Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-25 11:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,660 Commits 51 Branches 376 Tags
Commit Graph

20660 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
f6f3b697fe Bump com.nimbusds:oauth2-oidc-sdk from 11.34 to 11.35 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.34 to 11.35.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.35..11.34)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.35'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 03:17:16 +00:00
Josh Cummings
2c2666065f
Merge branch '7.0.x' 2026-03-24 13:39:37 -06:00
Josh Cummings
bae4cdd765
Adjust for Nullability 
Issue gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-24 13:39:27 -06:00
Josh Cummings
2a8976f2f0 Merge branch '7.0.x' 2026-03-23 18:13:15 -06:00
Josh Cummings
a7c3e842d6 Merge branch '6.5.x' into 7.0.x 2026-03-23 18:12:36 -06:00
Josh Cummings
b6e24db68c Return Mono.empty on Empty POST 
Closes gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-23 18:12:21 -06:00
Josh Cummings
5100bf3db9 Merge branch '7.0.x' 2026-03-23 17:53:41 -06:00
Josh Cummings
7dea8b8ca2 Merge branch '6.5.x' into 7.0.x 2026-03-23 17:53:14 -06:00
Daniel Garnier-Moiroux
aeb5fc1fb0 Fix HttpSessionRequestCache#getMatchingRequest query string parsing 
- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.

Fixes gh-16656

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-03-23 17:52:17 -06:00
Eric Haag
91199e7202 Gracefully handle detached HEAD in branch version check 
Previously, the `CheckExpectedBranchVersionPlugin` would crash the Gradle
configuration phase if the project was in a detached HEAD state or not
in a Git repository, e.g., downloaded as a ZIP.

This commit refactors the plugin to be lazy and adopts several Gradle best
practices:

- Prevents build crashes on Git failures by gracefully catching non-zero
  exit codes, e.g., when checked out in a detached HEAD state.
- Moves the branch validation out of the task's main execution action
  and into an `onlyIf` predicate, allowing Gradle to skip the task
  entirely instead of executing an early return. This makes the skip
  outcome and reason visible in a Build Scan, rather than making it
  appear as if it executed.
- Defers the Git `exec` call to the execution phase using a lazy provider.
- Makes the task configuration cache compatible by avoiding illegal
  `Project` access inside the execution-time `onlyIf` closure.
- Improves user-facing logs and adds actionable bypass instructions when
  the project version doesn't match the branch version.

Signed-off-by: Eric Haag <ehaag@gradle.com>
 2026-03-23 14:49:58 -04:00
Andrey Litvitski
2fda37de53 Fix equals nullability annotations for jspecify compliance 
In this commit, we added `@Nullable` to equals methods of classes that
support `jspecify` for consistency with other Spring projects and to
avoid bugs that caused other Spring projects to do this natively.

Closes: gh-18929, gh-18927

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-23 09:25:57 -06:00
Andreas Asplund
330c565178 Implement equals and hashCode closes gh-18882 
Signed-off-by: Andreas Asplund <andreas@asplund.biz>
 2026-03-23 08:06:31 -06:00
Joe Grandja
1db0d4f83d Enable null-safety in spring-security-oauth2-authorization-server 
Closes gh-18937
 2026-03-23 05:07:14 -04:00
Joe Grandja
fe24bd3d0c Remove checkstyle suppressions for spring-security-oauth2-authorization-server 
Issue gh-18937
 2026-03-23 05:06:59 -04:00
dependabot[bot]
e6df831943 Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.21.1 to 2.21.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.21.1...jackson-bom-2.21.2)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-23 03:19:04 +00:00
Josh Cummings
f35b4aa518 Merge branch '7.0.x' 2026-03-20 21:28:22 -06:00
Josh Cummings
4542f58be7 Merge branch '6.5.x' into 7.0.x 2026-03-20 21:27:04 -06:00
Tran Ngoc Nhan
62f33d3fcf Add equals and hashCode to HttpMethodRequestMatcher 
Closes gh-18911

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-20 21:22:20 -06:00
Bae Jihong
e9f331c30c Add test code for setAuthorizationManagerFactory 
- add test for setAuthorizationManagerFactory that is a alternative to setTrustResolver and setDefaultRolePrefix

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
bc4cc434fe Refactor code to remove compiler warnings 
- replace setTrustResolver with setAuthorizationManagerFactory in MethodSecurityExpressionRootTests
- resolve raw type warning in ExpressionBasedMessageSecurityMetadataSourceFactoryTests

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
5a694869fa Add @SupressWarnings(deprecation) for existing functions 
- add @SupressWarnings(deprecation) because of deprecated part in logic

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
ee06badcb6 Add @SuppressWarnings(unchecked, rawtypes) on functions in deprecated class 
Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
9b108df1dc Add @SuppressWarnings(deprecation) on tests 
- add on tests for deprecated class
- add on tests for specific deprecated function

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Josh Cummings
d76fb7f2e6 Polish WebAttributes ApplicationContext Support 
Closes gh-8843

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 16:44:40 -06:00
wonderfulrosemari
846794d31b Prefer dispatcher context for authorize tag beans 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-20 16:44:40 -06:00
Josh Cummings
c000477c37 Polish Clarify @WithSecurityContext thread scope 2026-03-20 16:43:21 -06:00
wonderfulrosemari
2a013ffaa2 Clarify @WithSecurityContext thread scope 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-20 16:43:21 -06:00
Josh Cummings
ea05089443 Polish Formatting 
Closes gh-18381

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:38:27 -06:00
Giacomo Baso
7b282c3a17 Relax client_id validation in AtJwtBuilder 
RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.

Relates to gh-18381

Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>
 2026-03-20 15:38:27 -06:00
Josh Cummings
78015d251c Merge branch '7.0.x' 2026-03-20 15:28:44 -06:00
Josh Cummings
956561e143 Merge branch '6.5.x' into 7.0.x 2026-03-20 15:28:36 -06:00
Rob Winch
9fed1ac8c3 New line per sentence 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2026-03-20 15:28:21 -06:00
Josh Cummings
9dbe3bdcc0 Polish Session Management Persistence Docs 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:28:21 -06:00
sankranti
d547ae0181 Fix defaults description in Session Management doc 
Corrected that starting from Spring Security 6
security context is not automatically saved by default.

Signed-off-by: sankranti <sankranty@gmail.com>
 2026-03-20 15:28:21 -06:00
Josh Cummings
e88cb81a7a Merge branch '7.0.x' 2026-03-20 15:22:56 -06:00
dependabot[bot]
b8b1278e1f Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 15:22:06 -06:00
dependabot[bot]
381047e386 Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 15:21:53 -06:00
Josh Cummings
fbbbd46bee Update asciidoctor-extensions to 1.0.0-alpha.18 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 21:21:22 +00:00
Josh Cummings
fe0d7de41b Update LDAP Nullability Checkstyle Rules 
Issue gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:21:02 -06:00
Josh Cummings
c2fd0f23fe Merge branch '7.0.x' 2026-03-20 15:00:15 -06:00
Josh Cummings
8abffbd0df Merge branch '6.5.x' into 7.0.x 2026-03-20 15:00:02 -06:00
dependabot[bot]
376b40a735 Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:58:20 -06:00
dependabot[bot]
89fa1cbdd2 Bump spring-io/spring-security-release-tools/.github/workflows/build.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/build.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/build.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:57:09 -06:00
dependabot[bot]
0d75e6d10c Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.17 to 1.0.0-alpha.18.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.17...v1.0.0-alpha.18)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-version: 1.0.0-alpha.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:56:46 -06:00
dependabot[bot]
01758c4c59 Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:56:10 -06:00
dependabot[bot]
f37833a59c Bump spring-io/spring-security-release-tools/.github/workflows/test.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/test.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:55:52 -06:00
dependabot[bot]
52e6c4c4be Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:55:38 -06:00
dependabot[bot]
874dce4407 Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:54:26 -06:00
dependabot[bot]
f21e8af830 Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:54:11 -06:00
dependabot[bot]
4354e47b0a Bump gradle-wrapper from 9.4.0 to 9.4.1 
Bumps gradle-wrapper from 9.4.0 to 9.4.1.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 03:19:24 +00:00