Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,301 Commits 38 Branches 345 Tags
Commit Graph

3018 Commits

Author SHA1 Message Date
Evgeniy Cheban
fd4f06a66e Support Spring Data container types for AuthorizeReturnObject 
Closes gh-15994

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-05-29 17:05:27 -06:00
Josh Cummings
6d3b54df21
Change Type Validation Default 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Yanming Zhou
42790403da Use SpringReactiveOpaqueTokenIntrospector 
Now that NimbusReactiveOpaqueTokenIntrospector is
deprecated, this commit changes the Spring
Security default to now use SpringReactiveOpaqueTokenIntrospector.

Issue gh-15988

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-05-27 14:25:31 -06:00
Josh Cummings
596449d882 Polish 
Issue gh-14149
 2025-05-27 11:44:33 -06:00
Felix Hagemans
1a4de49977 Create CsrfCustomizer for SPA configuration 
Closes gh-14149

Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
 2025-05-27 11:44:33 -06:00
Josh Cummings
52394c1f07 Propagate Any AccessDeniedException 
Any time a response handler throws an exception, we want to
propagate an underlying AccessDeniedException if their is one.

Issue gh-16058
 2025-05-23 15:18:01 -06:00
Evgeniy Cheban
fae61b9426 Propagate AccessDeniedException for Authorized Objects Returned from a Controller 
Closes gh-16058

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-05-23 15:18:01 -06:00
dae won
8612e952fe Make AuthorizationProxyFactory#proxy Generic 
Closes gh-16706

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-05-23 14:48:11 -06:00
Max Batischev
f4b8e2421a Add Support Credentialless COEP Header 
Closes gh-16991

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-23 14:45:59 -06:00
Josh Cummings
97923ebfaf Merge branch '6.5.x' 2025-05-21 16:47:45 -06:00
Josh Cummings
4bf03bde5b Merge branch '6.4.x' into 6.5.x 2025-05-21 16:47:25 -06:00
Josh Cummings
3186e8df84 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-21 16:46:54 -06:00
Andrey Litvitski
4048b2bd7d Use HttpStatus in BackChannel Logout Filters 
Closes gh-17125

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-05-21 16:45:46 -06:00
Tran Ngoc Nhan
a511171309 Add test and update javadoc for CommonOAuth2Provider 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-13 12:45:38 -06:00
Joe Grandja
44303d2c80 Polish gh-17080 2025-05-13 14:36:44 -04:00
Joe Grandja
a265ac6ae7 Polish gh-17080 2025-05-13 14:35:23 -04:00
Joe Grandja
ba7be9c8b9 Merge branch '6.5.x' 2025-05-09 16:14:34 -04:00
Joe Grandja
e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Rob Winch
693a5beb24
Format CommonOAuth2Provider 2025-05-07 14:55:04 -05:00
kiruthiga1793
23e7c9eeaa
Add Twitter/X to CommonOAuth2Provider 
Signed-off-by: kiruthiga1793 <pkiruthiga93@gmail.com>
 2025-05-07 11:24:29 -05:00
Rob Winch
506a801f29
Merge branch '6.5.x' 
- WebAuthnConfigurer Code Cleanup

Closes gh-17063
 2025-05-06 15:22:36 -05:00
Max Batischev
66e614cb0b WebAuthnConfigurer Code Cleanup 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Max Batischev
421fcaee12 Add Assertions To WebAuthnConfigurer 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-06 15:20:08 -05:00
Rob Winch
b453840c0a
HttpHeaders no longer a MultiValueMap 
Closes gh-17060
 2025-05-06 13:27:13 -05:00
Rob Winch
3976e7d456
BodyInserters.fromObject -> fromProducer 
Closes gh-17055
 2025-05-06 13:26:16 -05:00
Rob Winch
b467c47ed5
ClientRequest.method->create 
ClientRequest.method was deprecated in favor of the create method

Closes gh-17054
 2025-05-06 13:26:15 -05:00
Rob Winch
11105a5c51
UriComponentsBuilder.fromHttpUrl->fromUriString 
The fromHttpUrl method is deprecated and replaced with fromUriString

Closes gh-
 2025-05-06 13:26:15 -05:00
Rob Winch
38a9aa1da9
Remove Deprecated PathMatchConfigurer usage 
Closes gh-17052
 2025-05-06 13:26:15 -05:00
Rob Winch
222faae1cb
Add junit-jupiter-engine 
This fixes some of the compatability problems that can happen
with newer versions of junit
 2025-05-06 13:26:15 -05:00
Rob Winch
5abbcecccc
Update to 7.0.0-SNAPSHOT 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-06 13:26:14 -05:00
Josh Cummings
1a9f62dce4
Merge branch '6.4.x' 2025-05-05 16:00:59 -06:00
Josh Cummings
0220e471bb
Move Serialization Samples 
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
 2025-05-05 15:51:10 -06:00
Josh Cummings
12a18c3792
Polish Serialization Tests 
If Instancio fails to instatiate the class sample, it will
now also delete the serialized sample file. Otherwise, it will
leave a zero-byte file on the filesystem, confusing future test runs
 2025-05-05 15:39:33 -06:00
Josh Cummings
d04f7071c2
Add Missing Serialization Samples 
Closes gh-17038
 2025-05-05 15:34:24 -06:00
Josh Cummings
8726e547d5
Add Serialization Samples for 6.5 
Issue gh-16221
 2025-05-05 15:31:51 -06:00
Josh Cummings
2949b5d5a4
Regenerate Incorrect Serialization Files 
Given that these classes each have a consistent serialization UID
across minor versions, but that the 6.5.x serialized version is using a
different UID, these serialized files were likely generated in error.
As such, this commit replaces the serialized files with correct ones.

Issue gh-16432
 2025-05-05 15:30:15 -06:00
Josh Cummings
34a9f57aa6
Merge branch '6.4.x' 2025-05-05 15:29:44 -06:00
Josh Cummings
c3c2bcd6b7
Ignore Serialization in Test Components 
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.

Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
39fdceab59
Add Missing Serializable Samples 
Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
65d53beff8
Polish Serialization Tests 
- Error when public, non-ignored, serializable file is missing a sample
- Provide mechanism for creating an InstancioApi from scratch

Issue gh-17038
 2025-05-05 15:09:49 -06:00
Josh Cummings
34afa64c0c
Add Current-Version Deserialization Test 
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.

Issue gh-3737
 2025-05-05 15:09:43 -06:00
Josh Cummings
f44ab7afdf
Update Deprecated Security Usage 2025-04-23 14:16:29 -06:00
Max Batischev
4a12382d2b Remove unused classes 
Remove DeferringObservationAuthorizationManager.java and DeferringObservationReactiveAuthorizationManager.java

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-04-23 14:09:05 -06:00
Josh Cummings
a683a3a730
Favor PathPatternMessageMatcher when activated 
Issue gh-16500
 2025-04-23 12:11:10 -06:00
Josh Cummings
0ab01eac14
Update Deprecated Security Usage 2025-04-23 12:11:08 -06:00
Josh Cummings
834370d8eb
Update Deprecated Spring Web Usage 2025-04-23 11:29:19 -06:00
Josh Cummings
2ad859a63c
Add Missing Deprecation Markers 2025-04-23 11:29:18 -06:00
Josh Cummings
3f7f3dabe7
Correct JavaDoc Class Reference 2025-04-23 11:29:18 -06:00
Josh Cummings
f86c4ad383
Polish Native Support 
- Remove unneeded deprecateion marker
- Add missing reflected class

Issue gh-16536
 2025-04-14 14:08:57 -06:00
Josh Cummings
178ca73673
Fix Type Check 
Issue gh-16536
 2025-04-14 13:42:44 -06:00