Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,301 Commits 38 Branches 345 Tags
Commit Graph

18301 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
huhdy32
817938fa49 Add NullReturningMethodAuthorizationDeniedHandler 
This implementation of MethodAuthorizationDeniedHandler returns null
when authorization is denied.

Closes gh-16705

Signed-off-by: huhdy32 <mong3268@gmail.com>
 2025-05-14 11:45:48 -05:00
Andrey Litvitski
3b492a9628 remove 32-byte minimum keyLength restriction in Base64StringKeyGenerator (#17012) 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-05-14 11:41:30 -05:00
dependabot[bot]
c22091d8be Bump io.projectreactor:reactor-bom from 2025.0.0-M2 to 2025.0.0-M3 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0-M2 to 2025.0.0-M3.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0-M2...2025.0.0-M3)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.0-M3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 11:15:35 -05:00
Rob Winch
aa4db57b89
Merge branch '6.5.x' 
Preserve org.hibernate.orm:hibernate-core
 2025-05-14 11:13:27 -05:00
Rob Winch
f9aa88acb3
Merge branch '6.4.x' into 6.5.x 
- Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final

Closes gh-17105
 2025-05-14 11:12:42 -05:00
Rob Winch
b38cf1fc16
Merge branch 'gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.15.Final' into 6.4.x 2025-05-14 11:12:24 -05:00
Rob Winch
903cefceb3
Merge branch '6.5.x' 
- Preserve io.projectreactor:reactor-bom (we want to keep the version in main)
 2025-05-14 11:03:03 -05:00
Rob Winch
e79de2f63e
Merge branch '6.4.x' into 6.5.x 
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18

Closes gh-17111
 2025-05-14 11:01:53 -05:00
Rob Winch
5a2bd2b825
Merge branch '6.3.x' into 6.4.x 
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18

Closes gh-17110
 2025-05-14 11:00:22 -05:00
Joe Grandja
a8edcca961 Merge branch '6.5.x' 2025-05-14 05:36:04 -04:00
Joe Grandja
5f7155bfc7 Implement internal cache in JtiClaimValidator 
Closes gh-17107
 2025-05-14 05:21:00 -04:00
dependabot[bot]
91afd49faf
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.14.Final to 6.6.15.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.15/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.14...6.6.15)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:33:33 +00:00
dependabot[bot]
78a60d0d84
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:23:25 +00:00
Tran Ngoc Nhan
a511171309 Add test and update javadoc for CommonOAuth2Provider 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-13 12:45:38 -06:00
Tran Ngoc Nhan
86550fb84b Cleanup code 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-13 12:40:18 -06:00
Joe Grandja
44303d2c80 Polish gh-17080 2025-05-13 14:36:44 -04:00
David Kowis
462e38c0e3 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:36:44 -04:00
dependabot[bot]
8b925dc4fc Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:35:27 -06:00
Joe Grandja
a265ac6ae7 Polish gh-17080 2025-05-13 14:35:23 -04:00
David Kowis
2090f44f74 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:35:23 -04:00
Josh Cummings
3f91c3effc
Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:34:40 -06:00
dependabot[bot]
eee7e5edaa Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.1.RELEASE to 0.29.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.1.RELEASE...0.29.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:34:22 -06:00
Josh Cummings
cb511f501a
Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:33:13 -06:00
dependabot[bot]
b9a92e35b9 Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:32:42 -06:00
Josh Cummings
87434a7b05
Merge branch '6.5.x' 2025-05-13 12:31:47 -06:00
Josh Cummings
349377a13b
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:31:27 -06:00
dependabot[bot]
d34fd236f6 Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:30:10 -06:00
dependabot[bot]
f1e3f2a8d3 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.1.RELEASE to 0.29.2.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.1.RELEASE...0.29.2.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.2.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:29:21 -06:00
Josh Cummings
f511d0a345
Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:28:17 -06:00
dependabot[bot]
c326e394e1 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:28:03 -06:00
Josh Cummings
64b26cbd1f
Merge branch '6.5.x' 2025-05-13 12:26:56 -06:00
Josh Cummings
e0e9a7e76d
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:26:25 -06:00
dependabot[bot]
ad934efc24 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:24:36 -06:00
dependabot[bot]
99330bfc60 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:23:56 -06:00
Josh Cummings
21c56554c9
Merge remote-tracking branch 'origin/6.5.x' 2025-05-13 12:23:07 -06:00
dependabot[bot]
7a62f4eec8 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:22:42 -06:00
Josh Cummings
c8339184a9
Merge branch '6.5.x' 2025-05-13 12:21:51 -06:00
Josh Cummings
518918e197
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-05-13 12:21:31 -06:00
dependabot[bot]
11eac05dfd Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:20:38 -06:00
Josh Cummings
40a18fe63c
Merge branch '6.5.x' 2025-05-13 12:19:14 -06:00
Josh Cummings
26650b20fb
Merge branch '6.4.x' into 6.5.x 2025-05-13 12:18:51 -06:00
Josh Cummings
3a36197d7a
Merge branch '6.3.x' into 6.4.x 2025-05-13 12:17:29 -06:00
dependabot[bot]
a001f27690 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:15:42 -06:00
Josh Cummings
0698d3527d
Merge branch '6.5.x' 2025-05-13 11:18:43 -06:00
Josh Cummings
26f359a4db
Merge branch '6.4.x' into 6.5.x 2025-05-13 11:18:31 -06:00
Josh Cummings
5ba4ab5e11
Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b Add missing registration property in YAML listing 
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5 Update assertingparty property usage in YAML snippets 
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Josh Cummings
93a7583aa4
Merge branch '6.5.x' 2025-05-12 18:52:47 -06:00
yybmion
d48c463c03
Add logging to CsrfTokenRequestHandler implementations 
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler

Improves debugging capabilities without changing functionality.

Closes gh-13626

Signed-off-by: yybmion <yunyubin54@gmail.com>
 2025-05-12 18:49:40 -06:00