Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-17 11:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,023 Commits 46 Branches 369 Tags
Commit Graph

20023 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch
afa5804170
Remove 6.4.x dependabot 
6.4.x is no longer has OSS support
 2026-01-16 15:15:37 -06:00
dependabot[bot]
15dd96bddb Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.6 to 0.0.9.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.6...v0.0.9)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 15:10:17 -06:00
Robert Winch
6b2e0444dd
Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.3 
Closes gh-18515
 2026-01-16 15:08:15 -06:00
Robert Winch
577d294fdc
Remove milestone repository 
Spring uses central for milestones now
 2026-01-16 15:06:23 -06:00
Robert Winch
0993e5735e
Add missing @NullMarked 
Closes gh-18514
 2026-01-16 14:53:16 -06:00
Robert Winch
048b6bdd88
Update to JDK 25 (release = 17) 
This commit updates the build to use JDK 25 while remaining compatable with JDK 17.

Note that we must update our JAAS related tests to use release=25 due to the disabling of
the Security Manager. See
https://docs.oracle.com/en/java/javase/25/security/security-manager-is-permanently-disabled.html

Closes gh-18512
 2026-01-16 11:25:59 -06:00
Robert Winch
6e9b4f86a4
Fix nullability for JDK 25 
Closes gh-18511
 2026-01-16 10:53:19 -06:00
Robert Winch
38b66e8407
Update to Gradle 9.2.1 
Closes gh-18510
 2026-01-16 10:48:28 -06:00
Robert Winch
9e5b3d9ea1
Update to Kotlin 2.3.0 
Closes gh-18509
 2026-01-16 10:46:58 -06:00
Robert Winch
7563932106
Update jococo 0.8.14 
Closes gh-18508
 2026-01-16 10:46:53 -06:00
Robert Winch
48f958cbbf
Fix OAuth2AuthorizationRequestRedirectFilter constructor tests 
OAuth2AuthorizationRequestRedirectFilterTests attempt to validate the constructors throw IllegalArgumentException if an invalid argument is provided, but
they are flawed because it is the relective code that is throwing the IllegalArgumentException due to imprecise type information.

This changes the tests to no longer use unnecessary reflection and casts the types so that the type information is used to target the correct
constructor.

Closes gh-18507
 2026-01-16 10:34:10 -06:00
Josh Cummings
30d6b3a02b Merge branch '7.0.x' 2026-01-15 12:41:29 -07:00
Josh Cummings
1f39a3dd3e Merge branch '6.5.x' into 7.0.x 2026-01-15 12:41:22 -07:00
Josh Cummings
84b124d29d Merge branch '6.4.x' into 6.5.x 2026-01-15 12:41:16 -07:00
songhee
fee6a9bb0e docs: add CurrentSecurityContext section and link references 
Signed-off-by: songhee <songhee9327@gmail.com>
 2026-01-15 12:31:58 -07:00
Tran Ngoc Nhan
cfe13c7c76 Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-15 10:52:01 -07:00
Josh Cummings
3336f5f2ec Merge branch '7.0.x' 2026-01-14 14:47:31 -07:00
Josh Cummings
d2ed8321b4 Merge branch '6.5.x' into 7.0.x 2026-01-14 14:46:36 -07:00
Guillaume Husta
dd1f097131 Add @FunctionalInterface to RequestMatcher 
Add `@FunctionalInterface` to `RequestMatcher`.

According to the documentation, it is a FunctionalInterface.

See: https://docs.spring.io/spring-security/reference/6.5/servlet/authorization/authorize-http-requests.html#match-by-custom

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:45:22 -07:00
Josh Cummings
565896404c Merge branch '7.0.x' 2026-01-14 14:36:12 -07:00
Josh Cummings
7690c284c0 Merge branch '6.5.x' into 7.0.x 2026-01-14 14:35:59 -07:00
Guillaume Husta
508b3f26e3 docs: Typo in page Preparing for 7.0 / Web (version 6.5) 
In section 'Include the Servlet Path Prefix in Authorization Rules', `PathPatternRequestParser` should be replaced by `PathPatternRequestMatcher`.

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:35:26 -07:00
박기현\qkrrl
91d8a04ec2 Fix duplicated use-authorization-manager in docs 
Signed-off-by: 박기현\qkrrl <qkrrlgus114@naver.com>
 2026-01-14 14:21:38 -07:00
Marcus Hert da Coregio
8254f589b8 Create Jackson Mixin for OneTimeTokenAuthentication 
Closes gh-18095

Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2026-01-14 10:35:02 -07:00
Joe Grandja
92b7c41f2f Ensure Cursor imports Spring Security 
Closes gh-8492
 2026-01-13 17:01:21 -05:00
Bae Jihong
8692185de1 Fix javadoc warnings for spring-security-oauth2-client 
- Fix a javadoc warning
- Apply javadoc-warnings-error plugin

Closes gh-18460

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-01-13 10:01:13 -06:00
Robert Winch
7ca0f7723e Fix checkstyle 2026-01-12 16:28:22 -06:00
Stefano Cordio
a612522ecd Add nullability contract to PasswordEncoder#encode 
Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>
 2026-01-12 16:28:22 -06:00
Robert Winch
fe138d6434
Merge branch '7.0.x' 2026-01-12 16:05:51 -06:00
Robert Winch
7fcbf642b8
Use project.artifactory(Username|Password) 2026-01-12 16:05:38 -06:00
Robert Winch
a32d9f04e3
Revert "Use project.artifactory(Username|Password)" 
This reverts commit 9c449000dc0508457d0e4392a46e8ca731ada0fa.
 2026-01-12 16:04:56 -06:00
Robert Winch
93ae52aa58
Merge branch '7.0.x' 2026-01-12 15:48:57 -06:00
Robert Winch
9c449000dc
Use project.artifactory(Username|Password) 2026-01-12 15:48:47 -06:00
Robert Winch
43fe5f6b46
Fix update-antora-ui-spring.yml 2026-01-12 14:37:34 -06:00
Robert Winch
f47f81351e
Merge branch '7.0.x' 2026-01-12 14:32:23 -06:00
Robert Winch
63c99b9438
Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3009940229239b4b442fe902acf4fba.
 2026-01-12 14:31:57 -06:00
paulvas
0d47870928 Fix: migrate compiler-warnings-error plugin to gradle 
Fixes: gh-18434
Signed-off-by: paulvas <paulvas@gmail.com>
 2026-01-12 13:57:57 -06:00
paulvas
da4362111a Fix: Enforce compiler warnings in oauth2-core 
To prevent future compiler warnings from being introduced, this change
applies the `compile-warnings-error` plugin to the
`spring-security-oauth2-core` module.

This ensures that any new warnings will fail the build, maintaining
code quality and preventing warning accumulation.

Fixes: gh-18434
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
Signed-off-by: paulvas <paulvas@gmail.com>
 2026-01-12 13:57:57 -06:00
Pavel Vassiliev
1ddccd8a39 Fix spring-security-oauth2-core compiler warnings 
Closes: gh-18434
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>

Signed-off-by: paulvas <paulvas@gmail.com>
 2026-01-12 13:57:57 -06:00
Robert Winch
2825aa3ff1
Merge branch '7.0.x' 
Closes gh-18485
 2026-01-12 13:44:13 -06:00
Pavel Vassiliev
641d8a362b Fix Gradle 9.0 deprecations 
This commit addresses several build warnings and errors to prepare for
Gradle 9.0 and resolve static analysis issues.
Closes: gh-18472
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>

Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
 2026-01-12 13:43:16 -06:00
Robert Winch
ec06f08bb6
Merge branch '7.0.x' 2026-01-12 13:38:52 -06:00
Andrey Litvitski
13f6286e04 Use DefaultParameterNameDiscoverer#getSharedInstance 
Closes: gh-18330

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-12 13:37:32 -06:00
Robert Winch
b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
rigu1
0a6883c586 Fix Javadoc warnings in spring-security-web 
* Use <code> tags for external references in DelegatingMissingAuthorityAccessDeniedHandler and SwitchUserWebFilter
* Fix typo in SessionAuthenticationException
* Apply javadoc-warnings-error plugin

Closes gh-18468

Signed-off-by: rigu1 <dlsrbtla@gmail.com>
 2026-01-12 13:24:47 -06:00
rigu1
c07a2e57bd Add javadoc-warnings-error build plugin 
Signed-off-by: rigu1 <dlsrbtla@gmail.com>
 2026-01-12 13:24:47 -06:00
Robert Winch
5a7d93ee3b
Merge branch '7.0.x' 
Closes gh-18471
 2026-01-09 16:55:02 -06:00
Fr05ty-hub
e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub
ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Robert Winch
a3b57c470f
Merge branch '7.0.x' 2026-01-09 15:25:02 -06:00