Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-08 04:34:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,551 Commits 52 Branches 373 Tags
Commit Graph

1209 Commits

Author SHA1 Message Date
Josh Cummings
c61f53ad64
Copy Query to Parameters 
Issue gh-17450
 2025-09-22 12:17:24 -06:00
Josh Cummings
758b35df9c
Add Factor Tests for Authentication Providers 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Rob Winch
9a3ae4b867
DelegatingAuthenticationEntryPoint uses RequestMatcherEntry 
Closes gh-17915
 2025-09-16 09:48:04 -05:00
Josh Cummings
fa4806dbcc
Move Web Access API 
Issue gh-17847
 2025-09-12 10:32:38 -06:00
DingHao
10935632ee Remove PortResolver 
Closes gh-15971

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-09-11 22:58:32 -05:00
Josh Cummings
5da2121e2b
Merge remote-tracking branch 'origin/6.5.x' 2025-09-09 17:13:18 -06:00
Andrey Litvitski
eca821471f A Root basePath No Longer Creates a Double-Slash 
Closes gh-17812

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-09-09 17:12:58 -06:00
Josh Cummings
3f774548d2 Move Authority Propagation Into Filters 
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a0fe6a5fee Polish Builders 
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
a201a2b862 Add Authentication.Builder 
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.

It also adds Builders for each one of the authentication
result classes.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Josh Cummings
d1962201b5 Merge branch '6.5.x' 2025-08-22 11:07:59 -06:00
Josh Cummings
857ca9c412 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-08-22 11:07:37 -06:00
Nikita Konev
894105aab5 Fix traceId discrepancy in case error in servlet web 
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
 2025-08-22 11:06:37 -06:00
Andrey Litvitski
2fbe8dd8f6 Make Stricter IP Format Check 
Closes gh-17499

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-07-31 10:30:57 -06:00
Rob Winch
f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Rob Winch
2fdca16c1a
Merge branch '6.4.x' into 6.5.x 
Closes gh-17634
 2025-07-29 09:47:52 -05:00
Rob Winch
392129b616
Use 2004-present Copyright Header 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Rob Winch
34742c9743
Reapply "Move webauthn runtimehints to spring-security-webauthn" 
This reverts commit 9489ab48abcbd192d87e5535f2459804d9826a80.
 2025-07-23 13:32:34 -05:00
Rob Winch
9489ab48ab
Revert "Move webauthn runtimehints to spring-security-webauthn" 
This reverts commit fe411896af5ae5d5b50babfa292152335a3bf193.
 2025-07-23 09:22:47 -05:00
Rob Winch
fe411896af
Move webauthn runtimehints to spring-security-webauthn 
Issue gh-17586
 2025-07-23 09:20:39 -05:00
Rob Winch
79cd982341
Extract spring-security-webauthn 
Closes gh-17586
 2025-07-22 17:18:38 -05:00
Rob Winch
7c887d2da1
Add nullability to spring-security-core 
Closes gh-17534
 2025-07-22 16:29:13 -05:00
DingHao
dadf4c0b8a Remove shouldFilterAllDispatcherTypes 
Closes gh-12139

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-07-14 12:34:16 -06:00
Josh Cummings
ee2b826362
Use setCookieCustomizer 
Issue gh-14132
 2025-07-10 11:13:21 -06:00
Josh Cummings
dadf10899c
Add WebExpressionAuthorizationManager.Builder 
Closes gh-17504
 2025-07-09 17:33:10 -06:00
Josh Cummings
c06b1f4916
Remove LazyCsrfTokenRepository 
Closes gh-13196
 2025-07-09 13:47:06 -06:00
Rob Winch
e48fdd5ed4
Use UserWebTestClientConfigurer 
Closes gh-17496
 2025-07-07 15:15:51 -05:00
Tran Ngoc Nhan
9312fb7004 Remove Deprecated AuthorizationDecision Elements 
Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 14:32:49 -06:00
Josh Cummings
d3e9e3138d
Remove AntPath and MvcRequestMatcher 
Closes gh-16886
Closes gh-16887
 2025-07-03 13:37:50 -06:00
Josh Cummings
e8ed0f1b03
Use PathPatternRequestMatcher in web 
Issue gh-16887
 2025-07-03 13:37:48 -06:00
Josh Cummings
98686a5139
Standardize Mock Request Paths 
Closes gh-17449
 2025-07-03 13:37:47 -06:00
Josh Cummings
d869686d09
Add TestMockHttpServleRequests 
Closes gh-17450
 2025-07-03 13:37:46 -06:00
Tran Ngoc Nhan
709f5db0e5 Polish Webauthn4JRelyingPartyOperations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-17 13:35:52 -05:00
Evgeniy Cheban
092bbfc8e7 ReactiveAuthorizationManager replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
Max Batischev
aba437d469 Add Support SubjectX500PrincipalExtractor 
Closes gh-16980

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-12 12:09:20 -05:00
Joe Grandja
98c3453aa4 Merge branch '6.5.x' 2025-06-06 07:19:08 -04:00
Joe Grandja
d622183e62 Merge branch '6.4.x' into 6.5.x 
Closes gh-17216
 2025-06-06 07:06:12 -04:00
Joe Grandja
a377175455 Merge branch '6.3.x' into 6.4.x 
Closes gh-17215
 2025-06-06 06:50:45 -04:00
Andrey Litvitski
b0f8aa5ea0 Fix to allow multiple AuthenticationFilter instances to process each request 
Closes gh-17173

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-06-06 06:37:03 -04:00
John Niang
9ba5c7b2ce Add SwitchUserGrantedAuthority to Web Jackson Module 
Closes gh-17041

Signed-off-by: John Niang <johnniang@foxmail.com>
 2025-05-23 14:42:54 -06:00
Tran Ngoc Nhan
8e2067bb3e Remove deprecated MemberCategory#DECLARED_FIELDS 
Issue gh-16889

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-23 14:36:54 -06:00
Rob Winch
6118587ff8 SavedCookieMixinTests uses readValue(String,Object.class) 
The test should not provide SavedCookie.class to the ObjectMapper
since this is not done in production. In particular, it provides the
type that it should be deserialized, but this must be provided in the
JSON since the type is unknown at the time of deserialization.

Issue gh-17006
 2025-05-07 14:55:54 -05:00
M-Faheem-Khan
241c3cd35a Remove deprecated Cookie usage 
Remove usage of comment and verison usage

Signed-off-by: M-Faheem-Khan <faheem5948@gmail.com>
 2025-05-07 14:55:54 -05:00
Rob Winch
5f833fa236 Fix Checkstyle Errors 2025-05-07 10:50:41 -05:00
milaneuh
7fda87aecd Remove deprecated methods from CookieServerCsrfTokenRepository 2025-05-07 10:50:41 -05:00
Rob Winch
b453840c0a
HttpHeaders no longer a MultiValueMap 
Closes gh-17060
 2025-05-06 13:27:13 -05:00
Rob Winch
e5e962ef90
Jakarta Cookie HttpOnly Serialization 
The new specification represents Cookie attribute using HttpOnly: "" vs
HttpOnly: "true".

This updates the test to correspond to the new Servlet specification and
is a breaking change related to jakarta updates.
 2025-05-06 13:27:13 -05:00
Rob Winch
66319fc3bc
MockServerHttpRequest.method(String,String)->method(HttpMethod,String) 
Closes gh-17058
 2025-05-06 13:26:16 -05:00
Josh Cummings
aa338e9b0d
Merge branch '6.4.x' 2025-05-02 10:58:22 -06:00