Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 14:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,665 Commits 50 Branches 370 Tags
Commit Graph

3211 Commits

Author SHA1 Message Date
Josh Cummings
c5e141ad07 Change JavaDoc to FactorGrantedAuthority 
Issue gh-18030
 2025-10-16 14:00:43 -06:00
Josh Cummings
cefc0cddec Propagate All Missing Factors 
Closes gh-18000
 2025-10-16 13:41:45 -06:00
Joe Grandja
7f29585df4 Remove OidcUserService.setAccessibleScopes() 
Closes gh-18056
 2025-10-16 15:12:10 -04:00
Rob Winch
702878acae
Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Joe Grandja
586081c125 Revert "Temporarily fix integration tests" 
This reverts commit 35f41f87d120efc70e0c764b42b6f6bae5c650e9.

Issue gh-17880
 2025-10-10 13:33:42 -04:00
Joe Grandja
1cca9c5822 Enable PKCE by default in authorization server 
Closes gh-18020
 2025-10-09 09:51:17 -04:00
Joe Grandja
51fe7ff737 Return device_code grant metadata when enabled 
Issue gh-17998
 2025-10-04 05:38:11 -04:00
Rob Winch
2473378fcd
Use RequiredFactorErrors 
Closes gh-18002
 2025-10-03 15:20:03 -05:00
Rob Winch
ce36fc1e76
Add FactorGrantedAuthority 
Closes gh-17996
 2025-10-03 15:20:00 -05:00
Joe Grandja
477a456d6c Disable device_code grant by default 
Closes gh-17998
 2025-10-03 14:10:13 -04:00
Rohan Naik
8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja
54aae36f98 Add support for OAuth 2.0 Protected Resource Metadata 
Closes gh-17244
 2025-10-02 14:50:17 -04:00
Joe Grandja
681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Joe Grandja
f3761aff99 Add support for OAuth 2.0 Dynamic Client Registration Protocol 
Closes gh-17964
 2025-09-25 16:33:16 -04:00
Rob Winch
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config 
Closes gh-17957
 2025-09-25 11:50:13 -05:00
Rob Winch
be20201bf7
FACTOR uses defaultEntryPoint when possible 
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.

Issue gh-gh-17955
 2025-09-25 11:18:20 -05:00
Rob Winch
f652920bb3
Add @EnableGlobalMultiFactorAuthentication 
Closes gh-17954
 2025-09-24 14:47:26 -05:00
Rob Winch
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings
d757e6e44e
Response to Additional Feedback 
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler

Issue gh-17901
Issue gh-17934
 2025-09-23 18:16:22 -06:00
Josh Cummings
50ebd467c3
Polish Default Login Page 
Issue gh-17901
 2025-09-23 17:59:23 -06:00
Josh Cummings
42376e2eee
Prepopulate Username When Known 
Closes gh-17935
 2025-09-23 17:59:22 -06:00
Josh Cummings
e813aad82b
Support Showing One Part of Login Page 
Closes gh-17901
 2025-09-23 17:59:21 -06:00
Josh Cummings
9f317757c3
Make Public Missing Authority AccessDeniedHandler 
Issue gh-17934
 2025-09-23 17:59:19 -06:00
Josh Cummings
df7a7cdc99
Update Test for Method Security 
Issue gh-17936
 2025-09-23 17:16:33 -06:00
Josh Cummings
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities 
Issue gh-17934
 2025-09-23 17:16:32 -06:00
Josh Cummings
fe17f2904d
Initial Exception Handling 
This commit hardcodes factors as a proof of concept for
multi-factor authentication

Issue gh-17934
 2025-09-23 17:16:30 -06:00
Rob Winch
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics 
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory

Issue gh-17860
 2025-09-23 10:32:02 -05:00
Josh Cummings
a63e87d8fb
Remove Static Mock 
These can cause infinite loops when running
tests in an IDE.
 2025-09-19 17:53:52 -06:00
Rob Winch
229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL 
Closes gh-17860
 2025-09-19 16:38:02 -05:00
Josh Cummings
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings
6e7a181eac
Polish Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings
0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings
e8accd0499
Add Factory Authority When Authentication Succeeds 
Issue gh-17933
 2025-09-19 11:32:26 -06:00
Rob Winch
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
Rob Winch
bce8049815
Web uses AuthorizationManager<? super RequestAuthorizationContext> 
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931
 2025-09-18 17:32:09 -05:00
Rob Winch
675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
Rob Winch
9a3ae4b867
DelegatingAuthenticationEntryPoint uses RequestMatcherEntry 
Closes gh-17915
 2025-09-16 09:48:04 -05:00
Rob Winch
2774948b92 Fix X509 WebFlux Configuration Checks 
The changes for gh-17382 broke the checkstyle and tests. This fixes
them both.

Issue gh-17382
 2025-09-12 16:45:51 -05:00
blake_bauman
b502697731 feat: Add option to specify a custom ServerAuthenticationConverter for x509() 
Signed-off-by: blake_bauman <blake_bauman@apple.com>
 2025-09-12 16:45:51 -05:00
Joe Grandja
35f41f87d1 Temporarily fix integration tests 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja
7ef25cc101 Add HttpSecurity.oauth2AuthorizationServer() 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja
098574c50e Remove redundant classes 
Issue gh-17880
 2025-09-12 16:20:43 -04:00
Joe Grandja
8399bc161d Fix Serializable tests 
Issue gh-17880
 2025-09-12 16:20:42 -04:00
Joe Grandja
cc71be71e5 Move OAuth2AuthorizationServerConfigurer and OAuth2AuthorizationServerConfiguration 
Issue gh-17880
 2025-09-12 16:20:42 -04:00
Josh Cummings
eedcec9d5c
Move Core Access API 
Issue gh-17847
 2025-09-12 10:32:38 -06:00
Josh Cummings
3a1692f3c3
Remove Direct Runtime Dependency on Access API 
Issue gh-17847
 2025-09-12 10:32:37 -06:00
DingHao
10935632ee Remove PortResolver 
Closes gh-15971

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-09-11 22:58:32 -05:00
Josh Cummings
2b87e3c5e2
Use withRoles 
Issue gh-17843
 2025-09-09 17:03:05 -06:00
Josh Cummings
3f774548d2 Move Authority Propagation Into Filters 
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.

Issue gh-17862
 2025-09-09 14:49:13 -06:00