spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 22:44:35 +00:00

Author	SHA1	Message	Date
Joe Grandja	517bc7cb65	Polish gh-18614	2026-02-05 15:32:47 -05:00
Elayne Bloom	a2d407518c	Document ClientSettings Added documentation to describe the possible client configuration options when setting up an Oauth2 Authorization Server. Closes gh-18614 Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>	2026-02-05 15:32:46 -05:00
Josh Cummings	001d9df5ca	Remove Nullability Checkstyle Suppressions for saml2 Issue gh-17823	2026-02-05 13:13:25 -07:00
Josh Cummings	818a7831dd	Add Nullability to opensaml5Main Source Set Issue gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-05 13:13:23 -07:00
Joe Grandja	0eba9de7d4	Merge branch '7.0.x'	2026-02-05 04:55:34 -05:00
Joe Grandja	d3c42a7a4f	Polish OAuth2ConfigurerUtils	2026-02-05 04:52:02 -05:00
Joe Grandja	e61c03f7c3	Fix to allow multiple PasswordEncoder beans Closes gh-18645	2026-02-05 04:51:51 -05:00
Josh Cummings	70fc8fef3a	Add Sample SAML Response in Test Issue gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-03 08:54:14 -07:00
gimgisu	46027974dd	@gisu1102 Apply code formatting to OAuth2AuthorizationServerBeanRegistrationAotProcessor Closes spring-projectsgh-18432 Signed-off-by: gimgisu <gisu1102@gmail.com>	2026-02-02 19:27:44 -06:00
gimgisu	338786bab9	@gisu1102 Align AOT hints with MemberCategory deprecation replacements - Replace DECLARED_FIELDS with ACCESS_DECLARED_FIELDS in runtime hints - Preserve 1:1 intent for Collections via registerType only - Keep INVOKE_* only where it existed before Closes spring-projectsgh-18432 Signed-off-by: gimgisu <gisu1102@gmail.com>	2026-02-02 19:27:44 -06:00
gimgisu	d7ecb8fdcf	@gisu1102 Restore Jackson 2 module runtime hints for passivity - Keep Jackson 2 module registrations when jackson2 is present - Extract Jackson 2 hint registration into a dedicated method - Suppress removal warnings only for the Jackson 2 registration Closes spring-projectsgh-18432 Signed-off-by: gimgisu <gisu1102@gmail.com>	2026-02-02 19:27:44 -06:00
gimgisu	a9f9eba6ca	@gisu1102 Remove compiler warnings in spring-security-oauth2-authorization-server - Remove ACCESS_DECLARED_FIELDS from AOT/runtime hints - Add @SuppressWarnings("removal") for Jackson2 deprecated adapters Closes spring-projectsgh-18432 Signed-off-by: gimgisu <gisu1102@gmail.com>	2026-02-02 19:27:44 -06:00
Josh Cummings	1a6f344196	Add security-nullability Closes gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-02 17:44:17 -07:00
Josh Cummings	e771ec04b7	Add @Nullable Annotations to saml2-service-provider Issue gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-02 17:44:14 -07:00
Josh Cummings	f3656b4991	Ensure saml_request in Tests Issue gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-02-02 17:44:10 -07:00
Joe Grandja	8f22fd4407	Merge branch '7.0.x'	2026-02-02 16:38:29 -05:00
Elayne Bloom	2c97b3376b	Document Client PKCE settings Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client. Closes gh-18304 Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>	2026-02-02 16:30:27 -05:00
Tran Ngoc Nhan	20493ef45f	Add `javadoc-warnings-error` Closes gh-18461 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 12:06:12 -06:00
Vyacheslav	e029b3ac6f	Update authorize-http-requests.adoc Comma added for java configuration Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>	2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan	55ab498518	Add `javadoc-warnings-error` Closes gh-18469 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:45:53 -06:00
Tran Ngoc Nhan	b0983e2f5e	Add `javadoc-warnings-error` Closes gh-18466 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:45:12 -06:00
dohyunk58	992d8ca79b	fail build on javadoc warnings for spring-security-test Signed-off-by: dohyunk58 <hedge3x@gmail.com>	2026-02-02 11:44:39 -06:00
Tran Ngoc Nhan	4c012c59c9	Add `javadoc-warnings-error` Closes gh-18464 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:44:31 -06:00
Tran Ngoc Nhan	2ee247f82e	Add `javadoc-warnings-error` Closes gh-18464 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:43:35 -06:00
Joe Grandja	0496c02c30	Polish gh-18542	2026-02-02 12:43:19 -05:00
Tran Ngoc Nhan	93d8283e36	Add `javadoc-warnings-error` Closes gh-18462 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:42:14 -06:00
pocj8ur4in	991b7d4dc2	Rollback setDefaultRolePrefix() call - preserve setDefaultRolePrefix() in getRootObject() Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>	2026-02-02 11:41:18 -06:00
pocj8ur4in	64e863e7df	Remove compiler warnings in spring-security-data - Add compile-warnings-error plugin to data module - Remove deprecated setDefaultRolePrefix() call in getRootObject() - Add @SuppressWarnings deprecation for tests using deprecated methods - Add tests using AuthorizationManagerFactory Closes spring-projectsgh-18422 Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>	2026-02-02 11:41:18 -06:00
Daniel Garnier-Moiroux	4957c5a7e9	Add BearerTokenAuthenticationEntryPoint#setResourceMetadataParameterResolver Closes gh-18542 Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	2026-02-02 12:40:03 -05:00
Tran Ngoc Nhan	5b7c4ae8d8	Add `javadoc-warnings-error` Closes gh-18459 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:39:38 -06:00
Tran Ngoc Nhan	8bafd94b1f	Add `compile-warnings-error` Closes gh-18424 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2026-02-02 11:37:39 -06:00
Park JuHyeong	d244bcf76e	Suppress AspectJ compiler warnings in spring-security-aspects - Added -Xlint:ignore to compileAspectj task - Added -Xlint:ignore to compileTestAspectj task Fixes the following AspectJ warnings: - AnnotationSecurityAspect.aj:72 [warning] advice defined - AbstractMethodInterceptorAspect.aj:36 [warning] advice defined These warnings occur because the AspectJ compiler detects that advice in deprecated aspect classes may not match any join points, which is expected behavior for deprecated code maintained for backward compatibility. Contributes to gh-18405 Signed-off-by: Park JuHyeong <wngud5957@naver.com>	2026-02-02 11:30:51 -06:00
jieun	de23ade14b	Remove compiler warnings for spring-security-cas:check Signed-off-by: jieun <jkdev1324@gmail.com>	2026-02-02 11:27:42 -06:00
Robert Winch	afa3e2311c	Merge branch '7.0.x'	2026-02-02 11:13:10 -06:00
Robert Winch	9273f411c1	Merge branch '6.5.x' into 7.0.x	2026-02-02 11:12:53 -06:00
Robert Winch	d6e3ec78cd	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27	2026-02-02 11:12:18 -06:00
Joe Grandja	2a2f13fbd3	Polish Nullability for oauth2-core Issue gh-17820	2026-02-02 09:00:46 -06:00
Joe Grandja	db5310bee8	Enable null-safety in spring-security-oauth2-core Closes gh-17820	2026-02-02 09:00:40 -06:00
Joe Grandja	dfed528851	Remove checkstyle suppressions for spring-security-oauth2-core Issue gh-17820	2026-02-02 09:00:40 -06:00
dependabot[bot]	48c1023fd6	Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.41.Final to 6.6.42.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.42/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.41...6.6.42) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.42.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-02 03:11:29 +00:00
dependabot[bot]	04dbdc8588	Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-02 03:11:13 +00:00
Robert Winch	6a6c7a7a78	Add missing `@Nullable` to setters of Nullable Fields There are setters and builder methods that initialize members that are `@Nullable` but do not accept `@Nullable` parameters. For example: ``` private @Nullable Object foo; public void setFoo(Object foo) { this.foo = foo; } ``` It is an unnecessary restriction that the parameter is unable to be null since the field can be null. This commit fixes these inconsistencies. Closes gh-18618	2026-01-29 13:58:42 -06:00
Robert Winch	b591a0a757	TestingAuthenticationToken.credentials should be @Nullable Closes gh-18615	2026-01-29 10:17:22 -06:00
Josh Cummings	c5632ccd83	Add security-nullability to ldap Closes gh-17818 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2026-01-28 15:30:54 -07:00
Robert Winch	a8b5c8fe02	Bump io.mockk:mockk from 1.14.7 to 1.14.9	2026-01-27 11:17:24 -06:00
Robert Winch	054ff7421b	Merge branch '7.0.x'	2026-01-27 11:17:10 -06:00
Robert Winch	6ca04d9b77	Merge branch '6.5.x' into 7.0.x	2026-01-27 11:16:43 -06:00
Robert Winch	3960bf950d	Bump org.assertj:assertj-core from 3.27.6 to 3.27.7	2026-01-27 10:00:00 -06:00
Robert Winch	bc6ac7c8c6	Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26	2026-01-27 09:59:50 -06:00
Robert Winch	6e30cd5417	Merge branch '7.0.x'	2026-01-26 22:06:54 -06:00

1 2 3 4 5 ...

20165 Commits