Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,443 Commits 37 Branches 348 Tags
Commit Graph

18443 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
aec876403f
Bump com.webauthn4j:webauthn4j-core from 0.29.2.RELEASE to 0.29.3.RELEASE 2025-06-09 16:20:04 -05:00
Rob Winch
648882adc7
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 2025-06-09 16:19:18 -05:00
Rob Winch
0411986013
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 2025-06-09 16:16:56 -05:00
Joe Grandja
98c3453aa4 Merge branch '6.5.x' 2025-06-06 07:19:08 -04:00
Joe Grandja
d622183e62 Merge branch '6.4.x' into 6.5.x 
Closes gh-17216
 2025-06-06 07:06:12 -04:00
Joe Grandja
a377175455 Merge branch '6.3.x' into 6.4.x 
Closes gh-17215
 2025-06-06 06:50:45 -04:00
Andrey Litvitski
b0f8aa5ea0 Fix to allow multiple AuthenticationFilter instances to process each request 
Closes gh-17173

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-06-06 06:37:03 -04:00
dependabot[bot]
893d539c18
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 
Bumps org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:55:31 +00:00
dependabot[bot]
adca1b31be
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 
Bumps org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:52:18 +00:00
dependabot[bot]
47b6e31606
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 
Bumps org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:40:05 +00:00
dependabot[bot]
f75ac6c837
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 
Bumps org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:37:31 +00:00
Joe Grandja
2e913d2af9 Merge branch '6.5.x' 2025-06-05 16:22:35 -04:00
Joe Grandja
dab989d7c3 Fix NPE with DPoP tokenAuthenticationManager 
Closes gh-17172
 2025-06-05 16:06:55 -04:00
Josh Cummings
c8b843c4c5
Merge branch '6.5.x' 2025-06-05 12:36:53 -06:00
damable-nuvolex
3b12e758d3
Fix inconsistent constructor declaration 
Closes gh-16325

Signed-off-by: damable-nuvolex <damable@nuvolex.com>
 2025-06-05 12:36:27 -06:00
damable-nuvolex
a0c5504eca Fix inconsistent constructor declaration 
Closes gh-16325

Signed-off-by: damable-nuvolex <damable@nuvolex.com>
 2025-06-05 12:34:35 -06:00
Josh Cummings
eaab42a73c Polish BearerTokenAuthenticationConverter Support 
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs

Issue gh-14750
 2025-06-04 18:17:17 -06:00
Max Batischev
30577bd291 Add Additional Tests To BearerTokenAuthenticationFilterTests 
Issue gh-14750

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-04 18:17:17 -06:00
Max Batischev
4967f3feee Add Support BearerTokenAuthenticationConverter 
Closes gh-14750

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-04 18:17:17 -06:00
Josh Cummings
3f0326d3f1
Merge remote-tracking branch 'origin/6.5.x' 2025-06-04 12:49:12 -06:00
Evgeniy Cheban
33ae1711a7 Set Precedence Order for Spring MVC TargetVisitor 
Closes gh-17185

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-04 12:47:36 -06:00
dependabot[bot]
7341e629cb
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.22 to 0.0.23.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.22...v0.0.23)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-04 03:49:51 +00:00
dependabot[bot]
0ec7a7a305
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.22 to 0.0.23.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.22...v0.0.23)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-04 03:47:25 +00:00
dependabot[bot]
1b081b0628
Bump io.spring.develocity.conventions from 0.0.22 to 0.0.23 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.22 to 0.0.23.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.22...v0.0.23)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-04 03:44:50 +00:00
Josh Cummings
492444c588
Update shouldConvertGetRequests Migration Steps 
Issue gh-17099
 2025-06-03 13:12:38 -06:00
Josh Cummings
f73f253beb
Add Switch for Processing GET Requests 
Issue gh-17099
 2025-06-03 13:12:37 -06:00
Josh Cummings
32c7e8a6ee
Use Saml2Error Static Factories 2025-06-03 13:12:37 -06:00
Josh Cummings
3de7312658
Add Saml2Error Static Factories 2025-06-03 13:12:37 -06:00
Josh Cummings
4ed131f6ab Add shouldConvertGetRequests Migration Steps 
Issue gh-17099
 2025-06-03 13:10:45 -06:00
Tran Ngoc Nhan
8953f464fb Add Switch for Processing GET Requests 
Closes gh-17099

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-03 13:10:45 -06:00
dependabot[bot]
9872997cad
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 04:05:48 +00:00
dependabot[bot]
b20cfceabb
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:48:10 +00:00
dependabot[bot]
b85814efcf
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:43:40 +00:00
dependabot[bot]
5e56fc13be
Bump io-spring-javaformat from 0.0.45 to 0.0.46 
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-version: 0.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 03:29:44 +00:00
dae won
9654e51bd4 Include UsernameNotFoundException in BadCredentialsException 
Closes gh-16496

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-06-02 16:12:47 -06:00
Josh Cummings
d52e0b6a05
Polish NimbusJwtDecoder 
- Aligned JwkSourceJwtDecoderBuilder's relative position with its
corresponding static factory
- Added @since to JwkSourceJwtDecoderBuilder

PR gh-17046
 2025-06-02 15:53:59 -06:00
Josh Cummings
195f933438
Allow Default Ordering for TargetVisitor 
In tests, we want to both test that functionality works and also
demonstrate common or expected usage, where possible. It is likely
incorrect to use @Order(0) for a target visitor as this states that
it should take precedence over all Spring Security visitors defined
at a lower precedence.

Also, it appears this may have been added this way because of a mock
visitor that appears to be unused by any tests. Further, when an
application has multiple visitors, they should use the TargetVisitor.of
method to publish one bean with the order determined by the order
of the method parameters instead of having two separate beans.

This commit removes the @Order(0) annotation and also the mock
visitor, deferring to the natural ordering afforded by the
framework.

Issue gh-15994
 2025-06-02 13:41:21 -06:00
Mark Bonnekessel
ada75e76a6 Add builder to create NimbusJwtDecoder with JwkSource 
Signed-off-by: Mark Bonnekessel <2949525+marbon87@users.noreply.github.com>
 2025-06-02 13:33:39 -06:00
dependabot[bot]
227a2cc0c7
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.2.RELEASE to 0.29.3.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.2.RELEASE...0.29.3.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.3.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-02 03:51:03 +00:00
dependabot[bot]
72771c28c3
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.2.RELEASE to 0.29.3.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.2.RELEASE...0.29.3.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.3.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-02 03:27:50 +00:00
Pat McCusker
5517d8fe3a Deprecate the X5T JOSE Header name 
Closes gh-16979

Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
 2025-05-30 06:45:02 -06:00
Evgeniy Cheban
fd4f06a66e Support Spring Data container types for AuthorizeReturnObject 
Closes gh-15994

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-05-29 17:05:27 -06:00
dependabot[bot]
fed198f3f0
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.15.Final to 6.6.17.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.17/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.15...6.6.17)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.17.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 03:56:04 +00:00
dependabot[bot]
9a3d076bfd
Bump org.hibernate.orm:hibernate-core from 6.6.15.Final to 6.6.17.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.15.Final to 6.6.17.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.17/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.15...6.6.17)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.17.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 03:39:38 +00:00
Josh Cummings
6d3b54df21
Change Type Validation Default 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide 
Closes gh-17182
 2025-05-28 16:11:12 -06:00
Josh Cummings
215547f8c8
Use UsernameNotFoundException Factory 
Issue gh-17179
 2025-05-28 14:13:02 -06:00
Josh Cummings
da2d9aa868
Add Username Property to Exception 
Closes gh-17179
 2025-05-28 14:12:27 -06:00
Yanming Zhou
42790403da Use SpringReactiveOpaqueTokenIntrospector 
Now that NimbusReactiveOpaqueTokenIntrospector is
deprecated, this commit changes the Spring
Security default to now use SpringReactiveOpaqueTokenIntrospector.

Issue gh-15988

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-05-27 14:25:31 -06:00
Maximilian Klose
ec05e65668 Add Equals and HashCode methods for better comparison. 
Closes gh-16394

Signed-off-by: Maximilian Klose <maximilian.klose@adesso.de>
 2025-05-27 13:53:07 -06:00