Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,405 Commits 54 Branches 379 Tags
6d4726bfb78f51bfc6abf5334a51c0bac24abd56
Commit Graph

20405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrey Litvitski 6d4726bfb7 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 10:55:06 -06:00
Robert Winch d31ca7a758 Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) 
Closes gh-18357
 2026-02-24 10:06:04 -06:00
Robert Winch ac06067d02 Revert "Mark targetDomainObject as @Nullable in PermissionEvaluator" 
This reverts commit 9f1381c382.
 2026-02-24 09:40:54 -06:00
Andrey Litvitski 9f1381c382 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 08:27:44 -06:00
dependabot[bot] f700aeac0f Bump tools.jackson:jackson-bom from 3.0.4 to 3.1.0 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.4 to 3.1.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.4...jackson-bom-3.1.0)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:17:58 +00:00
dependabot[bot] 41a8d6aca5 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:16:37 +00:00
Rob Winch e81c64b94d Merge Update servlet/architecture.adoc to use include-code 
Update servlet/architecture.adoc to use include-code
 2026-02-23 17:16:28 -06:00
Robert Winch 0c394696ce Fix servlet/architecture.adoc disable Sample 
- Switch `include-java` (does not exist) to `include-code`
- Update kotlin to have the `disable` tag
- Update to suppress deprecation use for User builder (allowed for samples)

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 17:03:17 -06:00
Joe Kuhel 62d1bc86e3 Update servlet architecture docs to use include-code 
Also update antora.xml to include-xml in docs/src/test/resources

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-02-23 16:37:16 -06:00
Rob Winch a4cadb5cc5 Merge Make PublicKeyCredentialCreationOptions Serializable 
Make PublicKeyCredentialCreationOptions Serializable
 2026-02-23 16:01:34 -06:00
Robert Winch 701736da5d Fix checkstyle 
Issue gh-18354

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 15:43:55 -06:00
Mohammad Amin Pahlevani 9e5a425859 Make PublicKeyCredentialCreationOptions Serializable 
Closes gh-16431

Signed-off-by: Mohammad Amin Pahlevani <pahlevani@live.com>
 2026-02-23 15:43:40 -06:00
Rob Winch 1ab17d941a Merge Improve error message for missing access attribute in intercept-url 
Improve error message for missing access attribute in intercept-url
 2026-02-23 15:31:34 -06:00
Robert Winch 53300be8d7 Fix checkstyle 
Issue gh-18530
 2026-02-23 15:16:02 -06:00
CHANHAN d5ba9dcada Add tests for intercept-url access attribute validation 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
CHANHAN fa87c78edb fix missing access attribute validation in FilterInvocationSecurityMetadataSourceParser 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
CHANHAN f1e367f93d fix missing access attribute validation in AuthorizationFilterParser 
Fixes gh-18503

Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
 2026-02-23 15:16:02 -06:00
Rob Winch 4d0627e6c0 Merge pull request #18721 from coehgns/main 
Add tests for PathPatternRequestMatcher request path caching
 2026-02-23 11:58:27 -06:00
Rob Winch 3106f2be7b Merge pull request #18757 from wonderfulrosemari/gh-4265-csrf-multipart-header 
Document multipart CSRF header option
 2026-02-23 11:51:54 -06:00
Rob Winch b3e5f09eb3 Merge Document Keberose Dependency Coordinates 
Document Keberose Dependency Coordinates
 2026-02-23 11:47:06 -06:00
Robert Winch e1436c39f0 Merge Document Keberose Dependency Coordinates 2026-02-23 11:33:25 -06:00
Robert Winch 311235f39e Document Keberose Dependency Coordinates 
Closes gh-18773
 2026-02-23 11:32:37 -06:00
Robert Winch fec988c82d Add Kerberos Migration Section 
This links to the updated dependency coordinates

Issue gh-18773

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 11:29:50 -06:00
busoco-sjb 17b434c1c1 Document the change in dependency coordinates with Spring Security 7 
Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>
 2026-02-23 11:21:59 -06:00
Rob Winch b451739b5c Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager 
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
 2026-02-23 11:17:21 -06:00
Rob Winch 0bb65411be Merge pull request Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager 
Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager
 2026-02-23 11:17:06 -06:00
Robert Winch cfb3bf38d8 Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into main 2026-02-23 10:54:00 -06:00
Robert Winch 151bcf3b0b Merge Fix: Handle null authority string in AuthoritiesAuthorizationManager into 7.0.x 2026-02-23 10:53:40 -06:00
Robert Winch 1116241ee3 Fix Checks for NullPointerException in AuthoritiesAuthorizationManager 
- Fix checkstyle
- Fix the test to use Collection that throws NullPointerException on .contains(null) to replicate the reported issue

Closes gh-18544

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 10:47:11 -06:00
Khyojae d87dc9ae57 Fix: Handle null authority string in AuthoritiesAuthorizationManager 
This prevents NPE when GrantedAuthority.getAuthority() returns null. Closes gh-18543

Signed-off-by: Khyojae <khjae201@gmail.com>
 2026-02-23 09:30:28 -06:00
Robert Winch ea1b3d819b Merge branch '7.0.x' 2026-02-23 08:17:27 -06:00
Robert Winch 2eb948d9b5 Ensure tests clear AuthorizationServerContextHolder 
Closes gh-18768
 2026-02-23 08:17:02 -06:00
Robert Winch 881ddf796a Merge branch '7.0.x' 2026-02-23 08:13:58 -06:00
Robert Winch f2aef5168c Merge branch '6.5.x' into 7.0.x 2026-02-23 08:13:38 -06:00
dependabot[bot] ac556a45f9 Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.42.Final to 6.6.43.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.43/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.42...6.6.43)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.43.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:23 -06:00
dependabot[bot] c8731a8dc0 Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.5 to 2.18.6.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.5...jackson-bom-2.18.6)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 08:12:09 -06:00
dependabot[bot] d62cce5bfb Bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.21.0 to 2.21.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.21.0...jackson-bom-2.21.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 03:19:50 +00:00
dependabot[bot] eca68b6cb3 Bump org.seleniumhq.selenium:selenium-java from 4.40.0 to 4.41.0 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.40.0 to 4.41.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.40.0...selenium-4.41.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-version: 4.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 03:18:09 +00:00
dependabot[bot] 3e60eeb74c Bump org.hibernate.orm:hibernate-core from 7.2.4.Final to 7.2.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.4.Final to 7.2.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/7.2.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/7.2.4...7.2.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 7.2.5.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 03:17:25 +00:00
Robert Winch 21978cab22 Fix Build Errors for Improve AOT RuntimeHits 
- Saml2RuntimeHints consistently uses String in separate method for
  to ensure no classpath issues
- Fix Whitespace/Checkstyle
- Add Missing Nullability Annotations
 2026-02-20 17:28:35 -06:00
Josh Long 2dd2863550 aot improvements 
Signed-off-by: Josh Long <54473+joshlong@users.noreply.github.com>
 2026-02-20 17:28:35 -06:00
dependabot[bot] 1fdfd45782 Bump spring-io/spring-security-release-tools/.github/workflows/test.yml 
Bumps [spring-io/spring-security-release-tools/.github/workflows/test.yml](https://github.com/spring-io/spring-security-release-tools) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Changelog](https://github.com/spring-io/spring-security-release-tools/blob/main/RELEASE.adoc)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/7d42d82298553f123a9dad622e0eac725aaf52ef...729fed56d42122f88583aff1be35c0800b7d77e9)

---
updated-dependencies:
- dependency-name: spring-io/spring-security-release-tools/.github/workflows/test.yml
  dependency-version: 1.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-20 09:42:07 -06:00
Robert Winch 0dc1aa1126 Ensure tests clear AuthorizationServerContextHolder 2026-02-19 15:20:44 -06:00
Stefano Cordio 3cc707621f Prevent execution of scheduled GitHub Actions on forks 
Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>
 2026-02-19 14:41:12 -06:00
Robert Winch f8ac095d48 Add nullability contract to PasswordEncoder#encode implementations 
Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>AbstractValidatingPasswordEncoder.java
 2026-02-19 14:36:48 -06:00
Chen He d65625e399 Update BCryptPasswordEncoder example in password-storage.adoc 
Replaces the usage of BCryptPasswordEncoder with
BcryptPassword4jPasswordEncoder in documentation samples.

Signed-off-by: Chen He <nidhogg55555@gmail.com>
 2026-02-19 14:29:53 -06:00
Minu Kim 18068c9099 fix compile warning in spring-security-test 
Signed-off-by: Minu Kim <kmw106933@naver.com>
 2026-02-19 14:26:20 -06:00
Tran Ngoc Nhan a539f056f7 Add javadoc-warnings-error 
Closes gh-18452

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-19 13:48:28 -06:00
Robert Winch 2b04177151 Merge branch '7.0.x' 2026-02-19 13:30:21 -06:00
Robert Winch a4a6e9124c Merge branch '6.5.x' into 7.0.x 2026-02-19 13:30:13 -06:00