Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-25 11:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,175 Commits 51 Branches 376 Tags
Commit Graph

20175 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ziqin Wang
a013bfaaec
Merge branch 'gh-18643-6.5.x' into gh-18643-7.0.x 2026-03-15 15:25:04 +08:00
Ziqin Wang
e726c05e76
Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:04:14 +08:00
Ziqin Wang
a7039fb3e6
Test Jackson 2 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:28 +08:00
Ziqin Wang
88ea668f47
Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:17 +08:00
Josh Cummings
5b4fc73878
Merge branch '6.5.x' into 7.0.x 2026-03-11 16:46:51 -06:00
Josh Cummings
ef76ba040d
Require non-null authenticationRequest 
Closes gh-18880

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 16:45:23 -06:00
Joe Grandja
1906075b0c OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18873
 2026-03-10 15:32:24 -04:00
Ronny Perinke
e8e0da1ec6 Add Null Guard for Setting ReactiveUserDetailsPasswordService 
This use case specifically arises when using `ReactiveUserDetailsService`
without `ReactiveUserDetailsPasswordService`.

Closes gh-17986

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
 2026-03-09 17:12:59 -06:00
Rob Winch
2f81d2d99e
Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:39:54 -04:00
Rob Winch
6cf4a5eed9
Merge Fix CookieRequestCache parameters 2026-03-09 15:30:46 -04:00
Robert Winch
26937bf06c
Remove unnecessary webauthn4j dependency 2026-03-09 14:25:08 -05:00
Rob Winch
7e37aa2b75
Merge Fix CookieRequestCache parameters 2026-03-09 15:25:05 -04:00
Tran Ngoc Nhan
8e8e1a80a9
Add Passkeys webauthn in example 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 14:23:14 -05:00
Robert Winch
3110c9074f
Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B
07bfe371b4
Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00
Robert Winch
c29775a79e
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:42 -05:00
Robert Winch
bc96812461
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 2026-03-09 09:58:37 -05:00
Robert Winch
7d9c2ce9d7
Merge branch '6.5.x' into 7.0.x 2026-03-09 09:58:22 -05:00
Robert Winch
e12edf43f2
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:04 -05:00
dependabot[bot]
ca6dccf8d7
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:13:40 +00:00
dependabot[bot]
a499e56b9b
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:09:41 +00:00
dependabot[bot]
8c3f6ea0d4
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:07 +00:00
dependabot[bot]
40682415ba
Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:05 +00:00
Josh Cummings
9893048ec9
Merge branch '6.5.x' into 7.0.x 2026-03-03 18:51:53 -07:00
Josh Cummings
e17d85e460
Add IDE Setup Documentation 
Issue gh-17833

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-03 18:51:32 -07:00
Andrey Litvitski
4f97217f68 Refine upgradeEncoding condition in DaoAuthenticationProvider 
After adding jspecify support in the module that contains the
DaoAuthenticationProvider class, we actually changed the contract logic,
which is a good thing, and this commit fixes it.

Closes: gh-18781

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 18:18:13 -07:00
Josh Cummings
fdaa883fb7
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 18:17:08 -07:00
dependabot[bot]
f12036db05 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 18:16:39 -07:00
dependabot[bot]
fbd9880a33 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:48:29 -07:00
Josh Cummings
5e38c2aa88
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 17:47:40 -07:00
dependabot[bot]
7b5c502a97 Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.43.Final to 6.6.44.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.44/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.43...6.6.44)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.44.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:47:07 -07:00
Andrey Litvitski
57434fc597
Update RestTemplateBuilder usage in opaque-token.adoc 
We just now use a new form instead of the deprecate one.

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 16:48:22 -07:00
Josh Cummings
20a7f96062
Merge branch '6.5.x' into 7.0.x 2026-03-03 16:44:12 -07:00
HaiYan
706b059ea8
Update logout.adoc 
Directives should be Directive

Signed-off-by: HaiYan <haiyan_qi@hotmail.com>
 2026-03-03 16:43:18 -07:00
dependabot[bot]
7c49e0b457 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:52:30 -07:00
Rob Winch
04b270a0a3
Merge Fix Flaky Crypto Tests 
Forward merge gh-18841
 2026-03-03 16:02:33 -06:00
Rob Winch
ea3b112bea
Fix Flaky Crypto Tests 2026-03-03 15:58:17 -06:00
Robert Winch
17776e4738
Merge Fix Flaky Crypto Tests 2026-03-03 15:26:53 -06:00
Robert Winch
1261c229a3
Fix Flaky Crypto Tests 
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.

This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
 2026-03-03 14:52:28 -06:00
Rob Winch
9ce2d76508
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:48:14 -06:00
Robert Winch
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
Josh Cummings
1575610d49
Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings
4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현
b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Tran Ngoc Nhan
7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00
Josh Cummings
731848d5d3
Merge branch '6.5.x' into 7.0.x 2026-02-26 15:09:45 -07:00
Guillaume Husta
68a02ff176 Update Link to CRSF Docs in FAQ 
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-02-26 14:47:21 -07:00