Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 04:52:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,548 Commits 55 Branches 348 Tags
Commit Graph

17548 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
4a2953fa5b Next development version 2025-05-19 16:33:25 +00:00
github-actions[bot]
3fbcd5f62a Release 6.4.6 6.4.6 2025-05-19 15:53:05 +00:00
Josh Cummings
edc8735eb8
Merge branch '6.3.x' into 6.4.x 
Closes gh-17146
 2025-05-19 09:46:10 -06:00
Mark Putsiata
cae3467a8d Improve AbstractPreAuthenticatedProcessingFilter docs 
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.

Closes gh-14137

Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
 2025-05-19 09:45:53 -06:00
Josh Cummings
bf2aaa1b18
Use .equals to Compare Methods 
Closes gh-17143
 2025-05-19 09:17:44 -06:00
Rob Winch
3690517395
Merge branch 'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6' into 6.4.x 2025-05-19 08:43:44 -05:00
Rob Winch
d0e9128db5
Merge branch '6.3.x' into 6.4.x 2025-05-19 08:41:21 -05:00
dependabot[bot]
1864c876d1
Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.5 to 2024.1.6.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.5...2024.1.6)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-19 03:51:09 +00:00
dependabot[bot]
a17b2a18d9
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.11 to 2024.0.12.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.11...2024.0.12)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-19 03:30:36 +00:00
Rob Winch
16c979460e
Merge Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 2025-05-16 10:40:59 -05:00
Rob Winch
ce08aa49f7
Merge branch '6.3.x' into 6.4.x 
- Ignore Bump org.springframework:spring-framework-bom
 2025-05-16 10:39:59 -05:00
dependabot[bot]
0cbc38cdd6
Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.19 to 6.1.20.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.19...v6.1.20)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.1.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-16 03:22:19 +00:00
dependabot[bot]
e5d62e0bdd
Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.6 to 6.2.7.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-16 03:15:15 +00:00
Josh Cummings
70c940fd4f
Merge branch '6.3.x' into 6.4.x 2025-05-15 18:16:44 -06:00
Josh Cummings
eb30fd7f59
Add Missing Header 
Issue gh-11161
 2025-05-15 18:16:36 -06:00
Josh Cummings
fbdf4a88a0
Merge branch '6.3.x' into 6.4.x 2025-05-15 17:19:55 -06:00
snowykte0426
260d298cc5 Add Migration Guide from Spring Security SAML Extension 
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.

Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback

Closes gh-11161

Signed-off-by: snowykte0426 <snowykte0426@naver.com>
 2025-05-15 17:17:43 -06:00
Rob Winch
b38cf1fc16
Merge branch 'gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.15.Final' into 6.4.x 2025-05-14 11:12:24 -05:00
Rob Winch
5a2bd2b825
Merge branch '6.3.x' into 6.4.x 
- Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18

Closes gh-17110
 2025-05-14 11:00:22 -05:00
dependabot[bot]
91afd49faf
Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.14.Final to 6.6.15.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.15/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.14...6.6.15)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:33:33 +00:00
dependabot[bot]
78a60d0d84
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-14 03:23:25 +00:00
dependabot[bot]
d34fd236f6 Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:30:10 -06:00
dependabot[bot]
ad934efc24 Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.14.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:24:36 -06:00
dependabot[bot]
11eac05dfd Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:20:38 -06:00
Josh Cummings
3a36197d7a
Merge branch '6.3.x' into 6.4.x 2025-05-13 12:17:29 -06:00
dependabot[bot]
a001f27690 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-13 12:15:42 -06:00
Josh Cummings
5ba4ab5e11
Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b Add missing registration property in YAML listing 
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5 Update assertingparty property usage in YAML snippets 
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
dependabot[bot]
8fcf181ff0
Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-07 03:30:49 +00:00
dependabot[bot]
dd0b26a992 Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:39 -06:00
dependabot[bot]
a4111a606b Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 10:15:11 -06:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x 
- Correct method name in logout.adoc

Closes gh-17048
 2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name 
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-06 10:17:29 -05:00
Josh Cummings
0220e471bb
Move Serialization Samples 
To make SpringSecurityCoreVersionSerializableTests more manageable,
this commit moves the sample class constructions to a separate file.
In this way, the tests file only changes when serialization tests are
added. When classes are introduced, they can be added to SerializationSamples,
separating the two concerns
 2025-05-05 15:51:10 -06:00
Josh Cummings
c3c2bcd6b7
Ignore Serialization in Test Components 
Since we don't need to ensure the serializability of test components
across versions, we can ignore missing version UIDs when those
test components aren't about testing Java serialization.

Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
39fdceab59
Add Missing Serializable Samples 
Issue gh-17038
 2025-05-05 15:09:50 -06:00
Josh Cummings
65d53beff8
Polish Serialization Tests 
- Error when public, non-ignored, serializable file is missing a sample
- Provide mechanism for creating an InstancioApi from scratch

Issue gh-17038
 2025-05-05 15:09:49 -06:00
Josh Cummings
34afa64c0c
Add Current-Version Deserialization Test 
We should test that serialized files from the current minor version
can be deserialized. This ensures that serializations remain
deserializable in patch releases.

Issue gh-3737
 2025-05-05 15:09:43 -06:00
Rob Winch
b5e1c3770b
Merge branch '6.3.x' into 6.4.x 
- remove update-dependabot action
 2025-05-05 13:36:01 -05:00
Rob Winch
9710492619
remove update-dependabot action 2025-05-05 13:34:16 -05:00
Rob Winch
6dc8cd1f60
Merge branch '6.3.x' into 6.4.x 
- Use pull-request: write for gradlew updates
 2025-05-05 13:23:35 -05:00
Rob Winch
9436796973
Use pull-request: write for gradlew updates 
Explicitly provide the permissions required for updating the Gradle
wrapper
 2025-05-05 11:49:08 -05:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x 
Closes gh-17034
 2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet 
Closes gh-16948
 2025-05-02 15:57:31 -06:00
Josh Cummings
57fc29e614
Merge branch '6.3.x' into 6.4.x 
Closes gh-17032
 2025-05-02 10:57:55 -06:00
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Rob Winch
a26a64d213
Merge branch '6.3.x' into 6.4.x 
- codeql uses ubuntu-latest
 2025-05-02 11:49:50 -05:00
Rob Winch
3b7e3a6c5c
codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch
fa533ea5e2
Merge branch '6.3.x' into 6.4.x 
- rm mark-duplicate-dependabot-prs.yml
 2025-05-02 11:26:47 -05:00