Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 12:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,237 Commits 50 Branches 348 Tags
Commit Graph

18237 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
ee13d19503 Merge branch '6.3.x' into 6.4.x 2025-04-10 03:34:09 +00:00
github-actions[bot]
a9982971ae Merge branch '6.4.x' 2025-04-10 03:34:09 +00:00
dependabot[bot]
eb83c35ded Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:33:22 -07:00
Josh Cummings
3869b13e68
Add ResponseAuthenticationConverter 
Aside from simplifying configuration, this commit also makes it possible
to provide a response authentication converter that doesn't need the
NameID element to be present.

Closes gh-12136
 2025-04-09 17:38:24 -06:00
Josh Cummings
3e686abf50
Add ResponseValidator 
Issue gh-14264
Closes gh-16915
 2025-04-09 17:32:40 -06:00
Risto Virtanen
47e1fc045f Formatted 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
1db557e395 Replace ClientRegistrationMixinTests with StdConvertersTest 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
368fe2e7a0 Add missing ClientAuthenticationMethods to jackson2 converter 
Closes gh-16825

Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Daeho Kwon
9908d96644
DeferredCsrfToken Implements Supplier 
Closes gh-16870

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-04-09 14:24:11 -06:00
Steve Riesenberg
43ef4262da
Update whats-new.adoc 
Issue gh-16913
 2025-04-09 11:19:50 -05:00
Steve Riesenberg
9d442c13de
Mark password grant for removal 
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.

Closes gh-16913
 2025-04-09 11:15:09 -05:00
Steve Riesenberg
197ee38aa0
Mark deprecated response clients for removal 
Issue gh-16913
 2025-04-09 11:15:06 -05:00
dependabot[bot]
9ca02082dc Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.1 to 1.10.2 
Bumps [org.jetbrains.kotlinx:kotlinx-coroutines-bom](https://github.com/Kotlin/kotlinx.coroutines) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/Kotlin/kotlinx.coroutines/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.coroutines/blob/master/CHANGES.md)
- [Commits](https://github.com/Kotlin/kotlinx.coroutines/compare/1.10.1...1.10.2)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlinx:kotlinx-coroutines-bom
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-08 20:46:41 -07:00
Michael Samborski
bfb4878e29 Update kotlin.adoc to add required spread operator(*) 
Signed-off-by: Michael Samborski <msamborski@orbiscommunications.com>
 2025-04-08 14:12:09 -05:00
Tran Ngoc Nhan
d864e51ff6 Format OpaqueTokenIntrospector 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Tran Ngoc Nhan
d899bc5240 Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
James Howe
8d7f6acab6 Typo in Base64StringKeyGenerator exception message 
Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com>
 2025-04-08 09:56:14 -06:00
Josh Cummings
f93a7a2f85
Deprecate HandlerMappingIntrospectorRequestTransformer 
Closes gh-16536
 2025-04-07 13:56:18 -06:00
Steve Riesenberg
1fb3fc80f9
Polish gh-15819 
Closes gh-15818
 2025-04-07 10:57:49 -05:00
Jonah Klöckner
9674532f4d
Add support for access token in body parameter as per rfc 6750 Sec. 2.2 
Issue gh-15818
 2025-04-07 10:57:49 -05:00
Steve Riesenberg
03e090c2d7
Merge branch '6.4.x' 
Closes gh-16902
 2025-04-07 10:57:12 -05:00
Steve Riesenberg
db34de59bc
Merge branch '6.3.x' into 6.4.x 
Closes gh-16901
 2025-04-07 10:55:51 -05:00
Steve Riesenberg
3c0fef59b5
Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner
da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
Joe Grandja
9c073dbcde Add AuthenticationEntryPoint for DPoP 
Issue gh-16574

Closes gh-16900
 2025-04-07 09:38:51 -04:00
dependabot[bot]
21a85e3520 Bump org.mockito:mockito-bom from 5.16.1 to 5.17.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.16.1 to 5.17.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.16.1...v5.17.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 21:00:37 -07:00
dependabot[bot]
0a2b9d4978 Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.12.Final to 6.6.13.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.13/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.12...6.6.13)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.13.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 20:59:30 -07:00
dependabot[bot]
ff29c1b547 Bump org.seleniumhq.selenium:selenium-java from 4.30.0 to 4.31.0 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.30.0 to 4.31.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.30.0...selenium-4.31.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-version: 4.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 20:59:24 -07:00
github-actions[bot]
16527fec06 Merge branch '6.4.x' 2025-04-07 03:56:36 +00:00
dependabot[bot]
a081402383 Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.12.Final to 6.6.13.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.13/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.12...6.6.13)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.13.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 20:55:51 -07:00
github-actions[bot]
87300c491d Merge branch '6.4.x' 2025-04-07 00:23:05 +00:00
dependabot[bot]
f3c8262a00 Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.19 to 0.0.20.
- [Commits](c203826512...e28269199d)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 17:22:18 -07:00
dependabot[bot]
1eff176776 Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.19 to 0.0.20.
- [Commits](c203826512...e28269199d)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-06 17:17:16 -07:00
Josh Cummings
a283700ef8
Add CacheSaml2AuthenticationRequestRepository 
Closes gh-14793
 2025-04-03 17:43:48 -06:00
chu3la
8cbe02e3aa Update WebAuthn Test Objects Class Names 
Closes gh-16604

Signed-off-by: chu3la <elmansouri.houssam@gmail.com>
 2025-04-03 16:33:34 -06:00
Josh Cummings
67c21de1cf
Support Continue Filter Chain When No Relying Party 
Closes gh-16000
 2025-04-03 15:32:23 -06:00
Josh Cummings
5436fd5574
Remove Unecessary Code 2025-04-03 14:28:54 -06:00
Josh Cummings
4cdc6dab21
Fix Formatting 
Issue gh-16604
 2025-04-03 12:55:51 -06:00
Vasanth
04d7130975
Update WebAuthn Test Objects Class Names 
Renamed the WebAuthn test object class names

Closes gh-16604

Signed-off-by: Vasanth <76898064+vasanth-79@users.noreply.github.com>
 2025-04-03 12:55:50 -06:00
Josh Cummings
f280593566 Move Preparation Steps 
Closes gh-16873
 2025-04-03 11:08:24 -06:00
Josh Cummings
09b75719c2 Merge branch '6.4.x' 2025-04-03 11:08:11 -06:00
Josh Cummings
5ecf093025 Merge branch '6.3.x' into 6.4.x 2025-04-03 11:06:24 -06:00
Josh Cummings
616b43f261 Restore 6.x Migration Steps 
Issue gh-16873
 2025-04-03 11:05:53 -06:00
Josh Cummings
91b0936189
Add AssertionValidator 
- Ships with support for customizing the OpenSAML validators to use
- Or, you can supply your own instance of SAML20AssertionValidator

Closes gh-15578
 2025-04-02 17:44:40 -06:00
Josh Cummings
2885b0f75f Add valueOf 
This commit adds a static factory for returning a constant
ClientAuthenticationMethod or creating a new one when there
is no match.

Issue gh-16825
 2025-04-02 11:16:30 -06:00
dependabot[bot]
2a24bb0b26 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.6.RELEASE to 0.29.0.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.6.RELEASE...0.29.0.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-01 20:54:31 -07:00
Josh Cummings
b7d399ab89
Merge branch '6.4.x' 2025-04-01 12:02:53 -06:00
Josh Cummings
0954638d57
Merge branch '6.3.x' into 6.4.x 
Closes gh-16862
 2025-04-01 12:02:25 -06:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Max Batischev
9a897d0b62 Add Support Postgres To JdbcUserCredentialRepository 
Closes gh-16832

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-31 16:43:36 -06:00