Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-28 10:29:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,655 Commits 36 Branches 337 Tags
Commit Graph

17655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steve Riesenberg
54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews
58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Josh Cummings
e63ef3cdc4
Merge branch '6.4.x' 2025-02-03 12:35:53 -07:00
Josh Cummings
47fd6befde
Ensure Serialization Compatibility for AuthenticationException 
Issue gh-16286
 2025-02-03 12:34:43 -07:00
dae won
6a94a294ea Lazily compose debug message in AbstractUserDetailsAuthenticationProvider 
Closes gh-16495

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-02-03 12:27:49 -07:00
Max Batischev
61d92e9db9 Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-03 12:15:20 -07:00
Josh Cummings
b98ece3e03
Clarify Commit Message Guideline 
We typically use imperative; however, this can feel unnatural on occasion.
For example 'S101 Depends On Assemble' would sound unnatural as 'S101 Depend On Assemble'
 2025-02-03 11:31:54 -07:00
Josh Cummings
6730167445
Correct Link Anchor Syntax 2025-02-03 10:33:23 -07:00
Josh Cummings
0f8e1936ff
Merge branch '6.4.x' 2025-02-03 10:19:31 -07:00
NeoTraveler
e31f04bebc
withValue used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00
Josh Cummings
5efc60d380
Merge branch '6.4.x' 2025-02-03 10:13:37 -07:00
Josh Cummings
5ff87128b1
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-02-03 10:13:14 -07:00
Tran Ngoc Nhan
bcc4b415b3
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-02-03 10:13:13 -07:00
Steve Riesenberg
b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02
1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
github-actions[bot]
22605be60e Merge branch '6.4.x' 2025-02-03 04:16:01 +00:00
dependabot[bot]
eb4befa28e Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:15:24 -08:00
github-actions[bot]
043ec05334 Merge branch '6.4.x' 2025-02-03 04:14:47 +00:00
dependabot[bot]
ca3c763c04 Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:14:06 -08:00
dependabot[bot]
df1b3032c7 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:53:23 -08:00
dependabot[bot]
330489e04a Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:52:02 -08:00
github-actions[bot]
291fae89a9 Merge branch '6.3.x' into 6.4.x 2025-02-03 00:53:13 +00:00
github-actions[bot]
db41f7e1ca Merge branch '6.4.x' 2025-02-03 00:53:13 +00:00
dependabot[bot]
7d5414b349 Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:52:21 -08:00
dependabot[bot]
e5583de8de Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:26:12 -08:00
Rob Winch
10394c8f2a
OTT Tests use Mocks Instead of Comparing Expires 
Previously, expires was compared to test if a custom implementations
were used. Now the tests verify this through mocks.

Closes gh-16515
 2025-01-31 16:47:50 -06:00
Christian
b56650100a
Removes the use of StringUtils from DelegatingPasswordEncoder 
Closes gh-16442

Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>
 2025-01-31 15:43:24 -06:00
dependabot[bot]
2aa2e646d4 Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.12.0...gson-parent-2.12.1)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-30 19:33:34 -08:00
tejas-teju
e724ea16a4 Update UsernameNotFoundException message 
Closes gh-16497

Signed-off-by: tejas-teju <tejas8196@gmail.com>
 2025-01-30 18:25:52 -07:00
Josh Cummings
5af4b9a2ad
Merge branch '6.4.x' 2025-01-30 18:06:01 -07:00
Josh Cummings
4b5bacf71a
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-01-30 18:05:17 -07:00
Tran Ngoc Nhan
e50415de85
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-01-30 17:45:41 -07:00
guesshe
67c1438282
Update settings.gradle 
Closes gh-16322

Signed-off-by: guesshe <42242590+guesshe@users.noreply.github.com>
 2025-01-30 13:51:40 -06:00
dependabot[bot]
cb16f48041 Bump com.google.code.gson:gson from 2.11.0 to 2.12.0 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.11.0 to 2.12.0.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-29 19:28:39 -08:00
Josh Cummings
174f17e8a7
Merge branch '6.4.x' 2025-01-27 16:36:56 -07:00
Josh Cummings
fbebd03c08
Merge branch '6.3.x' into 6.4.x 2025-01-27 16:36:03 -07:00
Josh Cummings
2de2e3803a
Update to Gradle 8.12.1 
Closes gh-16485
 2025-01-27 16:35:13 -07:00
Josh Cummings
7030a62c76
Merge branch '6.4.x' 2025-01-24 11:48:13 -07:00
Josh Cummings
28615e7f64
Remove Stray Import 2025-01-24 11:47:40 -07:00
Josh Cummings
6707b06fcc
Merge branch '6.4.x' 2025-01-24 11:31:53 -07:00
Josh Cummings
47fc2bff95
Merge branch '6.3.x' into 6.4.x 2025-01-24 11:31:44 -07:00
Josh Cummings
43a2fbf5ad
Ensure s101 Runs After Assemble 
Issue gh-16482
 2025-01-24 11:31:22 -07:00
Josh Cummings
351f6c9a1e
Merge branch '6.4.x' 2025-01-24 11:26:09 -07:00
Josh Cummings
f4d2b61405
Merge branch '6.3.x' into 6.4.x 2025-01-24 11:25:42 -07:00
Josh Cummings
d6b295ba2c
S101 Depends On Assemble 
Closes gh-16482
 2025-01-24 11:25:26 -07:00
dependabot[bot]
5d9011b745 Bump org.seleniumhq.selenium:selenium-java from 4.28.0 to 4.28.1 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.28.0 to 4.28.1.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-23 19:39:59 -08:00
dependabot[bot]
abd7e2160b Bump com.github.ben-manes:gradle-versions-plugin from 0.51.0 to 0.52.0 
Bumps com.github.ben-manes:gradle-versions-plugin from 0.51.0 to 0.52.0.

---
updated-dependencies:
- dependency-name: com.github.ben-manes:gradle-versions-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-23 19:39:26 -08:00
Rob Winch
5bc443a095
Make PublicKeyCredentialRequestOptions Serializable 
Closes gh-16438
 2025-01-23 20:13:23 -06:00
Rob Winch
a841737941
Use credPropsField.getType() 
Using the type from a field retains generics information.

Issue gh-16432
 2025-01-23 20:13:11 -06:00
Max Batischev
c7bc4c98db
Make PublicKeyCredentialRequestOptions Serializable 
Closes gh-16432

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-23 20:13:10 -06:00