Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,732 Commits 54 Branches 379 Tags
46b6744b427a12914c5d65acb91cf0c22ca7e5fb
Commit Graph

19732 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot] 46b6744b42 Bump org.jetbrains.kotlin:kotlin-bom from 2.2.20 to 2.2.21 
Bumps [org.jetbrains.kotlin:kotlin-bom](https://github.com/JetBrains/kotlin) from 2.2.20 to 2.2.21.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v2.2.21/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.20...v2.2.21)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
  dependency-version: 2.2.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-24 03:09:22 +00:00
dependabot[bot] 9f7e92d6f2 Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.0 to 3.0.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.0...jackson-bom-3.0.1)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-23 09:33:13 -05:00
Josh Cummings 727f0e27d6 Merge branch '6.5.x' 2025-10-20 17:42:52 -06:00
Josh Cummings f548aaf5c5 Merge branch '6.4.x' into 6.5.x 2025-10-20 17:42:25 -06:00
Josh Cummings 743817fc15 Add AuthorizationProxyMixin 
This commit adds Jackson configuration specific to
authorization proxies created by Spring Security

Closes gh-18077
 2025-10-20 17:16:21 -06:00
Josh Cummings fb701e4615 Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 17:10:05 -06:00
Josh Cummings 1c112005fa Don't Attempt to Generate Token Without Valid Token Request 
Closes gh-18088

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 17:09:43 -06:00
Marcus Hert da Coregio e0a71eb00e Fix GenerateOneTimeTokenRequestResolver ignored if username param not present 
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-10-20 17:09:43 -06:00
Josh Cummings 69d28dc35b Merge branch '6.5.x' 2025-10-20 17:07:34 -06:00
Josh Cummings 42ddaba870 Next Development Version 2025-10-20 17:07:18 -06:00
Josh Cummings da46ba2619 Update Password Samples for Nullability 
Issue gh-16226
 2025-10-20 17:04:22 -06:00
Josh Cummings a406f5fe2d Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 16:46:49 -06:00
Himanshu Pareek dcb4e47cd5 Add Include-Code to the Password Storage page 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Rob Winch 82f87cf2b6 Next Development Version 2025-10-20 16:55:17 -05:00
Josh Cummings 0a2f55d485 Clarify Nullability in Granted Authority Lambda 
Issue gh-17999
 2025-10-20 15:22:24 -06:00
Andrey Litvitski 9b61533db2 Mark GrantedAuthority#getAuthority as @Nullable 
Closes: gh-17999

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-10-20 15:22:24 -06:00
Josh Cummings eb43830260 Polish JavaDoc 
1. Removed comment about not changing field name in a
serialized object as this is true for all fields in a
Java-serialize POJO
2. Added example value for the constructor that demonstrates
the relationship between a role and an authority

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2025-10-20 15:18:11 -06:00
Yanming Zhou b55c28cf25 Polish SimpleGrantedAuthority 
1. Add Javadoc to state that role is prefixed.
2. Rename constructor argument from `role` to `authority` for better readability.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-10-20 15:18:11 -06:00
Simon Von 0927bed66a 📔 Documentation 
1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description

Signed-off-by: Simon Von <g1672943850@gmail.com>
 2025-10-20 15:17:32 -06:00
Josh Cummings 9ed446e6f5 Next Development Version 2025-10-20 15:15:57 -06:00
github-actions[bot] d5e6da5aba Release 7.0.0-RC1 7.0.0-RC1 2025-10-20 17:32:34 +00:00
Rob Winch 4d2bd30c75 Update to Reactor 2025.0.0-RC1 
Closes gh-18087
 2025-10-20 12:31:09 -05:00
Rob Winch 5acad99852 Revert "Release 7.0.0-RC1" 
This reverts commit e616688f56.
 2025-10-20 12:29:58 -05:00
github-actions[bot] e616688f56 Release 7.0.0-RC1 2025-10-20 17:26:08 +00:00
github-actions[bot] 56a23d9ddc Release 6.5.6 6.5.6 2025-10-20 17:17:40 +00:00
github-actions[bot] dc5aed9b5f Release 6.4.12 6.4.12 2025-10-20 17:17:37 +00:00
Josh Cummings 9c7b34a48b Favor Relative Redirects by Default 
Closes gh-16300
 2025-10-20 10:25:17 -06:00
Josh Cummings d5d7fd414d Update What's New 2025-10-20 10:25:17 -06:00
Rob Winch 491a3e8f68 Update to Spring LDAP 4.0.0-RC1 
Closes gh-18086
 2025-10-20 09:35:15 -05:00
Rob Winch 43d20ea91f Update to Spring Data 2025.1.0-RC1 
Closes gh-18085
 2025-10-20 09:35:14 -05:00
Rob Winch 24241d0384 Update to Spring Framework 7.0.0-RC1 
Closes gh-18084
 2025-10-20 09:35:14 -05:00
dependabot[bot] cb8c2b090c Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:17:01 -05:00
Rob Winch e94de4d0e3 Merge branch '6.5.x' 2025-10-20 09:16:23 -05:00
Rob Winch cb994aad6c Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:15:32 -05:00
Rob Winch 6f6ee0c060 Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11 2025-10-20 09:15:30 -05:00
Rob Winch 9cecc2cf09 Merge branch '6.4.x' into 6.5.x 2025-10-20 09:15:18 -05:00
Rob Winch f19c9c8625 Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 2025-10-20 09:14:31 -05:00
Rob Winch 95abf61c88 Refine Jackson 3 format description 2025-10-20 09:11:22 -05:00
Joe Grandja 22cbb13f7d Add comments to SQL-scripts to ensure robust timezone handling 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2217
 2025-10-20 07:12:50 -04:00
Joe Grandja fc8b6b5863 Return PAR endpoint metadata only when enabled 
Issue https://github.com/spring-projects/spring-authorization-server/issues/2219
 2025-10-20 06:06:24 -04:00
dependabot[bot] 8b89e31e3d Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:26 +00:00
dependabot[bot] 67b15be917 Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:18:21 +00:00
dependabot[bot] 217a29e6ba Bump org.springframework.data:spring-data-bom 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:54 +00:00
dependabot[bot] b2d6380633 Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 03:12:45 +00:00
Rob Winch 9dc27bee03 Link to gh-18077 2025-10-19 17:03:19 -05:00
Rob Winch a181733365 Encapsulate GenericHttpMessageConverterAdapter 
This will allow its removal in gh-18073
 2025-10-19 17:03:19 -05:00
Rob Winch 51e8f8f1c6 Deprecate WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter) 
This makes sense given that Framework's new Jackson support is a
SmartHttpMessageConverter. Additionally,
GenericHttpMessageConverterAdapter is now package private to encapsulate
it.

Issue gh-18073
 2025-10-19 17:03:19 -05:00
Rob Winch d309f1887e Remove Extra Blank Line from CoreJacksonModule 2025-10-19 17:03:19 -05:00
Rob Winch 5e851e0b26 Remove JdbcOAuth2AuthorizationService.Mapper 
- We should not introduce an unnecessary public API
  - It would need to be removed when Jackson 2 support was removed, but
    was required to configure Jackson 3 support
  - There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
  unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
  need to be on different classes & we wish to preserve the existing
  accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
  add it in tests
 2025-10-19 17:03:19 -05:00
Rob Winch 803936cfbe JacksonDelegate uses SecurityJacksonModules 2025-10-19 17:03:19 -05:00