Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,447 Commits 36 Branches 337 Tags
Commit Graph

17447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
f8132018d5
Merge branch '6.4.x' 
TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable

Closes gh-16472
 2025-01-23 12:45:09 -06:00
Rob Winch
751b5580a1
TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable 
Previously there were race conditions on the static member lastToken of
TestOneTimeTokenGenerationSuccessHandler. This is because the tests run in
parallel and one test may override the other tests lastToken and thus
make the assertion on it incorrect.

This commit changes lastToken to be a non-static variable to ensure that
each test has it's own lastToken for asserting the expected value.

Closes gh-16471
 2025-01-23 12:43:22 -06:00
dependabot[bot]
09b6e4c325 Bump org.htmlunit:htmlunit from 4.8.0 to 4.9.0 
Bumps [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit) from 4.8.0 to 4.9.0.
- [Release notes](https://github.com/HtmlUnit/htmlunit/releases)
- [Commits](https://github.com/HtmlUnit/htmlunit/compare/4.8.0...4.9.0)

---
updated-dependencies:
- dependency-name: org.htmlunit:htmlunit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-22 19:52:06 -08:00
dependabot[bot]
eb8dd88199 Bump io.freefair.gradle:aspectj-plugin from 8.11 to 8.12 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.11 to 8.12.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.11...8.12)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-22 19:51:53 -08:00
Steve Riesenberg
4f860a5481
Merge branch '6.4.x' 
# Conflicts:
#	config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
 2025-01-22 17:30:29 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver 
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-01-22 17:09:55 -06:00
Steve Riesenberg
d97e01d1de
Merge branch '6.3.x' into 6.4.x 
Closes gh-16466
 2025-01-22 17:09:34 -06:00
Steve Riesenberg
211fa52649
Favor provided instances over shared objects 
Prior to this commit, providing oauth2Login() and oauth2Client() with
clientRegistrationRepository() and authorizedClientRepository() caused
objects to be shared across both configurers.

These configurers will now prefer explicitly provided instances of
those objects when they are available.

Closes gh-16105
 2025-01-22 17:07:44 -06:00
Rob Winch
68c8a5ad99
Remove debug test 
Issue gh-16443
 2025-01-22 16:11:25 -06:00
Rob Winch
dddab8e356
Merge branch '6.4.x' 
Closes gh-16465
 2025-01-22 16:04:19 -06:00
Daniel Garnier-Moiroux
bb8e757c4b
Fix GenerateOneTimeTokenWebFilter double publish of chain.filter(...) 
closes gh-16458

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-22 16:00:59 -06:00
Rob Winch
6149489b70
Merge branch '6.4.x' 
fix flakey test in WebAuthnWebDriverTests

Closes gh-16464
 2025-01-22 14:46:05 -06:00
Daniel Garnier-Moiroux
028c212be4
fix flakey test in WebAuthnWebDriverTests 
Closes gh-16463

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-22 14:45:44 -06:00
Rob Winch
4ee9358900
Add serializeAndDeserializeAreEqual 
Checks that serialization/deserialization can be performed.

Issue gh-16443
 2025-01-22 14:06:11 -06:00
Tran Ngoc Nhan
e5ea75f7f4 Implement Serial 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-21 18:14:52 -06:00
Rob Winch
5da7f0e9f1
Merge branch '6.4.x' 
checkstyleNohttp maxHeapSize=1g
 2025-01-21 15:13:36 -06:00
Rob Winch
081dee042e
Merge branch '6.4.x' 
Add TestBytes

Closes gh-16462
 2025-01-21 15:12:49 -06:00
Rob Winch
1cbe6ac932
checkstyleNohttp maxHeapSize=1g 2025-01-21 15:12:41 -06:00
Rob Winch
3209930cca
Add TestBytes 
Closes gh-16461
 2025-01-21 15:12:31 -06:00
Max Batischev
80e8e14500 Add GenerateOneTimeTokenFilterTests 2025-01-21 10:59:57 -06:00
dependabot[bot]
b555593904 Bump org.seleniumhq.selenium:selenium-java from 4.27.0 to 4.28.0 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.27.0 to 4.28.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.27.0...selenium-4.28.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-20 20:14:50 -08:00
github-actions[bot]
d5c2b6b3c9 Next development version 2025-01-20 15:50:53 +00:00
github-actions[bot]
9ec4dfa1a2 Release 6.5.0-M1 6.5.0-M1 2025-01-20 15:28:02 +00:00
github-actions[bot]
3edb01c6df Merge branch '6.4.x' 2025-01-20 04:17:23 +00:00
dependabot[bot]
42a49bbd78 Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:51 -08:00
dependabot[bot]
331812df16 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:43 -08:00
github-actions[bot]
41565c5811 Merge branch '6.4.x' 2025-01-20 03:53:17 +00:00
github-actions[bot]
46aa65de59 Merge branch '6.3.x' into 6.4.x 2025-01-20 03:53:17 +00:00
dependabot[bot]
7f410ce5b4 Bump org.springframework.data:spring-data-bom from 2024.0.7 to 2024.0.8 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.7 to 2024.0.8.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.7...2024.0.8)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:52:35 -08:00
dependabot[bot]
a23b8c5861 Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.2 to 3.27.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.2...assertj-build-3.27.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:23:32 -08:00
dependabot[bot]
a02f0136cc Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:44 -08:00
dependabot[bot]
88ce68cb06 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:35 -08:00
Rob Winch
d3332e1956
Document JDBC Persistence for WebAuthn 
Issue gh-16282
 2025-01-17 21:37:27 -06:00
Rob Winch
1f9845485c
Document custom HttpMessageConverter support for WebAuthn 
Issue gh-16397
 2025-01-17 21:08:16 -06:00
Rob Winch
a2abe3c33e
Add HttpMessageConverter WebAuthnDsl Support 
Issue gh-16397
 2025-01-17 21:07:46 -06:00
Rob Winch
683f1f4bc5
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16396
 2025-01-17 20:52:01 -06:00
Rob Winch
718c90d7ad
Document PublicKeyCredentialCreationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch
4314e68329
Add WebAuthenticationDsl.creationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch
bea232237f
Fix whitespace 2025-01-17 20:51:43 -06:00
DingHao
f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:57:08 -06:00
Rob Winch
4dc1dcbf24
WebAuthnConfigurer Supports HttpMessageConverter 
Closes gh-16397
 2025-01-17 18:29:40 -06:00
Rob Winch
5462b4c358
webauthnWhenConfiguredMessageConverter uses mock 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
Rob Winch
0d4f786484
Fix WebAuthnConfigurer Javadoc 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
DingHao
8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Rob Winch
4fc99aa9e1
Add ClientRegistration.clientSettings.requireProofKey 
Setting ClientRegistration.clientSettings.requireProofKey=true will
enable PKCE for clients using authorization_code grant type.

Closes gh-16386
 2025-01-17 17:27:04 -06:00
Rob Winch
85d7cc1335
Document requireProofKey 
Issue gh-16386
 2025-01-17 17:26:48 -06:00
Rob Winch
004f38639d
Move ClientSettings to ClientRegistration 
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
 2025-01-17 17:26:48 -06:00
Rob Winch
4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works 
Issue gh-16382
 2025-01-17 17:26:48 -06:00
Rob Winch
f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE 
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch
ab629cc1ca
Add AuthorizationGrantType.toString() 
This adds AuthorizationGrantType.toString() which makes debuging easier.
In particular, it will help when performing unit tests which validate the
AuthorizationGrantType.

Issue gh-16382
 2025-01-17 17:26:47 -06:00