaded process-definitions to fix problem of ↵Thomas5-23/+116
circular-dependencies loading
2022-01-09feature(core): add synch. and asynch. GUI builder implementation that use ↵Thomas6-1/+405
Spring MVC architecture
2022-01-09refactor(core): update to latest version of Velocity engineThomas5-119/+10
2022-01-08Merge branch 'opensaml_4.x' into nightlyBuildThomas39-307/+351
# Conflicts: # eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java # eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java # eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java # eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java # eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java # eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java # pom.xml
2022-01-08chore(core): update third-party libsThomas1-8/+8
2022-01-08fix(core): remove test code from method on production levelThomas1-5/+1
2022-01-08refactor(core): update logger libs. to latest versionThomas1-2/+2
2022-01-08[fix] solve circular dependencies between 'AuthenticationManager', ↵Thomas4-36/+30
'ModuleRegistration', and 'AuthModule' implementations
2021-12-20update log4j to fix CVE-2021-45105 and CVE-2021-45046:Thomas1-1/+1
2021-12-20update logback to latest versionThomas1-1/+2
2021-12-12update some more third-party libsThomas4-2/+51
2021-12-11add more security checks to GitLab CIThomas1-0/+5
2021-12-09switch to next snapshot versionThomas12-12/+12
2021-12-09switch to next release version1.2.0Thomas12-12/+12
2021-12-07change IGuiFormBuilder interface to enable pre-evaluation of response ↵Thomas3-8/+33
contentType without rendering
2021-12-06update IGuiBuilderConfiguration to indicate asynchronous GUI renderingThomas3-0/+28
2021-11-29switch to next snapshot versionThomas12-12/+12
2021-11-29switch to next release version1.1.20Thomas12-12/+12
2021-11-26update to HSM-Facade-Provider v0.8.0 to fix problem with RSA-OAEPThomas2-5/+4
2021-11-25fix bug in GUI rendering that apply if messages contains a single quoteThomas1-3/+10
2021-11-19switch to next snapshot versionThomas12-12/+12
2021-11-19switch to next release version1.1.19Thomas12-12/+12
2021-11-18add method to inject http headers into Apache HTTP-Client requestsThomas1-0/+19
2021-11-03switch to next snapshot versionThomas12-12/+12
2021-11-03switch to next release version1.1.18Thomas12-12/+12