Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-23 15:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,375 Commits 33 Branches 337 Tags
Commit Graph

15375 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ahmd-nabil
d9d22c75a2 Add support for nested username attribute in DefaultOAuth2User 
Closes gh-14186

Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
 2024-01-30 14:37:20 -07:00
Marcus Hert Da Coregio
93c2d1cc3c Disable spring-security-rsa tests on Windows 
Issue gh-14202
 2024-01-30 09:08:00 -03:00
Eric Haag
5b281eee77 Update Revved up by Develocity badge 2024-01-29 17:54:55 -07:00
Josh Cummings
77e193545d
Merge branch '6.2.x' 2024-01-29 17:45:28 -07:00
Josh Cummings
3b615c8c6d
Merge branch '6.1.x' into 6.2.x 2024-01-29 17:45:13 -07:00
Josh Cummings
ebfe8e3580
Merge branch '5.8.x' into 6.1.x 2024-01-29 17:45:04 -07:00
dependabot[bot]
7011930305 Bump gradle/gradle-build-action from 2 to 3 
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2 to 3.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:44:51 -07:00
Josh Cummings
0dcd7e79de
Merge branch '6.2.x' 2024-01-29 17:42:54 -07:00
Josh Cummings
810818bd21
Merge branch '6.1.x' into 6.2.x 2024-01-29 17:42:47 -07:00
Josh Cummings
b0fe1da98e
Merge branch '5.8.x' into 6.1.x 2024-01-29 17:42:29 -07:00
dependabot[bot]
8a75382b2d Bump slackapi/slack-github-action from 1.24.0 to 1.25.0 
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 17:41:43 -07:00
Nermin Karapandzic
6e1bcfed11 Add argument resolver for SecurityContext 
Closes gh-13425
 2024-01-29 17:30:38 -07:00
ahmd-nabil
a808c139ad Enhance IpAddressMatcher performance 
Closes gh-14493

Signed-off-by: ahmd-nabil <ahm3dnabil99@gmail.com>
 2024-01-29 17:28:19 -07:00
Josh Cummings
ee45d6c685
Merge branch '6.2.x' 2024-01-29 17:21:30 -07:00
Josh Cummings
3a53422478
Fix Failing Test 
Closes gh-14467
 2024-01-29 17:14:30 -07:00
Marcus Hert Da Coregio
6f7b9bbfde Migrate spring-security-rsa into spring-security-crypto 
Closes gh-14202
 2024-01-29 13:49:51 -03:00
Marcus Hert Da Coregio
45f8ab3401 Add permission to Edit Dependabot PR workflow 
Issue gh-14486
 2024-01-29 10:01:10 -03:00
Josh Cummings
27ebeefb14
Fix Failing Test 
Closes gh-14467
 2024-01-26 11:24:00 -07:00
Marcus Hert Da Coregio
602d2bebdc Automatically assign milestone to Dependabot PR 
Issue gh-14486
 2024-01-26 10:28:09 -03:00
Josh Cummings
01b7ad42ec
Merge branch '6.2.x' 2024-01-25 17:33:33 -07:00
Josh Cummings
84c45adc70
Merge branch '6.1.x' into 6.2.x 
Closes gh-14496
 2024-01-25 17:33:15 -07:00
Josh Cummings
44f22ee5cf
Merge branch '5.8.x' into 6.1.x 
Closes gh-14495
 2024-01-25 17:32:57 -07:00
Hans Lindner
ca10187fd1 Enhance JWT decoding error handling 
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality.

Closes gh-14467
 2024-01-25 17:32:10 -07:00
y-tomida
bdc0bd6b78 Add usernameParameter and passwordParameter to FormLoginDsl 
Closes gh-14474
 2024-01-24 09:56:38 -03:00
Marcus Hert Da Coregio
7a8f9b446e Configure Dependabot for docs-build's build.gradle 
Issue gh-14482
 2024-01-23 15:03:46 -03:00
Josh Cummings
7ee974445b
Update Checkstyle 
Issue gh-14178
 2024-01-22 08:44:54 -07:00
Josh Cummings
04394a63cd
Update Formatting 
Issue gh-14178
 2024-01-22 08:26:25 -07:00
sonallux
6df9ef5ba6 Fix wrong class name in JavaDoc 
In the `ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder` class the JavaDoc comments mention the wrong class name. This commit fixes this.
 2024-01-19 09:29:07 -07:00
Josh Cummings
1e90bdfc0b
Update Copyright 
Issue gh-14178
 2024-01-19 09:26:04 -07:00
Armin Krezović
9c352c4b4b Support overriding RestOperations in OidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Armin Krezović
0041c658de Support overriding WebClient in ReactiveOidcIdTokenDecoderFactory 
Closes gh-14178
 2024-01-19 09:24:56 -07:00
Sam Brannen
2b7d296994 Revise AuthorizationAnnotationUtils 
This commit revises AuthorizationAnnotationUtils as follows.

- Removes code duplication by treating both Class and Method as
  AnnotatedElement.

- Avoids duplicated annotation searches by processing merged
  annotations in a single Stream instead of first using the
  MergedAnnotations API to find possible duplicates and then again
  searching for a single annotation via AnnotationUtils (which
  effectively performs the same search using the MergedAnnotations API
  internally).

- Uses `.distinct()` within the Stream to avoid the need for the
  workaround introduced in gh-13625. Note that the semantics here
  result in duplicate "equivalent" annotations being ignored. In other
  words, if @⁠PreAuthorize("hasRole('someRole')") is present multiple
  times as a meta-annotation, no exception will be thrown and the first
  such annotation found will be used.

- Improves the error message when competing annotations are found by
  including the competing annotations in the error message.

- Updates AuthorizationAnnotationUtilsTests to cover all known,
  supported use cases.

- Configures correct role in @⁠RequireUserRole.

Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.

See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
 2024-01-18 07:42:58 -07:00
DingHao
3f65f600de Use AuthorizationEventPublisher Bean 
- For Jsr250MethodInterceptor and SecuredMethodInterceptor

Closes gh-14401
 2024-01-17 17:40:38 -07:00
Marcus Hert Da Coregio
06278157fa Merge branch '6.2.x' 
Closes gh-14471
 2024-01-17 16:16:40 -03:00
Marcus Hert Da Coregio
148e0b41d2 Merge branch '6.1.x' into 6.2.x 
Closes gh-14470
 2024-01-17 16:16:27 -03:00
Marcus Hert Da Coregio
ce5f5e6e33 Add native hint for CsrfTokenRequestAttributeHandler$SupplierCsrfToken 
Closes gh-14397
 2024-01-17 16:14:59 -03:00
Marcus Hert Da Coregio
a761042157 Merge branch '6.2.x' 2024-01-17 15:22:34 -03:00
Amit Mahato
237dd7799f fix: typo in Authentication Architecture ProviderManager 2024-01-17 15:22:25 -03:00
Andreas Büchel
3346f2dd73 fix typo in anonymous.adoc 2024-01-17 15:22:06 -03:00
Marcus Hert Da Coregio
959ea70ec8 Merge branch '6.2.x' 2024-01-17 14:31:55 -03:00
Marcus Hert Da Coregio
c42234396e Merge branch '6.1.x' into 6.2.x 2024-01-17 14:31:38 -03:00
Marcus Hert Da Coregio
2eba7eb672 Merge branch '5.8.x' into 6.1.x 2024-01-17 14:31:29 -03:00
dependabot[bot]
44b785bfb1 Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:11 -03:00
dependabot[bot]
56f486588f Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:31:01 -03:00
dependabot[bot]
d03c82f6b9 Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:50 -03:00
dependabot[bot]
7e5ac0078f Bump io.spring.ge.conventions from 0.0.14 to 0.0.15 
Bumps [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.14 to 0.0.15.
- [Release notes](https://github.com/spring-io/gradle-enterprise-conventions/releases)
- [Commits](https://github.com/spring-io/gradle-enterprise-conventions/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: io.spring.ge.conventions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:37 -03:00
dependabot[bot]
cbe02edad1 Bump org.springframework.data:spring-data-bom from 2023.1.1 to 2023.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2023.1.1 to 2023.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2023.1.1...2023.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:27 -03:00
dependabot[bot]
77afca969a Bump org.springframework:spring-framework-bom from 6.1.2 to 6.1.3 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.2...v6.1.3)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-17 14:30:14 -03:00
Marcus Hert Da Coregio
cdc4ae134c Merge branch '6.2.x' 
Closes gh-14469
 2024-01-17 08:47:46 -03:00
Marcus Hert Da Coregio
5938f7cdee Merge branch '6.1.x' into 6.2.x 
Closes gh-14468
 2024-01-17 08:47:36 -03:00