Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-24 19:11:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,657 Commits 51 Branches 376 Tags
Commit Graph

2138 Commits

Author SHA1 Message Date
Josh Cummings
2a8976f2f0 Merge branch '7.0.x' 2026-03-23 18:13:15 -06:00
Josh Cummings
a7c3e842d6 Merge branch '6.5.x' into 7.0.x 2026-03-23 18:12:36 -06:00
Josh Cummings
b6e24db68c Return Mono.empty on Empty POST 
Closes gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-23 18:12:21 -06:00
Josh Cummings
5100bf3db9 Merge branch '7.0.x' 2026-03-23 17:53:41 -06:00
Josh Cummings
7dea8b8ca2 Merge branch '6.5.x' into 7.0.x 2026-03-23 17:53:14 -06:00
Daniel Garnier-Moiroux
aeb5fc1fb0 Fix HttpSessionRequestCache#getMatchingRequest query string parsing 
- URL parsing changed in framework 6.2, and fails when path contains a % sign.
- The HttpSessionRequestCache only needs to inspect the query string, not the full URL.

Fixes gh-16656

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-03-23 17:52:17 -06:00
Andrey Litvitski
2fda37de53 Fix equals nullability annotations for jspecify compliance 
In this commit, we added `@Nullable` to equals methods of classes that
support `jspecify` for consistency with other Spring projects and to
avoid bugs that caused other Spring projects to do this natively.

Closes: gh-18929, gh-18927

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-23 09:25:57 -06:00
Josh Cummings
f35b4aa518 Merge branch '7.0.x' 2026-03-20 21:28:22 -06:00
Josh Cummings
4542f58be7 Merge branch '6.5.x' into 7.0.x 2026-03-20 21:27:04 -06:00
Tran Ngoc Nhan
62f33d3fcf Add equals and hashCode to HttpMethodRequestMatcher 
Closes gh-18911

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-20 21:22:20 -06:00
Josh Cummings
d76fb7f2e6 Polish WebAttributes ApplicationContext Support 
Closes gh-8843

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 16:44:40 -06:00
Ziqin Wang
e726c05e76
Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:04:14 +08:00
Ziqin Wang
a7039fb3e6
Test Jackson 2 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:28 +08:00
Ziqin Wang
88ea668f47
Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:17 +08:00
Josh Cummings
8dcaa6dfcb Polish Documentation 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 07:57:43 -06:00
Andrey Litvitski
d1ce69ca99 Specify charset in WWW-Authenticate for Basic Auth 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-10 07:57:43 -06:00
Robert Winch
7ab3087692
Merge Fix CookieRequestCache parameters 2026-03-09 14:17:07 -05:00
Robert Winch
3110c9074f
Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B
07bfe371b4
Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00
Robert Winch
0bb697c4a7
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:32:59 -06:00
Robert Winch
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
Robert Winch
9cc3161055
Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:51:53 -06:00
Robert Winch
6898de8003
Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:49:38 -06:00
Robert Winch
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides 
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.

Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.

This issue is the underlying problem for spring-projects/spring-framework#36381

Closes gh-18797
 2026-02-24 19:46:29 -06:00
Robert Winch
d31ca7a758 Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) 
Closes gh-18357
 2026-02-24 10:06:04 -06:00
Rob Winch
4d0627e6c0
Merge pull request #18721 from coehgns/main 
Add tests for PathPatternRequestMatcher request path caching
 2026-02-23 11:58:27 -06:00
Josh Long
2dd2863550 aot improvements 
Signed-off-by: Josh Long <54473+joshlong@users.noreply.github.com>
 2026-02-20 17:28:35 -06:00
Minu Kim
18068c9099 fix compile warning in spring-security-test 
Signed-off-by: Minu Kim <kmw106933@naver.com>
 2026-02-19 14:26:20 -06:00
Robert Winch
cc6a005aa5 Add InetAddressMatcher 
Co-authored-by: Gábor Vaspöri <gabor.vaspori@gmail.com>
Co-authored-by: Kian Jamali <kianjamali123@gmail.com>
Co-authored-by: Rossen Stoyanchev <rstoyanchev@users.noreply.github.com>
 2026-02-19 11:44:19 -06:00
Tran Ngoc Nhan
dbf7f4cfe5 Remove unused @Nullable 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-19 10:56:54 -06:00
Tran Ngoc Nhan
dc8ed8b168 Fix checkstyle 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
17933ddab3 Resolve feedback 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
9323775c5f Update javadoc and apply StringUtils#hasLength 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
4cc5f543ab Add author 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
67bc1d8d4a Polish some methods 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
17b5cdde55 Remove redundant check and exception 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan
21bef947b0 Use String#isEmpty 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Andrey Litvitski
6fcca39500 Mark CsrfTokenRequestAttributeHandler#setCsrfRequestAttributeName as Nullable 
Closes: gh-18617

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-17 16:57:15 -07:00
coehgns
0d3a5d210a Add tests for PathPatternRequestMatcher path caching 
Verify parsed request path is cleared when matcher parses it, and preserved when already present.

Signed-off-by: coehgns <modooboiroo@gmail.com>
 2026-02-12 11:13:02 +09:00
Robert Winch
74b93a19f6
Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Robert Winch
ea8bd1a01d
Merge branch '7.0.x' 
Closes gh-18595
 2026-01-26 12:17:24 -06:00
Robert Winch
6dd6e8ebb1
Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi
edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
Robert Winch
d7fbf3673a
Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch
9f8ac34c3b Remove @NullUnmarked 
Closes gh-18491
 2026-01-21 14:11:25 -06:00
Soumik Sarker
3f66d8b770 Fix format 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Soumik Sarker
ea26031a4d Fix format 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Soumik Sarker
b1d98491cf Removed nullUnmarked annotation from observability web classes 
Fixes #17815

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Robert Winch
35d103843b
Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-16 16:54:00 -06:00
Robert Winch
0993e5735e
Add missing @NullMarked 
Closes gh-18514
 2026-01-16 14:53:16 -06:00