Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,601 Commits 54 Branches 379 Tags
7eed4641dac14fb4fefefd51fb66a70206bffe37
Commit Graph

20601 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ziqin Wang ae827b6e1b Fix Jackson 3 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

This fix addresses the WebAuthn authentication failure appeared when
using FIDO2 security keys on Safari.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:34 +08:00
Ziqin Wang 65bf54d842 Test Jackson 3 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:24 +08:00
Ziqin Wang 7f75fd611e Test Jackson 3 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:34:13 +08:00
Ziqin Wang a013bfaaec Merge branch 'gh-18643-6.5.x' into gh-18643-7.0.x 2026-03-15 15:25:04 +08:00
Ziqin Wang e726c05e76 Fix Jackson 2 deserializer for AuthenticationExtensionsClientOutputs 
The deserializer is updated to properly ignore unknown extensions.

Closes gh-18643

Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:04:14 +08:00
Ziqin Wang a7039fb3e6 Test Jackson 2 deserializer with unknown primitive WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:28 +08:00
Ziqin Wang 88ea668f47 Test Jackson 2 deserializer with unknown obj/arr WebAuthn ext 
Signed-off-by: Ziqin Wang <ziqin@wangziqin.net>
 2026-03-15 15:03:17 +08:00
github-actions[bot] 2c1c50ddca Update Antora Spring UI to v0.4.26 2026-03-13 17:45:06 +00:00
github-actions[bot] 03a5de1955 Update Antora Spring UI to v0.4.26 2026-03-13 17:45:05 +00:00
Joe Grandja 22a98583f1 Enable null-safety in spring-security-oauth2-jose 
Closes gh-17821
 2026-03-13 11:58:29 -04:00
Joe Grandja 78f762fab8 Remove checkstyle suppressions for spring-security-oauth2-jose 
Issue gh-17821
 2026-03-13 11:38:08 -04:00
dependabot[bot] a29422950a Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:16:31 +00:00
dependabot[bot] 91167adaa8 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:09:24 +00:00
dependabot[bot] 06cbea383e Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:07:50 +00:00
Andrey Litvitski e250236279 Read relayState from authenticationRequest 
Closes gh-18243

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-12 10:30:11 -06:00
dependabot[bot] eae1a0a55c Bump org.mockito:mockito-bom from 5.22.0 to 5.23.0 
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito) from 5.22.0 to 5.23.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.22.0...v5.23.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 03:18:20 +00:00
Josh Cummings 266d2608f1 Clarify Nullability on Saml2AuthenticationRequestRepository 
Issue gh-17823

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 16:51:48 -06:00
Josh Cummings ddb825f7a5 Merge branch '7.0.x' 2026-03-11 16:47:02 -06:00
Josh Cummings 5b4fc73878 Merge branch '6.5.x' into 7.0.x 2026-03-11 16:46:51 -06:00
Josh Cummings ef76ba040d Require non-null authenticationRequest 
Closes gh-18880

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 16:45:23 -06:00
Josh Cummings c342b89760 Remove setRequestEntityConverter 
Given that RestClient does not read RequestEntity objects, let's
leave it out of a class built around using RestClient

Issue gh-18745

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 15:15:15 -06:00
Josh Cummings 5687867a09 Fix Checkstyle 
Issue gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 14:46:24 -06:00
Joe Grandja 61177aed85 Remove NullAway SuppressWarnings in ClaimAccessor 
Issue gh-17820
 2026-03-11 13:53:30 -04:00
Joe Grandja 36450d6c26 Fix checkstyle error 
Issue gh-18874
 2026-03-11 12:25:13 -04:00
dependabot[bot] 763a8d4691 Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.3 to 2025.0.4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.3...2025.0.4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 03:08:26 +00:00
dependabot[bot] d69af716c8 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.15 to 2024.0.16.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.15...2024.0.16)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 03:06:57 +00:00
Josh Cummings a980368f26 Move Integration Test from Spring LDAP 
Closes gh-18874

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 15:44:07 -06:00
Josh Cummings 37992d896b Add to What's New 
Issue gh-18745

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 15:44:05 -06:00
Joe Grandja 703ffaf143 Merge branch '7.0.x' 2026-03-10 15:59:29 -04:00
Joe Grandja 1906075b0c OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18873
 2026-03-10 15:32:24 -04:00
Josh Cummings 8dcaa6dfcb Polish Documentation 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 07:57:43 -06:00
Andrey Litvitski d1ce69ca99 Specify charset in WWW-Authenticate for Basic Auth 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-10 07:57:43 -06:00
Joe Grandja c7235ec0a3 Allow custom token settings for OAuth 2.0 dynamic client registration 
Closes gh-18870
 2026-03-10 07:48:37 -04:00
dependabot[bot] 16cc1dd8d6 Bump io.micrometer:micrometer-observation from 1.16.3 to 1.16.4 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.16.3 to 1.16.4.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.16.3...v1.16.4)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 03:19:43 +00:00
Josh Cummings 17d2131fe9 Merge remote-tracking branch 'origin/7.0.x' 2026-03-09 17:13:45 -06:00
Ronny Perinke e8e0da1ec6 Add Null Guard for Setting ReactiveUserDetailsPasswordService 
This use case specifically arises when using `ReactiveUserDetailsService`
without `ReactiveUserDetailsPasswordService`.

Closes gh-17986

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
 2026-03-09 17:12:59 -06:00
Joe Grandja 8c0d2cccf1 Initialize RefreshOidcUserReactiveOAuth2AuthorizationSuccessHandler when jose is on classpath 
Issue gh-17246
 2026-03-09 17:03:49 -04:00
ddingjoo 612f7884ea Apply javadoc warnings plugin to aspects 
The aspects module currently runs :javadoc as NO-SOURCE because it only contains AspectJ sources. Apply javadoc-warnings-error for consistency with other modules and future Java sources.

Closes gh-18446

Signed-off-by: ddingjoo <ddingsha9@teambind.co.kr>
 2026-03-09 16:14:47 -04:00
Tran Ngoc Nhan 0f7a6d45fd Polish websocket 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 15:59:27 -04:00
Rob Winch c34cb108cb Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:41:05 -04:00
Rob Winch 2f81d2d99e Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:39:54 -04:00
Rob Winch 6cf4a5eed9 Merge Fix CookieRequestCache parameters 2026-03-09 15:30:46 -04:00
Rob Winch 0658d4f55e Merge Fix CookieRequestCache parameters 
Fix CookieRequestCache parameters
 2026-03-09 15:30:32 -04:00
Robert Winch d870548596 Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 14:26:37 -05:00
Robert Winch 26937bf06c Remove unnecessary webauthn4j dependency 2026-03-09 14:25:08 -05:00
Rob Winch 7e37aa2b75 Merge Fix CookieRequestCache parameters 2026-03-09 15:25:05 -04:00
Tran Ngoc Nhan 8e8e1a80a9 Add Passkeys webauthn in example 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 14:23:14 -05:00
Robert Winch 7ab3087692 Merge Fix CookieRequestCache parameters 2026-03-09 14:17:07 -05:00
Robert Winch 3110c9074f Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B 07bfe371b4 Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00