Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 22:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,442 Commits 37 Branches 348 Tags
Commit Graph

18442 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
e8f920e0ee Polish JdbcAssertingPartyMetadataRepository 
- Remove GetBytes since it's not used yet
- Remove customizable RowMapper since this can be added
later
- Change signing_algorithms to be a String since the conversion
strategy is simple
- Standardize test names
- Simplify conversion of credentials using ThrowingFunction
- Change column names to match RelyingPartyRegistration
field names

Issue gh-16012
 2025-06-11 18:08:31 -06:00
Josh Cummings
2bd05128ec Add JdbcAssertingPartyMetadataRepository#save 
Issue gh-16012

Co-Authored-By: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
Josh Cummings
e2e42a5580 Fix Checkstyle 
Issue gh-16012
 2025-06-11 18:08:31 -06:00
chao.wang
16fd24c002 Add JdbcAssertingPartyMetadataRepository 
Closes gh-16012

Signed-off-by: chao.wang <chao.wang@zatech.com>
 2025-06-11 18:08:31 -06:00
dependabot[bot]
9be7b37472
Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4 to 2.18.4.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4...jackson-bom-2.18.4.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 04:06:48 +00:00
dependabot[bot]
195fb7253c
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 04:06:24 +00:00
dependabot[bot]
7f36155b47
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:59:26 +00:00
dependabot[bot]
53ce08d79d
Bump io.projectreactor:reactor-bom from 2023.0.18 to 2023.0.19 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.18 to 2023.0.19.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.18...2023.0.19)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:36:18 +00:00
dependabot[bot]
cc40879f05
Bump com.fasterxml.jackson:jackson-bom from 2.18.4 to 2.18.4.1 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.4 to 2.18.4.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4...jackson-bom-2.18.4.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:35:43 +00:00
dependabot[bot]
60f729156b
Bump org.hibernate.orm:hibernate-core from 7.0.0.Final to 7.0.1.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.0.0.Final to 7.0.1.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.0.1/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.0.0...7.0.1)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.0.1.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:15:08 +00:00
dependabot[bot]
220f49d86e
Bump io.projectreactor:reactor-bom from 2025.0.0-M3 to 2025.0.0-M4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0-M3 to 2025.0.0-M4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0-M3...2025.0.0-M4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.0-M4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-11 03:14:31 +00:00
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
02a8c416aa Add NameID to SAML 2.0 Authentication Info 
Issue gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
36c7b91fb9 SAML 2.0 Single Logout Uses Saml2AuthenticationInfo 
This allows SLO to be triggered without the authentication
principal needing to implement a given interface.

Issue gh-10820
 2025-06-10 17:21:03 -06:00
Rob Winch
ffd6e3c0f7
Merge branch '6.5.x' 2025-06-10 10:49:13 -05:00
Rob Winch
b4418014aa
Merge branch '6.4.x' into 6.5.x 2025-06-10 10:49:05 -05:00
Rob Winch
29ec4c8736
Merge branch '6.3.x' into 6.4.x 2025-06-10 10:48:44 -05:00
Rob Winch
888d87619d
Explicit Permissions for codeql.yml 2025-06-10 10:48:37 -05:00
Rob Winch
2c5bd4c916
Explicit Permissions for codeql.yml 2025-06-10 10:46:23 -05:00
Rob Winch
dc954875f3
Merge branch '6.5.x' 2025-06-10 09:56:09 -05:00
Rob Winch
0299ba6027
Merge branch '6.4.x' into 6.5.x 2025-06-10 09:55:50 -05:00
dependabot[bot]
a060f7b462
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:41:53 +00:00
dependabot[bot]
d7bada7fec
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:35:38 +00:00
dependabot[bot]
eaba293cc5
Bump io.micrometer:micrometer-observation from 1.14.7 to 1.14.8 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-10 03:25:56 +00:00
Lidoca
d0db5e3ea3 Update database-schema.adoc 
docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc

Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>
 2025-06-09 22:17:57 -05:00
Josh Cummings
aa3135169d Polish Documentation 
Closes gh-14635
 2025-06-09 16:49:36 -06:00
Liviu Gheorghe
3ddf201d66 Updated Copyrights 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
edfd7b9b43 Addressed review comments 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
358f6c96b5 Update config tests 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Liviu Gheorghe
eaf8184142 Send saml logout response even when validation errors happen 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Rob Winch
097640b72a
Merge branch '6.5.x' 2025-06-09 17:11:12 -05:00
Rob Winch
c9a67818d7
Merge branch '6.4.x' into 6.5.x 2025-06-09 17:11:04 -05:00
Rob Winch
af15d735eb
Merge branch '6.3.x' into 6.4.x 2025-06-09 17:10:55 -05:00
Rob Winch
d7452138ac
Merge branch 'gradle/6.5.x/org.apache.maven-maven-resolver-provider-3.9.10' into 6.5.x 2025-06-09 17:10:46 -05:00
Rob Winch
35e8aa6435
Merge branch 'gradle/main/org.apache.maven-maven-resolver-provider-3.9.10' 2025-06-09 17:09:36 -05:00
Rob Winch
e00d06e97f
Merge branch 'gradle/6.4.x/org.apache.maven-maven-resolver-provider-3.9.10' into 6.4.x 2025-06-09 17:09:09 -05:00
Rob Winch
e8028e15c0
Merge branch 'gradle/6.3.x/org.apache.maven-maven-resolver-provider-3.9.10' into 6.3.x 2025-06-09 17:08:30 -05:00
Rob Winch
8e1db3fe2b
Merge branch '6.5.x' 2025-06-09 17:06:04 -05:00
Rob Winch
1bd59c7fec
Merge branch '6.4.x' into 6.5.x 2025-06-09 17:05:55 -05:00
Rob Winch
12d479baab
Merge branch '6.3.x' into 6.4.x 2025-06-09 17:05:46 -05:00
Rob Winch
362cc62611
Merge branch 'gradle/6.4.x/io.spring.develocity.conventions-0.0.23' into 6.4.x 2025-06-09 17:02:55 -05:00
Rob Winch
28174a6d3e
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 2025-06-09 16:56:15 -05:00
Rob Winch
3948440ee4
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 2025-06-09 16:53:33 -05:00
Rob Winch
c5b41f50f5
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 2025-06-09 16:52:54 -05:00
Rob Winch
f0ba7500ff
Bump io-spring-javaformat from 0.0.45 to 0.0.46 2025-06-09 16:25:30 -05:00
Rob Winch
72b5e96a0d
Bump io-spring-javaformat from 0.0.45 to 0.0.46 2025-06-09 16:24:44 -05:00
Rob Winch
fd2e3f43f6
Bump io-spring-javaformat from 0.0.45 to 0.0.46 2025-06-09 16:23:10 -05:00
Rob Winch
482eb0e2cd
Bump io-spring-javaformat from 0.0.45 to 0.0.46 2025-06-09 16:22:15 -05:00
Rob Winch
a47022799e
Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE 2025-06-09 16:20:57 -05:00
Rob Winch
aec876403f
Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE 2025-06-09 16:20:04 -05:00