0c6b73d123
WebAuthn Publishes Authentication Events
...
Closes gh-18113
Signed-off-by: suuuuuuminnnnnn <sumin45402214@gmail.com >
2026-04-07 16:21:15 -06:00
f66fb0814b
Fix merge
2026-04-07 16:12:34 -04:00
3008848158
Merge branch '7.0.x'
2026-04-07 15:47:01 -04:00
41524880c6
Fix auth_time claim should represent authentication time
...
Closes gh-18282
2026-04-07 15:44:57 -04:00
1e979d6f52
Merge branch '7.0.x'
2026-04-07 10:31:14 -06:00
2361dc131e
Merge branch '6.5.x' into 7.0.x
2026-04-07 10:31:01 -06:00
44d32815b1
Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-07 10:29:49 -06:00
87c3335e01
Bump org.hibernate.orm:hibernate-core from 6.6.45.Final to 6.6.47.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.45.Final to 6.6.47.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.47/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.45...6.6.47 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.47.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-07 10:07:57 -06:00
76e9d91f24
Bump @springio/antora-extensions from 1.14.9 to 1.14.10 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.9 to 1.14.10.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.9...v1.14.10 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-07 10:06:09 -06:00
145579896f
Bump lodash from 4.17.23 to 4.18.1 in /javascript
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1 )
---
updated-dependencies:
- dependency-name: lodash
dependency-version: 4.18.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-02 20:05:04 +00:00
073fc9874b
Revert snapshots to Spring Framework 7.0.+
...
Closes gh-19024
2026-04-02 15:52:23 -04:00
ce247bdd16
Merge Add XML Based shouldWriteHeadersEagerly tests
...
Add XML Based shouldWriteHeadersEagerly tests
2026-04-02 12:51:07 -04:00
ad5a9fd0ba
Merge Add XML Based shouldWriteHeadersEagerly tests
2026-04-02 11:39:15 -05:00
4ce3fade21
Add @Nullable to DefaultOidcUser.equals()
...
Issue gh-18622
2026-04-02 11:02:22 -04:00
9527a4b281
Merge branch '7.0.x'
2026-04-02 10:58:06 -04:00
77fe9e892a
Merge branch '6.5.x' into 7.0.x
...
Closes gh-19022
2026-04-02 10:52:15 -04:00
eefbb4da64
Fix DefaultOidcUser.equals()
...
Closes gh-18622
2026-04-02 10:41:32 -04:00
2ada3f00fa
Polish gh-18888
2026-04-02 06:29:02 -04:00
8f2a5a7b6e
Add PrincipalResolver to ExchangeFilterFunctions
...
Closes gh-16284
Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com >
2026-04-02 06:28:42 -04:00
aa35db5aad
Fix merge conflict
2026-04-02 05:45:17 -04:00
8f65f88dc0
Merge Add XML Based shouldWriteHeadersEagerly tests
...
Add XML Based shouldWriteHeadersEagerly tests
2026-04-01 12:58:09 -04:00
a2793f31b4
Merge Add XML Based shouldWriteHeadersEagerly tests
...
Add XML Based shouldWriteHeadersEagerly tests
2026-04-01 12:53:29 -04:00
64d8e6cc9b
Merge Add XML Based shouldWriteHeadersEagerly tests
2026-04-01 11:41:58 -05:00
679a47a51d
Add XML Based shouldWriteHeadersEagerly tests
2026-04-01 11:37:39 -05:00
5b8d81828a
Add serialVersionUID
...
This commit gives a serialVersionUID to the private adapter class for the Jwt
authentication principal. It also adds a SuppressWarnings annotation so that
it doesn't get picked up by config's serialization tests. This is needed since
the test cannot construct a serialization sample for a private class
Issue gh-6237
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 16:19:41 -06:00
16b5df40de
Exclude Anonymous Classes in Serializable Scan
...
Issue gh-17729
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 16:17:12 -06:00
8472599067
Add Missing 7.1 Serialization Artifacts
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 16:16:27 -06:00
cb129d6b2d
Merge branch '7.0.x'
2026-03-31 15:56:49 -06:00
d4678c8e04
Add Missing Serialization Support
...
Closes gh-19013
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 15:55:09 -06:00
43b132bec6
Merge branch '6.5.x' into 7.0.x
2026-03-31 15:27:58 -06:00
08fca57d12
Add Missing Serialization Support
...
Closed gh-19012
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 13:58:35 -06:00
acabacb971
Update Test to find SuppressWarnings
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-31 13:47:52 -06:00
1a130fca3c
Improve serialVersionUID check in tests
...
Signed-off-by: johnycho <shunnn215@gmail.com >
2026-03-31 13:47:50 -06:00
5fe29f9cd0
Add AllRequiredFactorsAuthorizationManager.anyOf
2026-03-31 15:17:08 -04:00
ff820a868e
Polish AllRequiredFactorsAuthorizationManager.anyOf
...
- Add validation
- Extract to static inner class
- Uniqueness determined by Set rather than requiredFactor
This is important for the failure with the same RequiredFactor, but a
different reason
- Add documentation
Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com >
2026-03-31 14:03:29 -05:00
6b09352a93
Add AllRequiredFactorsAuthorizationManager.anyOf
...
Closes gh-18960
Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com >
2026-03-31 13:25:02 -05:00
067f79dde5
Merge branch 'fix-17729' into 7.0.x
2026-03-30 17:19:31 -06:00
45758a5cec
Merge branch '6.5.x' into 7.0.x
2026-03-30 17:14:28 -06:00
52d98ab7af
Add Needed SuppressWarnings Annotations
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-30 17:14:17 -06:00
0b680be97b
Update Test to find SuppressWarnings
...
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com >
2026-03-30 17:14:03 -06:00
7c28b15471
Improve serialVersionUID check in tests
...
Signed-off-by: johnycho <shunnn215@gmail.com >
2026-03-30 14:26:12 -06:00
12997b6ab6
Polish oauth2-client tests with missing Content-Type header
2026-03-30 13:40:32 -04:00
abf3c866fb
Merge pull request #19005 from rwinch/7.0.x-CredentialRecordOwnerAuthorizationManager
...
Merge Add CredentialRecordOwnerAuthorizationManager
2026-03-29 23:46:35 -04:00
5a4ada04ac
Merge pull request #19004 from rwinch/CredentialRecordOwnerAuthorizationManager
...
Add CredentialRecordOwnerAuthorizationManager
2026-03-29 23:46:03 -04:00
8c4cfe83f8
Merge pull request #19006 from rwinch/main-CredentialRecordOwnerAuthorizationManager
...
Merge Add CredentialRecordOwnerAuthorizationManager
2026-03-29 23:45:21 -04:00
9d047b6edc
Merge CredentialRecordOwnerAuthorizationManager
2026-03-29 22:24:52 -05:00
c08329c0c5
Merge CredentialRecordOwnerAuthorizationManager
2026-03-29 22:24:21 -05:00
875b076c39
Bump tools.jackson:jackson-bom from 3.1.0 to 3.1.1
...
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 3.1.0 to 3.1.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.1.0...jackson-bom-3.1.1 )
---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
dependency-version: 3.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-30 03:19:13 +00:00
c2441e5a58
Bump com.nimbusds:oauth2-oidc-sdk from 11.35 to 11.37
...
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions ) from 11.35 to 11.37.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt )
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.37..11.35 )
---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
dependency-version: '11.37'
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-30 03:18:42 +00:00
a856baa6a8
Add CredentialRecordOwnerAuthorizationManager
...
Add CredentialRecordOwnerAuthorizationManager that verifies the
credential being deleted is owned by the currently authenticated user.
Also add an AuthorizationManager<Bytes> to WebAuthnRegistrationFilter
for the delete credential operation, defaulting to deny all, and wire it
up in WebAuthnConfigurer.
Per the WebAuthn specification [1], credential ids contain at least 16
bytes with at least 100 bits of entropy, making them practically
unguessable. The specification also advises that credential ids should
be kept private, as exposing them can leak personally identifying
information [2]. The CredentialRecordOwnerAuthorizationManager serves as
defense in depth: even if a credential id were somehow exposed, an
unauthorized user could not delete another user's credential.
[1] https://www.w3.org/TR/webauthn-3/#credential-id
[2] https://www.w3.org/TR/webauthn-3/#sctn-credential-id-privacy-leak
2026-03-29 21:54:27 -05:00
Josh Cummings