Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-28 18:39:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,655 Commits 36 Branches 337 Tags
Commit Graph

17655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
0d4f786484
Fix WebAuthnConfigurer Javadoc 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
DingHao
8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Rob Winch
4fc99aa9e1
Add ClientRegistration.clientSettings.requireProofKey 
Setting ClientRegistration.clientSettings.requireProofKey=true will
enable PKCE for clients using authorization_code grant type.

Closes gh-16386
 2025-01-17 17:27:04 -06:00
Rob Winch
85d7cc1335
Document requireProofKey 
Issue gh-16386
 2025-01-17 17:26:48 -06:00
Rob Winch
004f38639d
Move ClientSettings to ClientRegistration 
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
 2025-01-17 17:26:48 -06:00
Rob Winch
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works 
Issue gh-16382
 2025-01-17 17:26:48 -06:00
Rob Winch
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE 
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
ab629cc1ca
Add AuthorizationGrantType.toString() 
This adds AuthorizationGrantType.toString() which makes debuging easier.
In particular, it will help when performing unit tests which validate the
AuthorizationGrantType.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
b0a4dcb89e
ClientSettings equals, hashCode, toString 
Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
2665a92107
Ensure that ClientSettings cannot be null 
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support 
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
 2025-01-17 17:26:46 -06:00
DingHao
8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE 
Closes gh-16382

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 17:26:46 -06:00
Rob Winch
8acd1d3f51
Fix checkstyleNohttp OutOfMemoryError 2025-01-17 17:26:46 -06:00
Josh Cummings
c2a5709e0f
Merge branch '6.4.x' 2025-01-17 16:09:01 -07:00
Josh Cummings
bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
Josh Cummings
9a3bbf8d00
Merge branch '6.4.x' 2025-01-17 14:17:16 -07:00
Josh Cummings
45da5c94b6
Support Serialization in Test Classes 
Issue gh-16276
 2025-01-17 14:15:30 -07:00
Rob Winch
fd0024730e
Merge branch '6.4.x' 
Closes gh-16441
 2025-01-17 08:45:39 -06:00
Rob Winch
b098739349
Case insenstive 2025-01-17 08:45:30 -06:00
Daniel Garnier-Moiroux
5bf42bb7a8 webauthn: ensure allowCredentials[].id is an ArrayBuffer 
closes gh-16439

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-17 15:14:33 +01:00
github-actions[bot]
d8783b30d9 Merge branch '6.4.x' 2025-01-17 04:01:38 +00:00
dependabot[bot]
60dbeba985 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 20:00:52 -08:00
Josh Cummings
aea7f333f7
Document OpaqueTokenIntrospector Migration 
Issue gh-15988
 2025-01-16 20:41:56 -07:00
dependabot[bot]
d3fe73fb92 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 19:24:21 -08:00
Josh Cummings
a5af8503df
Update OpaqueTokenIntrospector Documentation 
Issue gh-15988
 2025-01-16 16:46:46 -07:00
Tran Ngoc Nhan
aced3bcf16 Encode Introspection clientId and clientSecret 
Closes gh-15988

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-16 16:32:01 -07:00
Marco Haase
7c4448c588 Fix broken link to MockMvc documentation 
Link to Test chapter of Spring Framework documentation is broken,
this commit fixes it.

Signed-off-by: Marco Haase <marco.haase@de.bosch.com>
 2025-01-16 16:30:47 -07:00
2-say
33ecb443ea Suggest replacing size() == 0 with isEmpty() for collection check 
Consider using isEmpty() instead of size() == 0 to improve code readability
and follow modern Java practices.

Signed-off-by: 2-say <dev2say@gmail.com>
 2025-01-16 16:27:50 -07:00
Max Batischev
17fb4d1c0d Fixed typo in WebAuthnDsl 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-16 14:33:57 -07:00
Josh Cummings
352a6a0d53
Add Breaking Change Section for 6.5 
Issue gh-16422
 2025-01-16 14:30:12 -07:00
DingHao
45f22a46e3 Use spring.security prefix instead of security.security 
Closes gh-16422

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-16 14:29:25 -07:00
Tran Ngoc Nhan
38006fea2c Fix broken link 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-16 14:24:07 -07:00
Max Batischev
ed3f3d17b2 Add support customizing redirect URI 
Closes gh-14778
 2025-01-16 14:14:11 -07:00
Josh Cummings
7b8ff72c4e
Fix MVC Documentation for Kotlin 
Closes gh-16426
 2025-01-15 17:45:05 -07:00
Josh Cummings
443af32314
Move Servlet Mocks to Web 
Issue gh-13551
 2025-01-15 17:32:58 -07:00
Josh Cummings
8827b2e564
Polish Using Request ServletContext 
Issue gh-14418
 2025-01-15 17:27:08 -07:00
Josh Cummings
75a35793dc
Polish requestMatchers Logic 
Issue gh-13551
 2025-01-15 17:27:00 -07:00
Steve Riesenberg
ddca7dc629
Merge branch '6.4.x' 
Closes gh-16425
 2025-01-15 11:47:18 -06:00
Steve Riesenberg
b4befb4263
Merge branch '6.3.x' into 6.4.x 
Closes gh-16424
 2025-01-15 11:46:01 -06:00
Steve Riesenberg
a3f6825f9c
Fix missing GChat notifications with workaround 
This fix was suggested by GitHub Support as a workaround for a bug where
`failure()` is not working for reusable workflows that will be fixed in
a few months.

Closes gh-16423
 2025-01-15 11:42:10 -06:00
github-actions[bot]
c78ac116f9 Merge branch '6.4.x' 2025-01-15 04:02:08 +00:00
dependabot[bot]
ce38162c86 Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.13 to 2023.0.14.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.13...2023.0.14)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-14 20:01:30 -08:00
github-actions[bot]
1cb775ba0b Merge branch '6.4.x' 2025-01-15 03:59:51 +00:00
github-actions[bot]
2e5c5fffc4 Merge branch '6.3.x' into 6.4.x 2025-01-15 03:59:51 +00:00
dependabot[bot]
ea0ec9e662 Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.13 to 2023.0.14.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.13...2023.0.14)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-14 19:59:03 -08:00
dependabot[bot]
25109cffb5 Bump io.projectreactor:reactor-bom from 2023.0.13 to 2023.0.14 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.13 to 2023.0.14.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.13...2023.0.14)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-14 19:50:24 -08:00
dependabot[bot]
360c6b3c80 Bump org-bouncycastle from 1.79 to 1.80 
Bumps `org-bouncycastle` from 1.79 to 1.80.

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.79 to 1.80
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcprov-jdk18on` from 1.79 to 1.80
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-14 19:50:03 -08:00
Josh Cummings
6019803064
Merge branch '6.4.x' 2025-01-14 18:38:14 -07:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Josh Cummings
acd1bb1777
Merge branch '6.4.x' 2025-01-14 17:35:45 -07:00