Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,007 Commits 54 Branches 379 Tags
74b93a19f62fbf5c317dae60ff22576127cbaa7c
Commit Graph

20007 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Winch 74b93a19f6 Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Robert Winch 6dd6e8ebb1 Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
Daniel Garnier-Moiroux 7cfcfaefae BearerTokenAuthenticationEntryPoint uses context path 
Closes gh-18528

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2026-01-23 06:27:26 -05:00
Robert Winch f7f5165321 Merge branch '6.5.x' into 7.0.x 2026-01-21 15:33:03 -06:00
Robert Winch 27f91e03f9 Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 2026-01-21 15:32:25 -06:00
Robert Winch b7230c367e Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 2026-01-21 15:32:20 -06:00
Robert Winch cd72cb1f2e Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 2026-01-21 15:32:16 -06:00
Robert Winch a865671526 Merge branch '6.4.x' into 6.5.x 2026-01-21 15:31:53 -06:00
Robert Winch 4f52b71be8 Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 2026-01-21 15:31:04 -06:00
Robert Winch 398430f672 Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 2026-01-21 15:30:50 -06:00
dependabot[bot] 03b3b852f5 Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-21 03:08:52 +00:00
dependabot[bot] e54bb9f3f5 Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-21 03:06:52 +00:00
dependabot[bot] 30be114a5e Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.25.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.25)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 03:22:36 +00:00
dependabot[bot] 75121bf455 Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.40.Final to 6.6.41.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.41/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.40...6.6.41)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.41.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 03:22:23 +00:00
dependabot[bot] aa21e62fb8 Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.25.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.25)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 03:21:35 +00:00
dependabot[bot] b58187082a Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.40.Final to 6.6.41.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.41/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.40...6.6.41)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.41.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 03:21:26 +00:00
Robert Winch bd3441caac Merge branch '6.5.x' into 7.0.x 2026-01-16 15:18:39 -06:00
Robert Winch 8879aa83a3 Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 2026-01-16 15:17:34 -06:00
Josh Cummings 1f39a3dd3e Merge branch '6.5.x' into 7.0.x 2026-01-15 12:41:22 -07:00
Josh Cummings 84b124d29d Merge branch '6.4.x' into 6.5.x 2026-01-15 12:41:16 -07:00
songhee fee6a9bb0e docs: add CurrentSecurityContext section and link references 
Signed-off-by: songhee <songhee9327@gmail.com>
 2026-01-15 12:31:58 -07:00
Josh Cummings d2ed8321b4 Merge branch '6.5.x' into 7.0.x 2026-01-14 14:46:36 -07:00
Guillaume Husta dd1f097131 Add @FunctionalInterface to RequestMatcher 
Add `@FunctionalInterface` to `RequestMatcher`.

According to the documentation, it is a FunctionalInterface.

See: https://docs.spring.io/spring-security/reference/6.5/servlet/authorization/authorize-http-requests.html#match-by-custom

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:45:22 -07:00
Josh Cummings 7690c284c0 Merge branch '6.5.x' into 7.0.x 2026-01-14 14:35:59 -07:00
Guillaume Husta 508b3f26e3 docs: Typo in page Preparing for 7.0 / Web (version 6.5) 
In section 'Include the Servlet Path Prefix in Authorization Rules', `PathPatternRequestParser` should be replaced by `PathPatternRequestMatcher`.

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:35:26 -07:00
dependabot[bot] f2e674ff77 Bump io.projectreactor:reactor-bom from 2024.0.13 to 2024.0.14 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.13 to 2024.0.14.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.13...2024.0.14)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-14 03:08:22 +00:00
Robert Winch 7fcbf642b8 Use project.artifactory(Username|Password) 2026-01-12 16:05:38 -06:00
Robert Winch a32d9f04e3 Revert "Use project.artifactory(Username|Password)" 
This reverts commit 9c449000dc.
 2026-01-12 16:04:56 -06:00
Robert Winch 9c449000dc Use project.artifactory(Username|Password) 2026-01-12 15:48:47 -06:00
Robert Winch 63c99b9438 Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3.
 2026-01-12 14:31:57 -06:00
Pavel Vassiliev 641d8a362b Fix Gradle 9.0 deprecations 
This commit addresses several build warnings and errors to prepare for
Gradle 9.0 and resolve static analysis issues.
Closes: gh-18472
Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>

Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>
 2026-01-12 13:43:16 -06:00
Andrey Litvitski 13f6286e04 Use DefaultParameterNameDiscoverer#getSharedInstance 
Closes: gh-18330

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-12 13:37:32 -06:00
Robert Winch b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Fr05ty-hub e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Robert Winch eb5cc89c69 Merge branch '6.5.x' into 7.0.x 2026-01-09 15:24:51 -06:00
Robert Winch d6f8a2e928 Merge branch '6.5.x' into 7.0.x 2026-01-09 15:23:06 -06:00
Robert Winch 6a47b5d573 Merge branch '6.4.x' into 6.5.x 2026-01-09 15:22:39 -06:00
github-actions[bot] e588a3528f Update Antora Spring UI to v0.4.25 2026-01-09 15:22:22 -06:00
github-actions[bot] 7ea5be4b98 Update Antora Spring UI to v0.4.25 2026-01-09 15:21:48 -06:00
Robert Winch 2344fe5ebb Use proper xref syntax 
Incldue the required resource id and required # of the fragment.

See

- https://docs.antora.org/antora/latest/page/xref/#xref-macro
- https://docs.antora.org/antora/latest/page/resource-id-coordinates/#id-resource
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan ba18f681e5 Use xref anchor id 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan 3d9bc6a5cf Update mfa.adoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Martin Boulais 1d8ea63a9e Fix typo in HTTP Basic Auth Provider documentation 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
 2026-01-08 13:59:34 -06:00
Tran Ngoc Nhan d20c88ecef Format code 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Tran Ngoc Nhan 79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Rob Winch 04bba36ee5 Update supported branches in workflow file 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2026-01-08 13:05:45 -06:00
Robert Winch 5bb99b654f Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 2026-01-08 13:02:42 -06:00
Robert Winch 37c15f3b81 Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 2026-01-08 13:02:37 -06:00