Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-04-16 14:03:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,775 Commits 57 Branches 376 Tags
Commit Graph

20775 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
036ccff1f5 Move Focus to OTT Button When Username is Read-Only 
Closes gh-18817

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:32:15 -06:00
Anantha Krishnan
245733a631 fix: restore native form submission for OTT login 
Signed-off-by: Anantha Krishnan <ananthakrishnanj2001@gmail.com>
 2026-04-07 18:32:15 -06:00
Josh Cummings
229eb3ea46 Defer SecureRandom Construction Until Usage 
Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings
c21fc6c433 Use Static Holder 
By using a static holder, we can leave method contracts
as-is and still maintain the performance benefit.

Issue gh-17824

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee
7c31eb58ac Also deprecate BCrypt.gensalt(int) without SecureRandom parameter 
- Deprecates BCrypt.gensalt(int) method

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Yerin Lee
d4f49a5b43 Deprecate BCrypt.gensalt() without SecureRandom parameter 
Creating a new SecureRandom instance on every call causes
unnecessary performance overhead. This change:

- Deprecates BCrypt.gensalt(String, int) method
- Modifies BCryptPasswordEncoder constructors to create
  and reuse SecureRandom instances
- Maintains backward compatibility

All existing tests pass.

Closes gh-17824

Signed-off-by: Yerin Lee <rt8632@naver.com>
 2026-04-07 18:20:24 -06:00
Josh Cummings
6d20e02173 Update whats-new 
Issue gh-18113

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-04-07 16:21:15 -06:00
Josh Cummings
0c6b73d123 WebAuthn Publishes Authentication Events 
Closes gh-18113

Signed-off-by: suuuuuuminnnnnn <sumin45402214@gmail.com>
 2026-04-07 16:21:15 -06:00
Joe Grandja
f66fb0814b Fix merge 2026-04-07 16:12:34 -04:00
Joe Grandja
3008848158 Merge branch '7.0.x' 2026-04-07 15:47:01 -04:00
Joe Grandja
41524880c6 Fix auth_time claim should represent authentication time 
Closes gh-18282
 2026-04-07 15:44:57 -04:00
Josh Cummings
1e979d6f52
Merge branch '7.0.x' 2026-04-07 10:31:14 -06:00
Josh Cummings
2361dc131e
Merge branch '6.5.x' into 7.0.x 2026-04-07 10:31:01 -06:00
dependabot[bot]
44d32815b1 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:29:49 -06:00
dependabot[bot]
87c3335e01 Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.45.Final to 6.6.47.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.47/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.45...6.6.47)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.47.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:07:57 -06:00
dependabot[bot]
76e9d91f24 Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 10:06:09 -06:00
dependabot[bot]
145579896f Bump lodash from 4.17.23 to 4.18.1 in /javascript 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-02 20:05:04 +00:00
Joe Grandja
073fc9874b Revert snapshots to Spring Framework 7.0.+ 
Closes gh-19024
 2026-04-02 15:52:23 -04:00
Rob Winch
ce247bdd16
Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-02 12:51:07 -04:00
Robert Winch
ad5a9fd0ba
Merge Add XML Based shouldWriteHeadersEagerly tests 2026-04-02 11:39:15 -05:00
Joe Grandja
4ce3fade21 Add @Nullable to DefaultOidcUser.equals() 
Issue gh-18622
 2026-04-02 11:02:22 -04:00
Joe Grandja
9527a4b281 Merge branch '7.0.x' 2026-04-02 10:58:06 -04:00
Joe Grandja
77fe9e892a Merge branch '6.5.x' into 7.0.x 
Closes gh-19022
 2026-04-02 10:52:15 -04:00
Joe Grandja
eefbb4da64 Fix DefaultOidcUser.equals() 
Closes gh-18622
 2026-04-02 10:41:32 -04:00
Joe Grandja
2ada3f00fa Polish gh-18888 2026-04-02 06:29:02 -04:00
Evgeniy Cheban
8f2a5a7b6e Add PrincipalResolver to ExchangeFilterFunctions 
Closes gh-16284

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2026-04-02 06:28:42 -04:00
Joe Grandja
aa35db5aad Fix merge conflict 2026-04-02 05:45:17 -04:00
Rob Winch
8f65f88dc0
Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:58:09 -04:00
Rob Winch
a2793f31b4
Merge Add XML Based shouldWriteHeadersEagerly tests 
Add XML Based shouldWriteHeadersEagerly tests
 2026-04-01 12:53:29 -04:00
Robert Winch
64d8e6cc9b
Merge Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:41:58 -05:00
Robert Winch
679a47a51d
Add XML Based shouldWriteHeadersEagerly tests 2026-04-01 11:37:39 -05:00
Josh Cummings
5b8d81828a
Add serialVersionUID 
This commit gives a serialVersionUID to the private adapter class for the Jwt
authentication principal. It also adds a SuppressWarnings annotation so that
it doesn't get picked up by config's serialization tests. This is needed since
the test cannot construct a serialization sample for a private class

Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:19:41 -06:00
Josh Cummings
16b5df40de
Exclude Anonymous Classes in Serializable Scan 
Issue gh-17729

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:17:12 -06:00
Josh Cummings
8472599067
Add Missing 7.1 Serialization Artifacts 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 16:16:27 -06:00
Josh Cummings
cb129d6b2d
Merge branch '7.0.x' 2026-03-31 15:56:49 -06:00
Josh Cummings
d4678c8e04
Add Missing Serialization Support 
Closes gh-19013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 15:55:09 -06:00
Josh Cummings
43b132bec6
Merge branch '6.5.x' into 7.0.x 2026-03-31 15:27:58 -06:00
Josh Cummings
08fca57d12
Add Missing Serialization Support 
Closed gh-19012

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 13:58:35 -06:00
Josh Cummings
acabacb971
Update Test to find SuppressWarnings 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-31 13:47:52 -06:00
johnycho
1a130fca3c
Improve serialVersionUID check in tests 
Signed-off-by: johnycho <shunnn215@gmail.com>
 2026-03-31 13:47:50 -06:00
Rob Winch
5fe29f9cd0
Add AllRequiredFactorsAuthorizationManager.anyOf 2026-03-31 15:17:08 -04:00
Robert Winch
ff820a868e
Polish AllRequiredFactorsAuthorizationManager.anyOf 
- Add validation
- Extract to static inner class
- Uniqueness determined by Set rather than requiredFactor
  This is important for the failure with the same RequiredFactor, but a
  different reason
- Add documentation

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-03-31 14:03:29 -05:00
Evgeniy Cheban
6b09352a93
Add AllRequiredFactorsAuthorizationManager.anyOf 
Closes gh-18960

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2026-03-31 13:25:02 -05:00
Josh Cummings
067f79dde5
Merge branch 'fix-17729' into 7.0.x 2026-03-30 17:19:31 -06:00
Josh Cummings
45758a5cec
Merge branch '6.5.x' into 7.0.x 2026-03-30 17:14:28 -06:00
Josh Cummings
52d98ab7af
Add Needed SuppressWarnings Annotations 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-30 17:14:17 -06:00
Josh Cummings
0b680be97b
Update Test to find SuppressWarnings 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-30 17:14:03 -06:00
johnycho
7c28b15471 Improve serialVersionUID check in tests 
Signed-off-by: johnycho <shunnn215@gmail.com>
 2026-03-30 14:26:12 -06:00
Joe Grandja
12997b6ab6 Polish oauth2-client tests with missing Content-Type header 2026-03-30 13:40:32 -04:00
Rob Winch
abf3c866fb
Merge pull request #19005 from rwinch/7.0.x-CredentialRecordOwnerAuthorizationManager 
Merge Add CredentialRecordOwnerAuthorizationManager
 2026-03-29 23:46:35 -04:00