spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-05-03 22:30:29 +00:00

Author	SHA1	Message	Date
Joe Grandja	5c6696ceab	Merge branch '7.0.x'	2026-04-18 04:34:41 -04:00
addcontent	19b3cae62e	Add authentication validator for dynamic client registration Signed-off-by: Kelvin Mbogo <addcontent08@gmail.com>	2026-04-17 17:22:40 -04:00
Josh Cummings	46df1e1772	Merge branch '7.0.x' into 7.1.x	2026-04-15 17:12:15 -06:00
Josh Cummings	53bcf0d16b	Fix Servlet Path Application Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-04-15 17:12:08 -06:00
Josh Cummings	a3cfa8e13e	Merge branch '7.0.x' into 7.1.x	2026-04-15 16:55:42 -06:00
Josh Cummings	438c783c7d	securityMatchers uses PathPatternRequestMatcher.Builder Bean Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-04-15 16:54:51 -06:00
Joe Grandja	f8359ef619	Polish gh-17202	2026-04-10 07:40:34 -04:00
Max Batischev	fc6a4c8220	Add Support DPoP Customization Closes gh-16940 Signed-off-by: Max Batischev <mblancer@mail.ru>	2026-04-10 07:09:24 -04:00
Josh Cummings	036ccff1f5	Move Focus to OTT Button When Username is Read-Only Closes gh-18817 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-04-07 18:32:15 -06:00
Anantha Krishnan	245733a631	fix: restore native form submission for OTT login Signed-off-by: Anantha Krishnan <ananthakrishnanj2001@gmail.com>	2026-04-07 18:32:15 -06:00
Josh Cummings	0c6b73d123	WebAuthn Publishes Authentication Events Closes gh-18113 Signed-off-by: suuuuuuminnnnnn <sumin45402214@gmail.com>	2026-04-07 16:21:15 -06:00
Joe Grandja	3008848158	Merge branch '7.0.x'	2026-04-07 15:47:01 -04:00
Joe Grandja	41524880c6	Fix auth_time claim should represent authentication time Closes gh-18282	2026-04-07 15:44:57 -04:00
Joe Grandja	9527a4b281	Merge branch '7.0.x'	2026-04-02 10:58:06 -04:00
Robert Winch	64d8e6cc9b	Merge Add XML Based shouldWriteHeadersEagerly tests	2026-04-01 11:41:58 -05:00
Robert Winch	679a47a51d	Add XML Based shouldWriteHeadersEagerly tests	2026-04-01 11:37:39 -05:00
Josh Cummings	16b5df40de	Exclude Anonymous Classes in Serializable Scan Issue gh-17729 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-31 16:17:12 -06:00
Josh Cummings	8472599067	Add Missing 7.1 Serialization Artifacts Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-31 16:16:27 -06:00
Josh Cummings	cb129d6b2d	Merge branch '7.0.x'	2026-03-31 15:56:49 -06:00
Josh Cummings	d4678c8e04	Add Missing Serialization Support Closes gh-19013 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-31 15:55:09 -06:00
Josh Cummings	43b132bec6	Merge branch '6.5.x' into 7.0.x	2026-03-31 15:27:58 -06:00
Josh Cummings	08fca57d12	Add Missing Serialization Support Closed gh-19012 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-31 13:58:35 -06:00
Josh Cummings	acabacb971	Update Test to find SuppressWarnings Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-31 13:47:52 -06:00
johnycho	1a130fca3c	Improve serialVersionUID check in tests Signed-off-by: johnycho <shunnn215@gmail.com>	2026-03-31 13:47:50 -06:00
Josh Cummings	067f79dde5	Merge branch 'fix-17729' into 7.0.x	2026-03-30 17:19:31 -06:00
Josh Cummings	0b680be97b	Update Test to find SuppressWarnings Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-30 17:14:03 -06:00
johnycho	7c28b15471	Improve serialVersionUID check in tests Signed-off-by: johnycho <shunnn215@gmail.com>	2026-03-30 14:26:12 -06:00
Robert Winch	9d047b6edc	Merge CredentialRecordOwnerAuthorizationManager	2026-03-29 22:24:52 -05:00
Robert Winch	c08329c0c5	Merge CredentialRecordOwnerAuthorizationManager	2026-03-29 22:24:21 -05:00
Robert Winch	a856baa6a8	Add CredentialRecordOwnerAuthorizationManager Add CredentialRecordOwnerAuthorizationManager that verifies the credential being deleted is owned by the currently authenticated user. Also add an AuthorizationManager<Bytes> to WebAuthnRegistrationFilter for the delete credential operation, defaulting to deny all, and wire it up in WebAuthnConfigurer. Per the WebAuthn specification [1], credential ids contain at least 16 bytes with at least 100 bits of entropy, making them practically unguessable. The specification also advises that credential ids should be kept private, as exposing them can leak personally identifying information [2]. The CredentialRecordOwnerAuthorizationManager serves as defense in depth: even if a credential id were somehow exposed, an unauthorized user could not delete another user's credential. [1] https://www.w3.org/TR/webauthn-3/#credential-id [2] https://www.w3.org/TR/webauthn-3/#sctn-credential-id-privacy-leak	2026-03-29 21:54:27 -05:00
Robert Winch	4199240662	Add Support for PreFlightRequestFilter Closes gh-18926	2026-03-25 16:04:42 -04:00
Andrey Litvitski	2fda37de53	Fix equals nullability annotations for jspecify compliance In this commit, we added `@Nullable` to equals methods of classes that support `jspecify` for consistency with other Spring projects and to avoid bugs that caused other Spring projects to do this natively. Closes: gh-18929, gh-18927 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2026-03-23 09:25:57 -06:00
Joe Grandja	baad23caab	Enable null-safety in spring-security-oauth2-client Closes gh-17819	2026-03-18 05:04:30 -04:00
Robert Winch	ea2f2302da	Add MultiFactorCondition.WEBAUTHN_REGISTERED Closes gh-18923	2026-03-17 17:20:58 -05:00
Robert Winch	bd7171140e	Support Customizer<AdditionalRequiredFactorsBuilder<Object>>> Closes gh-18922	2026-03-17 17:20:58 -05:00
Robert Winch	c71b178f63	Remove Unnecessary ObjectProvider<RoleHierarchy> roleHierarchy parameter Closes gh-18921	2026-03-17 17:20:58 -05:00
Joe Grandja	22a98583f1	Enable null-safety in spring-security-oauth2-jose Closes gh-17821	2026-03-13 11:58:29 -04:00
Josh Cummings	5687867a09	Fix Checkstyle Issue gh-18874 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-11 14:46:24 -06:00
Joe Grandja	36450d6c26	Fix checkstyle error Issue gh-18874	2026-03-11 12:25:13 -04:00
Josh Cummings	a980368f26	Move Integration Test from Spring LDAP Closes gh-18874 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-03-10 15:44:07 -06:00
Joe Grandja	703ffaf143	Merge branch '7.0.x'	2026-03-10 15:59:29 -04:00
Joe Grandja	1906075b0c	OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter Closes gh-18873	2026-03-10 15:32:24 -04:00
Andrey Litvitski	d1ce69ca99	Specify charset in WWW-Authenticate for Basic Auth In this commit, we add support for the charset from RFC-7617, which definitely solves the problem when the client does not know what charset we are parsing with. Closes: gh-18755 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2026-03-10 07:57:43 -06:00
Joe Grandja	c7235ec0a3	Allow custom token settings for OAuth 2.0 dynamic client registration Closes gh-18870	2026-03-10 07:48:37 -04:00
Josh Cummings	17d2131fe9	Merge remote-tracking branch 'origin/7.0.x'	2026-03-09 17:13:45 -06:00
Ronny Perinke	e8e0da1ec6	Add Null Guard for Setting ReactiveUserDetailsPasswordService This use case specifically arises when using `ReactiveUserDetailsService` without `ReactiveUserDetailsPasswordService`. Closes gh-17986 Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>	2026-03-09 17:12:59 -06:00
wonderfulrosemari	07297e7a80	Add MessageExpressionAuthorizationManager Closes gh-12650 Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>	2026-03-03 18:56:47 -07:00
023-dev	b9f974b18f	Remove compiler warnings for spring-security-config Signed-off-by: 023-dev <0_2_3@naver.com>	2026-02-27 21:53:55 -06:00
Josh Cummings	eb25bbaa24	Merge branch '7.0.x'	2026-02-26 15:09:03 -07:00
Menashe Eliezer	ee97c83042	Update request-matcher schema and XML tests to use path Closes gh-18641 Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>	2026-02-26 14:42:09 -07:00

1 2 3 4 5 ...

3304 Commits