Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-01 08:34:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,442 Commits 51 Branches 373 Tags
Commit Graph

20442 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
023-dev
b9f974b18f Remove compiler warnings for spring-security-config 
Signed-off-by: 023-dev <0_2_3@naver.com>
 2026-02-27 21:53:55 -06:00
dependabot[bot]
e43275d1db Bump minimatch from 3.1.2 to 3.1.5 in /javascript 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:58:57 +00:00
dependabot[bot]
18995c89ee Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:45:15 +00:00
Josh Cummings
0c42016781
Merge branch '7.0.x' 2026-02-26 17:11:06 -07:00
Josh Cummings
1575610d49
Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings
bd51ecd691
Merge branch '7.0.x' 2026-02-26 17:10:28 -07:00
Josh Cummings
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings
4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현
b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
50caf0cb28
Merge branch '7.0.x' 2026-02-26 15:57:27 -07:00
Tran Ngoc Nhan
7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00
Josh Cummings
b7dbb12c66
Merge branch '7.0.x' 2026-02-26 15:10:18 -07:00
Josh Cummings
731848d5d3
Merge branch '6.5.x' into 7.0.x 2026-02-26 15:09:45 -07:00
Josh Cummings
eb25bbaa24
Merge branch '7.0.x' 2026-02-26 15:09:03 -07:00
Guillaume Husta
68a02ff176 Update Link to CRSF Docs in FAQ 
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-02-26 14:47:21 -07:00
Menashe Eliezer
ee97c83042 Update request-matcher schema and XML tests to use path 
Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
 2026-02-26 14:42:09 -07:00
Josh Cummings
6304ea78cc
Merge branch '7.0.x' 2026-02-26 14:39:33 -07:00
Josh Cummings
10b835693c
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 14:39:19 -07:00
dependabot[bot]
ba12f5e6d0 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:51 -07:00
dependabot[bot]
f37a706d62 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:30 -07:00
Josh Cummings
e30d9240c9 Add Docs for Custom Jwt Principal Converters 
Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00
Josh Cummings
c208410a91 Polish Jwt Authentication Converter 
- Replace conditional logic with adapter class
- Added tests

Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00
Andrey Litvitski
aabc9fc1cc Support Custom Principal in Jwt Authentication Flow 
Closes gh-6237

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-26 12:28:50 -07:00
Rob Winch
d3474e704f
Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:49 -06:00
Rob Winch
b48967eebc
Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:39 -06:00
Rob Winch
522c48b3b5
Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:24 -06:00
Robert Winch
9cc3161055
Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:51:53 -06:00
Robert Winch
6898de8003
Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:49:38 -06:00
Robert Winch
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides 
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.

Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.

This issue is the underlying problem for spring-projects/spring-framework#36381

Closes gh-18797
 2026-02-24 19:46:29 -06:00
Josh Cummings
4b0be84a0e Merge branch '7.0.x' 2026-02-24 17:10:26 -07:00
Josh Cummings
73ee893d98 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-24 17:10:14 -07:00
Josh Cummings
bec25edeb0
Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute 
Clarify need for method attribute in JSP authorize tag
 2026-02-24 17:08:14 -07:00
Josh Cummings
4d43edfb20 Polish Documentation 
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format

Issue gh-16530

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-24 14:24:11 -07:00
onhann
9f9699f8a5 Clarify need for method attribute in JSP authorize tag 
Closes gh-16530

This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.

Signed-off-by: onhann <gusgus1467@naver.com>
 2026-02-24 14:24:11 -07:00
Andrey Litvitski
6d4726bfb7 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 10:55:06 -06:00
Robert Winch
d31ca7a758 Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) 
Closes gh-18357
 2026-02-24 10:06:04 -06:00
Robert Winch
ac06067d02
Revert "Mark targetDomainObject as @Nullable in PermissionEvaluator" 
This reverts commit 9f1381c382515042b348078cbe53f412e39c38e1.
 2026-02-24 09:40:54 -06:00
Andrey Litvitski
9f1381c382 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 08:27:44 -06:00
dependabot[bot]
f700aeac0f Bump tools.jackson:jackson-bom from 3.0.4 to 3.1.0 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.4 to 3.1.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.4...jackson-bom-3.1.0)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:17:58 +00:00
dependabot[bot]
41a8d6aca5 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:16:37 +00:00
Rob Winch
e81c64b94d
Merge Update servlet/architecture.adoc to use include-code 
Update servlet/architecture.adoc to use include-code
 2026-02-23 17:16:28 -06:00
Robert Winch
0c394696ce
Fix servlet/architecture.adoc disable Sample 
- Switch `include-java` (does not exist) to `include-code`
- Update kotlin to have the `disable` tag
- Update to suppress deprecation use for User builder (allowed for samples)

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 17:03:17 -06:00
Joe Kuhel
62d1bc86e3
Update servlet architecture docs to use include-code 
Also update antora.xml to include-xml in docs/src/test/resources

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-02-23 16:37:16 -06:00
Rob Winch
a4cadb5cc5
Merge Make PublicKeyCredentialCreationOptions Serializable 
Make PublicKeyCredentialCreationOptions Serializable
 2026-02-23 16:01:34 -06:00
Robert Winch
701736da5d
Fix checkstyle 
Issue gh-18354

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 15:43:55 -06:00
Mohammad Amin Pahlevani
9e5a425859
Make PublicKeyCredentialCreationOptions Serializable 
Closes gh-16431

Signed-off-by: Mohammad Amin Pahlevani <pahlevani@live.com>
 2026-02-23 15:43:40 -06:00
Rob Winch
1ab17d941a
Merge Improve error message for missing access attribute in intercept-url 
Improve error message for missing access attribute in intercept-url
 2026-02-23 15:31:34 -06:00
Robert Winch
53300be8d7
Fix checkstyle 
Issue gh-18530
 2026-02-23 15:16:02 -06:00