Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-10 19:48:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,701 Commits 55 Branches 364 Tags
Commit Graph

19701 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
cb8c2b090c Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:17:01 -05:00
Rob Winch
e94de4d0e3
Merge branch '6.5.x' 2025-10-20 09:16:23 -05:00
Rob Winch
cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch
6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch
9cecc2cf09
Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch
f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
Rob Winch
95abf61c88
Refine Jackson 3 format description 2025-10-20 09:11:22 -05:00
Joe Grandja
22cbb13f7d Add comments to SQL-scripts to ensure robust timezone handling 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2217
 2025-10-20 07:12:50 -04:00
Joe Grandja
fc8b6b5863 Return PAR endpoint metadata only when enabled 
Issue https://github.com/spring-projects/spring-authorization-server/issues/2219
 2025-10-20 06:06:24 -04:00
dependabot[bot]
8b89e31e3d
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:26 +00:00
dependabot[bot]
67b15be917
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:21 +00:00
dependabot[bot]
217a29e6ba
Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:54 +00:00
dependabot[bot]
b2d6380633
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:45 +00:00
Rob Winch
9dc27bee03 Link to gh-18077 2025-10-19 17:03:19 -05:00
Rob Winch
a181733365 Encapsulate GenericHttpMessageConverterAdapter 
This will allow its removal in gh-18073
 2025-10-19 17:03:19 -05:00
Rob Winch
51e8f8f1c6 Deprecate WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter) 
This makes sense given that Framework's new Jackson support is a
SmartHttpMessageConverter. Additionally,
GenericHttpMessageConverterAdapter is now package private to encapsulate
it.

Issue gh-18073
 2025-10-19 17:03:19 -05:00
Rob Winch
d309f1887e Remove Extra Blank Line from CoreJacksonModule 2025-10-19 17:03:19 -05:00
Rob Winch
5e851e0b26 Remove JdbcOAuth2AuthorizationService.Mapper 
- We should not introduce an unnecessary public API
  - It would need to be removed when Jackson 2 support was removed, but
    was required to configure Jackson 3 support
  - There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
  unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
  need to be on different classes & we wish to preserve the existing
  accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
  add it in tests
 2025-10-19 17:03:19 -05:00
Rob Winch
803936cfbe JacksonDelegate uses SecurityJacksonModules 2025-10-19 17:03:19 -05:00
Rob Winch
50568da1e5 Add Jackson 3 TestingAuthenticationToken Support 
Without this many of the tests fail when using Jackson 3
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
8f8a25533a Refine documentation for Jackson 3 
This commit refines the documentation by:
 - Updating Jackson documentation for Jackson 3
 - Removing the outdated documentation in servlet
 - Adding migration guidelines

Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
137f8fd670 Add support for JacksonJsonHttpMessageConverter 
This commit introduces classpath checks and instantiation of
JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging
a new GenericHttpMessageConverterAdapter which allows to adapt
SmartHttpMessageConverter to GenericHttpMessageConverter.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
702a177e25 Add webauthn Jackson 3 support and deprecate Jackson 2 one 
Since this module was already using the jackson sub-package for Jackson 2
support, both Jackson 2 and Jackson 3 support lives in the same subpackage
and the former package-private classes has been renamed with a Jackson2
qualifier.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
48854c3ac9 Deprecate Jackson 2 support 
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
65a14d6c6d Add Jackson 3 support 
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
 - jackson subpackage instead of jackson2
 - Jackson type prefix instead of Jackson2
 - JsonMapper instead of ObjectMapper
 - For configuration, JsonMapper.Builder instead of ObjectMapper
   since the latter is now immutable
 - Remove custom support for unmodifiable collections
 - Use safe default typing via a PolymorphicTypeValidator

Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md.

This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
916a687b29 Add Jackson 3 BOM 
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze
762fcbb516 Add .kotlin/ to .gitignore 
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Joe Grandja
fc795a81d4 PAR uses requested scopes on consent 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
 2025-10-17 16:14:31 -04:00
Josh Cummings
4bc319883b Address Nullability 2025-10-17 14:03:15 -06:00
dependabot[bot]
cb7a6292b7 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.5...v0.0.6)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 14:03:15 -06:00
Josh Cummings
bbf6a4e786 Merge branch '6.5.x' 2025-10-17 13:50:05 -06:00
Josh Cummings
ba2619cb8a Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-10-17 13:49:54 -06:00
dependabot[bot]
43c53c3b78 Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:50 -06:00
dependabot[bot]
b1e16cd147 Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:30 -06:00
dependabot[bot]
9961e6d56c Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:13 -06:00
dependabot[bot]
cbad2ff5ca Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:47:56 -06:00
dependabot[bot]
63c8b0faa3 Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.13 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:46:16 -06:00
Josh Cummings
a435175723 Clean Up Generic Typing in Builder 
Issue gh-17997
 2025-10-17 11:13:00 -06:00
Joe Grandja
4b810a8971 Disallow usage of the openid scope in device authorization requests 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2177
 2025-10-17 11:41:30 -04:00
Joe Grandja
0d261e9c32 Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18060
 2025-10-16 16:29:52 -04:00
Josh Cummings
c5e141ad07 Change JavaDoc to FactorGrantedAuthority 
Issue gh-18030
 2025-10-16 14:00:43 -06:00
Josh Cummings
ba42b9c4cc Update Documentation for All-Factor Propagation 
Issue gh-18000
 2025-10-16 13:41:46 -06:00
Josh Cummings
b1a50a25b6 Check If toBuilder Is Implemented 
Since RC1 is right around the corner, let's change the API
footprint as little as possible by using reflection to check
if a class has declared toBuilder themselves. If they have, we
can assume that that class's builder will produce that class.

Issue gh-18052
 2025-10-16 13:41:45 -06:00
Josh Cummings
4281f6b00b Prevent Duplicate Authorities 
Issue gh-17981
 2025-10-16 13:41:45 -06:00
Josh Cummings
0fcef6dca2 Add Missing Mock Configuration 2025-10-16 13:41:45 -06:00
Josh Cummings
2e7cdd7b14 Revert "Merge branch 'builder-enhancements'" 
This reverts commit 95644fb73cd405ef4fd683e12773289343547fec, reversing
changes made to fbf7bb3be1eb7bff50cf311e8df7a869e7d9d21b.

Reverting this commit will allow us more time to
consider the ideal way to add this support to the public API.
 2025-10-16 13:41:45 -06:00
Josh Cummings
cefc0cddec Propagate All Missing Factors 
Closes gh-18000
 2025-10-16 13:41:45 -06:00
Joe Grandja
af1de950ae Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18057
 2025-10-16 15:12:10 -04:00
Joe Grandja
7f29585df4 Remove OidcUserService.setAccessibleScopes() 
Closes gh-18056
 2025-10-16 15:12:10 -04:00
Rob Winch
2eb5da3764 Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE 
The member is public, so we need to deprecate it rather than remove it.

Issue gh-18035

Closes gh-18058
 2025-10-16 14:03:19 -05:00