Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-05 03:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,147 Commits 49 Branches 373 Tags
Commit Graph

20147 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
fbd9880a33 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b7c566a772...bbbca2ddaa)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:48:29 -07:00
Josh Cummings
5e38c2aa88
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 17:47:40 -07:00
dependabot[bot]
7b5c502a97 Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.43.Final to 6.6.44.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.44/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.43...6.6.44)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.44.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:47:07 -07:00
Andrey Litvitski
57434fc597
Update RestTemplateBuilder usage in opaque-token.adoc 
We just now use a new form instead of the deprecate one.

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 16:48:22 -07:00
Josh Cummings
20a7f96062
Merge branch '6.5.x' into 7.0.x 2026-03-03 16:44:12 -07:00
HaiYan
706b059ea8
Update logout.adoc 
Directives should be Directive

Signed-off-by: HaiYan <haiyan_qi@hotmail.com>
 2026-03-03 16:43:18 -07:00
dependabot[bot]
7c49e0b457 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:52:30 -07:00
Rob Winch
04b270a0a3
Merge Fix Flaky Crypto Tests 
Forward merge gh-18841
 2026-03-03 16:02:33 -06:00
Rob Winch
ea3b112bea
Fix Flaky Crypto Tests 2026-03-03 15:58:17 -06:00
Robert Winch
17776e4738
Merge Fix Flaky Crypto Tests 2026-03-03 15:26:53 -06:00
Robert Winch
1261c229a3
Fix Flaky Crypto Tests 
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.

This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
 2026-03-03 14:52:28 -06:00
Rob Winch
9ce2d76508
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:48:14 -06:00
Robert Winch
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
Josh Cummings
1575610d49
Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings
4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings
48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현
b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Tran Ngoc Nhan
7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00
Josh Cummings
731848d5d3
Merge branch '6.5.x' into 7.0.x 2026-02-26 15:09:45 -07:00
Guillaume Husta
68a02ff176 Update Link to CRSF Docs in FAQ 
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-02-26 14:47:21 -07:00
Menashe Eliezer
ee97c83042 Update request-matcher schema and XML tests to use path 
Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
 2026-02-26 14:42:09 -07:00
dependabot[bot]
ba12f5e6d0 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:51 -07:00
dependabot[bot]
f37a706d62 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:30 -07:00
Rob Winch
b48967eebc
Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:39 -06:00
Rob Winch
522c48b3b5
Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:24 -06:00
Robert Winch
6898de8003
Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:49:38 -06:00
Robert Winch
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides 
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.

Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.

This issue is the underlying problem for spring-projects/spring-framework#36381

Closes gh-18797
 2026-02-24 19:46:29 -06:00
Josh Cummings
73ee893d98 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-24 17:10:14 -07:00
Josh Cummings
bec25edeb0
Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute 
Clarify need for method attribute in JSP authorize tag
 2026-02-24 17:08:14 -07:00
Josh Cummings
4d43edfb20 Polish Documentation 
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format

Issue gh-16530

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-24 14:24:11 -07:00
onhann
9f9699f8a5 Clarify need for method attribute in JSP authorize tag 
Closes gh-16530

This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.

Signed-off-by: onhann <gusgus1467@naver.com>
 2026-02-24 14:24:11 -07:00
Robert Winch
311235f39e
Document Keberose Dependency Coordinates 
Closes gh-18773
 2026-02-23 11:32:37 -06:00
Robert Winch
fec988c82d
Add Kerberos Migration Section 
This links to the updated dependency coordinates

Issue gh-18773

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 11:29:50 -06:00
busoco-sjb
17b434c1c1
Document the change in dependency coordinates with Spring Security 7 
Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>
 2026-02-23 11:21:59 -06:00
Rob Winch
0bb65411be
Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager 
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
 2026-02-23 11:17:06 -06:00
Rob Winch
d29c984881
Merge pull request #18544 from Khyojae/gh-18543 
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
 2026-02-23 11:16:42 -06:00
Robert Winch
151bcf3b0b
Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x 2026-02-23 10:53:40 -06:00
Robert Winch
1116241ee3
Fix Checks for NullPointerException in AuthoritiesAuthorizationManager 
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue

Closes gh-18544

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 10:47:11 -06:00
Khyojae
d87dc9ae57
Fix: Handle null authority string in AuthoritiesAuthorizationManager 
This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543

Signed-off-by: Khyojae <khjae201@gmail.com>
 2026-02-23 09:30:28 -06:00
Robert Winch
2eb948d9b5
Ensure tests clear AuthorizationServerContextHolder 
Closes gh-18768
 2026-02-23 08:17:02 -06:00
Robert Winch
f2aef5168c
Merge branch '6.5.x' into 7.0.x 2026-02-23 08:13:38 -06:00
dependabot[bot]
ac556a45f9 Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.43.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:23 -06:00
dependabot[bot]
c8731a8dc0 Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:09 -06:00
Robert Winch
a4a6e9124c
Merge branch '6.5.x' into 7.0.x 2026-02-19 13:30:13 -06:00
Robert Winch
b21159f453
Bump org.junit:junit-bom from 6.0.2 to 6.0.3 2026-02-19 13:29:42 -06:00
Robert Winch
6f7c8cb352
Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 2026-02-19 13:29:36 -06:00
Robert Winch
5973a66bb1
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 2026-02-19 13:29:30 -06:00
Robert Winch
3e3eeda560
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 2026-02-19 13:28:49 -06:00