Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,031 Commits 33 Branches 333 Tags 109 MiB
Commit Graph

15031 Commits

Author SHA1 Message Date
Habin Song 49f447f3d0 Update session-management.adoc 
lambda expression typo. I changed '(session) - session' to '(session) -> session'
 2024-01-31 09:51:00 -03:00
Habin Song fbb35a1e3d Typo: Update ldap.adoc 
there is no word like 'byusing'. I fixed 'byusing' to 'by using'.
 2024-01-31 09:50:51 -03:00
y-tomida cb84efd06d Fix command in CONTRIBUTING.adoc 2024-01-31 09:50:31 -03:00
Federico Herrera c1adeef0da Add validation IpAddressMatcher 
Closes gh-13621
 2024-01-30 17:16:18 -07:00
Josh Cummings d7599ab192 Polish setAttributesConverter 
- Add Tests
- Add Reactive Support

Issue gh-14186
 2024-01-30 14:37:20 -07:00
ahmd-nabil 04f0f2597a Polish DefaultOAuth2UserService 
Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
 2024-01-30 14:37:20 -07:00
ahmd-nabil d9d22c75a2 Add support for nested username attribute in DefaultOAuth2User 
Closes gh-14186

Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
 2024-01-30 14:37:20 -07:00
Marcus Hert Da Coregio 93c2d1cc3c Disable spring-security-rsa tests on Windows 
Issue gh-14202
 2024-01-30 09:08:00 -03:00
Eric Haag 5b281eee77 Update Revved up by Develocity badge 2024-01-29 17:54:55 -07:00
Josh Cummings 77e193545d
Merge branch '6.2.x' 2024-01-29 17:45:28 -07:00
Josh Cummings 3b615c8c6d
Merge branch '6.1.x' into 6.2.x 2024-01-29 17:45:13 -07:00
Josh Cummings ebfe8e3580
Merge branch '5.8.x' into 6.1.x 2024-01-29 17:45:04 -07:00
dependabot[bot] 7011930305 Bump gradle/gradle-build-action from 2 to 3 
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2 to 3.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:44:51 -07:00
Josh Cummings 0dcd7e79de
Merge branch '6.2.x' 2024-01-29 17:42:54 -07:00
Josh Cummings 810818bd21
Merge branch '6.1.x' into 6.2.x 2024-01-29 17:42:47 -07:00
Josh Cummings b0fe1da98e
Merge branch '5.8.x' into 6.1.x 2024-01-29 17:42:29 -07:00
dependabot[bot] 8a75382b2d Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:41:43 -07:00
Nermin Karapandzic 6e1bcfed11 Add argument resolver for SecurityContext 
Closes gh-13425
 2024-01-29 17:30:38 -07:00
ahmd-nabil a808c139ad Enhance IpAddressMatcher performance 
Closes gh-14493

Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
 2024-01-29 17:28:19 -07:00
Josh Cummings ee45d6c685
Merge branch '6.2.x' 2024-01-29 17:21:30 -07:00
Josh Cummings 3a53422478
Fix Failing Test 
Closes gh-14467
 2024-01-29 17:14:30 -07:00
Marcus Hert Da Coregio 6f7b9bbfde Migrate spring-security-rsa into spring-security-crypto 
Closes gh-14202
 2024-01-29 13:49:51 -03:00
Marcus Hert Da Coregio 45f8ab3401 Add permission to Edit Dependabot PR workflow 
Issue gh-14486
 2024-01-29 10:01:10 -03:00
Josh Cummings 27ebeefb14
Fix Failing Test 
Closes gh-14467
 2024-01-26 11:24:00 -07:00
Marcus Hert Da Coregio 602d2bebdc Automatically assign milestone to Dependabot PR 
Issue gh-14486
 2024-01-26 10:28:09 -03:00
Josh Cummings 01b7ad42ec
Merge branch '6.2.x' 2024-01-25 17:33:33 -07:00
Josh Cummings 84c45adc70
Merge branch '6.1.x' into 6.2.x 
Closes gh-14496
 2024-01-25 17:33:15 -07:00
Josh Cummings 44f22ee5cf
Merge branch '5.8.x' into 6.1.x 
Closes gh-14495
 2024-01-25 17:32:57 -07:00
Hans Lindner ca10187fd1 Enhance JWT decoding error handling 
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality.

Closes gh-14467
 2024-01-25 17:32:10 -07:00
y-tomida bdc0bd6b78 Add usernameParameter and passwordParameter to FormLoginDsl 
Closes gh-14474
 2024-01-24 09:56:38 -03:00
Marcus Hert Da Coregio 7a8f9b446e Configure Dependabot for docs-build's build.gradle 
Issue gh-14482
 2024-01-23 15:03:46 -03:00
Josh Cummings 7ee974445b
Update Checkstyle 
Issue gh-14178
 2024-01-22 08:44:54 -07:00
Josh Cummings 04394a63cd
Update Formatting 
Issue gh-14178
 2024-01-22 08:26:25 -07:00
sonallux 6df9ef5ba6 Fix wrong class name in JavaDoc 
In the `ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder` class the JavaDoc comments mention the wrong class name. This commit fixes this.
 2024-01-19 09:29:07 -07:00
Josh Cummings 1e90bdfc0b
Update Copyright 
Issue gh-14178
 2024-01-19 09:26:04 -07:00
Armin Krezović 9c352c4b4b Support overriding RestOperations in OidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Armin Krezović 0041c658de Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Sam Brannen 2b7d296994 Revise AuthorizationAnnotationUtils 
This commit revises AuthorizationAnnotationUtils as follows.

- Removes code duplication by treating both Class and Method as
  AnnotatedElement.

- Avoids duplicated annotation searches by processing merged
  annotations in a single Stream instead of first using the
  MergedAnnotations API to find possible duplicates and then again
  searching for a single annotation via AnnotationUtils (which
  effectively performs the same search using the MergedAnnotations API
  internally).

- Uses `.distinct()` within the Stream to avoid the need for the
  workaround introduced in gh-13625. Note that the semantics here
  result in duplicate "equivalent" annotations being ignored. In other
  words, if @⁠PreAuthorize("hasRole('someRole')") is present multiple
  times as a meta-annotation, no exception will be thrown and the first
  such annotation found will be used.

- Improves the error message when competing annotations are found by
  including the competing annotations in the error message.

- Updates AuthorizationAnnotationUtilsTests to cover all known,
  supported use cases.

- Configures correct role in @⁠RequireUserRole.

Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.

See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
 2024-01-18 07:42:58 -07:00
DingHao 3f65f600de Use AuthorizationEventPublisher Bean 
- For Jsr250MethodInterceptor and SecuredMethodInterceptor

Closes gh-14401
 2024-01-17 17:40:38 -07:00
Marcus Hert Da Coregio 06278157fa Merge branch '6.2.x' 
Closes gh-14471
 2024-01-17 16:16:40 -03:00
Marcus Hert Da Coregio 148e0b41d2 Merge branch '6.1.x' into 6.2.x 
Closes gh-14470
 2024-01-17 16:16:27 -03:00
Marcus Hert Da Coregio ce5f5e6e33 Add native hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken 
Closes gh-14397
 2024-01-17 16:14:59 -03:00
Marcus Hert Da Coregio a761042157 Merge branch '6.2.x' 2024-01-17 15:22:34 -03:00
Amit Mahato 237dd7799f fix: typo in Authentication Architecture ProviderManager 2024-01-17 15:22:25 -03:00
Andreas Büchel 3346f2dd73 fix typo in anonymous.adoc 2024-01-17 15:22:06 -03:00
Marcus Hert Da Coregio 959ea70ec8 Merge branch '6.2.x' 2024-01-17 14:31:55 -03:00
Marcus Hert Da Coregio c42234396e Merge branch '6.1.x' into 6.2.x 2024-01-17 14:31:38 -03:00
Marcus Hert Da Coregio 2eba7eb672 Merge branch '5.8.x' into 6.1.x 2024-01-17 14:31:29 -03:00
dependabot[bot] 44b785bfb1 Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:11 -03:00
dependabot[bot] 56f486588f Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:01 -03:00