Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-10 11:39:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,744 Commits 55 Branches 364 Tags
Commit Graph

19744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
e3e7d76b70 Add Workflow to Finalize a Release 2025-11-04 09:32:41 -07:00
github-actions[bot]
9dde69746f Release 7.0.0-RC2 7.0.0-RC2 2025-11-04 05:32:57 +00:00
Rob Winch
884cf0d62e
EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication 
Closes gh-18127
 2025-11-03 22:42:28 -06:00
Rob Winch
aaf738f7ac
MFA is now Opt In 
This commit ensures that MFA is only performed when users opt in. By
doing so, we allow users to decide if they will opt into the semantics
of merging two Authentication instances.

Closes gh-18126
 2025-11-03 22:42:27 -06:00
Rob Winch
ccd39a23c9
Only perform MFA if Authentication.getName() is the same 
Closes gh-18112
 2025-11-03 22:42:27 -06:00
Josh Cummings
793820acfa Remove Authority Copying From Reactive 
We will re-address this when adding factors to
ReactiveAuthenticationManager implementations.

Issue gh-2603
 2025-11-03 13:31:30 -07:00
Joe Grandja
b6ed037c39 Document device_code grant disabled by default 
Issue gh-17998
 2025-10-31 06:38:09 -04:00
Joe Grandja
5da0cbea4b Document OAuth 2.0 Dynamic Client Registration support 
Issue gh-17964
 2025-10-30 16:01:51 -04:00
Joe Grandja
e6b4d461e7 Fix OAuth2AuthorizationServerJacksonModule type validator configuration 
Closes gh-18102
 2025-10-30 07:19:45 -04:00
Josh Cummings
4daf089e46 Merge remote-tracking branch 'origin/6.5.x' 2025-10-28 12:08:53 -06:00
namest504
6501e97ece Fix sensitive case in JwtTypeValidator 
Closes gh-18092

Signed-off-by: namest504 <namest504@gmail.com>
 2025-10-28 12:08:29 -06:00
Josh Cummings
3a84894bf4 Revert "Add AuthorizationProxyMixin" 
This reverts commit 743817fc151cc0daf6dafb28733d77ff98ce1930.
 2025-10-27 17:30:44 -06:00
Joe Grandja
90855aa128 Missing response_type in POST authorization request returns invalid_request 
Issue https://github.com/spring-projects/spring-authorization-server/issues/2226
 2025-10-24 05:55:45 -04:00
dependabot[bot]
9f7e92d6f2 Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.0 to 3.0.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.0...jackson-bom-3.0.1)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-23 09:33:13 -05:00
Josh Cummings
727f0e27d6 Merge branch '6.5.x' 2025-10-20 17:42:52 -06:00
Josh Cummings
f548aaf5c5 Merge branch '6.4.x' into 6.5.x 2025-10-20 17:42:25 -06:00
Josh Cummings
743817fc15 Add AuthorizationProxyMixin 
This commit adds Jackson configuration specific to
authorization proxies created by Spring Security

Closes gh-18077
 2025-10-20 17:16:21 -06:00
Josh Cummings
fb701e4615 Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 17:10:05 -06:00
Josh Cummings
1c112005fa Don't Attempt to Generate Token Without Valid Token Request 
Closes gh-18088

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 17:09:43 -06:00
Marcus Hert da Coregio
e0a71eb00e Fix GenerateOneTimeTokenRequestResolver ignored if username param not present 
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-10-20 17:09:43 -06:00
Josh Cummings
69d28dc35b Merge branch '6.5.x' 2025-10-20 17:07:34 -06:00
Josh Cummings
42ddaba870 Next Development Version 2025-10-20 17:07:18 -06:00
Josh Cummings
da46ba2619 Update Password Samples for Nullability 
Issue gh-16226
 2025-10-20 17:04:22 -06:00
Josh Cummings
a406f5fe2d Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 16:46:49 -06:00
Himanshu Pareek
dcb4e47cd5 Add Include-Code to the Password Storage page 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Rob Winch
82f87cf2b6
Next Development Version 2025-10-20 16:55:17 -05:00
Josh Cummings
0a2f55d485 Clarify Nullability in Granted Authority Lambda 
Issue gh-17999
 2025-10-20 15:22:24 -06:00
Andrey Litvitski
9b61533db2 Mark GrantedAuthority#getAuthority as @Nullable 
Closes: gh-17999

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-10-20 15:22:24 -06:00
Josh Cummings
eb43830260 Polish JavaDoc 
1. Removed comment about not changing field name in a
serialized object as this is true for all fields in a
Java-serialize POJO
2. Added example value for the constructor that demonstrates
the relationship between a role and an authority

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 15:18:11 -06:00
Yanming Zhou
b55c28cf25 Polish SimpleGrantedAuthority 
1. Add Javadoc to state that role is prefixed.
2. Rename constructor argument from `role` to `authority` for better readability.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-10-20 15:18:11 -06:00
Simon Von
0927bed66a 📔 Documentation 
1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description

Signed-off-by: Simon Von <g1672943850@gmail.com>
 2025-10-20 15:17:32 -06:00
Josh Cummings
9ed446e6f5 Next Development Version 2025-10-20 15:15:57 -06:00
github-actions[bot]
d5e6da5aba Release 7.0.0-RC1 7.0.0-RC1 2025-10-20 17:32:34 +00:00
Rob Winch
4d2bd30c75
Update to Reactor 2025.0.0-RC1 
Closes gh-18087
 2025-10-20 12:31:09 -05:00
Rob Winch
5acad99852
Revert "Release 7.0.0-RC1" 
This reverts commit e616688f56cb8be6b8ce4d96ea3815ddfe34d6bf.
 2025-10-20 12:29:58 -05:00
github-actions[bot]
e616688f56 Release 7.0.0-RC1 2025-10-20 17:26:08 +00:00
github-actions[bot]
56a23d9ddc Release 6.5.6 6.5.6 2025-10-20 17:17:40 +00:00
github-actions[bot]
dc5aed9b5f Release 6.4.12 6.4.12 2025-10-20 17:17:37 +00:00
Josh Cummings
9c7b34a48b Favor Relative Redirects by Default 
Closes gh-16300
 2025-10-20 10:25:17 -06:00
Josh Cummings
d5d7fd414d Update What's New 2025-10-20 10:25:17 -06:00
Rob Winch
491a3e8f68
Update to Spring LDAP 4.0.0-RC1 
Closes gh-18086
 2025-10-20 09:35:15 -05:00
Rob Winch
43d20ea91f
Update to Spring Data 2025.1.0-RC1 
Closes gh-18085
 2025-10-20 09:35:14 -05:00
Rob Winch
24241d0384
Update to Spring Framework 7.0.0-RC1 
Closes gh-18084
 2025-10-20 09:35:14 -05:00
dependabot[bot]
cb8c2b090c Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:17:01 -05:00
Rob Winch
e94de4d0e3
Merge branch '6.5.x' 2025-10-20 09:16:23 -05:00
Rob Winch
cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch
6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch
9cecc2cf09
Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch
f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
Rob Winch
95abf61c88
Refine Jackson 3 format description 2025-10-20 09:11:22 -05:00