Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 12:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,410 Commits 55 Branches 348 Tags
Commit Graph

18410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
043464fd3d
Bump org.hibernate.orm:hibernate-core from 7.0.1.Final to 7.0.2.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.0.1.Final to 7.0.2.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.0.2/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.0.1...7.0.2)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.0.2.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-13 03:47:51 +00:00
Rob Winch
e1d8033ee3
Merge branch '6.5.x' 2025-06-12 12:26:43 -05:00
Rob Winch
2be756e9dd
Merge branch '6.4.x' into 6.5.x 2025-06-12 12:26:33 -05:00
Rob Winch
df90cd5e23
Merge branch '6.3.x' into 6.4.x 2025-06-12 12:26:21 -05:00
Rob Winch
540ceef866
Merge branch 'gradle/6.5.x/com.fasterxml.jackson-jackson-bom-2.18.4.1' into 6.5.x 2025-06-12 12:26:07 -05:00
Rob Winch
d32b6629b7
Merge branch 'gradle/6.4.x/io.projectreactor-reactor-bom-2023.0.19' into 6.4.x 2025-06-12 12:24:21 -05:00
Rob Winch
8e57014c50
Merge branch 'gradle/main/org.hibernate.orm-hibernate-core-7.0.1.Final' 2025-06-12 12:22:35 -05:00
Rob Winch
025995ef97
Merge branch 'gradle/main/io.projectreactor-reactor-bom-2025.0.0-M4' 2025-06-12 12:22:06 -05:00
Rob Winch
040ffe17e5
Add SubjectX500PrincipalExtractor to Whats New 
Issue gh-16984
 2025-06-12 12:19:37 -05:00
Evgeniy Cheban
092bbfc8e7 ReactiveAuthorizationManager replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
Evgeniy Cheban
b0cecb37d2 Replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
Rob Winch
e3add59550 Update x509 Reference 
- Use include-code
- Demo how to customize SubjectX500PrincipalExtractor
 2025-06-12 12:09:20 -05:00
Rob Winch
7bf2730a53 Add x509@principal-extractor-ref 
Enables customizing the X500PrincipalExtractor
 2025-06-12 12:09:20 -05:00
Rob Winch
88ed4a5ccf Use principalExtractor reference instead of properties 2025-06-12 12:09:20 -05:00
Rob Winch
2b740b7f1f Update SubjectX500PrincipalExtractor Javadoc 
- Provide more details on how the principalName is extracted
- Update to specify an OID is used for emailAddress
 2025-06-12 12:09:20 -05:00
Rob Winch
f690a7f3df Encapsulate extractPrincipalNameFromEmail property 
This simplifies the logic when extracting the principal and allows
more flexibility in the future by allowing the format and regex to be
added as setters.
 2025-06-12 12:09:20 -05:00
Rob Winch
5f2efbea6a Remove unused statement 2025-06-12 12:09:20 -05:00
Max Batischev
aba437d469 Add Support SubjectX500PrincipalExtractor 
Closes gh-16980

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-12 12:09:20 -05:00
Josh Cummings
e8f920e0ee Polish JdbcAssertingPartyMetadataRepository 
- Remove GetBytes since it's not used yet
- Remove customizable RowMapper since this can be added
later
- Change signing_algorithms to be a String since the conversion
strategy is simple
- Standardize test names
- Simplify conversion of credentials using ThrowingFunction
- Change column names to match RelyingPartyRegistration
field names

Issue gh-16012
 2025-06-11 18:08:31 -06:00
Josh Cummings
2bd05128ec Add JdbcAssertingPartyMetadataRepository#save 
Issue gh-16012

Co-Authored-By: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
Josh Cummings
e2e42a5580 Fix Checkstyle 
Issue gh-16012
 2025-06-11 18:08:31 -06:00
chao.wang
16fd24c002 Add JdbcAssertingPartyMetadataRepository 
Closes gh-16012

Signed-off-by: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
dependabot[bot]
9be7b37472
Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4 to 2.18.4.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4...jackson-bom-2.18.4.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 04:06:48 +00:00
dependabot[bot]
195fb7253c
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 04:06:24 +00:00
dependabot[bot]
7f36155b47
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:59:26 +00:00
dependabot[bot]
53ce08d79d
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:36:18 +00:00
dependabot[bot]
cc40879f05
Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4 to 2.18.4.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4...jackson-bom-2.18.4.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:35:43 +00:00
dependabot[bot]
60f729156b
Bump org.hibernate.orm:hibernate-core from 7.0.0.Final to 7.0.1.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.0.0.Final to 7.0.1.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.0.1/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.0.0...7.0.1)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.0.1.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:15:08 +00:00
dependabot[bot]
220f49d86e
Bump io.projectreactor:reactor-bom from 2025.0.0-M3 to 2025.0.0-M4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0-M3 to 2025.0.0-M4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0-M3...2025.0.0-M4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.0-M4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:14:31 +00:00
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
02a8c416aa Add NameID to SAML 2.0 Authentication Info 
Issue gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
36c7b91fb9 SAML 2.0 Single Logout Uses Saml2AuthenticationInfo 
This allows SLO to be triggered without the authentication
principal needing to implement a given interface.

Issue gh-10820
 2025-06-10 17:21:03 -06:00
Rob Winch
ffd6e3c0f7
Merge branch '6.5.x' 2025-06-10 10:49:13 -05:00
Rob Winch
b4418014aa
Merge branch '6.4.x' into 6.5.x 2025-06-10 10:49:05 -05:00
Rob Winch
29ec4c8736
Merge branch '6.3.x' into 6.4.x 2025-06-10 10:48:44 -05:00
Rob Winch
888d87619d
Explicit Permissions for codeql.yml 2025-06-10 10:48:37 -05:00
Rob Winch
2c5bd4c916
Explicit Permissions for codeql.yml 2025-06-10 10:46:23 -05:00
Rob Winch
dc954875f3
Merge branch '6.5.x' 2025-06-10 09:56:09 -05:00
Rob Winch
0299ba6027
Merge branch '6.4.x' into 6.5.x 2025-06-10 09:55:50 -05:00
dependabot[bot]
a060f7b462
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:41:53 +00:00
dependabot[bot]
d7bada7fec
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:35:38 +00:00
dependabot[bot]
eaba293cc5
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:25:56 +00:00
Lidoca
d0db5e3ea3 Update database-schema.adoc 
docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc

Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>
 2025-06-09 22:17:57 -05:00
Josh Cummings
aa3135169d Polish Documentation 
Closes gh-14635
 2025-06-09 16:49:36 -06:00
Liviu Gheorghe
3ddf201d66 Updated Copyrights 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
edfd7b9b43 Addressed review comments 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
358f6c96b5 Update config tests 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Liviu Gheorghe
eaf8184142 Send saml logout response even when validation errors happen 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Rob Winch
097640b72a
Merge branch '6.5.x' 2025-06-09 17:11:12 -05:00
Rob Winch
c9a67818d7
Merge branch '6.4.x' into 6.5.x 2025-06-09 17:11:04 -05:00