Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,545 Commits 36 Branches 337 Tags
Commit Graph

17545 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tran Ngoc Nhan
5d089f680e Consistently NonNull annotation 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-02-13 16:18:28 -07:00
Joe Grandja
31fb7feed5 Merge branch '6.4.x' 2025-02-12 06:18:42 -05:00
Joe Grandja
17ca1de7cb Merge branch '6.3.x' into 6.4.x 
Closes gh-16583
 2025-02-12 06:13:33 -05:00
Joe Grandja
33d96d574f Update to oauth2-oidc-sdk 9.43.5 
Closes gh-16582
 2025-02-12 05:47:03 -05:00
dependabot[bot]
61dcbc4d5b Bump serialize-javascript and mocha in /javascript 
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 6.0.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together.


Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v6.0.0...v6.0.2)

Updates `mocha` from 10.2.0 to 10.8.2
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v10.2.0...v10.8.2)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-type: indirect
- dependency-name: mocha
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-12 02:28:05 -08:00
dependabot[bot]
21b77b9cf7 Bump esbuild from 0.23.0 to 0.25.0 in /javascript 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.23.0 to 0.25.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.23.0...v0.25.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-12 02:15:55 -08:00
dependabot[bot]
36dd74b124 Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.14 to 2023.0.15.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.14...2023.0.15)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-11 19:48:54 -08:00
github-actions[bot]
62c7ff3bf0 Merge branch '6.3.x' into 6.4.x 2025-02-12 03:27:54 +00:00
github-actions[bot]
58afbb494d Merge branch '6.4.x' 2025-02-12 03:27:54 +00:00
dependabot[bot]
b64d5af9c4 Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.14 to 2023.0.15.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.14...2023.0.15)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-11 19:27:11 -08:00
github-actions[bot]
8e969d0f47 Merge branch '6.4.x' 2025-02-12 03:26:48 +00:00
dependabot[bot]
5a30d984a0 Bump io.projectreactor:reactor-bom from 2023.0.14 to 2023.0.15 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.14 to 2023.0.15.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.14...2023.0.15)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-11 19:26:08 -08:00
Joe Grandja
2480d41981 Add support for OAuth 2.0 Demonstrating Proof of Possession (DPoP) 
Signed-off-by: Joe Grandja <10884212+jgrandja@users.noreply.github.com>
 2025-02-11 14:10:23 -05:00
dependabot[bot]
27cb1154f2 Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.3 to 1.14.4.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.3...v1.14.4)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 20:04:39 -08:00
dependabot[bot]
28f842c46c Bump org.hibernate.orm:hibernate-core from 6.6.6.Final to 6.6.7.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.6.Final to 6.6.7.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.7/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.6...6.6.7)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 20:03:17 -08:00
github-actions[bot]
9c51507785 Merge branch '6.4.x' 2025-02-11 03:28:27 +00:00
dependabot[bot]
8ebd893d01 Bump org.hibernate.orm:hibernate-core from 6.6.6.Final to 6.6.7.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.6.Final to 6.6.7.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.7/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.6...6.6.7)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 19:28:16 -08:00
dependabot[bot]
3e496c0260 Bump io.micrometer:micrometer-observation from 1.14.3 to 1.14.4 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.3 to 1.14.4.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.3...v1.14.4)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 19:27:42 -08:00
ying.li
6494ea9b18 fix for typo 2025-02-10 12:22:57 -06:00
patpatpat123
b6f8046b2f Fix type for rest-client-access-token-response-client.adoc 
In line 260, there is the mention of "=== Customizing the `WebClient`" while it should be "=== Customizing the `RestClient`"

Signed-off-by: patpatpat123 <43899031+patpatpat123@users.noreply.github.com>
 2025-02-10 10:11:06 -06:00
Daniel Garnier-Moiroux
238f47ce5e One Time Token login registers the default login page 
closes gh-16414

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
Daniel Garnier-Moiroux
5ee6b83953 Introduce OneTimeTokenAuthenticationFilter 
closes gh-16539

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
dependabot[bot]
8e2a4bf356 Bump org.seleniumhq.selenium:htmlunit3-driver from 4.27.0 to 4.28.0 
Bumps [org.seleniumhq.selenium:htmlunit3-driver](https://github.com/SeleniumHQ/htmlunit-driver) from 4.27.0 to 4.28.0.
- [Release notes](https://github.com/SeleniumHQ/htmlunit-driver/releases)
- [Commits](https://github.com/SeleniumHQ/htmlunit-driver/compare/4.27.0...4.28.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:htmlunit3-driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-05 15:06:50 -08:00
Josh Cummings
8e19b8039c
Merge branch '6.4.x' 2025-02-05 15:49:20 -07:00
Josh Cummings
4776446b14
Add Missing Serialzed AuthorizationDeniedException 
Issue gh-16544
 2025-02-05 15:48:55 -07:00
Max Batischev
9676739c88 TestServerOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Max Batischev
be81377235 Add Support ServerGenerateOneTimeTokenRequestResolver 
Closes gh-16488

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Josh Cummings
981e3fd779
Merge branch '6.4.x' 2025-02-05 13:59:12 -07:00
Josh Cummings
b4c7795699
Support Serialization for Authorization Components 
Closes gh-16544
 2025-02-05 13:58:32 -07:00
Josh Cummings
11113adf62 Polish Nimbus JWK Source Implementation 
Issue gh-16251
 2025-02-05 09:28:07 -07:00
Daeho Kwon
7b7abb28bb Remove Deprecated Usages of RemoteJWKSet 
Closes gh-16251

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-02-05 09:28:07 -07:00
Josh Cummings
f9824fd688 Polish Tests 
Issue gh-16251
 2025-02-05 09:28:07 -07:00
DingHao
f7e0f7fa8a Polish OneTimeTokenLoginConfigurer 
Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-02-04 12:38:27 -07:00
github-actions[bot]
fc19bf8769 Merge branch '6.4.x' 2025-02-04 04:23:51 +00:00
dependabot[bot]
876f67715f Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 20:23:06 -08:00
github-actions[bot]
df2bc8f394 Merge branch '6.4.x' 2025-02-04 04:00:20 +00:00
github-actions[bot]
007d7da42a Merge branch '6.3.x' into 6.4.x 2025-02-04 04:00:20 +00:00
dependabot[bot]
002dbf355a Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:59:36 -08:00
dependabot[bot]
60f14c2df6 Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:57:07 -08:00
dependabot[bot]
e8e41e936f Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.12 to 8.12.1.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.12...8.12.1)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:55:43 -08:00
Steve Riesenberg
54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews
58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Josh Cummings
e63ef3cdc4
Merge branch '6.4.x' 2025-02-03 12:35:53 -07:00
Josh Cummings
47fd6befde
Ensure Serialization Compatibility for AuthenticationException 
Issue gh-16286
 2025-02-03 12:34:43 -07:00
dae won
6a94a294ea Lazily compose debug message in AbstractUserDetailsAuthenticationProvider 
Closes gh-16495

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-02-03 12:27:49 -07:00
Max Batischev
61d92e9db9 Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-03 12:15:20 -07:00
Josh Cummings
b98ece3e03
Clarify Commit Message Guideline 
We typically use imperative; however, this can feel unnatural on occasion.
For example 'S101 Depends On Assemble' would sound unnatural as 'S101 Depend On Assemble'
 2025-02-03 11:31:54 -07:00
Josh Cummings
6730167445
Correct Link Anchor Syntax 2025-02-03 10:33:23 -07:00
Josh Cummings
0f8e1936ff
Merge branch '6.4.x' 2025-02-03 10:19:31 -07:00
NeoTraveler
e31f04bebc
withValue used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00