Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,684 Commits 54 Branches 379 Tags
5e851e0b2628088290e8d1646f69931219df9ae3
Commit Graph

19684 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch 5e851e0b26 Remove JdbcOAuth2AuthorizationService.Mapper 
- We should not introduce an unnecessary public API
  - It would need to be removed when Jackson 2 support was removed, but
    was required to configure Jackson 3 support
  - There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
  unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
  need to be on different classes & we wish to preserve the existing
  accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
  add it in tests
 2025-10-19 17:03:19 -05:00
Rob Winch 803936cfbe JacksonDelegate uses SecurityJacksonModules 2025-10-19 17:03:19 -05:00
Rob Winch 50568da1e5 Add Jackson 3 TestingAuthenticationToken Support 
Without this many of the tests fail when using Jackson 3
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 8f8a25533a Refine documentation for Jackson 3 
This commit refines the documentation by:
 - Updating Jackson documentation for Jackson 3
 - Removing the outdated documentation in servlet
 - Adding migration guidelines

Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 137f8fd670 Add support for JacksonJsonHttpMessageConverter 
This commit introduces classpath checks and instantiation of
JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging
a new GenericHttpMessageConverterAdapter which allows to adapt
SmartHttpMessageConverter to GenericHttpMessageConverter.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 702a177e25 Add webauthn Jackson 3 support and deprecate Jackson 2 one 
Since this module was already using the jackson sub-package for Jackson 2
support, both Jackson 2 and Jackson 3 support lives in the same subpackage
and the former package-private classes has been renamed with a Jackson2
qualifier.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 48854c3ac9 Deprecate Jackson 2 support 
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 65a14d6c6d Add Jackson 3 support 
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
 - jackson subpackage instead of jackson2
 - Jackson type prefix instead of Jackson2
 - JsonMapper instead of ObjectMapper
 - For configuration, JsonMapper.Builder instead of ObjectMapper
   since the latter is now immutable
 - Remove custom support for unmodifiable collections
 - Use safe default typing via a PolymorphicTypeValidator

Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md.

This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 916a687b29 Add Jackson 3 BOM 
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 762fcbb516 Add .kotlin/ to .gitignore 
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Joe Grandja fc795a81d4 PAR uses requested scopes on consent 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
 2025-10-17 16:14:31 -04:00
Josh Cummings 4bc319883b Address Nullability 2025-10-17 14:03:15 -06:00
dependabot[bot] cb7a6292b7 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.5...v0.0.6)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 14:03:15 -06:00
Josh Cummings bbf6a4e786 Merge branch '6.5.x' 2025-10-17 13:50:05 -06:00
Josh Cummings ba2619cb8a Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-10-17 13:49:54 -06:00
dependabot[bot] 43c53c3b78 Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:50 -06:00
dependabot[bot] b1e16cd147 Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:30 -06:00
dependabot[bot] 9961e6d56c Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:13 -06:00
dependabot[bot] cbad2ff5ca Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:47:56 -06:00
dependabot[bot] 63c8b0faa3 Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.13 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:46:16 -06:00
Josh Cummings a435175723 Clean Up Generic Typing in Builder 
Issue gh-17997
 2025-10-17 11:13:00 -06:00
Joe Grandja 4b810a8971 Disallow usage of the openid scope in device authorization requests 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2177
 2025-10-17 11:41:30 -04:00
Joe Grandja 0d261e9c32 Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18060
 2025-10-16 16:29:52 -04:00
Josh Cummings c5e141ad07 Change JavaDoc to FactorGrantedAuthority 
Issue gh-18030
 2025-10-16 14:00:43 -06:00
Josh Cummings ba42b9c4cc Update Documentation for All-Factor Propagation 
Issue gh-18000
 2025-10-16 13:41:46 -06:00
Josh Cummings b1a50a25b6 Check If toBuilder Is Implemented 
Since RC1 is right around the corner, let's change the API
footprint as little as possible by using reflection to check
if a class has declared toBuilder themselves. If they have, we
can assume that that class's builder will produce that class.

Issue gh-18052
 2025-10-16 13:41:45 -06:00
Josh Cummings 4281f6b00b Prevent Duplicate Authorities 
Issue gh-17981
 2025-10-16 13:41:45 -06:00
Josh Cummings 0fcef6dca2 Add Missing Mock Configuration 2025-10-16 13:41:45 -06:00
Josh Cummings 2e7cdd7b14 Revert "Merge branch 'builder-enhancements'" 
This reverts commit 95644fb73c, reversing
changes made to fbf7bb3be1.

Reverting this commit will allow us more time to
consider the ideal way to add this support to the public API.
 2025-10-16 13:41:45 -06:00
Josh Cummings cefc0cddec Propagate All Missing Factors 
Closes gh-18000
 2025-10-16 13:41:45 -06:00
Joe Grandja af1de950ae Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18057
 2025-10-16 15:12:10 -04:00
Joe Grandja 7f29585df4 Remove OidcUserService.setAccessibleScopes() 
Closes gh-18056
 2025-10-16 15:12:10 -04:00
Rob Winch 2eb5da3764 Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE 
The member is public, so we need to deprecate it rather than remove it.

Issue gh-18035

Closes gh-18058
 2025-10-16 14:03:19 -05:00
Tran Ngoc Nhan f5d33457dc Fix-typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-10-16 14:03:19 -05:00
parthokr 938a5a7c77 Fix typo in AuthenticationProvider Javadoc 
Signed-off-by: parthokr <partho.kr@proton.me>
 2025-10-16 13:54:00 -05:00
dependabot[bot] f03213383e Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-16 12:54:46 -05:00
Rob Winch fc2b1f9923 Merge branch '6.5.x' 2025-10-16 12:53:33 -05:00
Rob Winch dee33b5337 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:52:50 -05:00
Rob Winch 9f936015ff Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 2025-10-16 12:52:46 -05:00
Rob Winch 79dfbe14c2 Merge branch '6.4.x' into 6.5.x 2025-10-16 12:52:34 -05:00
Rob Winch b75f2582c4 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:51:41 -05:00
Joe Grandja 67c3ceb611 Fix NullAway error 
Related https://github.com/spring-projects/spring-framework/pull/35629
 2025-10-15 14:53:06 -04:00
Josh Cummings 95644fb73c Merge branch 'builder-enhancements' 
Issue gh-18052
Issue gh-18053
 2025-10-15 12:02:41 -06:00
Josh Cummings 21ff7688cc Move Builder to Authentication 
Leaving the Builder in Authentication allows
authentication implementations to implement Builder
without needing to implement BuildableAuthentication.

Issue gh-18052
 2025-10-15 12:01:11 -06:00
Josh Cummings 4102007119 Add Builder#authentication 
This commit consolidates logic common to applying one
authenticaiton to another. Specifically, it will copy the
authorities in one authentication into the builder instance
of another.

Closes gh-18053
 2025-10-15 12:01:11 -06:00
Josh Cummings e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Joe Grandja fbf7bb3be1 Allow OAuth2AuthorizationRequest to be extended 
Closes gh-18049
 2025-10-14 16:34:59 -04:00
Ivan Golovko 979ac7c336 Remove cache from (Reactive)OidcIdTokenDecoderFactory 
Closes gh-16647

Signed-off-by: iigolovko <iigolovko@ginc-it.ru>
 2025-10-14 11:24:54 -04:00
dependabot[bot] 90a1c2c15d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:20:40 +00:00
dependabot[bot] 978459bd1d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:15:43 +00:00