Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,213 Commits 55 Branches 348 Tags
Commit Graph

18213 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
62c5a25d5e Merge branch '6.4.x' 2025-04-15 03:34:52 +00:00
dependabot[bot]
0ff3474e2d Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.5 to 1.14.6.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.5...v1.14.6)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-14 20:34:10 -07:00
Josh Cummings
f86c4ad383
Polish Native Support 
- Remove unneeded deprecateion marker
- Add missing reflected class

Issue gh-16536
 2025-04-14 14:08:57 -06:00
Joe Grandja
791feee355 Prevent downgraded usage of DPoP-bound access tokens 
Issue gh-16574

Closes gh-16937
 2025-04-14 15:54:41 -04:00
Josh Cummings
178ca73673
Fix Type Check 
Issue gh-16536
 2025-04-14 13:42:44 -06:00
Josh Cummings
ae82be70c3
Add Needed Runtime Hints 
Issue gh-16536
 2025-04-14 11:06:18 -06:00
dependabot[bot]
a5fa197105 Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.5 to 1.14.6.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.5...v1.14.6)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:55:40 -07:00
dependabot[bot]
fdff4eca1a Bump org.junit:junit-bom from 5.12.1 to 5.12.2 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.12.1 to 5.12.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.12.1...r5.12.2)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 5.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:42:35 -07:00
dependabot[bot]
cbfb1e002f Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:42:28 -07:00
dependabot[bot]
cfe2a9c39f Bump io.micrometer:context-propagation from 1.1.2 to 1.1.3 
Bumps [io.micrometer:context-propagation](https://github.com/micrometer-metrics/context-propagation) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/micrometer-metrics/context-propagation/releases)
- [Commits](https://github.com/micrometer-metrics/context-propagation/compare/v1.1.2...v1.1.3)

---
updated-dependencies:
- dependency-name: io.micrometer:context-propagation
  dependency-version: 1.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:42:19 -07:00
dependabot[bot]
ce1532703a Bump com.google.code.gson:gson from 2.12.1 to 2.13.0 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.12.1...gson-parent-2.13.0)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:41:39 -07:00
github-actions[bot]
c441b5951b Merge branch '6.4.x' 2025-04-14 03:30:46 +00:00
dependabot[bot]
2ce4aecec7 Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:30:04 -07:00
github-actions[bot]
848daec943 Merge branch '6.4.x' 2025-04-14 03:23:18 +00:00
github-actions[bot]
7c90300912 Merge branch '6.3.x' into 6.4.x 2025-04-14 03:23:18 +00:00
dependabot[bot]
0d3d6f75f8 Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:22:34 -07:00
Steve Riesenberg
15c2b156f1
Update Client Authentication examples 
Closes gh-16925

987d9c9788ba0343f543083c87613fb5
 2025-04-11 15:10:05 -05:00
Josh Cummings
0e70482725
Fix Formatting 2025-04-10 15:55:00 -06:00
Josh Cummings
09ba5397fb
Add Support for Authorizing Spring MVC Return Types 
Closes gh-16059
 2025-04-10 15:48:10 -06:00
Josh Cummings
6438603cb6
Pick Up TargetVisitor Beans 
Closes gh-16923
 2025-04-10 15:48:09 -06:00
Josh Cummings
5841e35cae
Invert AuthorizeReturnObjectMethodInterceptor Dependency 
Closes gh-16922
 2025-04-10 15:48:09 -06:00
Joe Grandja
1ca33cae70 Make DPoP IatClaimValidator public to allow configuring clock and clockSkew 
Issue gh-16574

Closes gh-16921
 2025-04-10 16:04:37 -04:00
github-actions[bot]
546dba7dc2 Merge branch '6.4.x' 2025-04-10 04:13:30 +00:00
dependabot[bot]
a10a35c2ac Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 21:12:41 -07:00
dependabot[bot]
923491628b Bump io.mockk:mockk from 1.13.17 to 1.14.0 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.17 to 1.14.0.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.17...1.14.0)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:52:41 -07:00
dependabot[bot]
1e6fd62bed Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:52:10 -07:00
github-actions[bot]
ee13d19503 Merge branch '6.3.x' into 6.4.x 2025-04-10 03:34:09 +00:00
github-actions[bot]
a9982971ae Merge branch '6.4.x' 2025-04-10 03:34:09 +00:00
dependabot[bot]
eb83c35ded Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:33:22 -07:00
Josh Cummings
3869b13e68
Add ResponseAuthenticationConverter 
Aside from simplifying configuration, this commit also makes it possible
to provide a response authentication converter that doesn't need the
NameID element to be present.

Closes gh-12136
 2025-04-09 17:38:24 -06:00
Josh Cummings
3e686abf50
Add ResponseValidator 
Issue gh-14264
Closes gh-16915
 2025-04-09 17:32:40 -06:00
Risto Virtanen
47e1fc045f Formatted 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
1db557e395 Replace ClientRegistrationMixinTests with StdConvertersTest 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen
368fe2e7a0 Add missing ClientAuthenticationMethods to jackson2 converter 
Closes gh-16825

Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Daeho Kwon
9908d96644
DeferredCsrfToken Implements Supplier 
Closes gh-16870

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-04-09 14:24:11 -06:00
Steve Riesenberg
43ef4262da
Update whats-new.adoc 
Issue gh-16913
 2025-04-09 11:19:50 -05:00
Steve Riesenberg
9d442c13de
Mark password grant for removal 
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.

Closes gh-16913
 2025-04-09 11:15:09 -05:00
Steve Riesenberg
197ee38aa0
Mark deprecated response clients for removal 
Issue gh-16913
 2025-04-09 11:15:06 -05:00
dependabot[bot]
9ca02082dc Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.1 to 1.10.2 
Bumps [org.jetbrains.kotlinx:kotlinx-coroutines-bom](https://github.com/Kotlin/kotlinx.coroutines) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/Kotlin/kotlinx.coroutines/releases)
- [Changelog](https://github.com/Kotlin/kotlinx.coroutines/blob/master/CHANGES.md)
- [Commits](https://github.com/Kotlin/kotlinx.coroutines/compare/1.10.1...1.10.2)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlinx:kotlinx-coroutines-bom
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-08 20:46:41 -07:00
Michael Samborski
bfb4878e29 Update kotlin.adoc to add required spread operator(*) 
Signed-off-by: Michael Samborski <msamborski@orbiscommunications.com>
 2025-04-08 14:12:09 -05:00
Tran Ngoc Nhan
d864e51ff6 Format OpaqueTokenIntrospector 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Tran Ngoc Nhan
d899bc5240 Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
James Howe
8d7f6acab6 Typo in Base64StringKeyGenerator exception message 
Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com>
 2025-04-08 09:56:14 -06:00
Josh Cummings
f93a7a2f85
Deprecate HandlerMappingIntrospectorRequestTransformer 
Closes gh-16536
 2025-04-07 13:56:18 -06:00
Steve Riesenberg
1fb3fc80f9
Polish gh-15819 
Closes gh-15818
 2025-04-07 10:57:49 -05:00
Jonah Klöckner
9674532f4d
Add support for access token in body parameter as per rfc 6750 Sec. 2.2 
Issue gh-15818
 2025-04-07 10:57:49 -05:00
Steve Riesenberg
03e090c2d7
Merge branch '6.4.x' 
Closes gh-16902
 2025-04-07 10:57:12 -05:00
Steve Riesenberg
db34de59bc
Merge branch '6.3.x' into 6.4.x 
Closes gh-16901
 2025-04-07 10:55:51 -05:00
Steve Riesenberg
3c0fef59b5
Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner
da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00