Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,704 Commits 54 Branches 379 Tags
46e27aa69304b06a528c3edb8fc57625bcab0297
Commit Graph

20704 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Kuhel 46e27aa693 Remove compiler warnings in spring-security-web 
- fix compiler warnings in ServerOneTimeTokenAuthenticationConverter
- Replace deprecated API calls to create a OneTimeTokenAuthenticationToken.unauthenticated with OneTimeTokenAuthenticationToken(String token) call
- Update HttpMessageConverterAuthenticationSuccessHandler to replace deprecated MappingJackson2HttpMessageConverter with JacksonJsonHttpMessageConverter
- Replace updated OneTimeTokenAuthenticationConverter to use non-deprecated OneTimeTokenAuthenticationToken constructor
- update tests to remove use of deprecated methods
- refactor JdbcTokenRepositoryImpl to remove extension of deprecated JdbcDaoSupport class
- enable compile-warnings-error plugin

Closes gh-18441

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-03-27 15:14:55 -06:00
dependabot[bot] 441e0fc976 Bump org.apereo.cas.client:cas-client-core from 4.0.4 to 4.1.0 
Bumps [org.apereo.cas.client:cas-client-core](https://github.com/apereo/java-cas-client) from 4.0.4 to 4.1.0.
- [Release notes](https://github.com/apereo/java-cas-client/releases)
- [Commits](https://github.com/apereo/java-cas-client/compare/cas-client-4.0.4...cas-client-4.1.0)

---
updated-dependencies:
- dependency-name: org.apereo.cas.client:cas-client-core
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 19:45:26 +00:00
Josh Cummings 41efee0d35 Merge branch '7.0.x' 2026-03-27 13:27:15 -06:00
Josh Cummings 0ce76d2c5d Merge branch '6.5.x' into 7.0.x 2026-03-27 13:27:03 -06:00
dependabot[bot] 66cf02c6b0 Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 
Bumps [spring-io/spring-gradle-build-action](https://github.com/spring-io/spring-gradle-build-action) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/spring-io/spring-gradle-build-action/releases)
- [Commits](https://github.com/spring-io/spring-gradle-build-action/compare/efc55f07f4dfa22f2afd97f9ea1be4212eeed737...c8668747d7c264864c8c7f7026d0d277d14a78dc)

---
updated-dependencies:
- dependency-name: spring-io/spring-gradle-build-action
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 13:26:10 -06:00
dependabot[bot] 7441ce7f16 Bump spring-io/spring-security-release-tools/.github/workflows/perform-release.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/perform-release.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/729fed56d42122f88583aff1be35c0800b7d77e9...b92832ecbc7cbe969201e6beafbde0ee400cf095)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 13:25:46 -06:00
dependabot[bot] 9dbcd8cf00 Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/729fed56d42122f88583aff1be35c0800b7d77e9...b92832ecbc7cbe969201e6beafbde0ee400cf095)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 13:25:35 -06:00
Josh Cummings 63e0d66811 Merge branch '7.0.x' 2026-03-27 13:23:08 -06:00
Josh Cummings e6db4418b0 Merge branch '6.5.x' into 7.0.x 2026-03-27 13:22:44 -06:00
Josh Cummings 835d6c1fbd Add Issuer Validation to withIssuerLocation Snippets 
Closes gh-19000

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 13:22:24 -06:00
Josh Cummings 95b6dc753a Merge branch '7.0.x' 2026-03-27 12:14:47 -06:00
Josh Cummings 9fb3e14989 Merge branch '6.5.x' into 7.0.x 2026-03-27 12:14:41 -06:00
Josh Cummings fc90a1ffeb Merge branch '7.0.x' 2026-03-27 12:13:54 -06:00
Josh Cummings de14d9684f Add Reference Docs for DelegatingJwtGrantedAuthoritiesConverter 
Issue gh-18300

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 12:13:49 -06:00
Josh Cummings 2c90edd7b7 Merge branch '6.5.x' into 7.0.x 2026-03-27 12:12:27 -06:00
Josh Cummings 95b2cdf7f4 Clarify JavaDoc 
Removed note about DelegatingJwtGrantedAuthoritiesConverter from
ExpressionJwtGrantedAuthoritiesConverter and further explained in
DelegatingJwtGrantedAuthoritiesConverter where it comes in handy.

Issue gh-18300

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-27 11:48:56 -06:00
dependabot[bot] d5d466b0eb Bump org.jetbrains.dokka from 2.1.0 to 2.2.0 
Bumps [org.jetbrains.dokka](https://github.com/Kotlin/dokka) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/Kotlin/dokka/releases)
- [Commits](https://github.com/Kotlin/dokka/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: org.jetbrains.dokka
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 03:17:45 +00:00
dependabot[bot] 2970d2baf9 Bump org.jetbrains.dokka:dokka-gradle-plugin from 2.1.0 to 2.2.0 
Bumps [org.jetbrains.dokka:dokka-gradle-plugin](https://github.com/Kotlin/dokka) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/Kotlin/dokka/releases)
- [Commits](https://github.com/Kotlin/dokka/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: org.jetbrains.dokka:dokka-gradle-plugin
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 03:17:37 +00:00
dependabot[bot] 826f5d6d72 Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 
Bumps [spring-io/spring-gradle-build-action](https://github.com/spring-io/spring-gradle-build-action) from 2.0.5 to 2.0.6.
- [Release notes](https://github.com/spring-io/spring-gradle-build-action/releases)
- [Commits](https://github.com/spring-io/spring-gradle-build-action/compare/efc55f07f4dfa22f2afd97f9ea1be4212eeed737...c8668747d7c264864c8c7f7026d0d277d14a78dc)

---
updated-dependencies:
- dependency-name: spring-io/spring-gradle-build-action
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-27 00:46:59 +00:00
Rob Winch f0e71a8bc4 Merge pull request #18990 from rwinch/7.0.x-gh-18970-null-oncommitted 
Merge Handle null value in OnCommittedResponseWrapper header methods
 2026-03-26 17:33:33 -04:00
Rob Winch 4704aea72a Merge pull request #18991 from rwinch/main-gh-18970-null-oncommitted 
Merge Handle null value in OnCommittedResponseWrapper header methods
 2026-03-26 17:31:43 -04:00
Rob Winch 3ecf84855e Merge pull request #18989 from rwinch/gh-18970-null-oncommitted 
Merge Handle null value in OnCommittedResponseWrapper header methods
 2026-03-26 17:29:33 -04:00
Robert Winch 9f67afee42 Merge Handle null value in OnCommittedResponseWrapper header methods 2026-03-26 15:58:12 -05:00
Robert Winch 2848b95fe0 Merge Handle null value in OnCommittedResponseWrapper header methods 2026-03-26 15:44:49 -05:00
Robert Winch 0039bc0cf0 Handle null value in OnCommittedResponseWrapper header methods 
Closes gh-18970
 2026-03-26 14:50:44 -05:00
dependabot[bot] aff736903d Bump picomatch from 2.3.1 to 2.3.2 in /javascript 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 21:48:06 +00:00
Josh Cummings 0606ff152b Merge branch '7.0.x' 2026-03-25 15:20:07 -06:00
Josh Cummings 671a53e850 Merge branch '6.5.x' into 7.0.x 2026-03-25 15:19:59 -06:00
Josh Cummings 057e5181ea Adjust Formatting 
Issue gh-18805

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-25 15:19:29 -06:00
Tran Ngoc Nhan 178ca56aaf Fallback defaultTargetUrl if refererHeader is empty 
Closes gh-18805

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-25 15:19:29 -06:00
Josh Cummings a80447c65f Merge branch '7.0.x' 2026-03-25 15:11:59 -06:00
Josh Cummings 164fbaf007 Merge branch '6.5.x' into 7.0.x 2026-03-25 15:11:52 -06:00
dependabot[bot] 61ccf14953 Bump org.hibernate.orm:hibernate-core from 6.6.44.Final to 6.6.45.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.44.Final to 6.6.45.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.45/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.44...6.6.45)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.45.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 15:11:27 -06:00
Josh Cummings 608b36bb1d Add docs-build to Dependabot Auto-Merge 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-25 14:45:37 -06:00
Robert Winch 51ce11cbd2 Move InetAddressMatcher to spring-security-core 
Closes gh-18979
 2026-03-25 15:25:57 -05:00
Robert Winch c6e60c84f9 Add subsections to cors 
This helps make the docs look more uniform after adding
PreFlightRequestFilter docs in its own section

Issue gh-18926
 2026-03-25 16:04:42 -04:00
Robert Winch 4199240662 Add Support for PreFlightRequestFilter 
Closes gh-18926
 2026-03-25 16:04:42 -04:00
Robert Winch 0ef8a4ff27 Update to Spring Framework 7.0.7-SNAPSHOT 
Necessary to pick up Spring Framework's `PreFlightRequestFilter`

Issue gh-18926
 2026-03-25 16:04:42 -04:00
Josh Cummings c749ead5f1 Publish KDoc for the Kotlin DSL 
Applies Dokka to any subproject using security-kotlin via DocsPlugin,
aggregates KDoc alongside Javadoc in syncAntoraAttachments, and adds
a Kotlin API entry to the reference docs navigation.

Closes gh-18968

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-25 13:58:38 -06:00
Josh Cummings 622f75d346 Move Antora Tasks into DocsPlugin 
All Spring projects using io.spring.convention.docs are also using Antora,
so these tasks belong in the convention rather than each project's build script.

Issue gh-18968
 2026-03-25 13:58:38 -06:00
Joe Grandja db67f36492 Fix ID Token auth_time validation (reactive) 
Issue gh-18839 gh-17246
 2026-03-25 14:28:00 -04:00
Joe Grandja a8281a9c62 Merge branch '7.0.x' 2026-03-25 13:23:11 -04:00
Joe Grandja 65cf2586c5 Merge branch '6.5.x' into 7.0.x 
Closes gh-18978
 2026-03-25 12:40:43 -04:00
Joe Grandja 6e683f2286 Fix ID Token auth_time validation 
Closes gh-18839
 2026-03-25 11:33:55 -04:00
dependabot[bot] f6f3b697fe Bump com.nimbusds:oauth2-oidc-sdk from 11.34 to 11.35 
Bumps [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) from 11.34 to 11.35.
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.35..11.34)

---
updated-dependencies:
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.35'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 03:17:16 +00:00
Josh Cummings 2c2666065f Merge branch '7.0.x' 2026-03-24 13:39:37 -06:00
Josh Cummings bae4cdd765 Adjust for Nullability 
Issue gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-24 13:39:27 -06:00
Josh Cummings 2a8976f2f0 Merge branch '7.0.x' 2026-03-23 18:13:15 -06:00
Josh Cummings a7c3e842d6 Merge branch '6.5.x' into 7.0.x 2026-03-23 18:12:36 -06:00
Josh Cummings b6e24db68c Return Mono.empty on Empty POST 
Closes gh-18973

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-23 18:12:21 -06:00