Andreas Asplund
330c565178
Implement equals and hashCode closes gh-18882
...
Signed-off-by: Andreas Asplund <andreas@asplund.biz>
2026-03-23 08:06:31 -06:00
Joe Grandja
1db0d4f83d
Enable null-safety in spring-security-oauth2-authorization-server
...
Closes gh-18937
2026-03-23 05:07:14 -04:00
Joe Grandja
fe24bd3d0c
Remove checkstyle suppressions for spring-security-oauth2-authorization-server
...
Issue gh-18937
2026-03-23 05:06:59 -04:00
dependabot[bot]
e6df831943
Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.21.1 to 2.21.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.21.1...jackson-bom-2.21.2 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.21.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-23 03:19:04 +00:00
Josh Cummings
f35b4aa518
Merge branch '7.0.x'
2026-03-20 21:28:22 -06:00
Josh Cummings
4542f58be7
Merge branch '6.5.x' into 7.0.x
2026-03-20 21:27:04 -06:00
Tran Ngoc Nhan
62f33d3fcf
Add equals and hashCode to HttpMethodRequestMatcher
...
Closes gh-18911
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2026-03-20 21:22:20 -06:00
Bae Jihong
e9f331c30c
Add test code for setAuthorizationManagerFactory
...
- add test for setAuthorizationManagerFactory that is a alternative to setTrustResolver and setDefaultRolePrefix
Closes gh-18412
Signed-off-by: Bae Jihong <dasog@naver.com>
2026-03-20 20:16:54 -06:00
Bae Jihong
bc4cc434fe
Refactor code to remove compiler warnings
...
- replace setTrustResolver with setAuthorizationManagerFactory in MethodSecurityExpressionRootTests
- resolve raw type warning in ExpressionBasedMessageSecurityMetadataSourceFactoryTests
Closes gh-18412
Signed-off-by: Bae Jihong <dasog@naver.com>
2026-03-20 20:16:54 -06:00
Bae Jihong
5a694869fa
Add @SupressWarnings(deprecation) for existing functions
...
- add @SupressWarnings(deprecation) because of deprecated part in logic
Closes gh-18412
Signed-off-by: Bae Jihong <dasog@naver.com>
2026-03-20 20:16:54 -06:00
Bae Jihong
ee06badcb6
Add @SuppressWarnings(unchecked, rawtypes) on functions in deprecated class
...
Closes gh-18412
Signed-off-by: Bae Jihong <dasog@naver.com>
2026-03-20 20:16:54 -06:00
Bae Jihong
9b108df1dc
Add @SuppressWarnings(deprecation) on tests
...
- add on tests for deprecated class
- add on tests for specific deprecated function
Closes gh-18412
Signed-off-by: Bae Jihong <dasog@naver.com>
2026-03-20 20:16:54 -06:00
Josh Cummings
d76fb7f2e6
Polish WebAttributes ApplicationContext Support
...
Closes gh-8843
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-20 16:44:40 -06:00
wonderfulrosemari
846794d31b
Prefer dispatcher context for authorize tag beans
...
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
2026-03-20 16:44:40 -06:00
Josh Cummings
c000477c37
Polish Clarify @WithSecurityContext thread scope
2026-03-20 16:43:21 -06:00
wonderfulrosemari
2a013ffaa2
Clarify @WithSecurityContext thread scope
...
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
2026-03-20 16:43:21 -06:00
Josh Cummings
ea05089443
Polish Formatting
...
Closes gh-18381
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-20 15:38:27 -06:00
Giacomo Baso
7b282c3a17
Relax client_id validation in AtJwtBuilder
...
RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.
Relates to gh-18381
Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>
2026-03-20 15:38:27 -06:00
Josh Cummings
78015d251c
Merge branch '7.0.x'
2026-03-20 15:28:44 -06:00
Josh Cummings
956561e143
Merge branch '6.5.x' into 7.0.x
2026-03-20 15:28:36 -06:00
Rob Winch
9fed1ac8c3
New line per sentence
...
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2026-03-20 15:28:21 -06:00
Josh Cummings
9dbe3bdcc0
Polish Session Management Persistence Docs
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-20 15:28:21 -06:00
sankranti
d547ae0181
Fix defaults description in Session Management doc
...
Corrected that starting from Spring Security 6
security context is not automatically saved by default.
Signed-off-by: sankranti <sankranty@gmail.com>
2026-03-20 15:28:21 -06:00
Josh Cummings
e88cb81a7a
Merge branch '7.0.x'
2026-03-20 15:22:56 -06:00
dependabot[bot]
b8b1278e1f
Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 15:22:06 -06:00
dependabot[bot]
381047e386
Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15
...
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 15:21:53 -06:00
Josh Cummings
fbbbd46bee
Update asciidoctor-extensions to 1.0.0-alpha.18
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-20 21:21:22 +00:00
Josh Cummings
fe0d7de41b
Update LDAP Nullability Checkstyle Rules
...
Issue gh-17818
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-20 15:21:02 -06:00
Josh Cummings
c2fd0f23fe
Merge branch '7.0.x'
2026-03-20 15:00:15 -06:00
Josh Cummings
8abffbd0df
Merge branch '6.5.x' into 7.0.x
2026-03-20 15:00:02 -06:00
dependabot[bot]
376b40a735
Bump io.spring.gradle:spring-security-release-plugin
...
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...v1.0.15 )
---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
dependency-version: 1.0.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 14:58:20 -06:00
dependabot[bot]
89fa1cbdd2
Bump spring-io/spring-security-release-tools/.github/workflows/build.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/build.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 14:57:09 -06:00
dependabot[bot]
0d75e6d10c
Bump @springio/asciidoctor-extensions in /docs
...
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions ) from 1.0.0-alpha.17 to 1.0.0-alpha.18.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.17...v1.0.0-alpha.18 )
---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
dependency-version: 1.0.0-alpha.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 14:56:46 -06:00
dependabot[bot]
01758c4c59
Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 14:56:10 -06:00
dependabot[bot]
f37833a59c
Bump spring-io/spring-security-release-tools/.github/workflows/test.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 14:55:52 -06:00
dependabot[bot]
52e6c4c4be
Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 14:55:38 -06:00
dependabot[bot]
874dce4407
Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 14:54:26 -06:00
dependabot[bot]
f21e8af830
Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 14:54:11 -06:00
dependabot[bot]
4354e47b0a
Bump gradle-wrapper from 9.4.0 to 9.4.1
...
Bumps gradle-wrapper from 9.4.0 to 9.4.1.
---
updated-dependencies:
- dependency-name: gradle-wrapper
dependency-version: 9.4.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 03:19:24 +00:00
dependabot[bot]
399ef5b663
Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15
...
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...b92832ecbc7cbe969201e6beafbde0ee400cf095 )
---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
dependency-version: 1.0.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 00:58:59 +00:00
dependabot[bot]
1f39525052
Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 00:47:14 +00:00
dependabot[bot]
7a0a29b800
Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 00:46:34 +00:00
dependabot[bot]
9dfbd681ab
Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/perform-release.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...b92832ecbc7cbe969201e6beafbde0ee400cf095 )
---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
dependency-version: 1.0.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 00:45:50 +00:00
dependabot[bot]
4e53ebb75b
Bump spring-io/spring-security-release-tools/.github/workflows/test.yml
...
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools ) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc )
- [Commits](729fed56d4...b92832ecbc
2026-03-20 00:45:47 +00:00
dependabot[bot]
7eed4641da
Bump flatted from 3.3.1 to 3.4.2 in /javascript
...
Bumps [flatted](https://github.com/WebReflection/flatted ) from 3.3.1 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2 )
---
updated-dependencies:
- dependency-name: flatted
dependency-version: 3.4.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-20 00:33:02 +00:00
Joe Grandja
09ce639c4b
Enable null-safety in spring-security-oauth2-resource-server
...
Closes gh-17822
2026-03-19 06:21:08 -04:00
Joe Grandja
1cb9db4f2d
Remove checkstyle suppressions for spring-security-oauth2-resource-server
...
Issue gh-17822
2026-03-19 04:46:34 -04:00
Gasper Kojek
14d469cec1
Exclude target directories from checkstyleNohttp source inputs
...
The kerberos-client/target and kerberos-test/target directories contain
.keytab files generated during test execution. These directories only
exist after the first build, causing a cache miss for checkstyleNohttp
in subsequent builds since the source input set changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Gasper Kojek <gkojek@gradle.com>
2026-03-18 10:40:52 -04:00
Gasper Kojek
49bea1dd15
Exclude build output directories from nohttp source set
...
The checkstyleNohttp task scans the entire project tree for non-HTTPS
URLs. Without excluding **/build/**, subproject build output directories
generated during the first build become additional source inputs for
subsequent builds, changing the cache key and causing cache misses.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Gasper Kojek <gkojek@gradle.com>
2026-03-18 10:40:52 -04:00
Joe Grandja
baad23caab
Enable null-safety in spring-security-oauth2-client
...
Closes gh-17819
2026-03-18 05:04:30 -04:00
