Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,056 Commits 29 Branches 320 Tags 104 MiB
Commit Graph

10056 Commits

Author SHA1 Message Date
Daniel Garnier-Moiroux 26bb60c567 Add rncToXsd task description to CONTRIBUTING.adoc 2022-10-03 10:09:27 -03:00
Dan Allen c44230ba24
switch to offical Antora plugin for Gradle 
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
 2022-09-29 14:05:09 -05:00
Jerome Prinet 8d2fb6858f Update Gradle Enterprise plugin to 3.11.1 2022-09-16 13:14:53 -03:00
Marcus Da Coregio 7756247c3a Simplify checkSamples task 
Closes gh-11814
 2022-09-16 09:36:12 -03:00
Dan Allen 3387149a0f repurpose 5.6.x branch to provide local docs build 
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
 2022-09-12 15:41:12 -05:00
Underground Hill 8b74bf9742 Updated reference to architecture page 
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
 2022-09-01 09:38:10 -03:00
Marcus Da Coregio 40abf87ae6 Add buildScan to checkRemote 
Closes gh-11766
 2022-08-30 09:11:08 -03:00
Steve Riesenberg 1c014eb512
Use 6.0.x instead of 3.0.x as default branch 2022-08-24 16:38:27 -05:00
Rob Winch 8c69699458 Remove backportbot.yml 
Issue gh-11736
 2022-08-23 13:46:32 -05:00
Rob Winch fc10d5fc29 repository=spring-projects/spring-security 
Previously the repository used spring-project (missing the s)
 2022-08-23 13:30:20 -05:00
Rob Winch c79ebf4edf Setup Forward Merge 2022-08-22 16:19:44 -05:00
Marcus Da Coregio a8d6c1d21f Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder 
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService

Closes gh-11449
Closes gh-11726
 2022-08-19 09:58:22 -03:00
Steve Riesenberg 7c7f9380c7
Refresh remote JWK when unknown KID error occurs 
Closes gh-11621
 2022-08-18 16:54:45 -05:00
tinolazreg 888715bbb2
Add tests for unknown KID error 
Issue gh-11621
 2022-08-18 16:54:45 -05:00
jujunChen 13feb87171
Modify words 
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
 2022-08-16 14:51:36 -06:00
Rob Winch faf9fb7337 NamespaceLdapAuthenticationProviderTests use Dynamic Port 
Closes gh-11710
 2022-08-15 15:26:46 -05:00
Rob Winch f33d7253b6 GitHubMilestoneApiTests due_on Uses LocalDate 
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.

To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.

Closes gh-11706
 2022-08-15 13:04:29 -05:00
github-actions[bot] db74e9d128 Next development version 2022-08-15 16:07:33 +00:00
github-actions[bot] 4559d269e0 Release 5.6.7 2022-08-15 15:25:05 +00:00
Marcus Da Coregio 627809d2dc Update org.springframework.data to 2021.1.6 
Closes gh-11686
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio 4b1d7e9479 Update org.springframework to 5.3.22 
Closes gh-11685
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio d9980a4dfe Update jsonassert to 1.5.1 
Closes gh-11684
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio 8eb7e589eb Update hibernate-entitymanager to 5.6.10.Final 
Closes gh-11683
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio 0d7dce9d71 Update org.eclipse.jetty to 9.4.48.v20220622 
Closes gh-11682
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio da09788be9 Update io.projectreactor to 2020.0.22 
Closes gh-11680
 2022-08-10 14:52:51 -03:00
Marcus Da Coregio ead587c597 Consistently handle RequestRejectedException if it is wrapped 
Closes gh-11645
 2022-08-09 08:32:42 -03:00
Steve Riesenberg 02459919cc
Skip workflows on forks of spring-security 2022-07-28 15:13:56 -05:00
Steve Riesenberg 57d212ddca
Use cache and user.name system property on Windows 2022-07-28 15:13:55 -05:00
Steve Riesenberg 539b17f6da
Only run prerequisites job if on upstream repo 2022-07-28 15:13:54 -05:00
Steve Riesenberg 37e1ad27fe
Simplify dependency graph 2022-07-28 15:13:53 -05:00
Steve Riesenberg 043fdd6f03
Use Spring Gradle Build Action 
Closes gh-11630
 2022-07-28 15:13:52 -05:00
Steve Riesenberg 3234e05085
Polish gh-11367 2022-07-28 15:13:51 -05:00
naveen f957e3c051
Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
 2022-07-28 15:13:51 -05:00
Marcus Da Coregio d66ad22652 Add Deprecated annotation to WebSecurity#securityInterceptor 
Closes gh-11634
 2022-07-27 14:32:44 -03:00
Rob Winch 7a860e1568 Fix Snapshot Sources/Javadoc 
This commit merges a workaround to an issue in JFrog's Gradle plugin
which causes SNAPSHOT javadoc and sources to become out of sync and thus
prevents users from being able to download either.

Closes gh-10602
 2022-07-26 16:26:31 -05:00
Desmond Silveira 0d3c3c676d
"Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 14:04:16 -03:00
Josh Cummings 56a6133b20
Merge Same-named Attribute Elements 
Closes gh-11042
 2022-07-20 18:43:25 -06:00
Steve Riesenberg aaf20e7b61
Build only on branches 
Issue gh-11480
 2022-07-18 11:47:25 -05:00
Steve Riesenberg 148756076c
Backport release automation and github actions 
Closes gh-11501
 2022-07-13 15:51:25 -05:00
Steve Riesenberg 6f321a27c4
Fix inconsistency in hasProperty check 2022-07-13 15:51:25 -05:00
Steve Riesenberg 539443b4be
Add GitHubReleasePlugin with createGitHubRelease task 
Issue gh-10456
Issue gh-10457
 2022-07-13 15:51:24 -05:00
Josh Cummings 28424f8ae5
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:51:51 -06:00
Rob Winch a7d21f1b34 Document sagan Release tasks require read:org scope 
Closes gh-11423
 2022-06-21 14:49:38 -05:00
Joe Grandja d3a024786b Next Development Version 2022-06-20 15:05:30 -04:00
Joe Grandja fa4c5449e7 Release 5.6.6 2022-06-20 14:50:24 -04:00
Joe Grandja 2a3845a7ed Update org.opensaml:opensaml-core4 to 4.1.1 
Closes gh-11420
 2022-06-20 14:50:24 -04:00
Joe Grandja ff96a7b5ad Update spring-ldap-core to 2.3.8.RELEASE 
Closes gh-11419
 2022-06-20 14:41:13 -04:00
Joe Grandja c37ff42234 Update org.springframework.data to 2021.1.5 
Closes gh-11418
 2022-06-20 14:41:10 -04:00
Joe Grandja 0a00d84838 Update org.springframework to 5.3.21 
Closes gh-11417
 2022-06-20 14:41:08 -04:00