Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-25 19:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,641 Commits 51 Branches 376 Tags
Commit Graph

3272 Commits

Author SHA1 Message Date
Joe Grandja
baad23caab Enable null-safety in spring-security-oauth2-client 
Closes gh-17819
 2026-03-18 05:04:30 -04:00
Robert Winch
ea2f2302da
Add MultiFactorCondition.WEBAUTHN_REGISTERED 
Closes gh-18923
 2026-03-17 17:20:58 -05:00
Robert Winch
bd7171140e
Support Customizer<AdditionalRequiredFactorsBuilder<Object>>> 
Closes gh-18922
 2026-03-17 17:20:58 -05:00
Robert Winch
c71b178f63
Remove Unnecessary ObjectProvider<RoleHierarchy> roleHierarchy parameter 
Closes gh-18921
 2026-03-17 17:20:58 -05:00
Joe Grandja
22a98583f1 Enable null-safety in spring-security-oauth2-jose 
Closes gh-17821
 2026-03-13 11:58:29 -04:00
Josh Cummings
5687867a09
Fix Checkstyle 
Issue gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 14:46:24 -06:00
Joe Grandja
36450d6c26 Fix checkstyle error 
Issue gh-18874
 2026-03-11 12:25:13 -04:00
Josh Cummings
a980368f26 Move Integration Test from Spring LDAP 
Closes gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 15:44:07 -06:00
Joe Grandja
703ffaf143 Merge branch '7.0.x' 2026-03-10 15:59:29 -04:00
Joe Grandja
1906075b0c OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18873
 2026-03-10 15:32:24 -04:00
Andrey Litvitski
d1ce69ca99 Specify charset in WWW-Authenticate for Basic Auth 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-10 07:57:43 -06:00
Joe Grandja
c7235ec0a3 Allow custom token settings for OAuth 2.0 dynamic client registration 
Closes gh-18870
 2026-03-10 07:48:37 -04:00
Josh Cummings
17d2131fe9 Merge remote-tracking branch 'origin/7.0.x' 2026-03-09 17:13:45 -06:00
Ronny Perinke
e8e0da1ec6 Add Null Guard for Setting ReactiveUserDetailsPasswordService 
This use case specifically arises when using `ReactiveUserDetailsService`
without `ReactiveUserDetailsPasswordService`.

Closes gh-17986

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
 2026-03-09 17:12:59 -06:00
wonderfulrosemari
07297e7a80 Add MessageExpressionAuthorizationManager 
Closes gh-12650

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-03 18:56:47 -07:00
023-dev
b9f974b18f Remove compiler warnings for spring-security-config 
Signed-off-by: 023-dev <0_2_3@naver.com>
 2026-02-27 21:53:55 -06:00
Josh Cummings
eb25bbaa24
Merge branch '7.0.x' 2026-02-26 15:09:03 -07:00
Menashe Eliezer
ee97c83042 Update request-matcher schema and XML tests to use path 
Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
 2026-02-26 14:42:09 -07:00
Rob Winch
a4cadb5cc5
Merge Make PublicKeyCredentialCreationOptions Serializable 
Make PublicKeyCredentialCreationOptions Serializable
 2026-02-23 16:01:34 -06:00
Robert Winch
701736da5d
Fix checkstyle 
Issue gh-18354

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 15:43:55 -06:00
Mohammad Amin Pahlevani
9e5a425859
Make PublicKeyCredentialCreationOptions Serializable 
Closes gh-16431

Signed-off-by: Mohammad Amin Pahlevani <pahlevani@live.com>
 2026-02-23 15:43:40 -06:00
Robert Winch
53300be8d7
Fix checkstyle 
Issue gh-18530
 2026-02-23 15:16:02 -06:00
CHANHAN
d5ba9dcada
Add tests for intercept-url access attribute validation 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
CHANHAN
fa87c78edb
fix missing access attribute validation in FilterInvocationSecurityMetadataSourceParser 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
CHANHAN
f1e367f93d
fix missing access attribute validation in AuthorizationFilterParser 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
Robert Winch
f8ac095d48 Add nullability contract to PasswordEncoder#encode implementations 
Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>AbstractValidatingPasswordEncoder.java
 2026-02-19 14:36:48 -06:00
Minu Kim
18068c9099 fix compile warning in spring-security-test 
Signed-off-by: Minu Kim <kmw106933@naver.com>
 2026-02-19 14:26:20 -06:00
DingHao
199473fcb3 Ability to configure authenticationDetailsSource in AnonymousConfigurer 
Closes gh-17831

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2026-02-05 17:19:03 -07:00
Joe Grandja
0eba9de7d4 Merge branch '7.0.x' 2026-02-05 04:55:34 -05:00
Joe Grandja
d3c42a7a4f Polish OAuth2ConfigurerUtils 2026-02-05 04:52:02 -05:00
Joe Grandja
e61c03f7c3 Fix to allow multiple PasswordEncoder beans 
Closes gh-18645
 2026-02-05 04:51:51 -05:00
Josh Cummings
70fc8fef3a Add Sample SAML Response in Test 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-03 08:54:14 -07:00
Josh Cummings
c5632ccd83
Add security-nullability to ldap 
Closes gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-01-28 15:30:54 -07:00
Michael Lück
7513c859bd Fix javadoc warnings and apply plugin javadoc-warnings-error 
Closes to gh-18448

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-01-23 14:13:54 -06:00
Robert Winch
d7fbf3673a
Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
dev.paramjot
af73f85f66 Fix formatting in HttpSecurity.java documentation 
Signed-off-by: dev.paramjot <50148441+ParamjotSingh5@users.noreply.github.com>
 2026-01-21 16:43:03 -06:00
Robert Winch
048b6bdd88
Update to JDK 25 (release = 17) 
This commit updates the build to use JDK 25 while remaining compatable with JDK 17.

Note that we must update our JAAS related tests to use release=25 due to the disabling of
the Security Manager. See
https://docs.oracle.com/en/java/javase/25/security/security-manager-is-permanently-disabled.html

Closes gh-18512
 2026-01-16 11:25:59 -06:00
Robert Winch
63c99b9438
Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3009940229239b4b442fe902acf4fba.
 2026-01-12 14:31:57 -06:00
Pavel Vassiliev
641d8a362b Fix Gradle 9.0 deprecations 
This commit addresses several build warnings and errors to prepare for
Gradle 9.0 and resolve static analysis issues.
Closes: gh-18472
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>

Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
 2026-01-12 13:43:16 -06:00
Robert Winch
b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Tran Ngoc Nhan
d20c88ecef Format code 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Tran Ngoc Nhan
79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Josh Cummings
0155d4a345 Restore Check for DispatcherServlet on Classpath 
Closes gh-18315
 2025-12-15 12:18:22 -07:00
dependabot[bot]
e033086ab0 Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 
Includes fixes for Breaking Changes in Spring Framework 7.0.2:

- spring-projects/spring-framework#35916
- spring-projects/spring-framework#35947

Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.1...v7.0.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 11:25:19 -06:00
Josh Cummings
dbf93acb05 Check for spring-security-web on Classpath 
This commit refines the check for adding AuthorizationWebProxyConfiguration
to the application context. The web-based authorization proxy support is intended
for applying Spring Security Method Security primitives to Spring Web components;
as such, this implies a dependency on Spring Security Web.

Closes gh-18307
 2025-12-15 09:18:47 -07:00
Joe Grandja
c53e66a217 OAuth2AuthorizationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18251
 2025-12-02 08:49:49 -05:00
Daniel Garnier-Moiroux
7cb57ab940 Improve webauthn webdriver tests 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-14 15:21:20 -06:00
Rob Winch
6471a32d66
Merge branch '6.5.x' 
Closes gh-18132
 2025-11-04 11:37:11 -06:00
Rob Winch
c1e9e10bf0
Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux
fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00