Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-05-04 06:40:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,880 Commits 54 Branches 379 Tags
Commit Graph

3326 Commits

Author SHA1 Message Date
Josh Cummings
40b074580c Merge branch '7.0.x' into main 2026-04-20 10:21:19 -06:00
Joe Grandja
3ef1c34632 Merge branch '6.5.x' into 7.0.x 2026-04-18 12:47:05 -04:00
Seol-JY
4187af38b2 Verify token deletion in JdbcOneTimeTokenService 2026-04-18 12:30:30 -04:00
Josh Cummings
4a6e0a13cd Update DaoAuthenticationProvider Usage 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-15 21:14:23 -06:00
Josh Cummings
fc630ae6eb Merge branch '6.5.x' into 7.0.x 2026-04-15 21:07:50 -06:00
Josh Cummings
a317a3d866 Add Support for Always Running Additional Authentication Checks 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-15 21:07:39 -06:00
Josh Cummings
cb129d6b2d
Merge branch '7.0.x' 2026-03-31 15:56:49 -06:00
Josh Cummings
d4678c8e04
Add Missing Serialization Support 
Closes gh-19013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 15:55:09 -06:00
Josh Cummings
08fca57d12
Add Missing Serialization Support 
Closed gh-19012

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 13:58:35 -06:00
Robert Winch
ff820a868e
Polish AllRequiredFactorsAuthorizationManager.anyOf 
- Add validation
- Extract to static inner class
- Uniqueness determined by Set rather than requiredFactor
  This is important for the failure with the same RequiredFactor, but a
  different reason
- Add documentation

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-03-31 14:03:29 -05:00
Evgeniy Cheban
6b09352a93
Add AllRequiredFactorsAuthorizationManager.anyOf 
Closes gh-18960

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2026-03-31 13:25:02 -05:00
Robert Winch
51ce11cbd2
Move InetAddressMatcher to spring-security-core 
Closes gh-18979
 2026-03-25 15:25:57 -05:00
Andrey Litvitski
2fda37de53 Fix equals nullability annotations for jspecify compliance 
In this commit, we added `@Nullable` to equals methods of classes that
support `jspecify` for consistency with other Spring projects and to
avoid bugs that caused other Spring projects to do this natively.

Closes: gh-18929, gh-18927

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-23 09:25:57 -06:00
Bae Jihong
e9f331c30c Add test code for setAuthorizationManagerFactory 
- add test for setAuthorizationManagerFactory that is a alternative to setTrustResolver and setDefaultRolePrefix

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Robert Winch
28acf62936
AuthorizationManagerFactories.when 
Closes gh-18920
 2026-03-17 17:20:58 -05:00
Robert Winch
8224b16caf
Add ConditionalAuthorizationManager 
Closes gh-18919
 2026-03-17 17:20:57 -05:00
Josh Cummings
94829a1551
Merge remote-tracking branch 'origin/7.0.x' 2026-03-03 18:18:24 -07:00
Andrey Litvitski
4f97217f68 Refine upgradeEncoding condition in DaoAuthenticationProvider 
After adding jspecify support in the module that contains the
DaoAuthenticationProvider class, we actually changed the contract logic,
which is a good thing, and this commit fixes it.

Closes: gh-18781

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 18:18:13 -07:00
Josh Cummings
0c42016781
Merge branch '7.0.x' 2026-02-26 17:11:06 -07:00
Josh Cummings
1575610d49
Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Andrey Litvitski
6d4726bfb7 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 10:55:06 -06:00
Robert Winch
ac06067d02
Revert "Mark targetDomainObject as @Nullable in PermissionEvaluator" 
This reverts commit 9f1381c382515042b348078cbe53f412e39c38e1.
 2026-02-24 09:40:54 -06:00
Andrey Litvitski
9f1381c382 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 08:27:44 -06:00
Robert Winch
cfb3bf38d8
Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into main 2026-02-23 10:54:00 -06:00
Robert Winch
151bcf3b0b
Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x 2026-02-23 10:53:40 -06:00
Robert Winch
1116241ee3
Fix Checks for NullPointerException in AuthoritiesAuthorizationManager 
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue

Closes gh-18544

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 10:47:11 -06:00
Khyojae
d87dc9ae57
Fix: Handle null authority string in AuthoritiesAuthorizationManager 
This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543

Signed-off-by: Khyojae <khjae201@gmail.com>
 2026-02-23 09:30:28 -06:00
Robert Winch
21978cab22 Fix Build Errors for Improve AOT RuntimeHits 
- Saml2RuntimeHints consistently uses String in separate method for
  to ensure no classpath issues
- Fix Whitespace/Checkstyle
- Add Missing Nullability Annotations
 2026-02-20 17:28:35 -06:00
Josh Long
2dd2863550 aot improvements 
Signed-off-by: Josh Long <54473+joshlong@users.noreply.github.com>
 2026-02-20 17:28:35 -06:00
Minu Kim
18068c9099 fix compile warning in spring-security-test 
Signed-off-by: Minu Kim <kmw106933@naver.com>
 2026-02-19 14:26:20 -06:00
Tran Ngoc Nhan
dbf7f4cfe5 Remove unused @Nullable 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-19 10:56:54 -06:00
earlgrey02
5194826606 implement single-line RSA key support 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2026-02-17 17:29:04 -07:00
Tran Ngoc Nhan
da0cd0bc68 Remove unused import 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
17933ddab3 Resolve feedback 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
9323775c5f Update javadoc and apply StringUtils#hasLength 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
4cc5f543ab Add author 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
e91b098c7c Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Robert Winch
6a6c7a7a78
Add missing @Nullable to setters of Nullable Fields 
There are setters and builder methods that initialize members that are
`@Nullable` but do not accept `@Nullable` parameters.

For example:

```
private @Nullable Object foo;

public void setFoo(Object foo) {
    this.foo = foo;
}
```

It is an unnecessary restriction that the parameter is unable to be null
since the field can be null.

This commit fixes these inconsistencies.

Closes gh-18618
 2026-01-29 13:58:42 -06:00
Robert Winch
b591a0a757
TestingAuthenticationToken.credentials should be @Nullable 
Closes gh-18615
 2026-01-29 10:17:22 -06:00
Andrey Litvitski
0a182f1f20 Add @Nullable to changePassword parameters in UserDetailsManager 
Closes: gh-18257

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-23 15:06:10 -06:00
Robert Winch
d7fbf3673a
Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch
1cfb3033e9 Run ./gradlew foramt 
Fixes formatting for gh-18516
 2026-01-21 16:08:04 -06:00
chanjin-lee
021f84b2df Core: Fix Javadoc invalid references and improve clarity 
- Update package-info to reference AuthorizationManager instead of AccessDecisionManager
- Improve RoleHierarchyUtils documentation with fromHierarchy() and builder-based alternatives
- Refine AuthenticationTrustResolver return description by removing redundant comma and symbol

Signed-off-by: chanjin-lee <chanjin23@naver.com>
 2026-01-21 16:08:04 -06:00
chanjin-lee
e5b934d1a5 Core: Remove javadoc warnings 
Closes gh-18449

Signed-off-by: chanjin-lee <chanjin23@naver.com>
 2026-01-21 16:08:04 -06:00
Robert Winch
9f8ac34c3b Remove @NullUnmarked 
Closes gh-18491
 2026-01-21 14:11:25 -06:00
Robert Winch
6e9b4f86a4
Fix nullability for JDK 25 
Closes gh-18511
 2026-01-16 10:53:19 -06:00
Marcus Hert da Coregio
8254f589b8 Create Jackson Mixin for OneTimeTokenAuthentication 
Closes gh-18095

Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2026-01-14 10:35:02 -07:00
Andrey Litvitski
13f6286e04 Use DefaultParameterNameDiscoverer#getSharedInstance 
Closes: gh-18330

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-12 13:37:32 -06:00
Tran Ngoc Nhan
79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00