Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 22:44:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,194 Commits 50 Branches 370 Tags
Commit Graph

20194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
a8a859ec0e
Bump io.freefair.gradle:aspectj-plugin from 8.13.1 to 8.14.4 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.13.1 to 8.14.4.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.13.1...8.14.4)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-version: 8.14.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 03:05:22 +00:00
arianna
3386e077e6 Fix typos in SAML 2.0 Documentation 
- Fix wrong docs link in Servlet - SAML2 Log In Overview
- Fix examples in Servlet - SAML2 Authentication Responses
- Fix examples in Servlet - SAML2 Logout

Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna
10490a7b92 Fix typos in OAuth 2.0 Resource Server 
Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna
f1e742dfc5 Fix typos in Authorization Documentation 
Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna
8e9480545e Fix issue reports 
Closes gh-18376

Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
dependabot[bot]
0eb5d8f356 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.10 to 0.0.11.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.10...v0.0.11)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-05 17:27:40 -07:00
dependabot[bot]
3e238af024 Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-05 17:26:49 -07:00
dependabot[bot]
29ed4dd724 Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 
Bumps [spring-io/spring-doc-actions](https://github.com/spring-io/spring-doc-actions) from 0.0.20 to 0.0.22.
- [Commits](e28269199d...415e2b11a7)

---
updated-dependencies:
- dependency-name: spring-io/spring-doc-actions
  dependency-version: 0.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-05 17:25:46 -07:00
dependabot[bot]
218b13884f Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.2 to 5.6 
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5.2 to 5.6.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5.2...rel/v5.6)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: '5.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-05 17:24:39 -07:00
Josh Cummings
fc2fd63793
Merge branch '7.0.x' 2026-02-05 17:23:08 -07:00
Vincent Stradiot
075c48c0d8 Fix typo in documentation 
Signed-off-by: Vincent Stradiot <vincentstradiot@hotmail.com>
 2026-02-05 17:22:43 -07:00
DingHao
199473fcb3 Ability to configure authenticationDetailsSource in AnonymousConfigurer 
Closes gh-17831

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2026-02-05 17:19:03 -07:00
Bae Jihong
7903ad93c0 Fix compiler warnings in spring-security-acl 
- Use asSubclass() in AclClassIdUtils to avoid a unchecked cast warning
- Replace raw Map type with Map<?, ?> unbounded wildcard to avoid raw type warnings
- Use ArgumentMatchers to avoid a unchecked cast warning
- Suppress an unavoidable unchecked warning in reflection-based test code

Closes gh-18413

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-02-05 18:01:30 -06:00
dependabot[bot]
fe65ef2626 Bump org-opensaml5 from 5.1.6 to 5.2.0 
Bumps `org-opensaml5` from 5.1.6 to 5.2.0.

Updates `org.opensaml:opensaml-saml-api` from 5.1.6 to 5.2.0

Updates `org.opensaml:opensaml-saml-impl` from 5.1.6 to 5.2.0

---
updated-dependencies:
- dependency-name: org.opensaml:opensaml-saml-api
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.opensaml:opensaml-saml-impl
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-05 17:00:40 -07:00
Josh Cummings
2af6e1cf92
Merge branch '7.0.x' 2026-02-05 16:58:23 -07:00
Josh Cummings
31090f7a18
Merge branch '6.5.x' into 7.0.x 2026-02-05 16:58:16 -07:00
Josh Cummings
447e76bd06
Update to actions/checkout 6.0.2 2026-02-05 16:57:30 -07:00
Josh Cummings
eeb080a191
Remove Branch Ecosystem Declarations 
These may have been added in error. Removing until it's clear
if they are needed

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 16:45:16 -07:00
Josh Cummings
b8c6b9fbff
Add directory attribute 
Issue gh-18648
 2026-02-05 16:37:27 -07:00
Josh Cummings
3cf0a1ccb7
Use Dependabot for GitHub Actions 
Closes gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 14:47:42 -07:00
Josh Cummings
c2f0f7b6ab
Use SHA Hashes for spring-security-release-tools Workflows 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 14:47:16 -07:00
Josh Cummings
8cd2f36e84
Merge branch '7.0.x' 2026-02-05 14:45:09 -07:00
Josh Cummings
41e7af70b5
Merge branch '6.5.x' into 7.0.x 2026-02-05 13:46:21 -07:00
Josh Cummings
46a9514420
Update to setup-gradle 5.0.1 
note that gradle/gradle-build-action is superceded by
setup-gradle.

Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:44:02 -07:00
Josh Cummings
8432df498e
Update upload-artifact to 6.0.0 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:44:00 -07:00
Josh Cummings
63162eb5f1
Update to setup-java 5.2.0 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:43:56 -07:00
Josh Cummings
5c3b8c513b
Update spring-gradle-build-action to 2.0.5 
Issue gh-18648
 2026-02-05 13:43:11 -07:00
Josh Cummings
d276c943fc
Update actions/checkout to 6.0.2 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:43:06 -07:00
Josh Cummings
18d9dd77ec
Use SHA Hashes for spring-security-release-tools Workflows 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:42:22 -07:00
Joe Grandja
517bc7cb65 Polish gh-18614 2026-02-05 15:32:47 -05:00
Elayne Bloom
a2d407518c Document ClientSettings 
Added documentation to describe the possible client configuration options when setting up an Oauth2 Authorization Server.

Closes gh-18614

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-05 15:32:46 -05:00
Josh Cummings
001d9df5ca
Remove Nullability Checkstyle Suppressions for saml2 
Issue gh-17823
 2026-02-05 13:13:25 -07:00
Josh Cummings
818a7831dd
Add Nullability to opensaml5Main Source Set 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:13:23 -07:00
Joe Grandja
0eba9de7d4 Merge branch '7.0.x' 2026-02-05 04:55:34 -05:00
Joe Grandja
d3c42a7a4f Polish OAuth2ConfigurerUtils 2026-02-05 04:52:02 -05:00
Joe Grandja
e61c03f7c3 Fix to allow multiple PasswordEncoder beans 
Closes gh-18645
 2026-02-05 04:51:51 -05:00
Josh Cummings
70fc8fef3a Add Sample SAML Response in Test 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-03 08:54:14 -07:00
gimgisu
46027974dd @gisu1102 
Apply code formatting to OAuth2AuthorizationServerBeanRegistrationAotProcessor

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
338786bab9 @gisu1102 
Align AOT hints with MemberCategory deprecation replacements

- Replace DECLARED_FIELDS with ACCESS_DECLARED_FIELDS in runtime hints

- Preserve 1:1 intent for Collections via registerType only

- Keep INVOKE_* only where it existed before

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
d7ecb8fdcf @gisu1102 
Restore Jackson 2 module runtime hints for passivity

- Keep Jackson 2 module registrations when jackson2 is present

- Extract Jackson 2 hint registration into a dedicated method

- Suppress removal warnings only for the Jackson 2 registration

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
a9f9eba6ca @gisu1102 
Remove compiler warnings in spring-security-oauth2-authorization-server

- Remove ACCESS_DECLARED_FIELDS from AOT/runtime hints
- Add @SuppressWarnings("removal") for Jackson2 deprecated adapters

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
Josh Cummings
1a6f344196
Add security-nullability 
Closes gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:17 -07:00
Josh Cummings
e771ec04b7
Add @Nullable Annotations to saml2-service-provider 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:14 -07:00
Josh Cummings
f3656b4991
Ensure saml_request in Tests 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:10 -07:00
Joe Grandja
8f22fd4407 Merge branch '7.0.x' 2026-02-02 16:38:29 -05:00
Elayne Bloom
2c97b3376b Document Client PKCE settings 
Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client.

Closes gh-18304

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-02 16:30:27 -05:00
Tran Ngoc Nhan
20493ef45f Add javadoc-warnings-error 
Closes gh-18461

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 12:06:12 -06:00
Vyacheslav
e029b3ac6f Update authorize-http-requests.adoc 
Comma added for java configuration 

Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>
 2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan
55ab498518 Add javadoc-warnings-error 
Closes gh-18469

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:53 -06:00
Tran Ngoc Nhan
b0983e2f5e Add javadoc-warnings-error 
Closes gh-18466

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:12 -06:00