Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,161 Commits 54 Branches 379 Tags
0eba9de7d49497ebf63a18f40e89dbd199073a04
Commit Graph

20161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Grandja 0eba9de7d4 Merge branch '7.0.x' 2026-02-05 04:55:34 -05:00
Joe Grandja d3c42a7a4f Polish OAuth2ConfigurerUtils 2026-02-05 04:52:02 -05:00
Joe Grandja e61c03f7c3 Fix to allow multiple PasswordEncoder beans 
Closes gh-18645
 2026-02-05 04:51:51 -05:00
Josh Cummings 70fc8fef3a Add Sample SAML Response in Test 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-03 08:54:14 -07:00
gimgisu 46027974dd @gisu1102 
Apply code formatting to OAuth2AuthorizationServerBeanRegistrationAotProcessor

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu 338786bab9 @gisu1102 
Align AOT hints with MemberCategory deprecation replacements

- Replace DECLARED_FIELDS with ACCESS_DECLARED_FIELDS in runtime hints

- Preserve 1:1 intent for Collections via registerType only

- Keep INVOKE_* only where it existed before

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu d7ecb8fdcf @gisu1102 
Restore Jackson 2 module runtime hints for passivity

- Keep Jackson 2 module registrations when jackson2 is present

- Extract Jackson 2 hint registration into a dedicated method

- Suppress removal warnings only for the Jackson 2 registration

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
gimgisu a9f9eba6ca @gisu1102 
Remove compiler warnings in spring-security-oauth2-authorization-server

- Remove ACCESS_DECLARED_FIELDS from AOT/runtime hints
- Add @SuppressWarnings("removal") for Jackson2 deprecated adapters

Closes spring-projectsgh-18432

Signed-off-by: gimgisu <gisu1102@gmail.com>
 2026-02-02 19:27:44 -06:00
Josh Cummings 1a6f344196 Add security-nullability 
Closes gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:17 -07:00
Josh Cummings e771ec04b7 Add @Nullable Annotations to saml2-service-provider 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:14 -07:00
Josh Cummings f3656b4991 Ensure saml_request in Tests 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-02 17:44:10 -07:00
Joe Grandja 8f22fd4407 Merge branch '7.0.x' 2026-02-02 16:38:29 -05:00
Elayne Bloom 2c97b3376b Document Client PKCE settings 
Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client.

Closes gh-18304

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-02 16:30:27 -05:00
Tran Ngoc Nhan 20493ef45f Add javadoc-warnings-error 
Closes gh-18461

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 12:06:12 -06:00
Vyacheslav e029b3ac6f Update authorize-http-requests.adoc 
Comma added for java configuration 

Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>
 2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan 55ab498518 Add javadoc-warnings-error 
Closes gh-18469

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:53 -06:00
Tran Ngoc Nhan b0983e2f5e Add javadoc-warnings-error 
Closes gh-18466

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:45:12 -06:00
dohyunk58 992d8ca79b fail build on javadoc warnings for spring-security-test 
Signed-off-by: dohyunk58 <hedge3x@gmail.com>
 2026-02-02 11:44:39 -06:00
Tran Ngoc Nhan 4c012c59c9 Add javadoc-warnings-error 
Closes gh-18464

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:44:31 -06:00
Tran Ngoc Nhan 2ee247f82e Add javadoc-warnings-error 
Closes gh-18464

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:43:35 -06:00
Joe Grandja 0496c02c30 Polish gh-18542 2026-02-02 12:43:19 -05:00
Tran Ngoc Nhan 93d8283e36 Add javadoc-warnings-error 
Closes gh-18462

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:42:14 -06:00
pocj8ur4in 991b7d4dc2 Rollback setDefaultRolePrefix() call 
- preserve setDefaultRolePrefix() in getRootObject()

Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>
 2026-02-02 11:41:18 -06:00
pocj8ur4in 64e863e7df Remove compiler warnings in spring-security-data 
- Add
  compile-warnings-error plugin to data module
- Remove
  deprecated setDefaultRolePrefix() call in getRootObject()
- Add
  @SuppressWarnings deprecation for tests using deprecated methods
- Add
  tests using AuthorizationManagerFactory

Closes
  spring-projectsgh-18422

Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>
 2026-02-02 11:41:18 -06:00
Daniel Garnier-Moiroux 4957c5a7e9 Add BearerTokenAuthenticationEntryPoint#setResourceMetadataParameterResolver 
Closes gh-18542

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-02-02 12:40:03 -05:00
Tran Ngoc Nhan 5b7c4ae8d8 Add javadoc-warnings-error 
Closes gh-18459

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:39:38 -06:00
Tran Ngoc Nhan 8bafd94b1f Add compile-warnings-error 
Closes gh-18424

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:37:39 -06:00
Park JuHyeong d244bcf76e Suppress AspectJ compiler warnings in spring-security-aspects 
- Added -Xlint:ignore to compileAspectj task
- Added -Xlint:ignore to compileTestAspectj task

Fixes the following AspectJ warnings:
- AnnotationSecurityAspect.aj:72 [warning] advice defined
- AbstractMethodInterceptorAspect.aj:36 [warning] advice defined

These warnings occur because the AspectJ compiler detects that
advice in deprecated aspect classes may not match any join points,
which is expected behavior for deprecated code maintained for
backward compatibility.

Contributes to gh-18405

Signed-off-by: Park JuHyeong <wngud5957@naver.com>
 2026-02-02 11:30:51 -06:00
jieun de23ade14b Remove compiler warnings for spring-security-cas:check 
Signed-off-by: jieun <jkdev1324@gmail.com>
 2026-02-02 11:27:42 -06:00
Robert Winch afa3e2311c Merge branch '7.0.x' 2026-02-02 11:13:10 -06:00
Robert Winch 9273f411c1 Merge branch '6.5.x' into 7.0.x 2026-02-02 11:12:53 -06:00
Robert Winch d6e3ec78cd Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 2026-02-02 11:12:18 -06:00
Joe Grandja 2a2f13fbd3 Polish Nullability for oauth2-core 
Issue gh-17820
 2026-02-02 09:00:46 -06:00
Joe Grandja db5310bee8 Enable null-safety in spring-security-oauth2-core 
Closes gh-17820
 2026-02-02 09:00:40 -06:00
Joe Grandja dfed528851 Remove checkstyle suppressions for spring-security-oauth2-core 
Issue gh-17820
 2026-02-02 09:00:40 -06:00
dependabot[bot] 48c1023fd6 Bump org.hibernate.orm:hibernate-core from 6.6.41.Final to 6.6.42.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.41.Final to 6.6.42.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.42/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.41...6.6.42)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.42.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-02 03:11:29 +00:00
dependabot[bot] 04dbdc8588 Bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.26 to 1.5.27.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.26...v_1.5.27)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-02 03:11:13 +00:00
Robert Winch 6a6c7a7a78 Add missing @Nullable to setters of Nullable Fields 
There are setters and builder methods that initialize members that are
`@Nullable` but do not accept `@Nullable` parameters.

For example:

```
private @Nullable Object foo;

public void setFoo(Object foo) {
    this.foo = foo;
}
```

It is an unnecessary restriction that the parameter is unable to be null
since the field can be null.

This commit fixes these inconsistencies.

Closes gh-18618
 2026-01-29 13:58:42 -06:00
Robert Winch b591a0a757 TestingAuthenticationToken.credentials should be @Nullable 
Closes gh-18615
 2026-01-29 10:17:22 -06:00
Josh Cummings c5632ccd83 Add security-nullability to ldap 
Closes gh-17818

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-01-28 15:30:54 -07:00
Robert Winch a8b5c8fe02 Bump io.mockk:mockk from 1.14.7 to 1.14.9 2026-01-27 11:17:24 -06:00
Robert Winch 054ff7421b Merge branch '7.0.x' 2026-01-27 11:17:10 -06:00
Robert Winch 6ca04d9b77 Merge branch '6.5.x' into 7.0.x 2026-01-27 11:16:43 -06:00
Robert Winch 3960bf950d Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 2026-01-27 10:00:00 -06:00
Robert Winch bc6ac7c8c6 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 2026-01-27 09:59:50 -06:00
Robert Winch 6e30cd5417 Merge branch '7.0.x' 2026-01-26 22:06:54 -06:00
Robert Winch 74b93a19f6 Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
dependabot[bot] c7d52242fb Bump io.mockk:mockk from 1.14.7 to 1.14.9 
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.7 to 1.14.9.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.14.7...1.14.9)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-version: 1.14.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-27 03:03:22 +00:00
dependabot[bot] 6f6dbd5728 Bump ch.qos.logback:logback-classic from 1.5.25 to 1.5.26 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.25 to 1.5.26.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.25...v_1.5.26)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:46 -06:00
dependabot[bot] 99eb7b1e5c Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.6 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.6...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 15:27:19 -06:00