Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-09-08 20:51:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,337 Commits 43 Branches 354 Tags
Commit Graph

19337 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
blake_bauman
a4f813ab29 Support Multiple ServerLogoutHandlers 
This commit adds support to ServerHttpSecurity for registering
multiple ServerLogoutHandlers. This is handy so that an application
does not need to re-supply any handlers already configured by
the DSL.

Signed-off-by: blake_bauman <blake_bauman@apple.com>
 2025-09-05 11:47:54 -06:00
Rob Winch
686f8398dd
Merge branch '6.5.x' 2025-09-04 22:40:45 -05:00
Rob Winch
653f22d4a1
Merge branch '6.4.x' into 6.5.x 2025-09-04 22:40:08 -05:00
Rob Winch
f54c293078
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-09-04 22:39:33 -05:00
Rob Winch
34fccf45c2
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-04 22:39:31 -05:00
Rob Winch
f840ee06eb
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 2025-09-04 22:39:29 -05:00
Rob Winch
8429c23108
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 2025-09-04 22:38:50 -05:00
Rob Winch
97f3567702
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 2025-09-04 22:38:46 -05:00
dependabot[bot]
2cfdcb9d95 Bump org-opensaml5 from 5.1.5 to 5.1.6 
Bumps `org-opensaml5` from 5.1.5 to 5.1.6.

Updates `org.opensaml:opensaml-saml-api` from 5.1.5 to 5.1.6

Updates `org.opensaml:opensaml-saml-impl` from 5.1.5 to 5.1.6

---
updated-dependencies:
- dependency-name: org.opensaml:opensaml-saml-api
  dependency-version: 5.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.opensaml:opensaml-saml-impl
  dependency-version: 5.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 22:37:50 -05:00
dependabot[bot]
3c344ff491 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 22:37:36 -05:00
Josh Cummings
f30cc9c5a9
Update to PropertySourcesPlaceholderConfigurer 
This commit replaces deprecated usage of PropertyPlaceholderConfigurer
in favor of PropertySourcesPlaceholderConfigurer
 2025-09-04 11:32:04 -06:00
Josh Cummings
c64b086878
Add SecurityAssertions 
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.

Closes gh-17844
 2025-09-03 17:53:42 -06:00
Josh Cummings
de10e08348
Make withRoles Check Only Roles 
This commit clarifies the semantics of withRoles,
which is to check the role-based authorities in an
authentication.

Closes gh-17843
 2025-09-03 17:53:41 -06:00
Josh Cummings
bd119ac411
Implement Equals and HashCode 
Internally, RequestMatcher is sometimes used as a key to a
HashMap. Accordingly, each implementation should implement
equals and hashCode.

Closes gh-17842
 2025-09-03 17:48:50 -06:00
Rob Winch
24ffda28d8
Fixes for webauthn tests after JSpecify 
Issue gh-17839
 2025-09-03 14:44:58 -05:00
Rob Winch
6a84f96930
Enable Null checking in spring-security-test via JSpecify 
Closes gh-17840
 2025-09-03 12:59:46 -05:00
Rob Winch
194be8ffb6
Checkstyle fixes for webauthn JSpecify 
Issue gh-17839
 2025-09-03 12:58:27 -05:00
Rob Winch
47b4b155da
Add security-nullability to webauthn 
Issue gh-17839
 2025-09-03 12:17:56 -05:00
Rob Winch
0a991a91ce
Enable Null checking in spring-security-webauthn via JSpecify 
Closes gh-17839
 2025-09-03 12:06:53 -05:00
dependabot[bot]
d2e934ca54
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.26.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 00:33:27 +00:00
dependabot[bot]
fee4d08de3
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 23:19:43 +00:00
Josh Cummings
3dbcf266e9
Merge branch '6.5.x' 2025-09-02 16:45:30 -06:00
Josh Cummings
eeb67650ee
Deprecate RequiresChannelDsl 
Issue gh-16680
 2025-09-02 16:41:39 -06:00
dependabot[bot]
b4fc01194f
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 22:32:54 +00:00
Josh Cummings
3534b74945
Replace InteractiveAuthenticationSuccessEvent 7.0.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 7.0.x version to match.

Closes gh-16276
 2025-09-02 14:18:25 -06:00
Josh Cummings
dc0ab4c805
Merge branch '6.5.x' 2025-09-02 14:15:20 -06:00
Josh Cummings
c982753d46
Replace InteractiveAuthenticationSuccessEvent 6.5.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 6.5.x version to match.

Issue gh-16276
 2025-09-02 14:14:13 -06:00
Fridolin Jackstadt
910df479be Provider Default Timeouts For JWK Retrieval 
Issue gh-14269

Signed-off-by: Fridolin Jackstadt <fridolin.jackstadt@unic.com>
 2025-09-02 08:51:10 -06:00
Rob Winch
9866435946
Fix security-nullability plugin in taglibs 
Issue gh-17828
 2025-08-30 20:44:29 -05:00
Rob Winch
5370f1190f
Enable Null checking in spring-security-taglibs via JSpecify 
Closes gh-17828
 2025-08-30 20:40:34 -05:00
Rob Winch
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator 
Issue gh-17535
 2025-08-30 20:38:58 -05:00
Rob Winch
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify 
Closes gh-16882
 2025-08-30 20:04:32 -05:00
Rob Winch
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify 
Closes gh-16882
 2025-08-30 11:22:30 -05:00
Josh Cummings
0ff9f10696
Merge branch '6.4.x' into 6.5.x 2025-08-30 10:00:45 -06:00
Josh Cummings
7e3bf9662c
Polish InteractiveAuthenticationSuccessEvent Sample 
The sample better matches a value that would be used in the constructor

Issue gh-16276
 2025-08-30 10:00:24 -06:00
Rob Winch
be64c67af5
Enable Null checking in spring-security-web via JSpecify 
Closes gh-16882
 2025-08-29 16:17:49 -05:00
Rob Winch
a58f3282d9
Fix config/src/test/kotlin nullability for web 
Issue gh-17535
 2025-08-29 15:46:08 -05:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Rob Winch
49f308adb0
Use Supplier<? extends @Nullable Authentication> 
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.

Closes gh-17814
 2025-08-29 09:46:58 -05:00
Josh Cummings
4cbe8de7ea Polish RSocket Anonymous Support 
Changed the DSL method name to anonymous to align with jwt.
Since basicAuthenication is deprecated, we don't need to
align with its naming convention.

Also added a since attribute to the method.

Issue gh-17132
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
559b73b39f Add Disabling Anonymous Authentication in RSocketSecurity 
Closes: gh-17132

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
3278f3a410 Add discoverJwsAlgorithms() in NimbusJwtDecoder 
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:07:47 -06:00
Josh Cummings
36f1de945f
Add OneTimeTokenAuthentication 
Closes gh-17799
 2025-08-22 15:46:54 -06:00
Josh Cummings
6663eea65f
Polish OTT Tests 
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.

Issue gh-17799
 2025-08-22 15:46:53 -06:00
Josh Cummings
89b2f9cf54
Improve Test Runnability in IDE 
In some configurations, Configuration classes with static elements
may cause a test to hang. This commit changes JeeConfigurerTests
test configuration classes to use mock beans instead of referencing
them as static fields.
 2025-08-22 15:46:53 -06:00
Josh Cummings
0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Josh Cummings
d1962201b5 Merge branch '6.5.x' 2025-08-22 11:07:59 -06:00
Josh Cummings
857ca9c412 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-08-22 11:07:37 -06:00