Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 00:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,300 Commits 38 Branches 345 Tags
Commit Graph

880 Commits

Author SHA1 Message Date
Tran Ngoc Nhan
48eb243012 Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Tran Ngoc Nhan
1e4dd713c5 Remove APPLICATION_JSON_UTF8 usage 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Rob Winch
5704582c52
ResponseErrorHandler.handleError(URI, HttpMethod,ClientHttpResponse) 
Closes gh-17056
 2025-05-06 13:26:16 -05:00
Rob Winch
11105a5c51
UriComponentsBuilder.fromHttpUrl->fromUriString 
The fromHttpUrl method is deprecated and replaced with fromUriString

Closes gh-
 2025-05-06 13:26:15 -05:00
Rob Winch
cb0fdef236
Remove MediaType.APPLICATION_JSON_UTF 
Closes gh-17050
 2025-05-06 13:26:14 -05:00
Josh Cummings
804d79d96a
Merge branch '6.4.x' 2025-04-29 14:27:47 -06:00
Josh Cummings
a4126aa27d
Merge branch '6.3.x' into 6.4.x 2025-04-29 14:27:40 -06:00
Josh Cummings
f631a0fcd5
Polish ClientRegistrationsTests 
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
 2025-04-29 14:27:04 -06:00
Josh Cummings
fe6ddd0c8f
Merge branch '6.4.x' 2025-04-29 14:26:44 -06:00
Josh Cummings
656ad72608
Merge branch '6.3.x' into 6.4.x 
Closes gh-17016
 2025-04-29 14:22:52 -06:00
Evgeniy Cheban
0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message 
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-04-29 13:43:20 -06:00
Josh Cummings
eecd7d9559
Update Deprecated Reactor Usage 2025-04-23 12:11:08 -06:00
Josh Cummings
834370d8eb
Update Deprecated Spring Web Usage 2025-04-23 11:29:19 -06:00
Risto Virtanen
47e1fc045f Formatted 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
1db557e395 Replace ClientRegistrationMixinTests with StdConvertersTest 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
368fe2e7a0 Add missing ClientAuthenticationMethods to jackson2 converter 
Closes gh-16825

Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Steve Riesenberg
9d442c13de
Mark password grant for removal 
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.

Closes gh-16913
 2025-04-09 11:15:09 -05:00
Steve Riesenberg
197ee38aa0
Mark deprecated response clients for removal 
Issue gh-16913
 2025-04-09 11:15:06 -05:00
Josh Cummings
99345537d6
Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Steve Riesenberg
860f130bc4
Add additional validation when refreshing ID tokens 
Issue gh-16589
 2025-03-26 15:34:17 -05:00
Steve Riesenberg
5f98ce5ecc
Polish gh-16589 2025-03-26 15:34:17 -05:00
Josh Cummings
de07b1108f
Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00
Steve Riesenberg
3ebcbd4375
Merge branch '6.4.x' 
Closes gh-16788
Closes gh-16789
Closes gh-16790
Closes gh-16791
Closes gh-16792
 2025-03-20 14:47:07 -05:00
Steve Riesenberg
96cfbd1e6c
Merge branch '6.3.x' into 6.4.x 
Closes gh-16782
Closes gh-16783
Closes gh-16784
Closes gh-16785
Closes gh-16786
 2025-03-20 14:46:18 -05:00
Tran Ngoc Nhan
a53ca7c3d0
Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc 
Closes gh-16555

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:09 -05:00
Josh Cummings
cfe70a5fc7 Restore authorizedClientParametersMapper Assertion 
Issue gh-16726
 2025-03-19 18:13:54 -06:00
Max Batischev
6c24a1e717 Improve JdbcOAuth2AuthorizedClientService saveAuthorizedClient 
Closes gh-16726

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-19 18:13:54 -06:00
Steve Riesenberg
5bb5d0f6be Polish gh-16589 2025-03-18 18:07:56 -05:00
Hao
fc1469ad5e Ensure ID Token is updated after refresh token 
Signed-off-by: Hao <kyrieeeee2@gmail.com>
 2025-03-18 18:07:56 -05:00
Rob Winch
e6223dede3
Merge branch '6.4.x' 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16757
 2025-03-17 14:34:18 -05:00
Rob Winch
05116eabbd
Merge branch '6.3.x' into 6.4.x 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16756
 2025-03-17 14:18:49 -05:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Steve Riesenberg
0938ca01a4
Add support for automatic context-propagation with Micrometer 
Closes gh-16665
 2025-03-13 15:29:08 -05:00
Josh Cummings
eb5252c4f0
Merge branch '6.4.x' 2025-02-24 17:03:13 -07:00
Pat McCusker
2bd3cadde8 Use possessive pronoun rather contraction 
Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
 2025-02-24 17:02:45 -07:00
Josh Cummings
b6c813c5a2 ClientRegistrations supports hostnames with underscores 
Issue gh-15852
 2025-02-20 16:54:24 -07:00
Josh Cummings
3d15be1b06 JwtDecoders Supports Hostnames with Underscores 
In the process of verifying gh-15852, another issue with URI was discovered.
This commit adds tests to the uri-computing methods and changes them to use
UriComponents instead of URI.

Issue gh-15852
 2025-02-20 16:54:24 -07:00
Steve Riesenberg
7fc5d50adf Polish gh-16551 2025-02-19 13:53:30 -06:00
Max Batischev
00cd95be76 Add setRedirectStrategy to OidcClientInitiatedServerLogoutSuccessHandler 
Closes gh-16556

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-19 13:53:30 -06:00
Tran Ngoc Nhan
e5ea75f7f4 Implement Serial 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-21 18:14:52 -06:00
Rob Winch
004f38639d
Move ClientSettings to ClientRegistration 
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
 2025-01-17 17:26:48 -06:00
Rob Winch
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works 
Issue gh-16382
 2025-01-17 17:26:48 -06:00
Rob Winch
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE 
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
b0a4dcb89e
ClientSettings equals, hashCode, toString 
Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
2665a92107
Ensure that ClientSettings cannot be null 
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support 
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
 2025-01-17 17:26:46 -06:00
DingHao
8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE 
Closes gh-16382

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 17:26:46 -06:00
Max Batischev
ed3f3d17b2 Add support customizing redirect URI 
Closes gh-14778
 2025-01-16 14:14:11 -07:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Josh Cummings
8735368d9e
Don't Support Serialization of Jackson Modules 
Issu gh-16276
 2025-01-14 17:04:36 -07:00