Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,956 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

14956 Commits

Author SHA1 Message Date
Josh Cummings 01b7ad42ec
Merge branch '6.2.x' 2024-01-25 17:33:33 -07:00
Josh Cummings 84c45adc70
Merge branch '6.1.x' into 6.2.x 
Closes gh-14496
 2024-01-25 17:33:15 -07:00
Josh Cummings 44f22ee5cf
Merge branch '5.8.x' into 6.1.x 
Closes gh-14495
 2024-01-25 17:32:57 -07:00
Hans Lindner ca10187fd1 Enhance JWT decoding error handling 
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality.

Closes gh-14467
 2024-01-25 17:32:10 -07:00
y-tomida bdc0bd6b78 Add usernameParameter and passwordParameter to FormLoginDsl 
Closes gh-14474
 2024-01-24 09:56:38 -03:00
Marcus Hert Da Coregio 7a8f9b446e Configure Dependabot for docs-build's build.gradle 
Issue gh-14482
 2024-01-23 15:03:46 -03:00
Josh Cummings 7ee974445b
Update Checkstyle 
Issue gh-14178
 2024-01-22 08:44:54 -07:00
Josh Cummings 04394a63cd
Update Formatting 
Issue gh-14178
 2024-01-22 08:26:25 -07:00
sonallux 6df9ef5ba6 Fix wrong class name in JavaDoc 
In the `ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder` class the JavaDoc comments mention the wrong class name. This commit fixes this.
 2024-01-19 09:29:07 -07:00
Josh Cummings 1e90bdfc0b
Update Copyright 
Issue gh-14178
 2024-01-19 09:26:04 -07:00
Armin Krezović 9c352c4b4b Support overriding RestOperations in OidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Armin Krezović 0041c658de Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Sam Brannen 2b7d296994 Revise AuthorizationAnnotationUtils 
This commit revises AuthorizationAnnotationUtils as follows.

- Removes code duplication by treating both Class and Method as
  AnnotatedElement.

- Avoids duplicated annotation searches by processing merged
  annotations in a single Stream instead of first using the
  MergedAnnotations API to find possible duplicates and then again
  searching for a single annotation via AnnotationUtils (which
  effectively performs the same search using the MergedAnnotations API
  internally).

- Uses `.distinct()` within the Stream to avoid the need for the
  workaround introduced in gh-13625. Note that the semantics here
  result in duplicate "equivalent" annotations being ignored. In other
  words, if @⁠PreAuthorize("hasRole('someRole')") is present multiple
  times as a meta-annotation, no exception will be thrown and the first
  such annotation found will be used.

- Improves the error message when competing annotations are found by
  including the competing annotations in the error message.

- Updates AuthorizationAnnotationUtilsTests to cover all known,
  supported use cases.

- Configures correct role in @⁠RequireUserRole.

Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.

See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
 2024-01-18 07:42:58 -07:00
DingHao 3f65f600de Use AuthorizationEventPublisher Bean 
- For Jsr250MethodInterceptor and SecuredMethodInterceptor

Closes gh-14401
 2024-01-17 17:40:38 -07:00
Marcus Hert Da Coregio 06278157fa Merge branch '6.2.x' 
Closes gh-14471
 2024-01-17 16:16:40 -03:00
Marcus Hert Da Coregio 148e0b41d2 Merge branch '6.1.x' into 6.2.x 
Closes gh-14470
 2024-01-17 16:16:27 -03:00
Marcus Hert Da Coregio ce5f5e6e33 Add native hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken 
Closes gh-14397
 2024-01-17 16:14:59 -03:00
Marcus Hert Da Coregio a761042157 Merge branch '6.2.x' 2024-01-17 15:22:34 -03:00
Amit Mahato 237dd7799f fix: typo in Authentication Architecture ProviderManager 2024-01-17 15:22:25 -03:00
Andreas Büchel 3346f2dd73 fix typo in anonymous.adoc 2024-01-17 15:22:06 -03:00
Marcus Hert Da Coregio 959ea70ec8 Merge branch '6.2.x' 2024-01-17 14:31:55 -03:00
Marcus Hert Da Coregio c42234396e Merge branch '6.1.x' into 6.2.x 2024-01-17 14:31:38 -03:00
Marcus Hert Da Coregio 2eba7eb672 Merge branch '5.8.x' into 6.1.x 2024-01-17 14:31:29 -03:00
dependabot[bot] 44b785bfb1 Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:11 -03:00
dependabot[bot] 56f486588f Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:01 -03:00
dependabot[bot] d03c82f6b9 Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:50 -03:00
dependabot[bot] 7e5ac0078f Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:37 -03:00
dependabot[bot] cbe02edad1 Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2023.1.1 to 2023.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2023.1.1...2023.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:27 -03:00
dependabot[bot] 77afca969a Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.2...v6.1.3)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:14 -03:00
Marcus Hert Da Coregio cdc4ae134c Merge branch '6.2.x' 
Closes gh-14469
 2024-01-17 08:47:46 -03:00
Marcus Hert Da Coregio 5938f7cdee Merge branch '6.1.x' into 6.2.x 
Closes gh-14468
 2024-01-17 08:47:36 -03:00
Marcus Hert Da Coregio fccd9379d5 WebTestUtilsTestRuntimeHints implements RuntimeHintsRegistrar 
Closes gh-14399
 2024-01-17 08:47:28 -03:00
github-actions[bot] 06f829e205 Next development version 2024-01-15 15:36:12 +00:00
github-actions[bot] 35ba32c240 Release 6.3.0-M1 2024-01-15 15:20:53 +00:00
dependabot[bot] 7c81a2b055 Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2023.1.1 to 2023.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2023.1.1...2023.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-14 23:28:10 -06:00
dependabot[bot] 9218898634 Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.2...v6.1.3)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-14 23:26:59 -06:00
dependabot[bot] 3f2f2a12f9
Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 
Bumps [org.apereo.cas.client:cas-client-core](https://github.com/apereo/java-cas-client) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/apereo/java-cas-client/releases)
- [Commits](https://github.com/apereo/java-cas-client/compare/cas-client-4.0.3...cas-client-4.0.4)

---
updated-dependencies:
- dependency-name: org.apereo.cas.client:cas-client-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:58:48 -06:00
dependabot[bot] e6bd51f235
Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.1 to 2023.0.2.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.1...2023.0.2)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:58:42 -06:00
dependabot[bot] 8011649a10
Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:58:38 -06:00
dependabot[bot] 22ed96c0cd
Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 
Bumps org.slf4j:slf4j-api from 2.0.10 to 2.0.11.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:58:23 -06:00
dependabot[bot] 548def8178
Bump io-spring-javaformat from 0.0.40 to 0.0.41 
Bumps `io-spring-javaformat` from 0.0.40 to 0.0.41.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.40 to 0.0.41
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.40...v0.0.41)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.40 to 0.0.41
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.40...v0.0.41)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:57:51 -06:00
Steve Riesenberg f0929062ef
Merge branch '6.2.x' 2024-01-12 09:54:28 -06:00
Steve Riesenberg c2edd3d9e8
Merge branch '6.1.x' into 6.2.x 2024-01-12 09:54:16 -06:00
Steve Riesenberg b4ac2fadba
Merge branch '5.8.x' into 6.1.x 2024-01-12 09:53:58 -06:00
dependabot[bot] 3f5f79d835 Bump io.projectreactor.netty:reactor-netty from 1.0.40 to 1.0.41 
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.0.40 to 1.0.41.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.0.40...v1.0.41)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:52:45 -06:00
dependabot[bot] f91b6eb3e0 Bump org.apereo.cas.client:cas-client-core from 4.0.3 to 4.0.4 
Bumps [org.apereo.cas.client:cas-client-core](https://github.com/apereo/java-cas-client) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/apereo/java-cas-client/releases)
- [Commits](https://github.com/apereo/java-cas-client/compare/cas-client-4.0.3...cas-client-4.0.4)

---
updated-dependencies:
- dependency-name: org.apereo.cas.client:cas-client-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:49:31 -06:00
dependabot[bot] 7065f386b1 Bump io.projectreactor:reactor-bom from 2023.0.1 to 2023.0.2 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.1 to 2023.0.2.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.1...2023.0.2)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:48:37 -06:00
dependabot[bot] 6b42e5c732 Bump io.micrometer:micrometer-observation from 1.12.1 to 1.12.2 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:48:01 -06:00
dependabot[bot] 9f7d1c7c37 Bump io-spring-javaformat from 0.0.40 to 0.0.41 
Bumps `io-spring-javaformat` from 0.0.40 to 0.0.41.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.40 to 0.0.41
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.40...v0.0.41)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.40 to 0.0.41
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.40...v0.0.41)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:46:06 -06:00
dependabot[bot] 55f3d4cbc3 Bump org.slf4j:slf4j-api from 2.0.10 to 2.0.11 
Bumps org.slf4j:slf4j-api from 2.0.10 to 2.0.11.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 09:45:26 -06:00