Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,099 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

17099 Commits

Author SHA1 Message Date
Max Batischev 2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
github-actions[bot] 1adb13db66 Merge branch '6.3.x' 2024-10-07 04:09:52 +00:00
dependabot[bot] 1e6ac83dfb Bump org.junit:junit-bom from 5.10.4 to 5.10.5 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.4 to 5.10.5.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.4...r5.10.5)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 21:09:05 -07:00
dependabot[bot] 132e559d65 Bump org.junit:junit-bom from 5.11.1 to 5.11.2 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:40:17 -07:00
dependabot[bot] 6a0e90d6cb Bump io.freefair.gradle:aspectj-plugin from 8.10 to 8.10.2 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.10 to 8.10.2.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.10...8.10.2)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:35:26 -07:00
github-actions[bot] e8876fa195 Merge branch '6.2.x' into 6.3.x 2024-10-07 03:30:32 +00:00
github-actions[bot] 0ab56601b2 Merge branch '6.3.x' 2024-10-07 03:30:32 +00:00
dependabot[bot] 73ee0cf7ec Bump org.junit:junit-bom from 5.10.4 to 5.10.5 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.4 to 5.10.5.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.4...r5.10.5)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-06 20:29:49 -07:00
Max Batischev de104e22b7 Update javaDoc for DefaultOneTimeTokenSubmitPageGeneratingFilter 2024-10-02 15:31:43 -05:00
Giovanni Lovato a3fd551fb5 Add ClientRegistrations.fromOidcConfiguration method 
ClientRegistrations now provides the fromOidcConfiguration
method to create a ClientRegistration.Builder from a map
representation of an OpenID Provider Configuration Response.

This is useful when the OpenID Provider Configuration is not
available at a well-known location, or if custom validation
is needed for the issuer location (e.g. if the issuer is only
reachable via a back-channel URI that is different from the
issuer value in the configuration).

Fixes: gh-14633
 2024-10-02 15:11:01 -05:00
Rob Winch 1dd79c379b Add JdbcOneTimeTokenService 
Closes gh-15735
 2024-10-02 14:42:13 -05:00
Rob Winch f002fedb73 Document JdbcOneTimeTokenService 
Issue gh-15735
 2024-10-02 14:41:06 -05:00
Rob Winch c3a5ae1254 Fix logger checkstyle 2024-10-02 14:39:58 -05:00
Rob Winch 7738e6c895 Add logger.isDebugEnabled() 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch c4b60cd080 Reduce visibility for JdbcOneTimeTokenServiceTests 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch 650ec3ba82 Use Duration for calculating validity 
This improves readability.

Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch e8c71df899 Use private Inner JdbcOneTimeTokenService classes 
Issue gh-15735
 2024-10-02 14:24:23 -05:00
Rob Winch 612b15abcc JdbcOneTimeTokenService.setCleanupCron 
Spring Security uses setter methods for optional member variables. Allows
for a null cleanupCron to disable the cleanup.

In a clustered environment it is likely that users do not want all nodes
to be performing a cleanup because it will cause contention on the ott
table.

Another example is if a user wants to invoke cleanUpExpiredTokens with a
different strategy all together, they might want to disable the cron job.

Issue gh-15735
 2024-10-02 14:22:25 -05:00
Steve Riesenberg f5991ae176 Allow access token request parameters to override defaults 
Closes gh-11298
 2024-10-02 12:05:42 -05:00
Rob Winch 4787ac254d cleanUpExpiredTokens->cleanupExpiredTokens 
Issue gh-15735
 2024-10-02 10:59:26 -05:00
Rob Winch 4f328c9503 destroy() shuts down the taskScheduler 
Issue gh-15735
 2024-10-02 10:59:21 -05:00
dependabot[bot] 8c2485cb47 Bump io.spring.develocity.conventions from 0.0.21 to 0.0.22 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.21 to 0.0.22.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.21...v0.0.22)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 20:37:00 -07:00
dependabot[bot] b5132e9c4f Bump io.micrometer:micrometer-observation from 1.13.4 to 1.13.5 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.13.4 to 1.13.5.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.13.4...v1.13.5)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 20:28:22 -07:00
dependabot[bot] fddc7768c5 Bump org.mockito:mockito-bom from 5.14.0 to 5.14.1 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.14.0 to 5.14.1.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.14.0...v5.14.1)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-30 21:03:03 -07:00
nima 8a5a603c1d Fix SecurityContextPersistenceRepository Typo 2024-09-30 16:56:17 -07:00
nima cb4a85a74c Clarify UsernamePasswordAuthenticationFilter Workflow 2024-09-30 16:56:17 -07:00
Cedric Montfort aceb5fa6bb Allow logout+jwt JWT type for reactive 
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken).

Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d)), so back
porting the same on the reactive side to close the gap.

Closes gh-15702
 2024-09-30 16:32:45 -07:00
Josh Cummings 29331a0d8c
Merge branch '6.3.x' 2024-09-30 17:24:03 -06:00
Josh Cummings 746464e035
Merge branch '6.2.x' into 6.3.x 2024-09-30 17:21:13 -06:00
Josh Cummings c1857c0308 Fix Formatting 
Issue gh-15771
 2024-09-30 16:19:26 -07:00
chao.wang 690e012fb1 Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing 
Closes gh-15771
 2024-09-30 16:19:26 -07:00
Thomas Darimont 8b97fdde43 Polish OAuth2ClientConfiguration 2024-09-30 16:16:45 -07:00
John Niang 7fcb42b537 Fix typo of createDefaultRequestMacher in WebSessionServerRequestCache 
createDefaultRequestMacher -> createDefaultRequestMatcher
 2024-09-30 15:24:40 -07:00
Max Batischev 0c216f0b59 Add public to setClock method in InMemoryOneTimeTokenService 
Closes gh-15863
 2024-09-30 15:33:33 -05:00
dependabot[bot] 828d316103 Bump org.mockito:mockito-bom from 5.13.0 to 5.14.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.13.0...v5.14.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-29 21:11:51 -07:00
Max Batischev 50cc36d53e Add support JdbcOneTimeTokenService 
Closes gh-15735
 2024-09-29 00:06:10 +03:00
Steve Riesenberg 9ba2435cb2
Support refresh token for Token Exchange 
Closes gh-15534
 2024-09-27 15:57:57 -05:00
Steve Riesenberg e11c188122
Customize the strategy for resolving the principal 
Closes gh-15826
 2024-09-27 15:39:56 -05:00
dependabot[bot] 50cb051c86 Bump com.fasterxml.jackson:jackson-bom from 2.17.2 to 2.18.0 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.17.2 to 2.18.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.17.2...jackson-bom-2.18.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-26 21:14:50 -07:00
Josh Cummings ee9a887ae5
Fix Package Tangle 
Move ObjectPostProcessor to be alongside Customizer, another
functional interface for describing Spring Security object
configuration.
 2024-09-26 14:08:25 -06:00
Josh Cummings 24a7ad732c
Merge branch '6.3.x' 2024-09-26 13:08:57 -06:00
Josh Cummings b49051a1e6
Merge branch '6.2.x' into 6.3.x 2024-09-26 13:08:34 -06:00
Tran Ngoc Nhan f7b85ed314
Fix Broken Resource Server Doc Links 2024-09-26 13:08:12 -06:00
Tran Ngoc Nhan 4e2cb8bc25 Fix Broken Resource Server Doc Links 2024-09-26 12:07:40 -07:00
Josh Cummings d6b620b9f7
Make Observations Selectable 
Closes gh-15678
 2024-09-26 11:30:40 -06:00
Josh Cummings 69e3c248fa
Abstract ObservationRegistry Behind ObjectPostProcessor 
Issue gh-15678
 2024-09-26 11:30:40 -06:00
Josh Cummings 1ed20aa210
Add ObservationRegistry Tests 
Issue gh-11989
Issue gh-11990
 2024-09-26 11:30:40 -06:00
Josh Cummings 717529deb4
Add Generic Type to ObjectPostProcessor Lookups 
Issue gh-15678
 2024-09-26 11:30:39 -06:00
dependabot[bot] 8616044bb6 Bump org.junit:junit-bom from 5.11.0 to 5.11.1 
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.1.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-25 21:03:18 -07:00
github-actions[bot] 426e089bf8 Merge branch '6.2.x' into 6.3.x 2024-09-25 04:02:36 +00:00