Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-07 20:24:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,468 Commits 52 Branches 373 Tags
Commit Graph

20468 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
a01c0d003c
Merge branch '7.0.x' 2026-03-03 16:44:25 -07:00
Josh Cummings
20a7f96062
Merge branch '6.5.x' into 7.0.x 2026-03-03 16:44:12 -07:00
HaiYan
706b059ea8
Update logout.adoc 
Directives should be Directive

Signed-off-by: HaiYan <haiyan_qi@hotmail.com>
 2026-03-03 16:43:18 -07:00
Josh Cummings
f8d58fb267
Merge remote-tracking branch 'origin/7.0.x' 2026-03-03 15:53:33 -07:00
dependabot[bot]
7c49e0b457 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:52:30 -07:00
Rob Winch
2ac079dd1a
Merge Fix Flaky Crypto Tests 
Forward merge gh-18841
 2026-03-03 16:11:48 -06:00
Rob Winch
04b270a0a3
Merge Fix Flaky Crypto Tests 
Forward merge gh-18841
 2026-03-03 16:02:33 -06:00
Robert Winch
7e4a926527
Merge Fix Flaky Crypto Tests 2026-03-03 15:58:41 -06:00
Rob Winch
ea3b112bea
Fix Flaky Crypto Tests 2026-03-03 15:58:17 -06:00
Robert Winch
17776e4738
Merge Fix Flaky Crypto Tests 2026-03-03 15:26:53 -06:00
Robert Winch
1261c229a3
Fix Flaky Crypto Tests 
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.

This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
 2026-03-03 14:52:28 -06:00
dependabot[bot]
25ccb1fd70 Bump org.hibernate.orm:hibernate-core from 7.2.5.Final to 7.2.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.5.Final to 7.2.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.5...7.2.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.6.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 00:25:03 +00:00
Josh Cummings
587ac2cbad Move Snippets to Compiled Code 
Issue gh-18745

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-02 16:20:22 -07:00
Josh Cummings
498b0cb59c Make RestClientOpaqueTokenIntrospector final 
Issue gh-18745

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-02 16:20:22 -07:00
Andrey Litvitski
b05b25f2d6 Update opaque-token.adoc for RestClientOpaqueTokenIntrospector 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-02 16:20:22 -07:00
Andrey Litvitski
a5c0113ff0 Add postProcessr support to RestClientOpaqueTokenIntrospector 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-02 16:20:22 -07:00
Andrey Litvitski
bafd4034a0 Provide RestClientSpringOpaqueTokenIntrospector 
Since similar classes have alternative versions using RestClient instead
of RestTemplate, I think we should do the same with this class.

Closes: gh-18745

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-02 16:20:22 -07:00
kimyounguk1
ca34ec26d8 This commit fixes the @param tag typo in ClientAttributes.java 
to ensure the Javadoc build passes.

Signed-off-by: kimyounguk1 <kyw020108@gmail.com>

Fix javadoc @param typo in ClientAttributes

Signed-off-by: kimyounguk1 <kyw020108@gmail.com>
 2026-03-02 13:27:21 -07:00
Andrey Litvitski
30dd328272 Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient 
Replaces SpringSecurityLdapTemplate with LdapClient for user search
operations.

Closes: gh-17291

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-02 13:14:44 -07:00
Rob Winch
9f9bc0f729
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:49:33 -06:00
Rob Winch
9ce2d76508
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:48:14 -06:00
Robert Winch
0bb697c4a7
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:32:59 -06:00
Robert Winch
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
dependabot[bot]
b19e0e1ff3 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 03:32:00 +00:00
dependabot[bot]
c869565ab6 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.11 to 0.0.12.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.11...v0.0.12)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 03:18:46 +00:00
dependabot[bot]
6118557b3e Bump org.mockito:mockito-bom from 5.21.0 to 5.22.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.21.0 to 5.22.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.21.0...v5.22.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 03:17:36 +00:00
023-dev
b9f974b18f Remove compiler warnings for spring-security-config 
Signed-off-by: 023-dev <0_2_3@naver.com>
 2026-02-27 21:53:55 -06:00
dependabot[bot]
e43275d1db Bump minimatch from 3.1.2 to 3.1.5 in /javascript 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:58:57 +00:00
dependabot[bot]
18995c89ee Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:45:15 +00:00
Josh Cummings
0c42016781
Merge branch '7.0.x' 2026-02-26 17:11:06 -07:00
Josh Cummings
1575610d49
Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings
bd51ecd691
Merge branch '7.0.x' 2026-02-26 17:10:28 -07:00
Josh Cummings
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings
4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현
b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
50caf0cb28
Merge branch '7.0.x' 2026-02-26 15:57:27 -07:00
Tran Ngoc Nhan
7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00
Josh Cummings
b7dbb12c66
Merge branch '7.0.x' 2026-02-26 15:10:18 -07:00
Josh Cummings
731848d5d3
Merge branch '6.5.x' into 7.0.x 2026-02-26 15:09:45 -07:00
Josh Cummings
eb25bbaa24
Merge branch '7.0.x' 2026-02-26 15:09:03 -07:00
Guillaume Husta
68a02ff176 Update Link to CRSF Docs in FAQ 
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-02-26 14:47:21 -07:00
Menashe Eliezer
ee97c83042 Update request-matcher schema and XML tests to use path 
Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
 2026-02-26 14:42:09 -07:00
Josh Cummings
6304ea78cc
Merge branch '7.0.x' 2026-02-26 14:39:33 -07:00
Josh Cummings
10b835693c
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 14:39:19 -07:00
dependabot[bot]
ba12f5e6d0 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:51 -07:00
dependabot[bot]
f37a706d62 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:30 -07:00
Josh Cummings
e30d9240c9 Add Docs for Custom Jwt Principal Converters 
Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00
Josh Cummings
c208410a91 Polish Jwt Authentication Converter 
- Replace conditional logic with adapter class
- Added tests

Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00