Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 10:48:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,303 Commits 43 Branches 362 Tags
Commit Graph

19303 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator 
Issue gh-17535
 2025-08-30 20:38:58 -05:00
Rob Winch
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify 
Closes gh-16882
 2025-08-30 20:04:32 -05:00
Rob Winch
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify 
Closes gh-16882
 2025-08-30 11:22:30 -05:00
Rob Winch
be64c67af5
Enable Null checking in spring-security-web via JSpecify 
Closes gh-16882
 2025-08-29 16:17:49 -05:00
Rob Winch
a58f3282d9
Fix config/src/test/kotlin nullability for web 
Issue gh-17535
 2025-08-29 15:46:08 -05:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Rob Winch
49f308adb0
Use Supplier<? extends @Nullable Authentication> 
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.

Closes gh-17814
 2025-08-29 09:46:58 -05:00
Josh Cummings
4cbe8de7ea Polish RSocket Anonymous Support 
Changed the DSL method name to anonymous to align with jwt.
Since basicAuthenication is deprecated, we don't need to
align with its naming convention.

Also added a since attribute to the method.

Issue gh-17132
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
559b73b39f Add Disabling Anonymous Authentication in RSocketSecurity 
Closes: gh-17132

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

1

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:33:40 -06:00
Andrey Litvitski
3278f3a410 Add discoverJwsAlgorithms() in NimbusJwtDecoder 
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:07:47 -06:00
Josh Cummings
36f1de945f
Add OneTimeTokenAuthentication 
Closes gh-17799
 2025-08-22 15:46:54 -06:00
Josh Cummings
6663eea65f
Polish OTT Tests 
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.

Issue gh-17799
 2025-08-22 15:46:53 -06:00
Josh Cummings
89b2f9cf54
Improve Test Runnability in IDE 
In some configurations, Configuration classes with static elements
may cause a test to hang. This commit changes JeeConfigurerTests
test configuration classes to use mock beans instead of referencing
them as static fields.
 2025-08-22 15:46:53 -06:00
Josh Cummings
0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Josh Cummings
d1962201b5 Merge branch '6.5.x' 2025-08-22 11:07:59 -06:00
Josh Cummings
857ca9c412 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-08-22 11:07:37 -06:00
Nikita Konev
894105aab5 Fix traceId discrepancy in case error in servlet web 
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
 2025-08-22 11:06:37 -06:00
Rob Winch
f7f41ba6c4
Add missing @NullMarked to spring-data package-info 
Issue gh-17789
 2025-08-22 12:03:16 -05:00
Rob Winch
f496ded4e5
AuthorizationManager allows null Authentication 
It is possible to have a null Authentication and so the
AuthorizationManager APIs should allow for passing it in.

Closes gh-17795
 2025-08-22 12:03:16 -05:00
Josh Cummings
583e668c6b Remove opensaml5Test Task 
Issue gh-17707
 2025-08-22 09:19:20 -06:00
Rob Winch
d6a0e3bf78
Fix Nullability Imports 
Issue gh-17789
 2025-08-22 09:00:15 -05:00
Rob Winch
29bb4919ca
Add Nullability to spring-security-data 
Closes gh-17789
 2025-08-21 13:42:27 -05:00
Rob Winch
d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch
b8b1a92ad4
Revert "Apply Nullability to spring-security-data" 
This reverts commit bbcdb236984960416489b4f9d923f83d3a4cba39.
 2025-08-21 13:35:39 -05:00
Rob Winch
bbcdb23698
Apply Nullability to spring-security-data 2025-08-21 13:27:47 -05:00
Rob Winch
9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch
8a1e2a22f9
Merge branch 'gh-16226-servlet-test-method' into 6.5.x 2025-08-21 12:44:27 -05:00
Rob Winch
0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch
0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch
fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00
Joe Kuhel
d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Yanming Zhou
41162aa7e3 Polish WebFluxSecurityConfiguration 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-08-21 11:16:12 -06:00
Yanming Zhou
d86f2c957d Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor 
It's friendly for Spring Boot's `@ConditionalOnMissingBean`, and:

>> When defining a Spring `@Bean` method, it is generally recommended to declare the most specific type possible as the method's return type. This means returning the concrete class of the bean, or the most specific interface that the bean implements and through which it will be referenced in the application.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-08-21 11:16:12 -06:00
Rob Winch
62b5b1a77c
import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 11:19:05 -05:00
Rob Winch
523222c24d
Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 11:15:42 -05:00
Rob Winch
69f38d4933
Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 11:13:45 -05:00
Joe Kuhel
0179a811c7
Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 11:12:42 -05:00
Rob Winch
7ce2bdd701
Merge branch '6.5.x' 2025-08-21 08:55:57 -05:00
Rob Winch
de4ceffc4f
Merge branch '6.4.x' into 6.5.x 2025-08-21 08:55:48 -05:00
Rob Winch
8c920a7ee7
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-08-21 08:55:15 -05:00
Rob Winch
b9653346a1
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 2025-08-21 08:54:19 -05:00
Rob Winch
9e6bcbd1d0
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 2025-08-21 08:54:18 -05:00
dependabot[bot]
8d888edc71 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 17:10:31 -05:00
Rob Winch
f82fe9c8c6
Remove stray modular from the documentation 
Issue gh-16258
 2025-08-20 12:24:33 -05:00
Rob Winch
a8f045eb50
Add Modular Spring Security Configuration 
Closes gh-16258
 2025-08-20 12:16:08 -05:00
Rob Winch
5c5efc9092
SpringTestContext registers WebTestClient Bean 
Closes gh-17780
 2025-08-20 12:15:58 -05:00
dependabot[bot]
5453224377
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.10.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 06:23:02 +00:00
dependabot[bot]
a14ad770ab
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.26.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.26/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.26)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.26.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 04:41:59 +00:00