Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,300 Commits 38 Branches 345 Tags
Commit Graph

1375 Commits

Author SHA1 Message Date
Josh Cummings
6d3b54df21
Change Type Validation Default 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Maximilian Klose
ec05e65668 Add Equals and HashCode methods for better comparison. 
Closes gh-16394

Signed-off-by: Maximilian Klose <maximilian.klose@adesso.de>
 2025-05-27 13:53:07 -06:00
Ferenc Kemeny
bf05b8b430 Support Requiring exp and nbf in JwtTimestampsValidator 
Closes gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Ferenc Kemeny
91b21663db Polish JwtTimestampValidatorTests 
This commit corrects the test that checks for both
nbf and exp missing. It also adds one for just exp
and on for just nbf.

Issue gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Joe Grandja
a8edcca961 Merge branch '6.5.x' 2025-05-14 05:36:04 -04:00
Joe Grandja
5f7155bfc7 Implement internal cache in JtiClaimValidator 
Closes gh-17107
 2025-05-14 05:21:00 -04:00
Joe Grandja
44303d2c80 Polish gh-17080 2025-05-13 14:36:44 -04:00
David Kowis
462e38c0e3 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:36:44 -04:00
Joe Grandja
a265ac6ae7 Polish gh-17080 2025-05-13 14:35:23 -04:00
David Kowis
2090f44f74 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:35:23 -04:00
Joe Grandja
ba7be9c8b9 Merge branch '6.5.x' 2025-05-09 16:14:34 -04:00
Joe Grandja
e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Tran Ngoc Nhan
48eb243012 Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Tran Ngoc Nhan
1e4dd713c5 Remove APPLICATION_JSON_UTF8 usage 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Rob Winch
b453840c0a
HttpHeaders no longer a MultiValueMap 
Closes gh-17060
 2025-05-06 13:27:13 -05:00
Rob Winch
2dbf3a2d18
WebClient.exchange->exchangeToMono 
Closes gh-17057
 2025-05-06 13:26:16 -05:00
Rob Winch
5704582c52
ResponseErrorHandler.handleError(URI, HttpMethod,ClientHttpResponse) 
Closes gh-17056
 2025-05-06 13:26:16 -05:00
Rob Winch
11105a5c51
UriComponentsBuilder.fromHttpUrl->fromUriString 
The fromHttpUrl method is deprecated and replaced with fromUriString

Closes gh-
 2025-05-06 13:26:15 -05:00
Rob Winch
cb0fdef236
Remove MediaType.APPLICATION_JSON_UTF 
Closes gh-17050
 2025-05-06 13:26:14 -05:00
hammadirshad
1a4602c8c3 Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter 
Closes gh-16806

Signed-off-by: muha <muha@kreftregisteret.no>
 2025-04-30 10:09:41 -04:00
Josh Cummings
804d79d96a
Merge branch '6.4.x' 2025-04-29 14:27:47 -06:00
Josh Cummings
a4126aa27d
Merge branch '6.3.x' into 6.4.x 2025-04-29 14:27:40 -06:00
Josh Cummings
f631a0fcd5
Polish ClientRegistrationsTests 
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
 2025-04-29 14:27:04 -06:00
Josh Cummings
fe6ddd0c8f
Merge branch '6.4.x' 2025-04-29 14:26:44 -06:00
Josh Cummings
656ad72608
Merge branch '6.3.x' into 6.4.x 
Closes gh-17016
 2025-04-29 14:22:52 -06:00
Evgeniy Cheban
0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message 
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-04-29 13:43:20 -06:00
Josh Cummings
eecd7d9559
Update Deprecated Reactor Usage 2025-04-23 12:11:08 -06:00
Josh Cummings
834370d8eb
Update Deprecated Spring Web Usage 2025-04-23 11:29:19 -06:00
Joe Grandja
19090e7873 Add request_uri in OAuth2ParameterNames 
Closes gh-16947
 2025-04-16 10:23:10 -04:00
Joe Grandja
791feee355 Prevent downgraded usage of DPoP-bound access tokens 
Issue gh-16574

Closes gh-16937
 2025-04-14 15:54:41 -04:00
Joe Grandja
1ca33cae70 Make DPoP IatClaimValidator public to allow configuring clock and clockSkew 
Issue gh-16574

Closes gh-16921
 2025-04-10 16:04:37 -04:00
Risto Virtanen
47e1fc045f Formatted 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
1db557e395 Replace ClientRegistrationMixinTests with StdConvertersTest 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
368fe2e7a0 Add missing ClientAuthenticationMethods to jackson2 converter 
Closes gh-16825

Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Steve Riesenberg
9d442c13de
Mark password grant for removal 
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.

Closes gh-16913
 2025-04-09 11:15:09 -05:00
Steve Riesenberg
197ee38aa0
Mark deprecated response clients for removal 
Issue gh-16913
 2025-04-09 11:15:06 -05:00
Tran Ngoc Nhan
d864e51ff6 Format OpaqueTokenIntrospector 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Tran Ngoc Nhan
d899bc5240 Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Steve Riesenberg
1fb3fc80f9
Polish gh-15819 
Closes gh-15818
 2025-04-07 10:57:49 -05:00
Jonah Klöckner
9674532f4d
Add support for access token in body parameter as per rfc 6750 Sec. 2.2 
Issue gh-15818
 2025-04-07 10:57:49 -05:00
Steve Riesenberg
03e090c2d7
Merge branch '6.4.x' 
Closes gh-16902
 2025-04-07 10:57:12 -05:00
Steve Riesenberg
db34de59bc
Merge branch '6.3.x' into 6.4.x 
Closes gh-16901
 2025-04-07 10:55:51 -05:00
Steve Riesenberg
3c0fef59b5
Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner
da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
Josh Cummings
2885b0f75f Add valueOf 
This commit adds a static factory for returning a constant
ClientAuthenticationMethod or creating a new one when there
is no match.

Issue gh-16825
 2025-04-02 11:16:30 -06:00
Tran Ngoc Nhan
7bca17cb5a Polish 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-26 17:02:06 -06:00
Josh Cummings
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Steve Riesenberg
860f130bc4
Add additional validation when refreshing ID tokens 
Issue gh-16589
 2025-03-26 15:34:17 -05:00
Steve Riesenberg
5f98ce5ecc
Polish gh-16589 2025-03-26 15:34:17 -05:00
Josh Cummings
de07b1108f
Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00