fc10d5fc29
repository=spring-projects/spring-security
...
Previously the repository used spring-project (missing the s)
2022-08-23 13:30:20 -05:00
df785408f1
Merge branch '5.6.x' into 5.7.x
2022-08-23 13:23:15 -05:00
c79ebf4edf
Setup Forward Merge
2022-08-22 16:19:44 -05:00
a8d6c1d21f
Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
...
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService
Closes gh-11449
Closes gh-11726
2022-08-19 09:58:22 -03:00
c7912c551b
Consistently set AuthenticationEventPublisher in AuthenticationManagerBuilder
...
Prior to this, the HttpSecurity bean was not consistent with WebSecurityConfigurerAdapter's HttpSecurity because it did not setup a default AuthenticationEventPublisher. This also fixes a problem where the AuthenticationEventPublisher bean would only be considered if there was a UserDetailsService
Closes gh-11449
Closes gh-11726
2022-08-19 09:51:53 -03:00
7c7f9380c7
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:54:45 -05:00
888715bbb2
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:54:45 -05:00
53a3ff8932
Refresh remote JWK when unknown KID error occurs
...
Closes gh-11621
2022-08-18 16:53:45 -05:00
77d11a3f9f
Add tests for unknown KID error
...
Issue gh-11621
2022-08-18 16:53:44 -05:00
13feb87171
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
d93bde7465
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:06 -06:00
faf9fb7337
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:46 -05:00
9f00045638
NamespaceLdapAuthenticationProviderTests use Dynamic Port
...
Closes gh-11710
2022-08-15 15:26:30 -05:00
f33d7253b6
GitHubMilestoneApiTests due_on Uses LocalDate
...
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.
To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.
Closes gh-11706
2022-08-15 13:04:29 -05:00
d8ae2c8763
GitHubMilestoneApiTests due_on Uses LocalDate
...
`GitHubMilestoneApiTests` uses `Instant.now()` for `due_on`. Since
`Instant.now()` is UTC time based,
`isMilestoneDueTodayWhenDueTodayThenTrue` fails when the computer that runs
the test is not the same day as it is in UTC time.
To fix it, `due_on` should be set to an `Instant` based upon the timezone
of the current computer.
Closes gh-11706
2022-08-15 13:03:10 -05:00
db74e9d128
Next development version
2022-08-15 16:07:33 +00:00
c188b70c88
Next development version
2022-08-15 16:06:45 +00:00
4559d269e0
Release 5.6.7
2022-08-15 15:25:05 +00:00
173d74d693
Release 5.7.3
2022-08-15 15:24:54 +00:00
66cb3e02d0
Update org.springframework.data to 2021.2.2
...
Closes gh-11698
2022-08-11 14:20:52 -06:00
74675ef793
Update org.springframework to 5.3.22
...
Closes gh-11697
2022-08-11 14:20:48 -06:00
a92ac82c4b
Update jsonassert to 1.5.1
...
Closes gh-11696
2022-08-11 14:20:45 -06:00
db638c2a77
Update org.jetbrains.kotlinx to 1.6.4
...
Closes gh-11695
2022-08-11 14:20:41 -06:00
f884527c1b
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11694
2022-08-11 14:20:38 -06:00
dbd174418f
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11693
2022-08-11 14:20:35 -06:00
2eeee99d2e
Update io.projectreactor to 2020.0.22
...
Closes gh-11691
2022-08-11 14:20:28 -06:00
e8c56420bf
Update mockk to 1.12.5
...
Closes gh-11690
2022-08-11 14:20:24 -06:00
627809d2dc
Update org.springframework.data to 2021.1.6
...
Closes gh-11686
2022-08-10 14:52:51 -03:00
4b1d7e9479
Update org.springframework to 5.3.22
...
Closes gh-11685
2022-08-10 14:52:51 -03:00
d9980a4dfe
Update jsonassert to 1.5.1
...
Closes gh-11684
2022-08-10 14:52:51 -03:00
8eb7e589eb
Update hibernate-entitymanager to 5.6.10.Final
...
Closes gh-11683
2022-08-10 14:52:51 -03:00
0d7dce9d71
Update org.eclipse.jetty to 9.4.48.v20220622
...
Closes gh-11682
2022-08-10 14:52:51 -03:00
da09788be9
Update io.projectreactor to 2020.0.22
...
Closes gh-11680
2022-08-10 14:52:51 -03:00
ead587c597
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:42 -03:00
6a2ca52aae
Consistently handle RequestRejectedException if it is wrapped
...
Closes gh-11645
2022-08-09 08:32:10 -03:00
269c711a64
RequestAttributeSecurityContextRepository never null SecurityContext
...
Previously loadContext(HttpServletRequest) could return a Supplier that
returned a null SecurityContext
This commit ensures that null is never returned by the Supplier by
returning SecurityContextHolder.createEmptyContext() instead.
Closes gh-11606
2022-08-08 13:52:56 -05:00
99f768bab9
Polish HttpSecurity
2022-07-29 17:43:00 -05:00
984355e637
Remove references to WebSecurityConfigurerAdapter
...
* AbstractAuthenticationFilterConfigurer
* DefaultLoginPageConfigurer
* EnableGlobalAuthentication
* FormLoginConfigurer
* HeadersConfigurer
* HttpSecurity
* OpenIDLoginConfigurer
* RememberMeConfigurer
* WebSecurity
* WebSecurityConfiguration
* WebSecurityConfigurer
* X509Configurer
Closes gh-11288
2022-07-29 17:43:00 -05:00
09173c95d6
Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity
...
Closes gh-11277
2022-07-29 17:43:00 -05:00
02459919cc
Skip workflows on forks of spring-security
2022-07-28 15:13:56 -05:00
57d212ddca
Use cache and user.name system property on Windows
2022-07-28 15:13:55 -05:00
539b17f6da
Only run prerequisites job if on upstream repo
2022-07-28 15:13:54 -05:00
37e1ad27fe
Simplify dependency graph
2022-07-28 15:13:53 -05:00
043fdd6f03
Use Spring Gradle Build Action
...
Closes gh-11630
2022-07-28 15:13:52 -05:00
3234e05085
Polish gh-11367
2022-07-28 15:13:51 -05:00
f957e3c051
Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Closes gh-11367
2022-07-28 15:13:51 -05:00
24033be046
Skip workflows on forks of spring-security
2022-07-28 15:11:09 -05:00
47a5665767
Use cache and user.name system property on Windows
2022-07-28 15:11:08 -05:00
aad60cc6af
Only run prerequisites job if on upstream repo
2022-07-28 15:11:07 -05:00
13e94935ae
Simplify dependency graph
2022-07-28 15:11:06 -05:00
Rob Winch
Marcus Da Coregio
Steve Riesenberg
tinolazreg
jujunChen
github-actions[bot]
Josh Cummings
naveen