Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,442 Commits 54 Branches 379 Tags
b9f974b18f5dfe93581154f71db55c1162384424
Commit Graph

20442 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
023-dev b9f974b18f Remove compiler warnings for spring-security-config 
Signed-off-by: 023-dev <0_2_3@naver.com>
 2026-02-27 21:53:55 -06:00
dependabot[bot] e43275d1db Bump minimatch from 3.1.2 to 3.1.5 in /javascript 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:58:57 +00:00
dependabot[bot] 18995c89ee Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-27 00:45:15 +00:00
Josh Cummings 0c42016781 Merge branch '7.0.x' 2026-02-26 17:11:06 -07:00
Josh Cummings 1575610d49 Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück 3a14745d92 Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings bd51ecd691 Merge branch '7.0.x' 2026-02-26 17:10:28 -07:00
Josh Cummings c29af014f4 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings 4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings 48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현 b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings 50caf0cb28 Merge branch '7.0.x' 2026-02-26 15:57:27 -07:00
Tran Ngoc Nhan 7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00
Josh Cummings b7dbb12c66 Merge branch '7.0.x' 2026-02-26 15:10:18 -07:00
Josh Cummings 731848d5d3 Merge branch '6.5.x' into 7.0.x 2026-02-26 15:09:45 -07:00
Josh Cummings eb25bbaa24 Merge branch '7.0.x' 2026-02-26 15:09:03 -07:00
Guillaume Husta 68a02ff176 Update Link to CRSF Docs in FAQ 
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-02-26 14:47:21 -07:00
Menashe Eliezer ee97c83042 Update request-matcher schema and XML tests to use path 
Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
 2026-02-26 14:42:09 -07:00
Josh Cummings 6304ea78cc Merge branch '7.0.x' 2026-02-26 14:39:33 -07:00
Josh Cummings 10b835693c Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 14:39:19 -07:00
dependabot[bot] ba12f5e6d0 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:51 -07:00
dependabot[bot] f37a706d62 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 14:38:30 -07:00
Josh Cummings e30d9240c9 Add Docs for Custom Jwt Principal Converters 
Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00
Josh Cummings c208410a91 Polish Jwt Authentication Converter 
- Replace conditional logic with adapter class
- Added tests

Issue gh-6237

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 12:28:50 -07:00
Andrey Litvitski aabc9fc1cc Support Custom Principal in Jwt Authentication Flow 
Closes gh-6237

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-26 12:28:50 -07:00
Rob Winch d3474e704f Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:49 -06:00
Rob Winch b48967eebc Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:39 -06:00
Rob Winch 522c48b3b5 Merge Add Missing OnCommitedResponseWrapper Header Overrides 
Add Missing OnCommitedResponseWrapper Header Overrides
 2026-02-24 20:16:24 -06:00
Robert Winch 9cc3161055 Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:51:53 -06:00
Robert Winch 6898de8003 Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:49:38 -06:00
Robert Winch 1dae9aa459 Add Missing OnCommitedResponseWrapper Header Overrides 
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.

Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.

This issue is the underlying problem for spring-projects/spring-framework#36381

Closes gh-18797
 2026-02-24 19:46:29 -06:00
Josh Cummings 4b0be84a0e Merge branch '7.0.x' 2026-02-24 17:10:26 -07:00
Josh Cummings 73ee893d98 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-24 17:10:14 -07:00
Josh Cummings bec25edeb0 Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute 
Clarify need for method attribute in JSP authorize tag
 2026-02-24 17:08:14 -07:00
Josh Cummings 4d43edfb20 Polish Documentation 
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format

Issue gh-16530

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-24 14:24:11 -07:00
onhann 9f9699f8a5 Clarify need for method attribute in JSP authorize tag 
Closes gh-16530

This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.

Signed-off-by: onhann <gusgus1467@naver.com>
 2026-02-24 14:24:11 -07:00
Andrey Litvitski 6d4726bfb7 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 10:55:06 -06:00
Robert Winch d31ca7a758 Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) 
Closes gh-18357
 2026-02-24 10:06:04 -06:00
Robert Winch ac06067d02 Revert "Mark targetDomainObject as @Nullable in PermissionEvaluator" 
This reverts commit 9f1381c382.
 2026-02-24 09:40:54 -06:00
Andrey Litvitski 9f1381c382 Mark targetDomainObject as @Nullable in PermissionEvaluator 
Closes: gh-18259

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-24 08:27:44 -06:00
dependabot[bot] f700aeac0f Bump tools.jackson:jackson-bom from 3.0.4 to 3.1.0 
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 3.0.4 to 3.1.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.4...jackson-bom-3.1.0)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:17:58 +00:00
dependabot[bot] 41a8d6aca5 Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:16:37 +00:00
Rob Winch e81c64b94d Merge Update servlet/architecture.adoc to use include-code 
Update servlet/architecture.adoc to use include-code
 2026-02-23 17:16:28 -06:00
Robert Winch 0c394696ce Fix servlet/architecture.adoc disable Sample 
- Switch `include-java` (does not exist) to `include-code`
- Update kotlin to have the `disable` tag
- Update to suppress deprecation use for User builder (allowed for samples)

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 17:03:17 -06:00
Joe Kuhel 62d1bc86e3 Update servlet architecture docs to use include-code 
Also update antora.xml to include-xml in docs/src/test/resources

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-02-23 16:37:16 -06:00
Rob Winch a4cadb5cc5 Merge Make PublicKeyCredentialCreationOptions Serializable 
Make PublicKeyCredentialCreationOptions Serializable
 2026-02-23 16:01:34 -06:00
Robert Winch 701736da5d Fix checkstyle 
Issue gh-18354

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 15:43:55 -06:00
Mohammad Amin Pahlevani 9e5a425859 Make PublicKeyCredentialCreationOptions Serializable 
Closes gh-16431

Signed-off-by: Mohammad Amin Pahlevani <pahlevani@live.com>
 2026-02-23 15:43:40 -06:00
Rob Winch 1ab17d941a Merge Improve error message for missing access attribute in intercept-url 
Improve error message for missing access attribute in intercept-url
 2026-02-23 15:31:34 -06:00
Robert Winch 53300be8d7 Fix checkstyle 
Issue gh-18530
 2026-02-23 15:16:02 -06:00