Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-12-27 18:44:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,655 Commits 54 Branches 369 Tags
Commit Graph

19655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
cefc0cddec Propagate All Missing Factors 
Closes gh-18000
 2025-10-16 13:41:45 -06:00
Joe Grandja
af1de950ae Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18057
 2025-10-16 15:12:10 -04:00
Joe Grandja
7f29585df4 Remove OidcUserService.setAccessibleScopes() 
Closes gh-18056
 2025-10-16 15:12:10 -04:00
Rob Winch
2eb5da3764 Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE 
The member is public, so we need to deprecate it rather than remove it.

Issue gh-18035

Closes gh-18058
 2025-10-16 14:03:19 -05:00
Tran Ngoc Nhan
f5d33457dc Fix-typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-10-16 14:03:19 -05:00
parthokr
938a5a7c77 Fix typo in AuthenticationProvider Javadoc 
Signed-off-by: parthokr <partho.kr@proton.me>
 2025-10-16 13:54:00 -05:00
dependabot[bot]
f03213383e Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-16 12:54:46 -05:00
Rob Winch
fc2b1f9923
Merge branch '6.5.x' 2025-10-16 12:53:33 -05:00
Rob Winch
dee33b5337
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:52:50 -05:00
Rob Winch
9f936015ff
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 2025-10-16 12:52:46 -05:00
Rob Winch
79dfbe14c2
Merge branch '6.4.x' into 6.5.x 2025-10-16 12:52:34 -05:00
Rob Winch
b75f2582c4
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:51:41 -05:00
Joe Grandja
67c3ceb611 Fix NullAway error 
Related https://github.com/spring-projects/spring-framework/pull/35629
 2025-10-15 14:53:06 -04:00
Josh Cummings
95644fb73c Merge branch 'builder-enhancements' 
Issue gh-18052
Issue gh-18053
 2025-10-15 12:02:41 -06:00
Josh Cummings
21ff7688cc Move Builder to Authentication 
Leaving the Builder in Authentication allows
authentication implementations to implement Builder
without needing to implement BuildableAuthentication.

Issue gh-18052
 2025-10-15 12:01:11 -06:00
Josh Cummings
4102007119 Add Builder#authentication 
This commit consolidates logic common to applying one
authenticaiton to another. Specifically, it will copy the
authorities in one authentication into the builder instance
of another.

Closes gh-18053
 2025-10-15 12:01:11 -06:00
Josh Cummings
e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Joe Grandja
fbf7bb3be1 Allow OAuth2AuthorizationRequest to be extended 
Closes gh-18049
 2025-10-14 16:34:59 -04:00
Ivan Golovko
979ac7c336 Remove cache from (Reactive)OidcIdTokenDecoderFactory 
Closes gh-16647

Signed-off-by: iigolovko <iigolovko@ginc-it.ru>
 2025-10-14 11:24:54 -04:00
dependabot[bot]
90a1c2c15d
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:20:40 +00:00
dependabot[bot]
978459bd1d
Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:15:43 +00:00
Rob Winch
2af57c40ef
Update to JUnit 6.0.0 
To do this, we also need Spring Framework 7.0.0-SNAPSHOTs

Closes gh-18040
 2025-10-13 11:16:56 -05:00
Rob Winch
b864be92d8
Update to Reactor 2025.0.0-SNAPSHOT 
To prepare for the release we should update to Reactor
2025.0.0-SNAPSHOT to fix any issues that are present.

Closes gh-18041
 2025-10-13 11:16:27 -05:00
Rob Winch
4b6c9cca7e
Enable SNAPSHOT builds 
To use Reactor SNAPSHOTs in gh-18041 we need to enable the
snapshot repositories.

Issue gh-18041
 2025-10-13 11:15:53 -05:00
dependabot[bot]
73690a928b
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:27:33 +00:00
dependabot[bot]
7cc9d2849e
Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:16:24 +00:00
Rob Winch
78701f94ee
Document RequiredFactor Valid Duration 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch
2b4e36c67f
Add RequiredFactor.Builder.<factor-name>Authority() 
Closes gh-18033
 2025-10-10 16:24:47 -05:00
Rob Winch
702878acae
Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch
488e55032e
AllFactorsAuthorizationManager->AllRequiredFactorsAuthorizationManager 
This allows the authorization logic to be relaxed so that if RequiredFactor
only has an authority specified, then the GrantedAuthority can be of any
type.

Closes gh-18031
 2025-10-10 16:24:47 -05:00
Rob Winch
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Rob Winch
e290c98e97
Document Multi-Factor Simple to Complex 
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
 2025-10-10 16:23:38 -05:00
Rob Winch
473baad6bd
Add RequiredAuthoritiesRepository 
Closes gh-18028
 2025-10-10 15:42:17 -05:00
Joe Grandja
586081c125 Revert "Temporarily fix integration tests" 
This reverts commit 35f41f87d120efc70e0c764b42b6f6bae5c650e9.

Issue gh-17880
 2025-10-10 13:33:42 -04:00
Rob Winch
864a9b2fb3
Fix ProviderManager.copyDetails Changes Authentication Type 
Closes gh-18027
 2025-10-10 11:03:49 -05:00
Joe Grandja
1213dbe76f Fix checkstyle 2025-10-09 13:51:50 -04:00
Joe Grandja
3656e7ad8c Add tests to OAuth2AuthorizationServerJackson2ModuleTests 2025-10-09 13:23:38 -04:00
Joe Grandja
1cca9c5822 Enable PKCE by default in authorization server 
Closes gh-18020
 2025-10-09 09:51:17 -04:00
Joe Grandja
469ed09645 Allow setting Clock in OAuth2TokenGenerator implementations 
Closes gh-18017
 2025-10-07 16:34:43 -04:00
Joe Grandja
1d7f4c3b11 Polish javadoc for ClientSettings.requireAuthorizationConsent 
Issue gh-18016
 2025-10-07 11:29:10 -04:00
Joe Grandja
baa3b287d6 Add Predicate for authorizationConsentRequired for device code grant 
Introduces customizable Predicate to determine if user consent is
required in device authorization flows. Previously, device consent
handling used fixed logic. Now applications can define custom logic
for skipping or displaying consent pages.

Adds OAuth2DeviceVerificationAuthenticationContext and updates
OAuth2DeviceVerificationAuthenticationProvider with
setAuthorizationConsentRequired method.

Fixes gh-18016

Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>
 2025-10-07 11:13:30 -04:00
dependabot[bot]
d5c5bb234c Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:01:08 -05:00
Rob Winch
83da86a358
DefaultLoginPageGeneratingFilter uses List 
This fixes an ordering problem with query parameters of the tests.

Issue gh-18002
 2025-10-06 09:34:06 -05:00
dependabot[bot]
71e6d81910 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.7.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:29:57 -05:00
dependabot[bot]
16475d3453 Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:15:25 -05:00
Rob Winch
3f84e96711
Bump io.mockk:mockk from 1.14.5 to 1.14.6 2025-10-06 09:13:16 -05:00
Rob Winch
1c870f25e9
Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.4 to 0.0.5 2025-10-06 09:13:12 -05:00
Rob Winch
79e2d4b688
Merge branch '6.5.x' 2025-10-06 09:12:06 -05:00
Rob Winch
9f8ebdcf4d
Merge branch '6.4.x' into 6.5.x 2025-10-06 09:11:56 -05:00
Rob Winch
8ce38af608
Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 2025-10-06 09:11:20 -05:00