Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,652 Commits 54 Branches 379 Tags
2eb5da376425829c52ce5de083fcbe343eb257a8
Commit Graph

19652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch 2eb5da3764 Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE 
The member is public, so we need to deprecate it rather than remove it.

Issue gh-18035

Closes gh-18058
 2025-10-16 14:03:19 -05:00
Tran Ngoc Nhan f5d33457dc Fix-typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-10-16 14:03:19 -05:00
parthokr 938a5a7c77 Fix typo in AuthenticationProvider Javadoc 
Signed-off-by: parthokr <partho.kr@proton.me>
 2025-10-16 13:54:00 -05:00
dependabot[bot] f03213383e Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-16 12:54:46 -05:00
Rob Winch fc2b1f9923 Merge branch '6.5.x' 2025-10-16 12:53:33 -05:00
Rob Winch dee33b5337 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:52:50 -05:00
Rob Winch 9f936015ff Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 2025-10-16 12:52:46 -05:00
Rob Winch 79dfbe14c2 Merge branch '6.4.x' into 6.5.x 2025-10-16 12:52:34 -05:00
Rob Winch b75f2582c4 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:51:41 -05:00
Joe Grandja 67c3ceb611 Fix NullAway error 
Related https://github.com/spring-projects/spring-framework/pull/35629
 2025-10-15 14:53:06 -04:00
Josh Cummings 95644fb73c Merge branch 'builder-enhancements' 
Issue gh-18052
Issue gh-18053
 2025-10-15 12:02:41 -06:00
Josh Cummings 21ff7688cc Move Builder to Authentication 
Leaving the Builder in Authentication allows
authentication implementations to implement Builder
without needing to implement BuildableAuthentication.

Issue gh-18052
 2025-10-15 12:01:11 -06:00
Josh Cummings 4102007119 Add Builder#authentication 
This commit consolidates logic common to applying one
authenticaiton to another. Specifically, it will copy the
authorities in one authentication into the builder instance
of another.

Closes gh-18053
 2025-10-15 12:01:11 -06:00
Josh Cummings e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Joe Grandja fbf7bb3be1 Allow OAuth2AuthorizationRequest to be extended 
Closes gh-18049
 2025-10-14 16:34:59 -04:00
Ivan Golovko 979ac7c336 Remove cache from (Reactive)OidcIdTokenDecoderFactory 
Closes gh-16647

Signed-off-by: iigolovko <iigolovko@ginc-it.ru>
 2025-10-14 11:24:54 -04:00
dependabot[bot] 90a1c2c15d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:20:40 +00:00
dependabot[bot] 978459bd1d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:15:43 +00:00
Rob Winch 2af57c40ef Update to JUnit 6.0.0 
To do this, we also need Spring Framework 7.0.0-SNAPSHOTs

Closes gh-18040
 2025-10-13 11:16:56 -05:00
Rob Winch b864be92d8 Update to Reactor 2025.0.0-SNAPSHOT 
To prepare for the release we should update to Reactor
2025.0.0-SNAPSHOT to fix any issues that are present.

Closes gh-18041
 2025-10-13 11:16:27 -05:00
Rob Winch 4b6c9cca7e Enable SNAPSHOT builds 
To use Reactor SNAPSHOTs in gh-18041 we need to enable the
snapshot repositories.

Issue gh-18041
 2025-10-13 11:15:53 -05:00
dependabot[bot] 73690a928b Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:27:33 +00:00
dependabot[bot] 7cc9d2849e Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:16:24 +00:00
Rob Winch 78701f94ee Document RequiredFactor Valid Duration 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch 2b4e36c67f Add RequiredFactor.Builder.<factor-name>Authority() 
Closes gh-18033
 2025-10-10 16:24:47 -05:00
Rob Winch 702878acae Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch 488e55032e AllFactorsAuthorizationManager->AllRequiredFactorsAuthorizationManager 
This allows the authorization logic to be relaxed so that if RequiredFactor
only has an authority specified, then the GrantedAuthority can be of any
type.

Closes gh-18031
 2025-10-10 16:24:47 -05:00
Rob Winch d18431a78d Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Rob Winch e290c98e97 Document Multi-Factor Simple to Complex 
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
 2025-10-10 16:23:38 -05:00
Rob Winch 473baad6bd Add RequiredAuthoritiesRepository 
Closes gh-18028
 2025-10-10 15:42:17 -05:00
Joe Grandja 586081c125 Revert "Temporarily fix integration tests" 
This reverts commit 35f41f87d1.

Issue gh-17880
 2025-10-10 13:33:42 -04:00
Rob Winch 864a9b2fb3 Fix ProviderManager.copyDetails Changes Authentication Type 
Closes gh-18027
 2025-10-10 11:03:49 -05:00
Joe Grandja 1213dbe76f Fix checkstyle 2025-10-09 13:51:50 -04:00
Joe Grandja 3656e7ad8c Add tests to OAuth2AuthorizationServerJackson2ModuleTests 2025-10-09 13:23:38 -04:00
Joe Grandja 1cca9c5822 Enable PKCE by default in authorization server 
Closes gh-18020
 2025-10-09 09:51:17 -04:00
Joe Grandja 469ed09645 Allow setting Clock in OAuth2TokenGenerator implementations 
Closes gh-18017
 2025-10-07 16:34:43 -04:00
Joe Grandja 1d7f4c3b11 Polish javadoc for ClientSettings.requireAuthorizationConsent 
Issue gh-18016
 2025-10-07 11:29:10 -04:00
Joe Grandja baa3b287d6 Add Predicate for authorizationConsentRequired for device code grant 
Introduces customizable Predicate to determine if user consent is
required in device authorization flows. Previously, device consent
handling used fixed logic. Now applications can define custom logic
for skipping or displaying consent pages.

Adds OAuth2DeviceVerificationAuthenticationContext and updates
OAuth2DeviceVerificationAuthenticationProvider with
setAuthorizationConsentRequired method.

Fixes gh-18016

Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>
 2025-10-07 11:13:30 -04:00
dependabot[bot] d5c5bb234c Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:01:08 -05:00
Rob Winch 83da86a358 DefaultLoginPageGeneratingFilter uses List 
This fixes an ordering problem with query parameters of the tests.

Issue gh-18002
 2025-10-06 09:34:06 -05:00
dependabot[bot] 71e6d81910 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.7.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:29:57 -05:00
dependabot[bot] 16475d3453 Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:15:25 -05:00
Rob Winch 3f84e96711 Bump io.mockk:mockk from 1.14.5 to 1.14.6 2025-10-06 09:13:16 -05:00
Rob Winch 1c870f25e9 Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.4 to 0.0.5 2025-10-06 09:13:12 -05:00
Rob Winch 79e2d4b688 Merge branch '6.5.x' 2025-10-06 09:12:06 -05:00
Rob Winch 9f8ebdcf4d Merge branch '6.4.x' into 6.5.x 2025-10-06 09:11:56 -05:00
Rob Winch 8ce38af608 Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 2025-10-06 09:11:20 -05:00
Rob Winch 607b1dfffe Bump io.mockk:mockk from 1.14.5 to 1.14.6 2025-10-06 09:11:17 -05:00
Rob Winch 904f5157fa Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE 2025-10-06 09:11:15 -05:00
Rob Winch f57c9ffcbb Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 2025-10-06 09:10:34 -05:00