Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-09 06:54:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,177 Commits 58 Branches 370 Tags
Commit Graph

20177 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
eeb080a191
Remove Branch Ecosystem Declarations 
These may have been added in error. Removing until it's clear
if they are needed

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 16:45:16 -07:00
Josh Cummings
b8c6b9fbff
Add directory attribute 
Issue gh-18648
 2026-02-05 16:37:27 -07:00
Josh Cummings
3cf0a1ccb7
Use Dependabot for GitHub Actions 
Closes gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 14:47:42 -07:00
Josh Cummings
c2f0f7b6ab
Use SHA Hashes for spring-security-release-tools Workflows 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 14:47:16 -07:00
Josh Cummings
8cd2f36e84
Merge branch '7.0.x' 2026-02-05 14:45:09 -07:00
Josh Cummings
41e7af70b5
Merge branch '6.5.x' into 7.0.x 2026-02-05 13:46:21 -07:00
Josh Cummings
46a9514420
Update to setup-gradle 5.0.1 
note that gradle/gradle-build-action is superceded by
setup-gradle.

Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:44:02 -07:00
Josh Cummings
8432df498e
Update upload-artifact to 6.0.0 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:44:00 -07:00
Josh Cummings
63162eb5f1
Update to setup-java 5.2.0 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:43:56 -07:00
Josh Cummings
5c3b8c513b
Update spring-gradle-build-action to 2.0.5 
Issue gh-18648
 2026-02-05 13:43:11 -07:00
Josh Cummings
d276c943fc
Update actions/checkout to 6.0.2 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:43:06 -07:00
Josh Cummings
18d9dd77ec
Use SHA Hashes for spring-security-release-tools Workflows 
Issue gh-18648

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:42:22 -07:00
Joe Grandja
517bc7cb65 Polish gh-18614 2026-02-05 15:32:47 -05:00
Elayne Bloom
a2d407518c Document ClientSettings 
Added documentation to describe the possible client configuration options when setting up an Oauth2 Authorization Server.

Closes gh-18614

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-05 15:32:46 -05:00
Josh Cummings
001d9df5ca
Remove Nullability Checkstyle Suppressions for saml2 
Issue gh-17823
 2026-02-05 13:13:25 -07:00
Josh Cummings
818a7831dd
Add Nullability to opensaml5Main Source Set 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-05 13:13:23 -07:00
Joe Grandja
0eba9de7d4 Merge branch '7.0.x' 2026-02-05 04:55:34 -05:00
Joe Grandja
d3c42a7a4f Polish OAuth2ConfigurerUtils 2026-02-05 04:52:02 -05:00
Joe Grandja
e61c03f7c3 Fix to allow multiple PasswordEncoder beans 
Closes gh-18645
 2026-02-05 04:51:51 -05:00
Josh Cummings
70fc8fef3a Add Sample SAML Response in Test 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-03 08:54:14 -07:00
gimgisu
46027974dd @gisu1102 
Apply code formatting to OAuth2AuthorizationServerBeanRegistrationAotProcessor

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
338786bab9 @gisu1102 
Align AOT hints with MemberCategory deprecation replacements

- Replace DECLARED_FIELDS with ACCESS_DECLARED_FIELDS in runtime hints

- Preserve 1:1 intent for Collections via registerType only

- Keep INVOKE_* only where it existed before

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
d7ecb8fdcf @gisu1102 
Restore Jackson 2 module runtime hints for passivity

- Keep Jackson 2 module registrations when jackson2 is present

- Extract Jackson 2 hint registration into a dedicated method

- Suppress removal warnings only for the Jackson 2 registration

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu
a9f9eba6ca @gisu1102 
Remove compiler warnings in spring-security-oauth2-authorization-server

- Remove ACCESS_DECLARED_FIELDS from AOT/runtime hints
- Add @SuppressWarnings("removal") for Jackson2 deprecated adapters

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
Josh Cummings
1a6f344196
Add security-nullability 
Closes gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:17 -07:00
Josh Cummings
e771ec04b7
Add @Nullable Annotations to saml2-service-provider 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:14 -07:00
Josh Cummings
f3656b4991
Ensure saml_request in Tests 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:10 -07:00
Joe Grandja
8f22fd4407 Merge branch '7.0.x' 2026-02-02 16:38:29 -05:00
Elayne Bloom
2c97b3376b Document Client PKCE settings 
Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client.

Closes gh-18304

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-02 16:30:27 -05:00
Tran Ngoc Nhan
20493ef45f Add javadoc-warnings-error 
Closes gh-18461

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 12:06:12 -06:00
Vyacheslav
e029b3ac6f Update authorize-http-requests.adoc 
Comma added for java configuration 

Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>
 2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan
55ab498518 Add javadoc-warnings-error 
Closes gh-18469

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:53 -06:00
Tran Ngoc Nhan
b0983e2f5e Add javadoc-warnings-error 
Closes gh-18466

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:12 -06:00
dohyunk58
992d8ca79b fail build on javadoc warnings for spring-security-test 
Signed-off-by: dohyunk58 <hedge3x@gmail.com>
 2026-02-02 11:44:39 -06:00
Tran Ngoc Nhan
4c012c59c9 Add javadoc-warnings-error 
Closes gh-18464

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:44:31 -06:00
Tran Ngoc Nhan
2ee247f82e Add javadoc-warnings-error 
Closes gh-18464

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:43:35 -06:00
Joe Grandja
0496c02c30 Polish gh-18542 2026-02-02 12:43:19 -05:00
Tran Ngoc Nhan
93d8283e36 Add javadoc-warnings-error 
Closes gh-18462

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:42:14 -06:00
pocj8ur4in
991b7d4dc2 Rollback setDefaultRolePrefix() call 
- preserve setDefaultRolePrefix() in getRootObject()

Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>
 2026-02-02 11:41:18 -06:00
pocj8ur4in
64e863e7df Remove compiler warnings in spring-security-data 
- Add
  compile-warnings-error plugin to data module
- Remove
  deprecated setDefaultRolePrefix() call in getRootObject()
- Add
  @SuppressWarnings deprecation for tests using deprecated methods
- Add
  tests using AuthorizationManagerFactory

Closes
  spring-projectsgh-18422

Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>
 2026-02-02 11:41:18 -06:00
Daniel Garnier-Moiroux
4957c5a7e9 Add BearerTokenAuthenticationEntryPoint#setResourceMetadataParameterResolver 
Closes gh-18542

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-02-02 12:40:03 -05:00
Tran Ngoc Nhan
5b7c4ae8d8 Add javadoc-warnings-error 
Closes gh-18459

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:39:38 -06:00
Tran Ngoc Nhan
8bafd94b1f Add compile-warnings-error 
Closes gh-18424

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:37:39 -06:00
Park JuHyeong
d244bcf76e Suppress AspectJ compiler warnings in spring-security-aspects 
- Added -Xlint:ignore to compileAspectj task
- Added -Xlint:ignore to compileTestAspectj task

Fixes the following AspectJ warnings:
- AnnotationSecurityAspect.aj:72 [warning] advice defined
- AbstractMethodInterceptorAspect.aj:36 [warning] advice defined

These warnings occur because the AspectJ compiler detects that
advice in deprecated aspect classes may not match any join points,
which is expected behavior for deprecated code maintained for
backward compatibility.

Contributes to gh-18405

Signed-off-by: Park JuHyeong <wngud5957@naver.com>
 2026-02-02 11:30:51 -06:00
jieun
de23ade14b Remove compiler warnings for spring-security-cas:check 
Signed-off-by: jieun <jkdev1324@gmail.com>
 2026-02-02 11:27:42 -06:00
Robert Winch
afa3e2311c
Merge branch '7.0.x' 2026-02-02 11:13:10 -06:00
Robert Winch
9273f411c1
Merge branch '6.5.x' into 7.0.x 2026-02-02 11:12:53 -06:00
Robert Winch
d6e3ec78cd
Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 2026-02-02 11:12:18 -06:00
Joe Grandja
2a2f13fbd3
Polish Nullability for oauth2-core 
Issue gh-17820
 2026-02-02 09:00:46 -06:00
Joe Grandja
db5310bee8
Enable null-safety in spring-security-oauth2-core 
Closes gh-17820
 2026-02-02 09:00:40 -06:00