Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,161 Commits 54 Branches 379 Tags
0b680be97b4e48474dafdf917fdb13da501c558d
Commit Graph

1367 Commits

Author SHA1 Message Date
Josh Cummings 95b2cdf7f4 Clarify JavaDoc 
Removed note about DelegatingJwtGrantedAuthoritiesConverter from
ExpressionJwtGrantedAuthoritiesConverter and further explained in
DelegatingJwtGrantedAuthoritiesConverter where it comes in handy.

Issue gh-18300

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 11:48:56 -06:00
Joe Grandja 6e683f2286 Fix ID Token auth_time validation 
Closes gh-18839
 2026-03-25 11:33:55 -04:00
namest504 6501e97ece Fix sensitive case in JwtTypeValidator 
Closes gh-18092

Signed-off-by: namest504 <namest504@gmail.com>
 2025-10-28 12:08:29 -06:00
Rob Winch ab634d1099 Merge branch '6.4.x' into 6.5.x 2025-09-10 11:58:55 -05:00
Rob Winch a79a2b031a Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests 
This prevents timeouts on GitHub Windows runners due to overtaxed
systems.

Closes gh-17869
 2025-09-10 11:56:07 -05:00
Rob Winch 2fdca16c1a Merge branch '6.4.x' into 6.5.x 
Closes gh-17634
 2025-07-29 09:47:52 -05:00
Rob Winch 392129b616 Use 2004-present Copyright Header 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Joe Grandja 5f7155bfc7 Implement internal cache in JtiClaimValidator 
Closes gh-17107
 2025-05-14 05:21:00 -04:00
Joe Grandja a265ac6ae7 Polish gh-17080 2025-05-13 14:35:23 -04:00
David Kowis 2090f44f74 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:35:23 -04:00
Joe Grandja e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
hammadirshad 1a4602c8c3 Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter 
Closes gh-16806

Signed-off-by: muha <muha@kreftregisteret.no>
 2025-04-30 10:09:41 -04:00
Josh Cummings 804d79d96a Merge branch '6.4.x' 2025-04-29 14:27:47 -06:00
Josh Cummings a4126aa27d Merge branch '6.3.x' into 6.4.x 2025-04-29 14:27:40 -06:00
Josh Cummings f631a0fcd5 Polish ClientRegistrationsTests 
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
 2025-04-29 14:27:04 -06:00
Josh Cummings fe6ddd0c8f Merge branch '6.4.x' 2025-04-29 14:26:44 -06:00
Josh Cummings 656ad72608 Merge branch '6.3.x' into 6.4.x 
Closes gh-17016
 2025-04-29 14:22:52 -06:00
Evgeniy Cheban 0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message 
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-04-29 13:43:20 -06:00
Josh Cummings eecd7d9559 Update Deprecated Reactor Usage 2025-04-23 12:11:08 -06:00
Josh Cummings 834370d8eb Update Deprecated Spring Web Usage 2025-04-23 11:29:19 -06:00
Joe Grandja 19090e7873 Add request_uri in OAuth2ParameterNames 
Closes gh-16947
 2025-04-16 10:23:10 -04:00
Joe Grandja 791feee355 Prevent downgraded usage of DPoP-bound access tokens 
Issue gh-16574

Closes gh-16937
 2025-04-14 15:54:41 -04:00
Joe Grandja 1ca33cae70 Make DPoP IatClaimValidator public to allow configuring clock and clockSkew 
Issue gh-16574

Closes gh-16921
 2025-04-10 16:04:37 -04:00
Risto Virtanen 47e1fc045f Formatted 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen 1db557e395 Replace ClientRegistrationMixinTests with StdConvertersTest 
Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Risto Virtanen 368fe2e7a0 Add missing ClientAuthenticationMethods to jackson2 converter 
Closes gh-16825

Signed-off-by: Risto Virtanen <818702+mapsu@users.noreply.github.com>
 2025-04-09 17:09:54 -06:00
Steve Riesenberg 9d442c13de Mark password grant for removal 
This commit also updates link to the document "Best Current Practice for
OAuth 2.0 Security" to point to RFC 9700.

Closes gh-16913
 2025-04-09 11:15:09 -05:00
Steve Riesenberg 197ee38aa0 Mark deprecated response clients for removal 
Issue gh-16913
 2025-04-09 11:15:06 -05:00
Tran Ngoc Nhan d864e51ff6 Format OpaqueTokenIntrospector 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Tran Ngoc Nhan d899bc5240 Polish javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-04-08 13:56:54 -05:00
Steve Riesenberg 1fb3fc80f9 Polish gh-15819 
Closes gh-15818
 2025-04-07 10:57:49 -05:00
Jonah Klöckner 9674532f4d Add support for access token in body parameter as per rfc 6750 Sec. 2.2 
Issue gh-15818
 2025-04-07 10:57:49 -05:00
Steve Riesenberg 03e090c2d7 Merge branch '6.4.x' 
Closes gh-16902
 2025-04-07 10:57:12 -05:00
Steve Riesenberg db34de59bc Merge branch '6.3.x' into 6.4.x 
Closes gh-16901
 2025-04-07 10:55:51 -05:00
Steve Riesenberg 3c0fef59b5 Polish gh-16039 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner da94fbe431 Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
Josh Cummings 2885b0f75f Add valueOf 
This commit adds a static factory for returning a constant
ClientAuthenticationMethod or creating a new one when there
is no match.

Issue gh-16825
 2025-04-02 11:16:30 -06:00
Tran Ngoc Nhan 7bca17cb5a Polish 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-26 17:02:06 -06:00
Josh Cummings 99345537d6 Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 
Issue gh-16417
 2025-03-26 16:38:39 -06:00
Steve Riesenberg 860f130bc4 Add additional validation when refreshing ID tokens 
Issue gh-16589
 2025-03-26 15:34:17 -05:00
Steve Riesenberg 5f98ce5ecc Polish gh-16589 2025-03-26 15:34:17 -05:00
Josh Cummings de07b1108f Use PathPatternRequestMatcher in Web Components 
This commit changes filters and resolvers that were using AntPathRequestMatcher as their
default to using PathPatternRequestMatcher.

Issue gh-16632
 2025-03-26 13:28:58 -06:00
Josh Cummings 56e757a2a1 Provide Authentication to AuthenticationExceptions 
Issue gh-16444
 2025-03-21 21:54:32 -06:00
Steve Riesenberg 3ebcbd4375 Merge branch '6.4.x' 
Closes gh-16788
Closes gh-16789
Closes gh-16790
Closes gh-16791
Closes gh-16792
 2025-03-20 14:47:07 -05:00
Steve Riesenberg 96cfbd1e6c Merge branch '6.3.x' into 6.4.x 
Closes gh-16782
Closes gh-16783
Closes gh-16784
Closes gh-16785
Closes gh-16786
 2025-03-20 14:46:18 -05:00
Tran Ngoc Nhan a53ca7c3d0 Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc 
Closes gh-16555

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-03-20 14:38:09 -05:00
Josh Cummings cfe70a5fc7 Restore authorizedClientParametersMapper Assertion 
Issue gh-16726
 2025-03-19 18:13:54 -06:00
Max Batischev 6c24a1e717 Improve JdbcOAuth2AuthorizedClientService saveAuthorizedClient 
Closes gh-16726

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-03-19 18:13:54 -06:00
Steve Riesenberg 5bb5d0f6be Polish gh-16589 2025-03-18 18:07:56 -05:00
Hao fc1469ad5e Ensure ID Token is updated after refresh token 
Signed-off-by: Hao <kyrieeeee2@gmail.com>
 2025-03-18 18:07:56 -05:00