Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,593 Commits 54 Branches 379 Tags
bd7171140e592aa4049af758e0bd5b263693fdd4
Commit Graph

3270 Commits

Author SHA1 Message Date
Joe Grandja 518ae27105 Fix JwtDecoderFactory ClassNotFoundException with DPoP authentication 
Closes gh-17249
 2025-08-12 14:28:30 -04:00
Josh Cummings 6d1a886f92 Deprecate SERIAL_VERSION_UID 
Closes gh-17623
 2025-08-07 11:09:35 -06:00
Tran Ngoc Nhan d6e378e9bb Apply Diamond Operator 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-31 10:59:55 -06:00
Deep Dhamala ca557a9880 Simplify Error Message for Unsupported Security XSD Versions 
Closes gh-17153

Signed-off-by: Deep Dhamala <dhamaladeep2@gmail.com>
 2025-07-31 10:40:54 -06:00
Tran Ngoc Nhan 1a56023f7f Use Spring Framework Nullability Annotations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-31 10:18:51 -06:00
Rob Winch f6cb0bd610 Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Rob Winch 2fdca16c1a Merge branch '6.4.x' into 6.5.x 
Closes gh-17634
 2025-07-29 09:47:52 -05:00
Rob Winch 392129b616 Use 2004-present Copyright Header 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Rob Winch 79cd982341 Extract spring-security-webauthn 
Closes gh-17586
 2025-07-22 17:18:38 -05:00
Rob Winch 7c887d2da1 Add nullability to spring-security-core 
Closes gh-17534
 2025-07-22 16:29:13 -05:00
Rob Winch 85dc06bbdf Merge branch '6.5.x' 
Closes gh-17581
 2025-07-21 09:30:11 -05:00
Rob Winch 80ccb9b3cf Merge branch '6.4.x' into 6.5.x 
Closes gh-17580
 2025-07-21 09:29:20 -05:00
Rob Winch 829af961f0 Use Meaningful Configurer Names in Test 
This just renames the Configurer names used in
AbstractConfiguredSecurityBuilderTests to be more meaningful.

Issue gh-17020 gh-17011

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-07-21 09:27:36 -05:00
Rob Winch fca704e61f Fix getConfigurersInInitializing Semantics 
A getter should not mutate state. This removes getConfigurersInInitializing
in favor of inline code since this is just used once.

Issue gh-17020 gh-17011

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-07-21 09:27:36 -05:00
Rob Winch ea9dd2728e Support add nested security configurers during builder initialization 
Closes gh-17011

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-07-21 09:27:27 -05:00
Josh Cummings 63e0a56bee Add setBasePath 
Originally, it was thought that this feature would be rather uncommon;
however, given some feedback from the Boot team, it makes sense to make
this easier to configure.

Of specific note is migrating from an earlier version were the
servlet path did not need to be specified in authorizeHttpRequests.
Since it does in 7, this will be a significant migration for those
who have a servlet path configured. This setter simplifies that a great
deal, including simplifying Boot's support of it.

Closes gh-17579
 2025-07-20 22:57:06 -06:00
Josh Cummings 15fc898804 Make DataTargetVisitor package-private 
Closes gh-17561
 2025-07-18 11:03:21 -06:00
Joe Grandja a1f5b343ab Merge branch '6.5.x' 2025-07-18 09:01:01 -04:00
Joe Grandja ecec7cb98f Merge branch '6.4.x' into 6.5.x 
Closes gh-17557
 2025-07-18 08:40:31 -04:00
Marcus Hert da Coregio 2a38de48b8 Fix securityContextRepository() initialization in oauth2Login() DSL 
Closes gh-17502

Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
 2025-07-18 07:48:05 -04:00
Josh Cummings 25f69e92c7 Merge branch '6.5.x' 2025-07-17 18:04:52 -06:00
Josh Cummings 72eb3065de Remove AuthorizationWebProxyConfiguration From Reactive 
Closes gh-17545
 2025-07-17 17:42:45 -06:00
DingHao dadf4c0b8a Remove shouldFilterAllDispatcherTypes 
Closes gh-12139

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-07-14 12:34:16 -06:00
DingHao 5fefdd5bb3 Remove AbstractConfiguredSecurityBuilder apply 
Closes gh-13441

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-07-11 16:13:25 -06:00
Josh Cummings 4d3024cb49 Remove MessageSecurityMetadataSourceRegistry 
Issue gh-17295
 2025-07-10 14:38:03 -06:00
Josh Cummings 684775b46a Use PathPatternMessageMatcher By Default 
Issue gh-17501
 2025-07-10 14:38:03 -06:00
Josh Cummings ec16322000 Merge branch '6.5.x' 2025-07-10 13:19:14 -06:00
Josh Cummings bc0d706275 Use PathPatternMessageMatcher.Builder in XML Config 
Closes gh-17508
 2025-07-10 13:16:14 -06:00
Josh Cummings 7f8b9c895f Use with Instead of Apply 
Issue gh-13204
 2025-07-09 18:58:23 -06:00
Josh Cummings 728b5224cb Add withDefaults Shortcut for Custom Configurers 
Issue gh-13204
 2025-07-09 18:58:23 -06:00
Josh Cummings f1725b25a0 Remove authorizeRequests 
Closes gh-15174
 2025-07-09 17:33:11 -06:00
Josh Cummings 2c87270dbc Use authorizeHttpRequests 
Issue gh-15174
 2025-07-09 17:33:11 -06:00
Josh Cummings da182a2d7c Remove Deprecated OpenSaml Components 
Closes gh-17306
 2025-07-09 14:06:51 -06:00
Rob Winch e48fdd5ed4 Use UserWebTestClientConfigurer 
Closes gh-17496
 2025-07-07 15:15:51 -05:00
Tran Ngoc Nhan a439bc65d6 Remove EnableWebMvcSecurity 
Closes gh-17294

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:46:03 -06:00
Josh Cummings 19e88f5e35 Polish Tests 
Issue gh-17298
 2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan 242956a63c Remove deprecated elements from DaoAuthenticationProvider 
Closes gh-17298

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan e52987d03c Remove RoleHierarchyImpl Deprecations 
Closes gh-17297

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:22:22 -06:00
Matt Magoffin 62252c1232 Default to XorCsrfChannelInterceptor in XML 
Change WebSocketMessageBrokerSecurityBeanDefinitionParser to use
XorCsrfChannelInterceptor by default, so WebSocket XML configuration
matches the default Xor-based configuration already in
WebSocketMessageBrokerSecurityConfiguration.

Closes gh-17260

Signed-off-by: Matt Magoffin <matt@solarnetwork.net>
 2025-07-07 13:02:15 -06:00
Josh Cummings a9636c72d1 Merge branch '6.5.x' 2025-07-07 12:54:26 -06:00
Josh Cummings bc20bd6340 Merge branch '6.4.x' into 6.5.x 
Closes gh-17495
 2025-07-07 12:53:59 -06:00
Josh Cummings 8461feb028 Merge branch '6.3.x' into 6.4.x 
Closes gh-17494
 2025-07-07 12:53:47 -06:00
Josh Cummings 4f5b17334e Pick Up csrfChannelInterceptor in XML 
Closes gh-17493
 2025-07-07 12:53:27 -06:00
Josh Cummings 42283a5c1d Add Missing File 
Issue gh-17484
 2025-07-07 11:18:57 -06:00
Josh Cummings 5ae1b73bae Fix Cyclic Bean Dependency 
Closes gh-17484
 2025-07-07 10:32:56 -06:00
Tran Ngoc Nhan d8043dc8a7 Remove PrePostTemplateDefaults 
Closes gh-17296

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:47:27 -06:00
Tran Ngoc Nhan 21036c94b4 Remove Nimbus(Reactive)OpaqueTokenIntrospector 
Closes gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan 519ae241f4 Fix Mock for Spring(Reactive)OpaqueTokenIntrospector 
Issue gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan 9312fb7004 Remove Deprecated AuthorizationDecision Elements 
Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 14:32:49 -06:00
Josh Cummings d3e9e3138d Remove AntPath and MvcRequestMatcher 
Closes gh-16886
Closes gh-16887
 2025-07-03 13:37:50 -06:00