Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-24 03:08:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,463 Commits 42 Branches 362 Tags
Commit Graph

3228 Commits

Author SHA1 Message Date
Josh Cummings
f8272a8844
Fallback to Object When Determining Overridden Methods 
Closes gh-17898
 2025-09-15 09:16:50 -06:00
Josh Cummings
eedcec9d5c
Move Core Access API 
Issue gh-17847
 2025-09-12 10:32:38 -06:00
Josh Cummings
c66a028332 Polish Core Authentication Builders 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
dd50dc0c40 Remove Generic Typing From Authentication.Builder 
It would be better to introduce parameter types for
principal and credentials into Authentication.Builder
at the same time as doing so for Authentication

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
4744752a1b Add Internal Authentication Implementations 
This commit allows a default implementation of
Authentication.Builder that performs the builder
operations. In this way, authorities and other previous
authentication material can still be effectively be
propagated in the event a custom authentication does
not implement the method.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
3f774548d2 Move Authority Propagation Into Filters 
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a0fe6a5fee Polish Builders 
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
8468c6a805 Propagate Previous Factor to Next One 
This commit allows looking up the current authentication and applying
it to the latest authentication. This is specifically handy when
collecting authorities gained from each authentication factor.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a201a2b862 Add Authentication.Builder 
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.

It also adds Builders for each one of the authentication
result classes.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Steve Riesenberg
eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Josh Cummings
c64b086878
Add SecurityAssertions 
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.

Closes gh-17844
 2025-09-03 17:53:42 -06:00
Rob Winch
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify 
Closes gh-16882
 2025-08-30 11:22:30 -05:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Rob Winch
49f308adb0
Use Supplier<? extends @Nullable Authentication> 
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.

Closes gh-17814
 2025-08-29 09:46:58 -05:00
Josh Cummings
36f1de945f
Add OneTimeTokenAuthentication 
Closes gh-17799
 2025-08-22 15:46:54 -06:00
Josh Cummings
6663eea65f
Polish OTT Tests 
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.

Issue gh-17799
 2025-08-22 15:46:53 -06:00
Rob Winch
f496ded4e5
AuthorizationManager allows null Authentication 
It is possible to have a null Authentication and so the
AuthorizationManager APIs should allow for passing it in.

Closes gh-17795
 2025-08-22 12:03:16 -05:00
Andrey Litvitski
47be93e694 Annotate AuthenticationTrustResolver methods with @Nullable 
Since AuthenticationTrustResolver can handle null arguments (this is
also stated in the implementation of this interface), we should mark
these arguments as `@Nullable`.

Closes: gh-17764

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-19 22:02:59 -05:00
Josh Cummings
c45bc384da
Interpret Expression Templates by Default 
Closes gh-17763
 2025-08-18 15:45:57 -06:00
Tran Ngoc Nhan
dcd7490ddd Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-13 11:03:26 -06:00
Rob Winch
a5c38bdc94
Fix AuthorizationManager T Nullability 
Previously AuthorizationManager declared the generic's Nullability
incorrectly. This commit marks it properly.

Closes gh-17667
 2025-08-11 13:32:31 -05:00
Josh Cummings
eeb383ac46 Fix Checkstyle 
Issue gh-17623
 2025-08-07 14:32:18 -06:00
Josh Cummings
6d1a886f92 Deprecate SERIAL_VERSION_UID 
Closes gh-17623
 2025-08-07 11:09:35 -06:00
Josh Cummings
6f1232ce79 Address Checkstyle 
Issue gh-17447

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-08-05 09:15:56 -06:00
Mike Heath
93cb01612b Add ExpressionTemplateValueProvider 
Closes gh-17447

Signed-off-by: Mike Heath <michael.heath@familysearch.org>
 2025-08-05 09:15:56 -06:00
Tran Ngoc Nhan
1a56023f7f Use Spring Framework Nullability Annotations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-31 10:18:51 -06:00
Rob Winch
f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Rob Winch
7c887d2da1
Add nullability to spring-security-core 
Closes gh-17534
 2025-07-22 16:29:13 -05:00
Josh Cummings
c312d18191
Add Publishing Predicate 
Closes gh-17503
 2025-07-09 17:33:10 -06:00
Tran Ngoc Nhan
242956a63c Remove deprecated elements from DaoAuthenticationProvider 
Closes gh-17298

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan
e52987d03c Remove RoleHierarchyImpl Deprecations 
Closes gh-17297

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:22:22 -06:00
Tran Ngoc Nhan
d8043dc8a7 Remove PrePostTemplateDefaults 
Closes gh-17296

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:47:27 -06:00
Tran Ngoc Nhan
9312fb7004 Remove Deprecated AuthorizationDecision Elements 
Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 14:32:49 -06:00
Rob Winch
00ead7f24d Update to Kotlin 2.2 2025-06-26 17:29:12 -05:00
Evgeniy Cheban
092bbfc8e7 ReactiveAuthorizationManager replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
Evgeniy Cheban
b0cecb37d2 Replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
dae won
9654e51bd4 Include UsernameNotFoundException in BadCredentialsException 
Closes gh-16496

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-06-02 16:12:47 -06:00
Josh Cummings
215547f8c8
Use UsernameNotFoundException Factory 
Issue gh-17179
 2025-05-28 14:13:02 -06:00
Josh Cummings
da2d9aa868
Add Username Property to Exception 
Closes gh-17179
 2025-05-28 14:12:27 -06:00
dae won
8612e952fe Make AuthorizationProxyFactory#proxy Generic 
Closes gh-16706

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-05-23 14:48:11 -06:00
Tran Ngoc Nhan
8e2067bb3e Remove deprecated MemberCategory#DECLARED_FIELDS 
Issue gh-16889

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-23 14:36:54 -06:00
Tran Ngoc Nhan
88369cd252 Polish 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-23 14:36:54 -06:00
Josh Cummings
33a0a12a20
Merge branch '6.5.x' 2025-05-19 09:26:37 -06:00
Josh Cummings
c972de5369
Use .equals to Compare Methods 
Closes gh-17143
 2025-05-19 09:26:30 -06:00
Junhyeok Lee
e30dc42d1e Update JdbcUserDetailsManager Javadoc and author 
Signed-off-by: Junhyeok Lee <jhl221123@naver.com>
 2025-05-14 13:41:02 -05:00
Junhyeok Lee
0722c2dc41 Implement UserDetailsPasswordService in JdbcUserDetailsManager 
Signed-off-by: Junhyeok Lee <jhl221123@naver.com>
 2025-05-14 13:41:02 -05:00
huhdy32
817938fa49 Add NullReturningMethodAuthorizationDeniedHandler 
This implementation of MethodAuthorizationDeniedHandler returns null
when authorization is denied.

Closes gh-16705

Signed-off-by: huhdy32 <mong3268@gmail.com>
 2025-05-14 11:45:48 -05:00
Shenker93
de622d1082 Improve JdbcUserDetailsManager.userExists method 2025-05-07 10:50:03 -05:00
Josh Cummings
d04f7071c2
Add Missing Serialization Samples 
Closes gh-17038
 2025-05-05 15:34:24 -06:00
Josh Cummings
34a9f57aa6
Merge branch '6.4.x' 2025-05-05 15:29:44 -06:00