Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 05:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,515 Commits 55 Branches 348 Tags
Commit Graph

18515 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
4ed131f6ab Add shouldConvertGetRequests Migration Steps 
Issue gh-17099
 2025-06-03 13:10:45 -06:00
Tran Ngoc Nhan
8953f464fb Add Switch for Processing GET Requests 
Closes gh-17099

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-03 13:10:45 -06:00
dependabot[bot]
9872997cad
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 04:05:48 +00:00
dependabot[bot]
b20cfceabb
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:48:10 +00:00
dependabot[bot]
b85814efcf
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:43:40 +00:00
dependabot[bot]
5e56fc13be
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:29:44 +00:00
dae won
9654e51bd4 Include UsernameNotFoundException in BadCredentialsException 
Closes gh-16496

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-06-02 16:12:47 -06:00
Josh Cummings
d52e0b6a05
Polish NimbusJwtDecoder 
- Aligned JwkSourceJwtDecoderBuilder's relative position with its
corresponding static factory
- Added @since to JwkSourceJwtDecoderBuilder

PR gh-17046
 2025-06-02 15:53:59 -06:00
Josh Cummings
195f933438
Allow Default Ordering for TargetVisitor 
In tests, we want to both test that functionality works and also
demonstrate common or expected usage, where possible. It is likely
incorrect to use @Order(0) for a target visitor as this states that
it should take precedence over all Spring Security visitors defined
at a lower precedence.

Also, it appears this may have been added this way because of a mock
visitor that appears to be unused by any tests. Further, when an
application has multiple visitors, they should use the TargetVisitor.of
method to publish one bean with the order determined by the order
of the method parameters instead of having two separate beans.

This commit removes the @Order(0) annotation and also the mock
visitor, deferring to the natural ordering afforded by the
framework.

Issue gh-15994
 2025-06-02 13:41:21 -06:00
Mark Bonnekessel
ada75e76a6 Add builder to create NimbusJwtDecoder with JwkSource 
Signed-off-by: Mark Bonnekessel <2949525+marbon87@users.noreply.github.com>
 2025-06-02 13:33:39 -06:00
dependabot[bot]
227a2cc0c7
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.2.RELEASE to 0.29.3.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.2.RELEASE...0.29.3.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.3.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-02 03:51:03 +00:00
dependabot[bot]
72771c28c3
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.2.RELEASE to 0.29.3.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.2.RELEASE...0.29.3.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.3.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-02 03:27:50 +00:00
Pat McCusker
5517d8fe3a Deprecate the X5T JOSE Header name 
Closes gh-16979

Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
 2025-05-30 06:45:02 -06:00
Evgeniy Cheban
fd4f06a66e Support Spring Data container types for AuthorizeReturnObject 
Closes gh-15994

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-05-29 17:05:27 -06:00
dependabot[bot]
fed198f3f0
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.15.Final to 6.6.17.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.17/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.15...6.6.17)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.17.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 03:56:04 +00:00
dependabot[bot]
9a3d076bfd
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.15.Final to 6.6.17.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.17/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.15...6.6.17)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.17.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 03:39:38 +00:00
Josh Cummings
6d3b54df21
Change Type Validation Default 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide 
Closes gh-17182
 2025-05-28 16:11:12 -06:00
Josh Cummings
215547f8c8
Use UsernameNotFoundException Factory 
Issue gh-17179
 2025-05-28 14:13:02 -06:00
Josh Cummings
da2d9aa868
Add Username Property to Exception 
Closes gh-17179
 2025-05-28 14:12:27 -06:00
Yanming Zhou
42790403da Use SpringReactiveOpaqueTokenIntrospector 
Now that NimbusReactiveOpaqueTokenIntrospector is
deprecated, this commit changes the Spring
Security default to now use SpringReactiveOpaqueTokenIntrospector.

Issue gh-15988

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-05-27 14:25:31 -06:00
Maximilian Klose
ec05e65668 Add Equals and HashCode methods for better comparison. 
Closes gh-16394

Signed-off-by: Maximilian Klose <maximilian.klose@adesso.de>
 2025-05-27 13:53:07 -06:00
Ferenc Kemeny
bf05b8b430 Support Requiring exp and nbf in JwtTimestampsValidator 
Closes gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Ferenc Kemeny
91b21663db Polish JwtTimestampValidatorTests 
This commit corrects the test that checks for both
nbf and exp missing. It also adds one for just exp
and on for just nbf.

Issue gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Josh Cummings
596449d882 Polish 
Issue gh-14149
 2025-05-27 11:44:33 -06:00
Felix Hagemans
1a4de49977 Create CsrfCustomizer for SPA configuration 
Closes gh-14149

Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
 2025-05-27 11:44:33 -06:00
Josh Cummings
52394c1f07 Propagate Any AccessDeniedException 
Any time a response handler throws an exception, we want to
propagate an underlying AccessDeniedException if their is one.

Issue gh-16058
 2025-05-23 15:18:01 -06:00
Evgeniy Cheban
fae61b9426 Propagate AccessDeniedException for Authorized Objects Returned from a Controller 
Closes gh-16058

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-05-23 15:18:01 -06:00
dae won
8612e952fe Make AuthorizationProxyFactory#proxy Generic 
Closes gh-16706

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-05-23 14:48:11 -06:00
Max Batischev
f4b8e2421a Add Support Credentialless COEP Header 
Closes gh-16991

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-05-23 14:45:59 -06:00
John Niang
9ba5c7b2ce Add SwitchUserGrantedAuthority to Web Jackson Module 
Closes gh-17041

Signed-off-by: John Niang <johnniang@foxmail.com>
 2025-05-23 14:42:54 -06:00
Tran Ngoc Nhan
8e2067bb3e Remove deprecated MemberCategory#DECLARED_FIELDS 
Issue gh-16889

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-23 14:36:54 -06:00
Tran Ngoc Nhan
88369cd252 Polish 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-23 14:36:54 -06:00
Josh Cummings
c9bbf3787b
Merge branch '6.5.x' 2025-05-23 11:36:22 -06:00
Josh Cummings
8aaa9c28fa
Merge branch '6.4.x' into 6.5.x 2025-05-23 11:36:01 -06:00
Josh Cummings
2989d12743
Merge branch '6.3.x' into 6.4.x 2025-05-23 11:35:25 -06:00
Joaquin Santana
c0568ea9b0 Log Request Mismatch Only When Mismatches 
Signed-off-by: Joaquin Santana <joaquinjsb@outlook.com>
 2025-05-23 11:34:48 -06:00
universe
50f8ad55a8 Remove Redundant Punctation in JavaDoc 
Signed-off-by: universe <daofei8754@126.com>
 2025-05-23 10:05:27 -05:00
Rob Winch
64d3397a9c
Add netty's SNAPSHOT repository to snapshot build 2025-05-22 15:44:26 -05:00
Rob Winch
ff22866c6d
RepositoryConventionPlugin supports arbitrary repositories 2025-05-22 15:43:38 -05:00
Rob Winch
cd27290260
Merge branch '6.5.x' 
Closes gh-17163
 2025-05-22 15:01:27 -05:00
Rob Winch
e686621e92
Merge branch '6.5.x' 
Closes gh-17162
 2025-05-22 15:01:13 -05:00
Rob Winch
6eee256e12
Demonstrate include-code usage 
Closes gh-17161
 2025-05-22 14:59:35 -05:00
Rob Winch
0fecaf4924
Add include-code extension setup for docs 
Closes gh-17160
 2025-05-22 14:59:35 -05:00
Josh Cummings
d9c894fae8
Merge branch '6.5.x' 2025-05-22 12:31:54 -06:00
Josh Cummings
d2d2b97b7d
Remove Conflict Markers 2025-05-22 12:31:40 -06:00
Josh Cummings
47338f7e56
Remove Conflict Markers 2025-05-22 12:29:05 -06:00
Josh Cummings
97923ebfaf Merge branch '6.5.x' 2025-05-21 16:47:45 -06:00
Josh Cummings
4bf03bde5b Merge branch '6.4.x' into 6.5.x 2025-05-21 16:47:25 -06:00
Josh Cummings
3186e8df84 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-21 16:46:54 -06:00