Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-24 03:08:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,382 Commits 42 Branches 362 Tags
Commit Graph

19382 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
f89ef003dc Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 22:16:52 -05:00
dependabot[bot]
8343394982 Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.0 to 2.2.20 
Bumps [org.jetbrains.kotlin:kotlin-gradle-plugin](https://github.com/JetBrains/kotlin) from 2.2.0 to 2.2.20.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.0...v2.2.20)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-version: 2.2.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 22:16:45 -05:00
Rob Winch
25c6edb253
Merge branch '6.5.x' 2025-09-11 22:16:23 -05:00
Rob Winch
1ac2b31168
Merge branch '6.4.x' into 6.5.x 2025-09-11 22:16:16 -05:00
Rob Winch
fa95c42dd3
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 2025-09-11 22:14:09 -05:00
Rob Winch
aa1f60f7ec
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-11 22:14:07 -05:00
Rob Winch
f0ea11fa5e
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-09-11 22:14:05 -05:00
Rob Winch
d473b21872
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 2025-09-11 22:14:04 -05:00
Rob Winch
13e6a505da
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 2025-09-11 22:14:02 -05:00
Rob Winch
e68738dd94
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 2025-09-11 22:13:31 -05:00
Rob Winch
9f32f62d34
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 2025-09-11 22:13:30 -05:00
Rob Winch
9fb4db12a5
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 2025-09-11 22:13:26 -05:00
dependabot[bot]
f493388513
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.10 to 6.2.11.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.10...v6.2.11)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-12 03:12:05 +00:00
dependabot[bot]
85af6abe9e
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 03:18:01 +00:00
Yanming Zhou
5ec7ae6b74 Remove redundant code in document 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-09-10 18:14:37 -06:00
dependabot[bot]
e7fe6b9564 Bump io.projectreactor:reactor-bom from 2025.0.0-M6 to 2025.0.0-M7 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.0-M6 to 2025.0.0-M7.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.0-M6...2025.0.0-M7)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.0-M7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-10 18:13:24 -06:00
Rob Winch
093e930c32
Merge branch '6.5.x' 2025-09-10 12:00:31 -05:00
Rob Winch
ab634d1099
Merge branch '6.4.x' into 6.5.x 2025-09-10 11:58:55 -05:00
Rob Winch
a79a2b031a
Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests 
This prevents timeouts on GitHub Windows runners due to overtaxed
systems.

Closes gh-17869
 2025-09-10 11:56:07 -05:00
Josh Cummings
5da2121e2b
Merge remote-tracking branch 'origin/6.5.x' 2025-09-09 17:13:18 -06:00
Andrey Litvitski
eca821471f A Root basePath No Longer Creates a Double-Slash 
Closes gh-17812

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-09-09 17:12:58 -06:00
Josh Cummings
2b87e3c5e2
Use withRoles 
Issue gh-17843
 2025-09-09 17:03:05 -06:00
Josh Cummings
ed344ece70
Use Fixed Clock 
This commit stabilizes time-sensitive tests that
verify the behavior of DPoP iat validation.

Issue gh-14915
 2025-09-09 16:22:07 -06:00
Josh Cummings
6689798257
Merge remote-tracking branch 'jzheaux/authentication-builder' 
Issue gh-17861
Issue gh-17862
 2025-09-09 15:43:26 -06:00
Josh Cummings
b09afb34cc Document Authentication.Builder 
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
 2025-09-09 14:59:14 -06:00
Josh Cummings
2476875990 Polish WebAuthn Authentication Builder 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
e97a335edc Polish Web Authentication Builders 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
e7281a71c6 Polish SAML 2.0 Authentication Builder 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
69ee8d9aec Polish OAuth 2.0 Authentication Builders 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
c66a028332 Polish Core Authentication Builders 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings
18fbf88993 Polish CAS Authentication Builder 
Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
dd50dc0c40 Remove Generic Typing From Authentication.Builder 
It would be better to introduce parameter types for
principal and credentials into Authentication.Builder
at the same time as doing so for Authentication

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
4744752a1b Add Internal Authentication Implementations 
This commit allows a default implementation of
Authentication.Builder that performs the builder
operations. In this way, authorities and other previous
authentication material can still be effectively be
propagated in the event a custom authentication does
not implement the method.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
3f774548d2 Move Authority Propagation Into Filters 
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a0fe6a5fee Polish Builders 
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings
44fef786aa Pick Up SecurityContextHolderStrategy Bean 
This commit provides the SecurityContextHolderStrategy bean to
ProviderManager instances that the HttpSecurity DSL constructs.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
8468c6a805 Propagate Previous Factor to Next One 
This commit allows looking up the current authentication and applying
it to the latest authentication. This is specifically handy when
collecting authorities gained from each authentication factor.

Issue gh-17862
 2025-09-09 14:49:13 -06:00
Josh Cummings
a201a2b862 Add Authentication.Builder 
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.

It also adds Builders for each one of the authentication
result classes.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Steve Riesenberg
eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
dependabot[bot]
3d25473ee6
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.10 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:17:42 +00:00
dependabot[bot]
cc30c901c7
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:13:37 +00:00
dependabot[bot]
35f09461ef
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.8 to 2024.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:20:12 +00:00
dependabot[bot]
8f75b4c350
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:19:11 +00:00
dependabot[bot]
84bc892997
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.26.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:19:05 +00:00
dependabot[bot]
dd986b0932
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.28)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.28.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 03:13:45 +00:00
blake_bauman
a4f813ab29 Support Multiple ServerLogoutHandlers 
This commit adds support to ServerHttpSecurity for registering
multiple ServerLogoutHandlers. This is handy so that an application
does not need to re-supply any handlers already configured by
the DSL.

Signed-off-by: blake_bauman <blake_bauman@apple.com>
 2025-09-05 11:47:54 -06:00
Rob Winch
686f8398dd
Merge branch '6.5.x' 2025-09-04 22:40:45 -05:00
Rob Winch
653f22d4a1
Merge branch '6.4.x' into 6.5.x 2025-09-04 22:40:08 -05:00
Rob Winch
f54c293078
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-09-04 22:39:33 -05:00
Rob Winch
34fccf45c2
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-04 22:39:31 -05:00