Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,553 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

16553 Commits

Author SHA1 Message Date
github-actions[bot] 52b6de262a Merge branch '6.3.x' 2024-08-26 19:41:36 +00:00
github-actions[bot] 2041d30201 Merge branch '6.2.x' into 6.3.x 2024-08-26 19:41:36 +00:00
dependabot[bot] 5c84d505d9 Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api 
Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-26 12:40:57 -07:00
dependabot[bot] c3a5cf54d4 Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api 
Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-26 12:40:49 -07:00
dependabot[bot] aef2068f76 Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api 
Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-26 12:40:27 -07:00
Josh Cummings 78fd8bf3b7
Specify Labels for npm Updates 
This brings the labels in line with the other dependency updates that
aren't of interest for the release notes. It also avoids adding labels
that aren't already defined by the project.
 2024-08-26 13:37:04 -06:00
Josh Cummings b91f10825e
Disable Flaky Tests 
There was another flaky failure. While it seems clear what
needs to be done to repair it, this commit disables these
tests for now while the CI on a separate branch confirms
after a few days that the tests are stable again.

Issue gh-15395
 2024-08-26 08:58:38 -06:00
Josh Cummings 561c786726
Repair Flaky Tests 
The issue turned out to be that OpenSAML first sends two HEAD
requests before sending a GET to retrieve the metadata. The way
the MockWebServer dispatcher was configured, it would send back
the metadata on each request. This created a situation where sockets
were being closed by the client before the server had sent all the
response, resulting in a broken pipe.

The tests would succeed most of the time due to lucky timing between
the client closing the socket and the server having sent all of its
(unrequested) data.

This version sends an expected HEAD response when requested.

Issue gh-15395
 2024-08-23 15:55:56 -06:00
dependabot[bot] e90a6b66fe Bump com.gradle.develocity from 3.17.6 to 3.18 
Bumps com.gradle.develocity from 3.17.6 to 3.18.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-22 20:17:45 -07:00
Josh Cummings 4635dabf87
Merge branch '6.3.x' 2024-08-22 19:44:55 -06:00
Josh Cummings d134b0a4f4
Merge branch '6.2.x' into 6.3.x 
Closes gh-15681
 2024-08-22 19:44:40 -06:00
Josh Cummings a3b88a8d4b
Enable Runtime Method Parameter Reflection 
Several method security tests rely on method parameters
being preserved, in order to demonstrate the difference
between relying on runtime reflection and using the @P
annotation.

Closes gh-15680
 2024-08-22 19:44:11 -06:00
Josh Cummings dff3780c5e
Merge branch '6.3.x' 2024-08-22 12:38:17 -06:00
Josh Cummings 4c0d969f1f
Merge branch '6.2.x' into 6.3.x 
Closes gh-15676
 2024-08-22 12:37:45 -06:00
Josh Cummings 3ee5a96e53
Merge branch '5.8.x' into 6.2.x 
Closes gh-15675
 2024-08-22 12:24:56 -06:00
Steve Riesenberg 8318a42959
Update What's New for 6.4 
Issue gh-15437
 2024-08-22 13:12:33 -05:00
Josh Cummings 5c604b95fb
Correct PostFilterAuthorizationMethodInterceptor Target Type 
Previously, `postFilterAuthorizationMethodInterceptor` mistakenly
was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar`
re-publishes each pre/post annotation interceptor also as an `Advisor`,
this resulted in a duplicate advisor for `@PostFilter`.

Closes gh-15651
 2024-08-22 12:10:25 -06:00
dependabot[bot] 09785a3845 Bump org-eclipse-jetty from 11.0.22 to 11.0.23 
Bumps `org-eclipse-jetty` from 11.0.22 to 11.0.23.

Updates `org.eclipse.jetty:jetty-server` from 11.0.22 to 11.0.23

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.22 to 11.0.23

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-22 10:55:48 -07:00
Steve Riesenberg fd991aaf9e
Revert "Bump com.gradle.develocity from 3.17.6 to 3.18" 
This reverts commit 430874c6
 2024-08-22 11:16:59 -05:00
Marcus Hert Da Coregio 1531acd2a8 Merge branch '6.3.x' 2024-08-22 11:07:05 -03:00
Marcus Hert Da Coregio 548e1c3649 Revert "Log command for debugging" 
This reverts commit f1802be73a.
 2024-08-22 11:06:59 -03:00
Marcus Hert Da Coregio 9791801bc6 Merge branch '6.2.x' into 6.3.x 2024-08-22 11:06:43 -03:00
Marcus Hert Da Coregio c06543daf3 Merge branch '5.8.x' into 6.2.x 2024-08-22 11:06:19 -03:00
github-actions[bot] 037ccecdaa Next development version 2024-08-22 13:53:46 +00:00
github-actions[bot] de8dbf9560 Release 6.4.0-M3 2024-08-22 13:23:02 +00:00
Marcus Hert Da Coregio e92a945a2d Replace Env Variable with Expression 
Issue gh-15659
 2024-08-22 10:17:55 -03:00
github-actions[bot] 596ab18adb Merge branch '6.3.x' 2024-08-22 03:26:59 +00:00
dependabot[bot] a203ab9651 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.33.20 to 4.33.21.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.33.20...build-info-gradle-extractor-4.33.21)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-21 20:26:09 -07:00
dependabot[bot] d8735d3148 Bump org.jfrog.buildinfo:build-info-extractor-gradle 
Bumps [org.jfrog.buildinfo:build-info-extractor-gradle](https://github.com/jfrog/build-info) from 4.33.20 to 4.33.21.
- [Release notes](https://github.com/jfrog/build-info/releases)
- [Changelog](https://github.com/jfrog/build-info/blob/master/RELEASE.md)
- [Commits](https://github.com/jfrog/build-info/compare/build-info-gradle-extractor-4.33.20...build-info-gradle-extractor-4.33.21)

---
updated-dependencies:
- dependency-name: org.jfrog.buildinfo:build-info-extractor-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-21 20:21:46 -07:00
Josh Cummings 06febf7857
Update What's New 2024-08-21 18:19:18 -06:00
Steve Riesenberg 5c71e0e3d7
Migrate to io.spring.develocity.conventions plugin 
Closes gh-15670
 2024-08-21 17:16:52 -05:00
Steve Riesenberg eba0c0f20c
Merge branch '6.3.x' 
Closes gh-15669
 2024-08-21 16:22:17 -05:00
Steve Riesenberg fc01ebb995
Merge branch '6.2.x' into 6.3.x 
Closes gh-15668
 2024-08-21 16:21:17 -05:00
Steve Riesenberg ea24449411
Merge branch '6.3.x' 2024-08-21 16:20:53 -05:00
Steve Riesenberg fb054198af
Migrate slack notifications to GChat (2nd attempt) 
Closes gh-15667
 2024-08-21 16:16:50 -05:00
Steve Riesenberg 035f86bdb3
Merge branch '5.8.x' into 6.2.x 
Closes gh-15667
 2024-08-21 15:45:39 -05:00
Steve Riesenberg 92809cef01
Migrate slack notifications to GChat (2nd attempt) 
Closes gh-15503
 2024-08-21 15:44:44 -05:00
github-actions[bot] 7e372c780d Next development version 2024-08-21 16:26:56 +00:00
github-actions[bot] 868c07af72 Release 6.3.3 2024-08-21 15:55:49 +00:00
Marcus Hert Da Coregio 229a8d2fad Remove unused imports 2024-08-21 08:31:11 -03:00
github-actions[bot] 1a48b38941 Merge branch '6.3.x' 2024-08-21 04:09:18 +00:00
dependabot[bot] a68851fca3 Bump org-eclipse-jetty from 11.0.22 to 11.0.23 
Bumps `org-eclipse-jetty` from 11.0.22 to 11.0.23.

Updates `org.eclipse.jetty:jetty-server` from 11.0.22 to 11.0.23

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.22 to 11.0.23

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-20 21:08:31 -07:00
github-actions[bot] 18592db851 Merge branch '6.3.x' 2024-08-21 04:02:50 +00:00
github-actions[bot] bf2c1a5979 Merge branch '6.2.x' into 6.3.x 2024-08-21 04:02:50 +00:00
dependabot[bot] 439b797eb8 Bump org-eclipse-jetty from 11.0.22 to 11.0.23 
Bumps `org-eclipse-jetty` from 11.0.22 to 11.0.23.

Updates `org.eclipse.jetty:jetty-server` from 11.0.22 to 11.0.23

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.22 to 11.0.23

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-20 21:02:01 -07:00
Josh Cummings d7138cdb67
Repair Flaky Tests 
The error between MockWebServer and OpenSAML still happens on
occasion. This commit uses MockWebServer's default queue dispatcher
to remove any customization that might be contributing to
the flakiness.

Issue gh-15395
 2024-08-20 17:58:56 -06:00
Josh Cummings 1118b0ec63
Defer Sorting AuthorizationAdvisors in addAdvisor 
Issue gh-15658
 2024-08-20 17:23:10 -06:00
Josh Cummings 4da13f6091
Merge branch '6.3.x' 2024-08-20 16:47:48 -06:00
Josh Cummings 0cab7c8f15
Defer Sorting AuthorizationAdvisors 
Invoking AnnotationAwareOrderComparator#sort while the
AuthorizationAdvisors are still being computed causes those
advisors to be eagerly instantiated, making components
like ObservationRegistry ineligible for post processing.

This commit defers the sorting of the advisors until
after they are all fully instantiated and available in
the application context.

Closes gh-15658
 2024-08-20 16:47:29 -06:00
Marcus Hert Da Coregio f1802be73a Log command for debugging 
Issue gh-15659
 2024-08-20 13:56:29 -03:00