Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-24 03:08:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,583 Commits 42 Branches 362 Tags
Commit Graph

19583 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
c9010345b9
Add TestingAuthenticationToken(principal,credential,grantedAuthorities...) 
Closes gh-17980
 2025-10-01 13:05:56 -05:00
Joe Grandja
681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Rob Winch
7f10897de3
SecurityMockMvcResultMatchers.withAuthorities(String...) 
Closes gh-17974
 2025-09-30 10:39:14 -05:00
Rob Winch
0e99324c43
Merge branch '6.5.x' 2025-09-29 13:44:37 -05:00
Rob Winch
cf9568fe09
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 2025-09-29 13:43:45 -05:00
dependabot[bot]
7409133cc0
Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5 to 5.5.1.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.5.1/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5...rel/v5.5.1)

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-29 03:26:33 +00:00
Joe Grandja
f3761aff99 Add support for OAuth 2.0 Dynamic Client Registration Protocol 
Closes gh-17964
 2025-09-25 16:33:16 -04:00
Rob Winch
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config 
Closes gh-17957
 2025-09-25 11:50:13 -05:00
Rob Winch
be20201bf7
FACTOR uses defaultEntryPoint when possible 
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.

Issue gh-gh-17955
 2025-09-25 11:18:20 -05:00
Rob Winch
029e31ebe8
DelegatingAuthenticationEntryPoint.Builder allows just defaultEntryPoint 
Previously build threw an Exception when entryPoints was empty and
defaultEntryPoint was specified.

This commit changes build to return the defaultEntryPoint instead.

Closes gh-17955
 2025-09-25 09:45:52 -05:00
Josh Cummings
ad6fe4fdc3
Polish MFA Samples 
This commit removes unneeded AuthorizationManagerFactory
implementations, simplifies the custom AuthorizationManagerFactory
example, and updates usage of hasAllAuthorities.

Issue gh-17934
 2025-09-24 17:54:59 -06:00
Rob Winch
f652920bb3
Add @EnableGlobalMultiFactorAuthentication 
Closes gh-17954
 2025-09-24 14:47:26 -05:00
Rob Winch
e33e4d80a9
Fix Antora Warnings in servlet/authentication/adaptive.adoc 
Issue gh-2603
 2025-09-24 13:05:50 -05:00
Rob Winch
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings
28aad8855c
Merge branch 'mfa' 
Closes gh-2603
 2025-09-23 18:23:11 -06:00
Josh Cummings
bbba2930e9
Add Initial Documentation 
Issue gh-17934
 2025-09-23 18:16:36 -06:00
Josh Cummings
d757e6e44e
Response to Additional Feedback 
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler

Issue gh-17901
Issue gh-17934
 2025-09-23 18:16:22 -06:00
Josh Cummings
50ebd467c3
Polish Default Login Page 
Issue gh-17901
 2025-09-23 17:59:23 -06:00
Josh Cummings
42376e2eee
Prepopulate Username When Known 
Closes gh-17935
 2025-09-23 17:59:22 -06:00
Josh Cummings
e813aad82b
Support Showing One Part of Login Page 
Closes gh-17901
 2025-09-23 17:59:21 -06:00
Josh Cummings
9f317757c3
Make Public Missing Authority AccessDeniedHandler 
Issue gh-17934
 2025-09-23 17:59:19 -06:00
Josh Cummings
df7a7cdc99
Update Test for Method Security 
Issue gh-17936
 2025-09-23 17:16:33 -06:00
Josh Cummings
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities 
Issue gh-17934
 2025-09-23 17:16:32 -06:00
Josh Cummings
fe17f2904d
Initial Exception Handling 
This commit hardcodes factors as a proof of concept for
multi-factor authentication

Issue gh-17934
 2025-09-23 17:16:30 -06:00
Rob Winch
549569ea55
Add DefaultAuthorizationManagerFactory.additionalAuthorization 2025-09-23 16:52:10 -05:00
Rob Winch
1608465a38
DefaultAuthorizationManagerFactory additionalAuthorization 
This commit adds AuthorizationManager<T> additionalAuthorization to
DefaultAuthorizationManagerFactory which can be used for multi factor
authorization.

There is a builder that allows for creating an instance that requires
static additional authorities, but for more advanced cases users can
inject an additionalAuthorization that looks up if the user has settings
that enable additional required authorities.

The builder can later be updated to support checking that a particular
authority was granted within a specified amount of time.

Issue gh-17900
 2025-09-23 15:25:26 -05:00
Rob Winch
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics 
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory

Issue gh-17860
 2025-09-23 10:32:02 -05:00
dependabot[bot]
02bc3adfb8
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 03:17:16 +00:00
dependabot[bot]
f8ab033c7b
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 03:07:48 +00:00
Josh Cummings
628f3da30b
Revert "Add AuthorityUtils Methods" 
This reverts commit 50bdaeb1001b04b269dfe5968b3c2ef3856053fd that
was accidentally committed
 2025-09-22 12:26:07 -06:00
Josh Cummings
5ca5aca48e
Add Null Guard 
Issue gh-17933
 2025-09-22 12:23:29 -06:00
Josh Cummings
c61f53ad64
Copy Query to Parameters 
Issue gh-17450
 2025-09-22 12:17:24 -06:00
Josh Cummings
50bdaeb100
Add AuthorityUtils Methods 
This commit adds a couple of utility methods for working with authorities
by type. Now that there are infrastructural authorities that Spring Secuirty
works with directly, it's helpful to be able to filter them out of the
authority list.
 2025-09-22 11:42:14 -06:00
Rob Winch
b31fdcd89f
Merge branch '6.5.x' 2025-09-22 11:57:34 -05:00
Rob Winch
1878a1e03b
Merge branch '6.4.x' into 6.5.x 2025-09-22 11:57:26 -05:00
Rob Winch
f0f57ad560
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 2025-09-22 11:57:04 -05:00
Rob Winch
93ded52236
Bump org.gretty:gretty from 4.1.7 to 4.1.10 2025-09-22 11:57:02 -05:00
Rob Winch
329af112ed
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-22 11:55:59 -05:00
Rob Winch
3f1a60b0b8
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 2025-09-22 11:55:56 -05:00
Rob Winch
67373e8c13
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 2025-09-22 11:55:54 -05:00
Rob Winch
4ef16b14d2
Update terminology to HTTP Service Clients 
Closes gh-17947
 2025-09-22 10:09:04 -05:00
dependabot[bot]
7d93186c69
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:22:10 +00:00
dependabot[bot]
ae4b2e50e2
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:14:46 +00:00
dependabot[bot]
e323377768
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:09:34 +00:00
Andrey Litvitski
68742e170c Support Automatically Checking for Required Authorities in Authorization Rules 
Closes: gh-17900

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-09-22 00:15:13 +03:00
Josh Cummings
a63e87d8fb
Remove Static Mock 
These can cause infinite loops when running
tests in an IDE.
 2025-09-19 17:53:52 -06:00
Rob Winch
229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL 
Closes gh-17860
 2025-09-19 16:38:02 -05:00
Josh Cummings
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings
25e413127c
Merge branch 'authentication-factors' 
Closes gh-17933
 2025-09-19 11:32:44 -06:00
Josh Cummings
1e1cb0097a
Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00