Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 22:44:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,127 Commits 50 Branches 370 Tags
Commit Graph

20127 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Grandja
2a2f13fbd3
Polish Nullability for oauth2-core 
Issue gh-17820
 2026-02-02 09:00:46 -06:00
Joe Grandja
db5310bee8
Enable null-safety in spring-security-oauth2-core 
Closes gh-17820
 2026-02-02 09:00:40 -06:00
Joe Grandja
dfed528851
Remove checkstyle suppressions for spring-security-oauth2-core 
Issue gh-17820
 2026-02-02 09:00:40 -06:00
Robert Winch
6a6c7a7a78
Add missing @Nullable to setters of Nullable Fields 
There are setters and builder methods that initialize members that are
`@Nullable` but do not accept `@Nullable` parameters.

For example:

```
private @Nullable Object foo;

public void setFoo(Object foo) {
    this.foo = foo;
}
```

It is an unnecessary restriction that the parameter is unable to be null
since the field can be null.

This commit fixes these inconsistencies.

Closes gh-18618
 2026-01-29 13:58:42 -06:00
Robert Winch
b591a0a757
TestingAuthenticationToken.credentials should be @Nullable 
Closes gh-18615
 2026-01-29 10:17:22 -06:00
Josh Cummings
c5632ccd83
Add security-nullability to ldap 
Closes gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-01-28 15:30:54 -07:00
Robert Winch
a8b5c8fe02
Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-01-27 11:17:24 -06:00
Robert Winch
054ff7421b
Merge branch '7.0.x' 2026-01-27 11:17:10 -06:00
Robert Winch
6ca04d9b77
Merge branch '6.5.x' into 7.0.x 2026-01-27 11:16:43 -06:00
Robert Winch
3960bf950d
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-01-27 10:00:00 -06:00
Robert Winch
bc6ac7c8c6
Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 2026-01-27 09:59:50 -06:00
Robert Winch
6e30cd5417
Merge branch '7.0.x' 2026-01-26 22:06:54 -06:00
Robert Winch
74b93a19f6
Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
dependabot[bot]
c7d52242fb
Bump io.mockk:mockk from 1.14.7 to 1.14.9 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.7 to 1.14.9.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.7...1.14.9)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-27 03:03:22 +00:00
dependabot[bot]
6f6dbd5728 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:46 -06:00
dependabot[bot]
99eb7b1e5c Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:19 -06:00
LeeJiWon
89467605ca Deprecate single-arg PasswordComparisonAuthenticator ctor 
Add new constructor accepting PasswordEncoder to eventually
remove deprecated LdapShaPasswordEncoder usage.

Closes gh-18430

Signed-off-by: LeeJiWon <dlwldnjs1009@gmail.com>
 2026-01-26 14:54:52 -06:00
LeeJiWon
9fa0a34b4c Remove compiler warnings in spring-security-ldap 
- Add
  compile-warnings-error plugin to ldap module

- Replace
  org.springframework.lang.NonNull with org.jspecify.annotations.NonNull

-
  Add @SuppressWarnings for unchecked/rawtypes/deprecation warnings

Closes
  gh-18405

Signed-off-by: LeeJiWon <dlwldnjs1009@gmail.com>
 2026-01-26 14:54:52 -06:00
Tran Ngoc Nhan
a23be5e625 Add compile-warnings-error 
Closes gh-18439

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:44:31 -06:00
jihunparkkk
c3240c4d2b Remove compiler warnings for spring-security-rsocket 
Closes gh-18437

Signed-off-by: jihunparkkk <pjh2996@naver.com>
 2026-01-26 14:43:21 -06:00
Tran Ngoc Nhan
3c0fd6d7ca Add compile-warnings-error 
Closes gh-18417

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:36:10 -06:00
Tran Ngoc Nhan
d526bb460f Add compile-warnings-error 
Closes gh-18438

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:35:14 -06:00
Tran Ngoc Nhan
30975df0a7 Add compile-warnings-error 
Closes gh-18431

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:34:34 -06:00
Tran Ngoc Nhan
bd49ceb0ef Add compile-warnings-error 
Closes gh-18429

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:31:35 -06:00
Tran Ngoc Nhan
1c8bbda7af Add compile-warnings-error 
Closes gh-18428

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:31:13 -06:00
Tran Ngoc Nhan
fb19143c91 Add compile-warnings-error 
Closes gh-18427

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:30:30 -06:00
Tran Ngoc Nhan
f906539fe4 Add compile-warnings-error 
Closes gh-18426

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:28:15 -06:00
Tran Ngoc Nhan
18ab4dc2c8 Add compile-warnings-error 
Closes gh-18425

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:26:05 -06:00
Tran Ngoc Nhan
b07cd701c7 Add compile-warnings-error 
Closes gh-18423

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-26 14:25:26 -06:00
Robert Winch
ea8bd1a01d
Merge branch '7.0.x' 
Closes gh-18595
 2026-01-26 12:17:24 -06:00
Robert Winch
6dd6e8ebb1
Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi
edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
dependabot[bot]
cf656ce6e1
Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 03:11:50 +00:00
dependabot[bot]
f75e9c7138
Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 03:11:34 +00:00
Andrey Litvitski
0a182f1f20 Add @Nullable to changePassword parameters in UserDetailsManager 
Closes: gh-18257

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-23 15:06:10 -06:00
Jay Choi
5e56877487 Remove compiler warnings for spring-security-acl 
Closes gh-18415

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:19:23 -06:00
Jay Choi
38356fda10 Remove compiler warnings for spring-security-webauthn 
Closes gh-18442

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:17:20 -06:00
Jay Choi
442d72ec12 Remove compiler warnings for spring-security-access 
Closes gh-18414

Signed-off-by: Jay Choi <jayyoungchoi22@gmail.com>
 2026-01-23 14:16:08 -06:00
Michael Lück
7513c859bd Fix javadoc warnings and apply plugin javadoc-warnings-error 
Closes to gh-18448

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-01-23 14:13:54 -06:00
Robert Winch
1b3cf72fc9
Add Nullaway Checkstyle 
- Require package-info.java with @NullMarked in every package
- Suppress package checks for tests and modules that haven't been worked on
- Prevent non org.jspecify Nullability imports on enabled modules
- Validate Nullable is before modifiers

Closes gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch
d7fbf3673a
Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
dependabot[bot]
ab3298e917 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.9 to 0.0.10.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.9...v0.0.10)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:24 -06:00
dependabot[bot]
37b0813b26 Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.3 to 3.0.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.3...jackson-bom-3.0.4)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:26:04 -06:00
dependabot[bot]
0340e0e918 Bump lodash from 4.17.21 to 4.17.23 in /javascript 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:25:40 -06:00
Joe Grandja
fc5194d78b Merge branch '7.0.x' 2026-01-23 06:43:14 -05:00
Daniel Garnier-Moiroux
7cfcfaefae BearerTokenAuthenticationEntryPoint uses context path 
Closes gh-18528

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-01-23 06:27:26 -05:00
Robert Winch
e7203bf838
Null safety via JSpecify spring-security-acl 
Closes gh-18401
 2026-01-22 14:26:26 -06:00
Robert Winch
42e1e9fb67
Null safety via JSpecify spring-security-kerberos-test 
Closes gh-18551
 2026-01-21 17:53:12 -06:00
Robert Winch
91aee30906
Null safety via JSpecify spring-security-kerberos-client 
Closes gh-18552
 2026-01-21 17:46:40 -06:00
Robert Winch
8247d18122
Null safety via JSpecify spring-security-kerberos-web 
Closes gh-18550
 2026-01-21 17:39:38 -06:00