Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,904 Commits 48 Branches 362 Tags
Commit Graph

17904 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
a71fdd1401 Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.9 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.8 to 1.5.9.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.8...v_1.5.9)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-08 21:08:07 -07:00
github-actions[bot]
c8a9d03419 Merge branch '6.3.x' 2024-10-09 03:58:43 +00:00
dependabot[bot]
8e5d8d9bd5 Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.9 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.8 to 1.5.9.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.8...v_1.5.9)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-08 20:57:56 -07:00
Max Batischev
2edaedf099 Improve encapsulation for jwtValidators 2024-10-07 16:41:50 -07:00
Josh Cummings
b26f2af5d5 Polish 
Formatting as well as adding a missing defer

Issue gh-15699
 2024-10-07 16:39:54 -07:00
Max Batischev
2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
github-actions[bot]
1adb13db66 Merge branch '6.3.x' 2024-10-07 04:09:52 +00:00
dependabot[bot]
1e6ac83dfb Bump org.junit:junit-bom from 5.10.4 to 5.10.5 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.4 to 5.10.5.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.4...r5.10.5)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 21:09:05 -07:00
dependabot[bot]
132e559d65 Bump org.junit:junit-bom from 5.11.1 to 5.11.2 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:40:17 -07:00
dependabot[bot]
6a0e90d6cb Bump io.freefair.gradle:aspectj-plugin from 8.10 to 8.10.2 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.10 to 8.10.2.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.10...8.10.2)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:35:26 -07:00
github-actions[bot]
e8876fa195 Merge branch '6.2.x' into 6.3.x 2024-10-07 03:30:32 +00:00
github-actions[bot]
0ab56601b2 Merge branch '6.3.x' 2024-10-07 03:30:32 +00:00
dependabot[bot]
73ee0cf7ec Bump org.junit:junit-bom from 5.10.4 to 5.10.5 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.4 to 5.10.5.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.4...r5.10.5)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:29:49 -07:00
Max Batischev
de104e22b7 Update javaDoc for DefaultOneTimeTokenSubmitPageGeneratingFilter 2024-10-02 15:31:43 -05:00
Giovanni Lovato
a3fd551fb5 Add ClientRegistrations.fromOidcConfiguration method 
ClientRegistrations now provides the fromOidcConfiguration
method to create a ClientRegistration.Builder from a map
representation of an OpenID Provider Configuration Response.

This is useful when the OpenID Provider Configuration is not
available at a well-known location, or if custom validation
is needed for the issuer location (e.g. if the issuer is only
reachable via a back-channel URI that is different from the
issuer value in the configuration).

Fixes: gh-14633
 2024-10-02 15:11:01 -05:00
Rob Winch
1dd79c379b Add JdbcOneTimeTokenService 
Closes gh-15735
 2024-10-02 14:42:13 -05:00
Rob Winch
f002fedb73 Document JdbcOneTimeTokenService 
Issue gh-15735
 2024-10-02 14:41:06 -05:00
Rob Winch
c3a5ae1254 Fix logger checkstyle 2024-10-02 14:39:58 -05:00
Rob Winch
7738e6c895 Add logger.isDebugEnabled() 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch
c4b60cd080 Reduce visibility for JdbcOneTimeTokenServiceTests 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch
650ec3ba82 Use Duration for calculating validity 
This improves readability.

Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch
e8c71df899 Use private Inner JdbcOneTimeTokenService classes 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch
612b15abcc JdbcOneTimeTokenService.setCleanupCron 
Spring Security uses setter methods for optional member variables. Allows
for a null cleanupCron to disable the cleanup.

In a clustered environment it is likely that users do not want all nodes
to be performing a cleanup because it will cause contention on the ott
table.

Another example is if a user wants to invoke cleanUpExpiredTokens with a
different strategy all together, they might want to disable the cron job.

Issue gh-15735
 2024-10-02 14:22:25 -05:00
Steve Riesenberg
f5991ae176 Allow access token request parameters to override defaults 
Closes gh-11298
 2024-10-02 12:05:42 -05:00
Rob Winch
4787ac254d cleanUpExpiredTokens->cleanupExpiredTokens 
Issue gh-15735
 2024-10-02 10:59:26 -05:00
Rob Winch
4f328c9503 destroy() shuts down the taskScheduler 
Issue gh-15735
 2024-10-02 10:59:21 -05:00
dependabot[bot]
8c2485cb47 Bump io.spring.develocity.conventions from 0.0.21 to 0.0.22 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.21 to 0.0.22.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.21...v0.0.22)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 20:37:00 -07:00
dependabot[bot]
b5132e9c4f Bump io.micrometer:micrometer-observation from 1.13.4 to 1.13.5 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.13.4 to 1.13.5.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.13.4...v1.13.5)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 20:28:22 -07:00
dependabot[bot]
fddc7768c5 Bump org.mockito:mockito-bom from 5.14.0 to 5.14.1 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.14.0 to 5.14.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.14.0...v5.14.1)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-30 21:03:03 -07:00
nima
8a5a603c1d Fix SecurityContextPersistenceRepository Typo 2024-09-30 16:56:17 -07:00
nima
cb4a85a74c Clarify UsernamePasswordAuthenticationFilter Workflow 2024-09-30 16:56:17 -07:00
Cedric Montfort
aceb5fa6bb Allow logout+jwt JWT type for reactive 
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken).

Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d)), so back
porting the same on the reactive side to close the gap.

Closes gh-15702
 2024-09-30 16:32:45 -07:00
Josh Cummings
29331a0d8c
Merge branch '6.3.x' 2024-09-30 17:24:03 -06:00
Josh Cummings
746464e035
Merge branch '6.2.x' into 6.3.x 2024-09-30 17:21:13 -06:00
Josh Cummings
c1857c0308 Fix Formatting 
Issue gh-15771
 2024-09-30 16:19:26 -07:00
chao.wang
690e012fb1 Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing 
Closes gh-15771
 2024-09-30 16:19:26 -07:00
Thomas Darimont
8b97fdde43 Polish OAuth2ClientConfiguration 2024-09-30 16:16:45 -07:00
John Niang
7fcb42b537 Fix typo of createDefaultRequestMacher in WebSessionServerRequestCache 
createDefaultRequestMacher -> createDefaultRequestMatcher
 2024-09-30 15:24:40 -07:00
Max Batischev
0c216f0b59 Add public to setClock method in InMemoryOneTimeTokenService 
Closes gh-15863
 2024-09-30 15:33:33 -05:00
dependabot[bot]
828d316103 Bump org.mockito:mockito-bom from 5.13.0 to 5.14.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.13.0...v5.14.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-29 21:11:51 -07:00
Max Batischev
50cc36d53e Add support JdbcOneTimeTokenService 
Closes gh-15735
 2024-09-29 00:06:10 +03:00
Steve Riesenberg
9ba2435cb2
Support refresh token for Token Exchange 
Closes gh-15534
 2024-09-27 15:57:57 -05:00
Steve Riesenberg
e11c188122
Customize the strategy for resolving the principal 
Closes gh-15826
 2024-09-27 15:39:56 -05:00
dependabot[bot]
50cb051c86 Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.18.0 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.17.2 to 2.18.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.17.2...jackson-bom-2.18.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-26 21:14:50 -07:00
Josh Cummings
ee9a887ae5
Fix Package Tangle 
Move ObjectPostProcessor to be alongside Customizer, another
functional interface for describing Spring Security object
configuration.
 2024-09-26 14:08:25 -06:00
Josh Cummings
24a7ad732c
Merge branch '6.3.x' 2024-09-26 13:08:57 -06:00
Josh Cummings
b49051a1e6
Merge branch '6.2.x' into 6.3.x 2024-09-26 13:08:34 -06:00
Tran Ngoc Nhan
f7b85ed314
Fix Broken Resource Server Doc Links 2024-09-26 13:08:12 -06:00
Tran Ngoc Nhan
4e2cb8bc25 Fix Broken Resource Server Doc Links 2024-09-26 12:07:40 -07:00
Josh Cummings
d6b620b9f7
Make Observations Selectable 
Closes gh-15678
 2024-09-26 11:30:40 -06:00