Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-26 00:07:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,834 Commits 46 Branches 370 Tags
Commit Graph

3076 Commits

Author SHA1 Message Date
Josh Cummings
42283a5c1d
Add Missing File 
Issue gh-17484
 2025-07-07 11:18:57 -06:00
Josh Cummings
5ae1b73bae
Fix Cyclic Bean Dependency 
Closes gh-17484
 2025-07-07 10:32:56 -06:00
Tran Ngoc Nhan
d8043dc8a7 Remove PrePostTemplateDefaults 
Closes gh-17296

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:47:27 -06:00
Tran Ngoc Nhan
21036c94b4 Remove Nimbus(Reactive)OpaqueTokenIntrospector 
Closes gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan
519ae241f4 Fix Mock for Spring(Reactive)OpaqueTokenIntrospector 
Issue gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan
9312fb7004 Remove Deprecated AuthorizationDecision Elements 
Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 14:32:49 -06:00
Josh Cummings
d3e9e3138d
Remove AntPath and MvcRequestMatcher 
Closes gh-16886
Closes gh-16887
 2025-07-03 13:37:50 -06:00
Josh Cummings
919ae1d636
Use PathPatternRequestMatcher in oauth2 
Issue gh-16887
 2025-07-03 13:37:49 -06:00
Josh Cummings
7da352129c
Use PathPatternRequestMatcher in saml2 
Issue gh-16887
 2025-07-03 13:37:48 -06:00
Josh Cummings
3e53cc2c4a
Use PathPatternRequestMatcher in config 
This commit changes the config module to use
PathPatternRequestMatcher in favor of
MvcRequestMatcher and AntPathRequestMatcher.

This allows removing several HandlerMappingIntrospector
support classes as well which were in place to
support MvcRequestMatcher.

Issue gh-16886
Issue gh-16887
 2025-07-03 13:37:47 -06:00
Josh Cummings
98686a5139
Standardize Mock Request Paths 
Closes gh-17449
 2025-07-03 13:37:47 -06:00
Josh Cummings
d5f986f733
Deprecate createMvcMatchers 
Issue gh-16631
 2025-07-03 13:37:46 -06:00
Tran Ngoc Nhan
4d524b1fe1 Remove RelyingPartyRegistration Deprecations 
Closes gh-17309

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 13:15:44 -06:00
Soumik Sarker
526f8a6200 Removed deprecated class BearerTokenAuthenticationToken 
Issue gh-17309

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-07-03 12:44:06 -06:00
Soumik Sarker
edb7a642c7 Removed deprecated class ObjectPostProcessor 
Issue gh-17309

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-07-03 12:44:06 -06:00
Joe Grandja
e869bcdfa3 Remove deprecated implementations of OAuth2AccessTokenResponseClient 
Closes gh-16909
 2025-07-03 14:23:23 -04:00
Joe Grandja
cfe38957d7 Remove Resource Owner Password Credentials grant 
Closes gh-17446
 2025-07-03 14:23:23 -04:00
Kevin Yue
7de4217469 Don't cache WebSocket request 
PR gh-16741

Signed-off-by: Kevin Yue <yuezk001@gmail.com>
 2025-06-27 15:47:05 -05:00
Rob Winch
00ead7f24d Update to Kotlin 2.2 2025-06-26 17:29:12 -05:00
Tran Ngoc Nhan
e686ac6b11 Remove AbstractSecurityWebSocketMessageBrokerConfigurer 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-24 12:56:05 -06:00
Tran Ngoc Nhan
a74ce06dae Remove JwtIssuer(Reactive)AuthenticationManagerResolver deprecations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-24 12:33:00 -06:00
Josh Cummings
08cbdb4640
Merge remote-tracking branch 'origin/6.5.x' 2025-06-20 14:43:25 -06:00
Josh Cummings
9f88ef83eb Polish Post-Processor Test 
Issue gh-17175

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-06-20 14:41:58 -06:00
Maciej Kowalski
46283b3452 Relax ObjectPostProcessor Type Constraints 
Closes gh-17175

Signed-off-by: Maciej Kowalski <f.kowal@gmail.com>
 2025-06-20 14:41:58 -06:00
Josh Cummings
a4c338f8a5
Format authorizeExchange Blocks 
This commit formats authorizeExchange blocks to
use a common variable name and ensure the
variable and reference are on the same line.

Issue gh-13067
 2025-06-20 10:46:52 -06:00
Josh Cummings
da6c7b8759
Format Lambda Usage 
This commit updates Lambda DSL usage to favor
having the variable and reference on the same line

Issue gh-13067
 2025-06-20 10:46:52 -06:00
Josh Cummings
777447e1d9
Format authorizeHttpRequests Blocks 
This commit formats authorizeHttpRequests blocks
to use the same parameter name and places the
reference on the same line as the parameter.

Issue gh-13067
 2025-06-20 10:46:51 -06:00
Josh Cummings
cf6b52d6f7
Format authorizeRequests Blocks 
This commit changes all auhorizeRequests
declarations to use the same variable name
and declare the lambda parameter and reference
on the same line.

Issue gh-13067
 2025-06-20 10:46:51 -06:00
Josh Cummings
5dd40a7f10
Remove ServerHttpSecurity and() DSL Methods 
This commit removes all and() DSL methods with
the exception of featurePolicy, which will be
removed as a whole at another time.

Closes gh-13067
 2025-06-20 10:46:43 -06:00
Josh Cummings
f789abc87f
Use ServerHttpSecurity Lambda DSL in JavaDoc 
Issue gh-13067
 2025-06-20 10:41:32 -06:00
Josh Cummings
461f00ed38
Use ServerHttpSecurity Lambda DSL in Config 
Issue gh-13067
 2025-06-20 10:41:31 -06:00
Josh Cummings
9fcfacf283
Use ServerHttpSecurity Lambda DSL in Tests 
Issue gh-13067
 2025-06-20 10:41:31 -06:00
Josh Cummings
1a7b1fcc7c
Remove HttpSecurity and() DSL Methods 
This commit removes all and() methods that have been
deprecated in the HttpSecurity DSL with the exception
of featurePolicy, which will be removed when that
feature is removed. Note that since featurePolicy
does not have a lambda equivalent, the and support
needs to remain for the moment.

Issue gh-13067
 2025-06-20 10:41:31 -06:00
Josh Cummings
45a1447e9b
Use HttpSecurity Lambda DSL in JavaDoc 
Issue gh-13067
 2025-06-20 10:41:30 -06:00
Josh Cummings
1435e0f3d3
Use HttpSecurity Lambda DSL in Config Tests 
Issue gh-13067
 2025-06-20 10:41:30 -06:00
Josh Cummings
6ddb964c61
Remove ApacheDS Support 
Closes gh-13852
 2025-06-19 11:55:34 -06:00
Josh Cummings
42e24aa53c Fix Formatting 2025-06-17 16:55:22 -06:00
evga7
06ed6ef342 Simplify Csrf Processor Decision Logic 
Replaces repeated if-else string comparisons with a Set.contains() check
for known WebSocket handshake handler class names in MessageSecurityPostProcessor.

Improves readability and maintainability without changing behavior.

Signed-off-by: Wonpyo Hong <evga7@naver.com>
 2025-06-17 16:55:22 -06:00
Tran Ngoc Nhan
c2c84c4243 Update HttpSecurity javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-17 13:31:24 -05:00
Evgeniy Cheban
b0cecb37d2 Replace deprecated #check calls with #authorize 
Closes gh-16936

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-06-12 11:11:49 -06:00
Rob Winch
7bf2730a53 Add x509@principal-extractor-ref 
Enables customizing the X500PrincipalExtractor
 2025-06-12 12:09:20 -05:00
Rob Winch
88ed4a5ccf Use principalExtractor reference instead of properties 2025-06-12 12:09:20 -05:00
Max Batischev
aba437d469 Add Support SubjectX500PrincipalExtractor 
Closes gh-16980

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-12 12:09:20 -05:00
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Christian Schuster
36c7b91fb9 SAML 2.0 Single Logout Uses Saml2AuthenticationInfo 
This allows SLO to be triggered without the authentication
principal needing to implement a given interface.

Issue gh-10820
 2025-06-10 17:21:03 -06:00
Josh Cummings
aa3135169d Polish Documentation 
Closes gh-14635
 2025-06-09 16:49:36 -06:00
Liviu Gheorghe
3ddf201d66 Updated Copyrights 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
edfd7b9b43 Addressed review comments 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
1livv
358f6c96b5 Update config tests 
Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>
 2025-06-09 16:45:24 -06:00
Joe Grandja
2e913d2af9 Merge branch '6.5.x' 2025-06-05 16:22:35 -04:00