spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00

Author	SHA1	Message	Date
Joe Grandja	5f7155bfc7	Implement internal cache in JtiClaimValidator Closes gh-17107	2025-05-14 05:21:00 -04:00
dependabot[bot]	91afd49faf	Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.14.Final to 6.6.15.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.15/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.14...6.6.15) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.15.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-14 03:33:33 +00:00
dependabot[bot]	78a60d0d84	Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2023.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-14 03:23:25 +00:00
Tran Ngoc Nhan	a511171309	Add test and update javadoc for CommonOAuth2Provider Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-13 12:45:38 -06:00
Tran Ngoc Nhan	86550fb84b	Cleanup code Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-13 12:40:18 -06:00
Joe Grandja	44303d2c80	Polish gh-17080	2025-05-13 14:36:44 -04:00
David Kowis	462e38c0e3	Fix DPoP jkt claim to be JWK SHA-256 thumbprint Just used the nimbus JOSE library to do it, because it already has a compliant implementation. Closes gh-17080 Signed-off-by: David Kowis <david@kow.is>	2025-05-13 14:36:44 -04:00
dependabot[bot]	8b925dc4fc	Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:35:27 -06:00
Joe Grandja	a265ac6ae7	Polish gh-17080	2025-05-13 14:35:23 -04:00
David Kowis	2090f44f74	Fix DPoP jkt claim to be JWK SHA-256 thumbprint Just used the nimbus JOSE library to do it, because it already has a compliant implementation. Closes gh-17080 Signed-off-by: David Kowis <david@kow.is>	2025-05-13 14:35:23 -04:00
Josh Cummings	3f91c3effc	Merge remote-tracking branch 'origin/6.5.x'	2025-05-13 12:34:40 -06:00
dependabot[bot]	eee7e5edaa	Bump com.webauthn4j:webauthn4j-core Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.1.RELEASE to 0.29.2.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.1.RELEASE...0.29.2.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.2.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:34:22 -06:00
Josh Cummings	cb511f501a	Merge remote-tracking branch 'origin/6.5.x'	2025-05-13 12:33:13 -06:00
dependabot[bot]	b9a92e35b9	Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:32:42 -06:00
Josh Cummings	87434a7b05	Merge branch '6.5.x'	2025-05-13 12:31:47 -06:00
Josh Cummings	349377a13b	Merge remote-tracking branch 'origin/6.4.x' into 6.5.x	2025-05-13 12:31:27 -06:00
dependabot[bot]	d34fd236f6	Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:30:10 -06:00
dependabot[bot]	f1e3f2a8d3	Bump com.webauthn4j:webauthn4j-core Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.1.RELEASE to 0.29.2.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.1.RELEASE...0.29.2.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.2.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:29:21 -06:00
Josh Cummings	f511d0a345	Merge remote-tracking branch 'origin/6.5.x'	2025-05-13 12:28:17 -06:00
dependabot[bot]	c326e394e1	Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.14.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:28:03 -06:00
Josh Cummings	64b26cbd1f	Merge branch '6.5.x'	2025-05-13 12:26:56 -06:00
Josh Cummings	e0e9a7e76d	Merge remote-tracking branch 'origin/6.4.x' into 6.5.x	2025-05-13 12:26:25 -06:00
dependabot[bot]	ad934efc24	Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.14.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:24:36 -06:00
dependabot[bot]	99330bfc60	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:23:56 -06:00
Josh Cummings	21c56554c9	Merge remote-tracking branch 'origin/6.5.x'	2025-05-13 12:23:07 -06:00
dependabot[bot]	7a62f4eec8	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:22:42 -06:00
Josh Cummings	c8339184a9	Merge branch '6.5.x'	2025-05-13 12:21:51 -06:00
Josh Cummings	518918e197	Merge remote-tracking branch 'origin/6.4.x' into 6.5.x	2025-05-13 12:21:31 -06:00
dependabot[bot]	11eac05dfd	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:20:38 -06:00
Josh Cummings	40a18fe63c	Merge branch '6.5.x'	2025-05-13 12:19:14 -06:00
Josh Cummings	26650b20fb	Merge branch '6.4.x' into 6.5.x	2025-05-13 12:18:51 -06:00
Josh Cummings	3a36197d7a	Merge branch '6.3.x' into 6.4.x	2025-05-13 12:17:29 -06:00
dependabot[bot]	a001f27690	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:15:42 -06:00
Josh Cummings	0698d3527d	Merge branch '6.5.x'	2025-05-13 11:18:43 -06:00
Josh Cummings	26f359a4db	Merge branch '6.4.x' into 6.5.x	2025-05-13 11:18:31 -06:00
Josh Cummings	5ba4ab5e11	Merge branch '6.3.x' into 6.4.x	2025-05-13 11:18:02 -06:00
Danilo Piazzalunga	27319e3f9b	Add missing registration property in YAML listing Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
Danilo Piazzalunga	ec462e8bc5	Update assertingparty property usage in YAML snippets Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration..identityprovider. to spring.security.saml2.relyingparty.registration..assertingparty.. Closes gh-12810. Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
Josh Cummings	93a7583aa4	Merge branch '6.5.x'	2025-05-12 18:52:47 -06:00
yybmion	d48c463c03	Add logging to CsrfTokenRequestHandler implementations Add trace-level logging to show the logical path of CSRF token processing - Log token source (header or parameter) in resolveCsrfTokenValue - Log request attribute names in handle methods - Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding) - Add similar logging to XorServerCsrfTokenRequestAttributeHandler Improves debugging capabilities without changing functionality. Closes gh-13626 Signed-off-by: yybmion <yunyubin54@gmail.com>	2025-05-12 18:49:40 -06:00
yybmion	a90ce5142c	Add logging to CsrfTokenRequestHandler implementations Add trace-level logging to show the logical path of CSRF token processing - Log token source (header or parameter) in resolveCsrfTokenValue - Log request attribute names in handle methods - Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding) - Add similar logging to XorServerCsrfTokenRequestAttributeHandler Improves debugging capabilities without changing functionality. Closes gh-13626 Signed-off-by: yybmion <yunyubin54@gmail.com>	2025-05-12 18:48:45 -06:00
Joe Grandja	ba7be9c8b9	Merge branch '6.5.x'	2025-05-09 16:14:34 -04:00
Joe Grandja	e3c39f02bc	Add documentation for DPoP support Closes gh-17072	2025-05-09 16:02:14 -04:00
Rob Winch	ff8b77df29	Add Twitter/X to CommonOAuth2Provider Add Twitter/X to CommonOAuth2Provider	2025-05-07 15:08:23 -05:00
Tran Ngoc Nhan	48eb243012	Update javadoc Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-07 14:59:14 -05:00
Tran Ngoc Nhan	1e4dd713c5	Remove APPLICATION_JSON_UTF8 usage Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-07 14:59:14 -05:00
Rob Winch	6118587ff8	SavedCookieMixinTests uses readValue(String,Object.class) The test should not provide SavedCookie.class to the ObjectMapper since this is not done in production. In particular, it provides the type that it should be deserialized, but this must be provided in the JSON since the type is unknown at the time of deserialization. Issue gh-17006	2025-05-07 14:55:54 -05:00
M-Faheem-Khan	241c3cd35a	Remove deprecated Cookie usage Remove usage of comment and verison usage Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com>	2025-05-07 14:55:54 -05:00
Rob Winch	693a5beb24	Format CommonOAuth2Provider	2025-05-07 14:55:04 -05:00
Rob Winch	f13836c9c8	Add X to CommonOAuth2Provider Reference Issue gh-16510 Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>	2025-05-07 11:31:28 -05:00

1 2 3 4 5 ...

18291 Commits