Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 02:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,321 Commits 43 Branches 362 Tags
Commit Graph

19321 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
c64b086878
Add SecurityAssertions 
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.

Closes gh-17844
 2025-09-03 17:53:42 -06:00
Josh Cummings
de10e08348
Make withRoles Check Only Roles 
This commit clarifies the semantics of withRoles,
which is to check the role-based authorities in an
authentication.

Closes gh-17843
 2025-09-03 17:53:41 -06:00
Josh Cummings
bd119ac411
Implement Equals and HashCode 
Internally, RequestMatcher is sometimes used as a key to a
HashMap. Accordingly, each implementation should implement
equals and hashCode.

Closes gh-17842
 2025-09-03 17:48:50 -06:00
Rob Winch
24ffda28d8
Fixes for webauthn tests after JSpecify 
Issue gh-17839
 2025-09-03 14:44:58 -05:00
Rob Winch
6a84f96930
Enable Null checking in spring-security-test via JSpecify 
Closes gh-17840
 2025-09-03 12:59:46 -05:00
Rob Winch
194be8ffb6
Checkstyle fixes for webauthn JSpecify 
Issue gh-17839
 2025-09-03 12:58:27 -05:00
Rob Winch
47b4b155da
Add security-nullability to webauthn 
Issue gh-17839
 2025-09-03 12:17:56 -05:00
Rob Winch
0a991a91ce
Enable Null checking in spring-security-webauthn via JSpecify 
Closes gh-17839
 2025-09-03 12:06:53 -05:00
Josh Cummings
3dbcf266e9
Merge branch '6.5.x' 2025-09-02 16:45:30 -06:00
Josh Cummings
eeb67650ee
Deprecate RequiresChannelDsl 
Issue gh-16680
 2025-09-02 16:41:39 -06:00
Josh Cummings
3534b74945
Replace InteractiveAuthenticationSuccessEvent 7.0.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 7.0.x version to match.

Closes gh-16276
 2025-09-02 14:18:25 -06:00
Josh Cummings
dc0ab4c805
Merge branch '6.5.x' 2025-09-02 14:15:20 -06:00
Josh Cummings
c982753d46
Replace InteractiveAuthenticationSuccessEvent 6.5.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 6.5.x version to match.

Issue gh-16276
 2025-09-02 14:14:13 -06:00
Fridolin Jackstadt
910df479be Provider Default Timeouts For JWK Retrieval 
Issue gh-14269

Signed-off-by: Fridolin Jackstadt <fridolin.jackstadt@unic.com>
 2025-09-02 08:51:10 -06:00
Rob Winch
9866435946
Fix security-nullability plugin in taglibs 
Issue gh-17828
 2025-08-30 20:44:29 -05:00
Rob Winch
5370f1190f
Enable Null checking in spring-security-taglibs via JSpecify 
Closes gh-17828
 2025-08-30 20:40:34 -05:00
Rob Winch
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator 
Issue gh-17535
 2025-08-30 20:38:58 -05:00
Rob Winch
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify 
Closes gh-16882
 2025-08-30 20:04:32 -05:00
Rob Winch
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify 
Closes gh-16882
 2025-08-30 11:22:30 -05:00
Josh Cummings
0ff9f10696
Merge branch '6.4.x' into 6.5.x 2025-08-30 10:00:45 -06:00
Josh Cummings
7e3bf9662c
Polish InteractiveAuthenticationSuccessEvent Sample 
The sample better matches a value that would be used in the constructor

Issue gh-16276
 2025-08-30 10:00:24 -06:00
Rob Winch
be64c67af5
Enable Null checking in spring-security-web via JSpecify 
Closes gh-16882
 2025-08-29 16:17:49 -05:00
Rob Winch
a58f3282d9
Fix config/src/test/kotlin nullability for web 
Issue gh-17535
 2025-08-29 15:46:08 -05:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Rob Winch
49f308adb0
Use Supplier<? extends @Nullable Authentication> 
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.

Closes gh-17814
 2025-08-29 09:46:58 -05:00
Josh Cummings
4cbe8de7ea Polish RSocket Anonymous Support 
Changed the DSL method name to anonymous to align with jwt.
Since basicAuthenication is deprecated, we don't need to
align with its naming convention.

Also added a since attribute to the method.

Issue gh-17132
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
559b73b39f Add Disabling Anonymous Authentication in RSocketSecurity 
Closes: gh-17132

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
3278f3a410 Add discoverJwsAlgorithms() in NimbusJwtDecoder 
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:07:47 -06:00
Josh Cummings
36f1de945f
Add OneTimeTokenAuthentication 
Closes gh-17799
 2025-08-22 15:46:54 -06:00
Josh Cummings
6663eea65f
Polish OTT Tests 
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.

Issue gh-17799
 2025-08-22 15:46:53 -06:00
Josh Cummings
89b2f9cf54
Improve Test Runnability in IDE 
In some configurations, Configuration classes with static elements
may cause a test to hang. This commit changes JeeConfigurerTests
test configuration classes to use mock beans instead of referencing
them as static fields.
 2025-08-22 15:46:53 -06:00
Josh Cummings
0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Josh Cummings
d1962201b5 Merge branch '6.5.x' 2025-08-22 11:07:59 -06:00
Josh Cummings
857ca9c412 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-08-22 11:07:37 -06:00
Nikita Konev
894105aab5 Fix traceId discrepancy in case error in servlet web 
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
 2025-08-22 11:06:37 -06:00
Rob Winch
f7f41ba6c4
Add missing @NullMarked to spring-data package-info 
Issue gh-17789
 2025-08-22 12:03:16 -05:00
Rob Winch
f496ded4e5
AuthorizationManager allows null Authentication 
It is possible to have a null Authentication and so the
AuthorizationManager APIs should allow for passing it in.

Closes gh-17795
 2025-08-22 12:03:16 -05:00
Josh Cummings
583e668c6b Remove opensaml5Test Task 
Issue gh-17707
 2025-08-22 09:19:20 -06:00
Rob Winch
d6a0e3bf78
Fix Nullability Imports 
Issue gh-17789
 2025-08-22 09:00:15 -05:00
Rob Winch
29bb4919ca
Add Nullability to spring-security-data 
Closes gh-17789
 2025-08-21 13:42:27 -05:00
Rob Winch
d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch
b8b1a92ad4
Revert "Apply Nullability to spring-security-data" 
This reverts commit bbcdb236984960416489b4f9d923f83d3a4cba39.
 2025-08-21 13:35:39 -05:00
Rob Winch
bbcdb23698
Apply Nullability to spring-security-data 2025-08-21 13:27:47 -05:00
Rob Winch
9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch
8a1e2a22f9
Merge branch 'gh-16226-servlet-test-method' into 6.5.x 2025-08-21 12:44:27 -05:00
Rob Winch
0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch
0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch
fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00