Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-24 03:08:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,448 Commits 42 Branches 362 Tags
Commit Graph

19448 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Cummings
a0fe6a5fee Polish Builders 
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
44fef786aa Pick Up SecurityContextHolderStrategy Bean 
This commit provides the SecurityContextHolderStrategy bean to
ProviderManager instances that the HttpSecurity DSL constructs.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
8468c6a805 Propagate Previous Factor to Next One 
This commit allows looking up the current authentication and applying
it to the latest authentication. This is specifically handy when
collecting authorities gained from each authentication factor.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a201a2b862 Add Authentication.Builder 
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.

It also adds Builders for each one of the authentication
result classes.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Steve Riesenberg
eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
dependabot[bot]
3d25473ee6
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.10 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:17:42 +00:00
dependabot[bot]
cc30c901c7
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:13:37 +00:00
dependabot[bot]
35f09461ef
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.8 to 2024.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:20:12 +00:00
dependabot[bot]
8f75b4c350
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:19:11 +00:00
dependabot[bot]
84bc892997
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.26.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:19:05 +00:00
dependabot[bot]
dd986b0932
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:13:45 +00:00
blake_bauman
a4f813ab29 Support Multiple ServerLogoutHandlers 
This commit adds support to ServerHttpSecurity for registering
multiple ServerLogoutHandlers. This is handy so that an application
does not need to re-supply any handlers already configured by
the DSL.

Signed-off-by: blake_bauman <blake_bauman@apple.com>
 2025-09-05 11:47:54 -06:00
Rob Winch
686f8398dd
Merge branch '6.5.x' 2025-09-04 22:40:45 -05:00
Rob Winch
653f22d4a1
Merge branch '6.4.x' into 6.5.x 2025-09-04 22:40:08 -05:00
Rob Winch
f54c293078
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-09-04 22:39:33 -05:00
Rob Winch
34fccf45c2
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-04 22:39:31 -05:00
Rob Winch
f840ee06eb
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 2025-09-04 22:39:29 -05:00
Rob Winch
8429c23108
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 2025-09-04 22:38:50 -05:00
Rob Winch
97f3567702
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 2025-09-04 22:38:46 -05:00
dependabot[bot]
2cfdcb9d95 Bump org-opensaml5 from 5.1.5 to 5.1.6 
Bumps `org-opensaml5` from 5.1.5 to 5.1.6.

Updates `org.opensaml:opensaml-saml-api` from 5.1.5 to 5.1.6

Updates `org.opensaml:opensaml-saml-impl` from 5.1.5 to 5.1.6

---
updated-dependencies:
- dependency-name: org.opensaml:opensaml-saml-api
  dependency-version: 5.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.opensaml:opensaml-saml-impl
  dependency-version: 5.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 22:37:50 -05:00
dependabot[bot]
3c344ff491 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 22:37:36 -05:00
Josh Cummings
f30cc9c5a9
Update to PropertySourcesPlaceholderConfigurer 
This commit replaces deprecated usage of PropertyPlaceholderConfigurer
in favor of PropertySourcesPlaceholderConfigurer
 2025-09-04 11:32:04 -06:00
Josh Cummings
c64b086878
Add SecurityAssertions 
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.

Closes gh-17844
 2025-09-03 17:53:42 -06:00
Josh Cummings
de10e08348
Make withRoles Check Only Roles 
This commit clarifies the semantics of withRoles,
which is to check the role-based authorities in an
authentication.

Closes gh-17843
 2025-09-03 17:53:41 -06:00
Josh Cummings
bd119ac411
Implement Equals and HashCode 
Internally, RequestMatcher is sometimes used as a key to a
HashMap. Accordingly, each implementation should implement
equals and hashCode.

Closes gh-17842
 2025-09-03 17:48:50 -06:00
Rob Winch
24ffda28d8
Fixes for webauthn tests after JSpecify 
Issue gh-17839
 2025-09-03 14:44:58 -05:00
Rob Winch
6a84f96930
Enable Null checking in spring-security-test via JSpecify 
Closes gh-17840
 2025-09-03 12:59:46 -05:00
Rob Winch
194be8ffb6
Checkstyle fixes for webauthn JSpecify 
Issue gh-17839
 2025-09-03 12:58:27 -05:00
Rob Winch
47b4b155da
Add security-nullability to webauthn 
Issue gh-17839
 2025-09-03 12:17:56 -05:00
Rob Winch
0a991a91ce
Enable Null checking in spring-security-webauthn via JSpecify 
Closes gh-17839
 2025-09-03 12:06:53 -05:00
dependabot[bot]
d2e934ca54
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.26.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 00:33:27 +00:00
dependabot[bot]
fee4d08de3
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 23:19:43 +00:00
Josh Cummings
3dbcf266e9
Merge branch '6.5.x' 2025-09-02 16:45:30 -06:00
Josh Cummings
eeb67650ee
Deprecate RequiresChannelDsl 
Issue gh-16680
 2025-09-02 16:41:39 -06:00
dependabot[bot]
b4fc01194f
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 22:32:54 +00:00
Josh Cummings
3534b74945
Replace InteractiveAuthenticationSuccessEvent 7.0.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 7.0.x version to match.

Closes gh-16276
 2025-09-02 14:18:25 -06:00
Josh Cummings
dc0ab4c805
Merge branch '6.5.x' 2025-09-02 14:15:20 -06:00
Josh Cummings
c982753d46
Replace InteractiveAuthenticationSuccessEvent 6.5.x Sample 
Given that 7e3bf9662cd6829982f3198d3049f4012df17395 changes
the InteractiveAuthenticationSuccessEvent serialization sample,
this commit syncs up the 6.5.x version to match.

Issue gh-16276
 2025-09-02 14:14:13 -06:00
Fridolin Jackstadt
910df479be Provider Default Timeouts For JWK Retrieval 
Issue gh-14269

Signed-off-by: Fridolin Jackstadt <fridolin.jackstadt@unic.com>
 2025-09-02 08:51:10 -06:00
Rob Winch
9866435946
Fix security-nullability plugin in taglibs 
Issue gh-17828
 2025-08-30 20:44:29 -05:00
Rob Winch
5370f1190f
Enable Null checking in spring-security-taglibs via JSpecify 
Closes gh-17828
 2025-08-30 20:40:34 -05:00
Rob Winch
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator 
Issue gh-17535
 2025-08-30 20:38:58 -05:00
Rob Winch
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify 
Closes gh-16882
 2025-08-30 20:04:32 -05:00
Rob Winch
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify 
Closes gh-16882
 2025-08-30 11:22:30 -05:00
Josh Cummings
0ff9f10696
Merge branch '6.4.x' into 6.5.x 2025-08-30 10:00:45 -06:00
Josh Cummings
7e3bf9662c
Polish InteractiveAuthenticationSuccessEvent Sample 
The sample better matches a value that would be used in the constructor

Issue gh-16276
 2025-08-30 10:00:24 -06:00
Rob Winch
be64c67af5
Enable Null checking in spring-security-web via JSpecify 
Closes gh-16882
 2025-08-29 16:17:49 -05:00
Rob Winch
a58f3282d9
Fix config/src/test/kotlin nullability for web 
Issue gh-17535
 2025-08-29 15:46:08 -05:00
Rob Winch
c2ba662b91
Enable Null checking in spring-security-web via JSpecify 
Closes gh-17535
 2025-08-29 15:06:48 -05:00
Rob Winch
49f308adb0
Use Supplier<? extends @Nullable Authentication> 
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.

Closes gh-17814
 2025-08-29 09:46:58 -05:00