Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-25 03:21:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,647 Commits 51 Branches 376 Tags
Commit Graph

20647 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Grandja
fe24bd3d0c Remove checkstyle suppressions for spring-security-oauth2-authorization-server 
Issue gh-18937
 2026-03-23 05:06:59 -04:00
dependabot[bot]
e6df831943 Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.21.1 to 2.21.2.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.21.1...jackson-bom-2.21.2)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-23 03:19:04 +00:00
Josh Cummings
f35b4aa518 Merge branch '7.0.x' 2026-03-20 21:28:22 -06:00
Josh Cummings
4542f58be7 Merge branch '6.5.x' into 7.0.x 2026-03-20 21:27:04 -06:00
Tran Ngoc Nhan
62f33d3fcf Add equals and hashCode to HttpMethodRequestMatcher 
Closes gh-18911

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-20 21:22:20 -06:00
Bae Jihong
e9f331c30c Add test code for setAuthorizationManagerFactory 
- add test for setAuthorizationManagerFactory that is a alternative to setTrustResolver and setDefaultRolePrefix

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
bc4cc434fe Refactor code to remove compiler warnings 
- replace setTrustResolver with setAuthorizationManagerFactory in MethodSecurityExpressionRootTests
- resolve raw type warning in ExpressionBasedMessageSecurityMetadataSourceFactoryTests

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
5a694869fa Add @SupressWarnings(deprecation) for existing functions 
- add @SupressWarnings(deprecation) because of deprecated part in logic

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
ee06badcb6 Add @SuppressWarnings(unchecked, rawtypes) on functions in deprecated class 
Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Bae Jihong
9b108df1dc Add @SuppressWarnings(deprecation) on tests 
- add on tests for deprecated class
- add on tests for specific deprecated function

Closes gh-18412

Signed-off-by: Bae Jihong <dasog@naver.com>
 2026-03-20 20:16:54 -06:00
Josh Cummings
d76fb7f2e6 Polish WebAttributes ApplicationContext Support 
Closes gh-8843

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 16:44:40 -06:00
wonderfulrosemari
846794d31b Prefer dispatcher context for authorize tag beans 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-20 16:44:40 -06:00
Josh Cummings
c000477c37 Polish Clarify @WithSecurityContext thread scope 2026-03-20 16:43:21 -06:00
wonderfulrosemari
2a013ffaa2 Clarify @WithSecurityContext thread scope 
Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-03-20 16:43:21 -06:00
Josh Cummings
ea05089443 Polish Formatting 
Closes gh-18381

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:38:27 -06:00
Giacomo Baso
7b282c3a17 Relax client_id validation in AtJwtBuilder 
RFC 9068 requires that access token JWTs include the `client_id`
claim, but it does not require resource servers to validate it against
a specific value.

Relates to gh-18381

Signed-off-by: Giacomo Baso <gbaso@users.noreply.github.com>
 2026-03-20 15:38:27 -06:00
Josh Cummings
78015d251c Merge branch '7.0.x' 2026-03-20 15:28:44 -06:00
Josh Cummings
956561e143 Merge branch '6.5.x' into 7.0.x 2026-03-20 15:28:36 -06:00
Rob Winch
9fed1ac8c3 New line per sentence 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2026-03-20 15:28:21 -06:00
Josh Cummings
9dbe3bdcc0 Polish Session Management Persistence Docs 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:28:21 -06:00
sankranti
d547ae0181 Fix defaults description in Session Management doc 
Corrected that starting from Spring Security 6
security context is not automatically saved by default.

Signed-off-by: sankranti <sankranty@gmail.com>
 2026-03-20 15:28:21 -06:00
Josh Cummings
e88cb81a7a Merge branch '7.0.x' 2026-03-20 15:22:56 -06:00
dependabot[bot]
b8b1278e1f Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 15:22:06 -06:00
dependabot[bot]
381047e386 Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 15:21:53 -06:00
Josh Cummings
fbbbd46bee Update asciidoctor-extensions to 1.0.0-alpha.18 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 21:21:22 +00:00
Josh Cummings
fe0d7de41b Update LDAP Nullability Checkstyle Rules 
Issue gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 15:21:02 -06:00
Josh Cummings
c2fd0f23fe Merge branch '7.0.x' 2026-03-20 15:00:15 -06:00
Josh Cummings
8abffbd0df Merge branch '6.5.x' into 7.0.x 2026-03-20 15:00:02 -06:00
dependabot[bot]
376b40a735 Bump io.spring.gradle:spring-security-release-plugin 
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:58:20 -06:00
dependabot[bot]
89fa1cbdd2 Bump spring-io/spring-security-release-tools/.github/workflows/build.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/build.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/build.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:57:09 -06:00
dependabot[bot]
0d75e6d10c Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.17 to 1.0.0-alpha.18.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.17...v1.0.0-alpha.18)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-version: 1.0.0-alpha.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:56:46 -06:00
dependabot[bot]
01758c4c59 Bump spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:56:10 -06:00
dependabot[bot]
f37833a59c Bump spring-io/spring-security-release-tools/.github/workflows/test.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/test.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:55:52 -06:00
dependabot[bot]
52e6c4c4be Bump spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:55:38 -06:00
dependabot[bot]
874dce4407 Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:54:26 -06:00
dependabot[bot]
f21e8af830 Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 14:54:11 -06:00
dependabot[bot]
4354e47b0a Bump gradle-wrapper from 9.4.0 to 9.4.1 
Bumps gradle-wrapper from 9.4.0 to 9.4.1.

---
updated-dependencies:
- dependency-name: gradle-wrapper
  dependency-version: 9.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 03:19:24 +00:00
dependabot[bot]
399ef5b663 Bump spring-io/spring-security-release-tools from 1.0.14 to 1.0.15 
Bumps [spring-io/spring-security-release-tools](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...b92832ecbc7cbe969201e6beafbde0ee400cf095)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:58:59 +00:00
dependabot[bot]
1f39525052 Bump @springio/antora-extensions from 1.14.7 to 1.14.9 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.7 to 1.14.9.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.7...v1.14.9)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:47:14 +00:00
dependabot[bot]
7a0a29b800 Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:46:34 +00:00
dependabot[bot]
9dfbd681ab Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/perform-release.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.14...b92832ecbc7cbe969201e6beafbde0ee400cf095)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:45:50 +00:00
dependabot[bot]
4e53ebb75b Bump spring-io/spring-security-release-tools/.github/workflows/test.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](729fed56d4...b92832ecbc)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/test.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:45:47 +00:00
dependabot[bot]
7eed4641da Bump flatted from 3.3.1 to 3.4.2 in /javascript 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.1 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-20 00:33:02 +00:00
Joe Grandja
09ce639c4b Enable null-safety in spring-security-oauth2-resource-server 
Closes gh-17822
 2026-03-19 06:21:08 -04:00
Joe Grandja
1cb9db4f2d Remove checkstyle suppressions for spring-security-oauth2-resource-server 
Issue gh-17822
 2026-03-19 04:46:34 -04:00
Gasper Kojek
14d469cec1 Exclude target directories from checkstyleNohttp source inputs 
The kerberos-client/target and kerberos-test/target directories contain
.keytab files generated during test execution. These directories only
exist after the first build, causing a cache miss for checkstyleNohttp
in subsequent builds since the source input set changes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Gasper Kojek <gkojek@gradle.com>
 2026-03-18 10:40:52 -04:00
Gasper Kojek
49bea1dd15 Exclude build output directories from nohttp source set 
The checkstyleNohttp task scans the entire project tree for non-HTTPS
URLs. Without excluding **/build/**, subproject build output directories
generated during the first build become additional source inputs for
subsequent builds, changing the cache key and causing cache misses.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Gasper Kojek <gkojek@gradle.com>
 2026-03-18 10:40:52 -04:00
Joe Grandja
baad23caab Enable null-safety in spring-security-oauth2-client 
Closes gh-17819
 2026-03-18 05:04:30 -04:00
Joe Grandja
bb062585a8 Remove checkstyle suppressions for spring-security-oauth2-client 
Issue gh-17819
 2026-03-18 04:04:12 -04:00
Robert Winch
ea2f2302da
Add MultiFactorCondition.WEBAUTHN_REGISTERED 
Closes gh-18923
 2026-03-17 17:20:58 -05:00