Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,428 Commits 36 Branches 337 Tags
Commit Graph

17428 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
dependabot[bot]
b555593904 Bump org.seleniumhq.selenium:selenium-java from 4.27.0 to 4.28.0 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.27.0 to 4.28.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.27.0...selenium-4.28.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-20 20:14:50 -08:00
github-actions[bot]
d5c2b6b3c9 Next development version 2025-01-20 15:50:53 +00:00
github-actions[bot]
9ec4dfa1a2 Release 6.5.0-M1 6.5.0-M1 2025-01-20 15:28:02 +00:00
github-actions[bot]
3edb01c6df Merge branch '6.4.x' 2025-01-20 04:17:23 +00:00
dependabot[bot]
42a49bbd78 Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:51 -08:00
dependabot[bot]
331812df16 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:43 -08:00
github-actions[bot]
41565c5811 Merge branch '6.4.x' 2025-01-20 03:53:17 +00:00
github-actions[bot]
46aa65de59 Merge branch '6.3.x' into 6.4.x 2025-01-20 03:53:17 +00:00
dependabot[bot]
7f410ce5b4 Bump org.springframework.data:spring-data-bom from 2024.0.7 to 2024.0.8 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.7 to 2024.0.8.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.7...2024.0.8)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:52:35 -08:00
dependabot[bot]
a23b8c5861 Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.2 to 3.27.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.2...assertj-build-3.27.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:23:32 -08:00
dependabot[bot]
a02f0136cc Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:44 -08:00
dependabot[bot]
88ce68cb06 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:35 -08:00
Rob Winch
d3332e1956
Document JDBC Persistence for WebAuthn 
Issue gh-16282
 2025-01-17 21:37:27 -06:00
Rob Winch
1f9845485c
Document custom HttpMessageConverter support for WebAuthn 
Issue gh-16397
 2025-01-17 21:08:16 -06:00
Rob Winch
a2abe3c33e
Add HttpMessageConverter WebAuthnDsl Support 
Issue gh-16397
 2025-01-17 21:07:46 -06:00
Rob Winch
683f1f4bc5
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16396
 2025-01-17 20:52:01 -06:00
Rob Winch
718c90d7ad
Document PublicKeyCredentialCreationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch
4314e68329
Add WebAuthenticationDsl.creationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch
bea232237f
Fix whitespace 2025-01-17 20:51:43 -06:00
DingHao
f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:57:08 -06:00
Rob Winch
4dc1dcbf24
WebAuthnConfigurer Supports HttpMessageConverter 
Closes gh-16397
 2025-01-17 18:29:40 -06:00
Rob Winch
5462b4c358
webauthnWhenConfiguredMessageConverter uses mock 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
Rob Winch
0d4f786484
Fix WebAuthnConfigurer Javadoc 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
DingHao
8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Rob Winch
4fc99aa9e1
Add ClientRegistration.clientSettings.requireProofKey 
Setting ClientRegistration.clientSettings.requireProofKey=true will
enable PKCE for clients using authorization_code grant type.

Closes gh-16386
 2025-01-17 17:27:04 -06:00
Rob Winch
85d7cc1335
Document requireProofKey 
Issue gh-16386
 2025-01-17 17:26:48 -06:00
Rob Winch
004f38639d
Move ClientSettings to ClientRegistration 
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
 2025-01-17 17:26:48 -06:00
Rob Winch
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works 
Issue gh-16382
 2025-01-17 17:26:48 -06:00
Rob Winch
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE 
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
ab629cc1ca
Add AuthorizationGrantType.toString() 
This adds AuthorizationGrantType.toString() which makes debuging easier.
In particular, it will help when performing unit tests which validate the
AuthorizationGrantType.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
b0a4dcb89e
ClientSettings equals, hashCode, toString 
Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
2665a92107
Ensure that ClientSettings cannot be null 
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support 
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
 2025-01-17 17:26:46 -06:00
DingHao
8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE 
Closes gh-16382

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 17:26:46 -06:00
Rob Winch
8acd1d3f51
Fix checkstyleNohttp OutOfMemoryError 2025-01-17 17:26:46 -06:00
Josh Cummings
c2a5709e0f
Merge branch '6.4.x' 2025-01-17 16:09:01 -07:00
Josh Cummings
bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
Josh Cummings
9a3bbf8d00
Merge branch '6.4.x' 2025-01-17 14:17:16 -07:00
Josh Cummings
45da5c94b6
Support Serialization in Test Classes 
Issue gh-16276
 2025-01-17 14:15:30 -07:00
Rob Winch
fd0024730e
Merge branch '6.4.x' 
Closes gh-16441
 2025-01-17 08:45:39 -06:00
Rob Winch
b098739349
Case insenstive 2025-01-17 08:45:30 -06:00
Daniel Garnier-Moiroux
5bf42bb7a8 webauthn: ensure allowCredentials[].id is an ArrayBuffer 
closes gh-16439

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-17 15:14:33 +01:00
github-actions[bot]
d8783b30d9 Merge branch '6.4.x' 2025-01-17 04:01:38 +00:00
dependabot[bot]
60dbeba985 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 20:00:52 -08:00
Josh Cummings
aea7f333f7
Document OpaqueTokenIntrospector Migration 
Issue gh-15988
 2025-01-16 20:41:56 -07:00
dependabot[bot]
d3fe73fb92 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 19:24:21 -08:00
Josh Cummings
a5af8503df
Update OpaqueTokenIntrospector Documentation 
Issue gh-15988
 2025-01-16 16:46:46 -07:00
Tran Ngoc Nhan
aced3bcf16 Encode Introspection clientId and clientSecret 
Closes gh-15988

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-16 16:32:01 -07:00
Marco Haase
7c4448c588 Fix broken link to MockMvc documentation 
Link to Test chapter of Spring Framework documentation is broken,
this commit fixes it.

Signed-off-by: Marco Haase <marco.haase@de.bosch.com>
 2025-01-16 16:30:47 -07:00