Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-12 17:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,527 Commits 52 Branches 373 Tags
Commit Graph

20527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
5687867a09
Fix Checkstyle 
Issue gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 14:46:24 -06:00
Joe Grandja
61177aed85 Remove NullAway SuppressWarnings in ClaimAccessor 
Issue gh-17820
 2026-03-11 13:53:30 -04:00
Joe Grandja
36450d6c26 Fix checkstyle error 
Issue gh-18874
 2026-03-11 12:25:13 -04:00
Josh Cummings
a980368f26 Move Integration Test from Spring LDAP 
Closes gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 15:44:07 -06:00
Josh Cummings
37992d896b Add to What's New 
Issue gh-18745

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 15:44:05 -06:00
Joe Grandja
703ffaf143 Merge branch '7.0.x' 2026-03-10 15:59:29 -04:00
Joe Grandja
1906075b0c OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18873
 2026-03-10 15:32:24 -04:00
Josh Cummings
8dcaa6dfcb Polish Documentation 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 07:57:43 -06:00
Andrey Litvitski
d1ce69ca99 Specify charset in WWW-Authenticate for Basic Auth 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-10 07:57:43 -06:00
Joe Grandja
c7235ec0a3 Allow custom token settings for OAuth 2.0 dynamic client registration 
Closes gh-18870
 2026-03-10 07:48:37 -04:00
dependabot[bot]
16cc1dd8d6 Bump io.micrometer:micrometer-observation from 1.16.3 to 1.16.4 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.3 to 1.16.4.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.3...v1.16.4)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 03:19:43 +00:00
Josh Cummings
17d2131fe9 Merge remote-tracking branch 'origin/7.0.x' 2026-03-09 17:13:45 -06:00
Ronny Perinke
e8e0da1ec6 Add Null Guard for Setting ReactiveUserDetailsPasswordService 
This use case specifically arises when using `ReactiveUserDetailsService`
without `ReactiveUserDetailsPasswordService`.

Closes gh-17986

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
 2026-03-09 17:12:59 -06:00
Joe Grandja
8c0d2cccf1 Initialize RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler when jose is on classpath 
Issue gh-17246
 2026-03-09 17:03:49 -04:00
ddingjoo
612f7884ea Apply javadoc warnings plugin to aspects 
The aspects module currently runs :javadoc as NO-SOURCE because it only contains AspectJ sources. Apply javadoc-warnings-error for consistency with other modules and future Java sources.

Closes gh-18446

Signed-off-by: ddingjoo <ddingsha9@teambind.co.kr>
 2026-03-09 16:14:47 -04:00
Tran Ngoc Nhan
0f7a6d45fd Polish websocket 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 15:59:27 -04:00
Rob Winch
c34cb108cb
Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:41:05 -04:00
Rob Winch
2f81d2d99e
Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:39:54 -04:00
Rob Winch
6cf4a5eed9
Merge Fix CookieRequestCache parameters 2026-03-09 15:30:46 -04:00
Rob Winch
0658d4f55e
Merge Fix CookieRequestCache parameters 
Fix CookieRequestCache parameters
 2026-03-09 15:30:32 -04:00
Robert Winch
d870548596
Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 14:26:37 -05:00
Robert Winch
26937bf06c
Remove unnecessary webauthn4j dependency 2026-03-09 14:25:08 -05:00
Tran Ngoc Nhan
8e8e1a80a9
Add Passkeys webauthn in example 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 14:23:14 -05:00
Robert Winch
7ab3087692
Merge Fix CookieRequestCache parameters 2026-03-09 14:17:07 -05:00
Robert Winch
3110c9074f
Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B
07bfe371b4
Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00
Robert Winch
d46a73f57d
Merge branch '7.0.x' 2026-03-09 09:59:16 -05:00
Robert Winch
c29775a79e
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:42 -05:00
Robert Winch
bc96812461
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 2026-03-09 09:58:37 -05:00
Robert Winch
7d9c2ce9d7
Merge branch '6.5.x' into 7.0.x 2026-03-09 09:58:22 -05:00
Robert Winch
e12edf43f2
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:04 -05:00
dependabot[bot]
920c128b86 Bump com.nimbusds:oauth2-oidc-sdk from 11.33 to 11.34 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.33 to 11.34.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.34..11.33)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.34'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:19:43 +00:00
dependabot[bot]
0458c7b40a Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:17:00 +00:00
dependabot[bot]
ca6dccf8d7
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:13:40 +00:00
dependabot[bot]
a499e56b9b
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:09:41 +00:00
dependabot[bot]
56055605cd Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:45:34 +00:00
dependabot[bot]
8c3f6ea0d4
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:07 +00:00
dependabot[bot]
40682415ba
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:05 +00:00
dependabot[bot]
de3c72735e Bump gradle-wrapper from 9.3.1 to 9.4.0 
Bumps gradle-wrapper from 9.3.1 to 9.4.0.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-05 03:20:07 +00:00
skfkgla
96bf048dd2 Improve MockMvc testing documentation navigation 
Closes gh-18844

Signed-off-by: skfkgla <narahim.lee@gmail.com>
 2026-03-04 16:49:19 -07:00
wonderfulrosemari
07297e7a80 Add MessageExpressionAuthorizationManager 
Closes gh-12650

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-03 18:56:47 -07:00
Josh Cummings
b1f4deafe6
Merge branch '7.0.x' 2026-03-03 18:52:06 -07:00
Josh Cummings
9893048ec9
Merge branch '6.5.x' into 7.0.x 2026-03-03 18:51:53 -07:00
Josh Cummings
e17d85e460
Add IDE Setup Documentation 
Issue gh-17833

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-03 18:51:32 -07:00
Josh Cummings
94829a1551
Merge remote-tracking branch 'origin/7.0.x' 2026-03-03 18:18:24 -07:00
Andrey Litvitski
4f97217f68 Refine upgradeEncoding condition in DaoAuthenticationProvider 
After adding jspecify support in the module that contains the
DaoAuthenticationProvider class, we actually changed the contract logic,
which is a good thing, and this commit fixes it.

Closes: gh-18781

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 18:18:13 -07:00
Josh Cummings
4907d56a04
Merge branch '7.0.x' 2026-03-03 18:17:15 -07:00
Josh Cummings
fdaa883fb7
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 18:17:08 -07:00
dependabot[bot]
f12036db05 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 18:16:39 -07:00
Josh Cummings
b308c74c5e
Merge remote-tracking branch 'origin/7.0.x' 2026-03-03 17:48:41 -07:00