Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 04:52:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,493 Commits 55 Branches 348 Tags
Commit Graph

16493 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
e48f26e51e
Propagate StrictFirewallRequest Wrapper 
Closes gh-16978
 2025-05-02 10:57:07 -06:00
Rob Winch
3b7e3a6c5c
codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch
a04025c114
rm mark-duplicate-dependabot-prs.yml 2025-05-02 11:26:41 -05:00
Rob Winch
1564076276
Remove automerge forward 2025-05-02 11:23:01 -05:00
Rob Winch
ae09f36291
Add .github/workflows/codeql.yml 2025-05-02 11:15:37 -05:00
Soumik Sarker
bcef6ed74f Reformatted lines in x509 overview documentation 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-05-01 12:02:45 -06:00
github-actions[bot]
c8581683da
Bump Gradle Wrapper from 8.13 to 8.14. 
Release notes of Gradle 8.14 can be found here:
https://docs.gradle.org/8.14/release-notes.html

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2025-04-29 14:48:42 -06:00
Josh Cummings
f631a0fcd5
Polish ClientRegistrationsTests 
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
 2025-04-29 14:27:04 -06:00
Evgeniy Cheban
0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message 
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-04-29 13:43:20 -06:00
Yanming Zhou
9c76ab69f0 Use proper configuration key 
the getter method is `getOpaquetoken()` not `getOpaqueToken()`

See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-04-29 13:37:51 -06:00
Josh Cummings
5354e4d2c5
Check for Null Issuer 
Closes gh-16989
 2025-04-28 11:18:32 -06:00
Rob Winch
db48d4ca50
rm merge-dependabot-pr.yml from Unsupported Branch 2025-04-25 13:17:14 -05:00
Josh Cummings
547d174f3e Fix Formatting 2025-04-24 10:43:03 -06:00
Roman Trapickin
d2d1275b39 Fix IllegalArgumentException message for unknown Argon2 types 
Array index 0 points to an empty string. Use index 1 instead.

Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
 2025-04-24 10:43:03 -06:00
dependabot[bot]
7bf776ec38 Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.10 to 2024.0.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.10...2024.0.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-22 20:49:38 -07:00
Rob Winch
e47a6714a5
Update to io.spring.gradle:spring-security-release-plugin:1.0.5 
Closes gh-6.3.10
 2025-04-21 13:44:10 -05:00
github-actions[bot]
b9cae82b89 Next development version 2025-04-21 16:26:30 +00:00
github-actions[bot]
f6354250a1 Release 6.3.9 6.3.9 2025-04-21 15:58:56 +00:00
dependabot[bot]
a5d963387b Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.18 to 6.1.19.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.18...v6.1.19)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-17 20:49:18 -07:00
dependabot[bot]
99c4f58c34 Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.11...3.2.12)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-17 20:36:42 -07:00
Joe Grandja
c1aa99fdd2 Enforce BCrypt password length for new passwords only 
Closes gh-16802
 2025-04-17 04:53:33 -04:00
dependabot[bot]
eb01394427 Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.16 to 2023.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-15 20:50:56 -07:00
dependabot[bot]
0d3d6f75f8 Bump org-aspectj from 1.9.22.1 to 1.9.24 
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-13 20:22:34 -07:00
dependabot[bot]
eb83c35ded Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-09 20:33:22 -07:00
Steve Riesenberg
3c0fef59b5
Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner
da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
DingHao
857ef6fe08 WithHttpOnlyCookie defaults to false 
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-04-01 11:59:51 -06:00
Steve Riesenberg
b7df86197c
Apply request-handler-ref to CsrfAuthenticationStrategy 
Closes gh-16801
 2025-03-28 16:25:52 -05:00
Steve Riesenberg
c84c438075
Apply request-handler-ref to CsrfAuthenticationStrategy 
Closes gh-16801
 2025-03-28 16:08:36 -05:00
DingHao
1e7db094d1 Use correct message prompt 
Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-03-27 16:42:52 -06:00
Josh Cummings
456604ab45 Sort Default Advisors and Added Advisors 
This commit ensures that the default advisors and added advisors
are sorted in the event that this component is not being published
as a Spring bean.

Issue gh-16819
 2025-03-27 16:18:00 -06:00
Josh Cummings
15b9a50060 Add Test 
Issue gh-16819
 2025-03-27 16:18:00 -06:00
Tran Ngoc Nhan
fcc1bd598d Sort Advisors AfterSingletonsInstantiated 
In order to make so that authorization advisors are sorted
only one time and also as part of the configuration lifecycle,
AuthorizationAdvisorProxyFactory now implements
SmartInitializingBean.

Closes gh-16819

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-27 16:18:00 -06:00
github-actions[bot]
af2668f7cb Bump Gradle Wrapper from 8.10.2 to 8.13. 
Release notes of Gradle 8.13 can be found here:
https://docs.gradle.org/8.13/release-notes.html

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2025-03-25 15:11:10 -06:00
dependabot[bot]
883765b2de Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.16 to 1.0.0-alpha.17.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.16...v1.0.0-alpha.17)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-23 18:40:37 -07:00
Rob Winch
58e7ba4a4b
https docs download 2025-03-21 15:59:39 -05:00
Bragolgirith
72554f7f36 Update authorize-http-requests.adoc 
Fix patterns in the Security Matchers documentation

Signed-off-by: Bragolgirith <6455473+Bragolgirith@users.noreply.github.com>
 2025-03-21 14:46:53 -06:00
Rob Winch
65e83f8e7a
Add link to docs zip 
Closes gh-16798
 2025-03-21 15:10:52 -05:00
Tran Ngoc Nhan
ab6e9d2d1f
Clarify WebInvocationPrivilegeEvaluator JavaDoc 
Closes gh-16529

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:10 -05:00
Tran Ngoc Nhan
a53ca7c3d0
Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc 
Closes gh-16555

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:09 -05:00
Tran Ngoc Nhan
af40d7e35a
Fix typo 
Closes gh-16776

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:09 -05:00
Tran Ngoc Nhan
daf8cfe8d2
Fix Spring Framework reference link 
Closes gh-16699

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:08 -05:00
Tran Ngoc Nhan
75b537f99a
Fix WebFlux authentication reference link 
Closes gh-16702

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:07 -05:00
Josh Cummings
d1b7f8a119
Update Gradle Wrapper Upgrade 
Issue gh-16221
 2025-03-20 13:23:49 -06:00
dependabot[bot]
5353d499b4 Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.17 to 1.5.18.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.17...v_1.5.18)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-18 20:41:11 -07:00
dependabot[bot]
1d75b907f9 Bump org-eclipse-jetty from 11.0.24 to 11.0.25 
Bumps `org-eclipse-jetty` from 11.0.24 to 11.0.25.

Updates `org.eclipse.jetty:jetty-server` from 11.0.24 to 11.0.25

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.24 to 11.0.25

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 20:56:08 -07:00
github-actions[bot]
7dbd69fee1 Next development version 2025-03-17 21:31:02 +00:00
github-actions[bot]
147081f771 Release 6.3.8 6.3.8 2025-03-17 20:59:34 +00:00
dependabot[bot]
709d9bc039 Bump org.springframework:spring-framework-bom from 6.1.17 to 6.1.18 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.17 to 6.1.18.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.17...v6.1.18)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 13:01:51 -07:00
dependabot[bot]
d9bb16e913 Bump io.projectreactor:reactor-bom from 2023.0.15 to 2023.0.16 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.15 to 2023.0.16.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.15...2023.0.16)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 12:49:50 -07:00