Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,637 Commits 54 Branches 379 Tags
d76fb7f2e621fe127e052b0e0e591ed38a49dd66
Commit Graph

1999 Commits

Author SHA1 Message Date
Josh Cummings d76fb7f2e6 Polish WebAttributes ApplicationContext Support 
Closes gh-8843

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-20 16:44:40 -06:00
Josh Cummings 8dcaa6dfcb Polish Documentation 
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-10 07:57:43 -06:00
Andrey Litvitski d1ce69ca99 Specify charset in WWW-Authenticate for Basic Auth 
In this commit, we add support for the charset from RFC-7617, which
definitely solves the problem when the client does not know what charset
we are parsing with.

Closes: gh-18755

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-10 07:57:43 -06:00
Robert Winch 7ab3087692 Merge Fix CookieRequestCache parameters 2026-03-09 14:17:07 -05:00
Robert Winch 3110c9074f Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B 07bfe371b4 Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00
Robert Winch 0bb697c4a7 Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:32:59 -06:00
Robert Winch fb84e24893 HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
Robert Winch 9cc3161055 Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:51:53 -06:00
Robert Winch 6898de8003 Merge Add Missing OnCommitedResponseWrapper Header Overrides 2026-02-24 19:49:38 -06:00
Robert Winch 1dae9aa459 Add Missing OnCommitedResponseWrapper Header Overrides 
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.

Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.

This issue is the underlying problem for spring-projects/spring-framework#36381

Closes gh-18797
 2026-02-24 19:46:29 -06:00
Robert Winch d31ca7a758 Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null) 
Closes gh-18357
 2026-02-24 10:06:04 -06:00
Rob Winch 4d0627e6c0 Merge pull request #18721 from coehgns/main 
Add tests for PathPatternRequestMatcher request path caching
 2026-02-23 11:58:27 -06:00
Josh Long 2dd2863550 aot improvements 
Signed-off-by: Josh Long <54473+joshlong@users.noreply.github.com>
 2026-02-20 17:28:35 -06:00
Minu Kim 18068c9099 fix compile warning in spring-security-test 
Signed-off-by: Minu Kim <kmw106933@naver.com>
 2026-02-19 14:26:20 -06:00
Robert Winch cc6a005aa5 Add InetAddressMatcher 
Co-authored-by: Gábor Vaspöri <gabor.vaspori@gmail.com>
Co-authored-by: Kian Jamali <kianjamali123@gmail.com>
Co-authored-by: Rossen Stoyanchev <rstoyanchev@users.noreply.github.com>
 2026-02-19 11:44:19 -06:00
Tran Ngoc Nhan dbf7f4cfe5 Remove unused @Nullable 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-19 10:56:54 -06:00
Tran Ngoc Nhan dc8ed8b168 Fix checkstyle 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 17933ddab3 Resolve feedback 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 9323775c5f Update javadoc and apply StringUtils#hasLength 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 4cc5f543ab Add author 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 67bc1d8d4a Polish some methods 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 17b5cdde55 Remove redundant check and exception 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Tran Ngoc Nhan 21bef947b0 Use String#isEmpty 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-17 16:59:55 -07:00
Andrey Litvitski 6fcca39500 Mark CsrfTokenRequestAttributeHandler#setCsrfRequestAttributeName as Nullable 
Closes: gh-18617

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-02-17 16:57:15 -07:00
coehgns 0d3a5d210a Add tests for PathPatternRequestMatcher path caching 
Verify parsed request path is cleared when matcher parses it, and preserved when already present.

Signed-off-by: coehgns <modooboiroo@gmail.com>
 2026-02-12 11:13:02 +09:00
Robert Winch ea8bd1a01d Merge branch '7.0.x' 
Closes gh-18595
 2026-01-26 12:17:24 -06:00
Robert Winch 6dd6e8ebb1 Merge branch '6.5.x' into 7.0.x 
Closes gh-18235
 2026-01-26 12:06:19 -06:00
Garvit Joshi edd82ba82c gh-18234: Create SHA-1 MessageDigest for every new check request 
Signed-off-by: Garvit Joshi <garvitjoshi9@gmail.com>
 2026-01-26 11:06:25 -06:00
Robert Winch d7fbf3673a Fix consistency with Nullability Usage 
Issue gh-18564
 2026-01-23 10:42:53 -06:00
Robert Winch 9f8ac34c3b Remove @NullUnmarked 
Closes gh-18491
 2026-01-21 14:11:25 -06:00
Soumik Sarker 3f66d8b770 Fix format 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Soumik Sarker ea26031a4d Fix format 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Soumik Sarker b1d98491cf Removed nullUnmarked annotation from observability web classes 
Fixes #17815

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2026-01-21 14:11:25 -06:00
Robert Winch 0993e5735e Add missing @NullMarked 
Closes gh-18514
 2026-01-16 14:53:16 -06:00
Robert Winch 048b6bdd88 Update to JDK 25 (release = 17) 
This commit updates the build to use JDK 25 while remaining compatable with JDK 17.

Note that we must update our JAAS related tests to use release=25 due to the disabling of
the Security Manager. See
https://docs.oracle.com/en/java/javase/25/security/security-manager-is-permanently-disabled.html

Closes gh-18512
 2026-01-16 11:25:59 -06:00
Josh Cummings 3336f5f2ec Merge branch '7.0.x' 2026-01-14 14:47:31 -07:00
Josh Cummings d2ed8321b4 Merge branch '6.5.x' into 7.0.x 2026-01-14 14:46:36 -07:00
Guillaume Husta dd1f097131 Add @FunctionalInterface to RequestMatcher 
Add `@FunctionalInterface` to `RequestMatcher`.

According to the documentation, it is a FunctionalInterface.

See: https://docs.spring.io/spring-security/reference/6.5/servlet/authorization/authorize-http-requests.html#match-by-custom

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:45:22 -07:00
Robert Winch ec06f08bb6 Merge branch '7.0.x' 2026-01-12 13:38:52 -06:00
Andrey Litvitski 13f6286e04 Use DefaultParameterNameDiscoverer#getSharedInstance 
Closes: gh-18330

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-01-12 13:37:32 -06:00
rigu1 0a6883c586 Fix Javadoc warnings in spring-security-web 
* Use <code> tags for external references in DelegatingMissingAuthorityAccessDeniedHandler and SwitchUserWebFilter
* Fix typo in SessionAuthenticationException
* Apply javadoc-warnings-error plugin

Closes gh-18468

Signed-off-by: rigu1 <dlsrbtla@gmail.com>
 2026-01-12 13:24:47 -06:00
Tran Ngoc Nhan d20c88ecef Format code 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Tran Ngoc Nhan 79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
Soumik Sarker 244b5a16be Added test scope for NPE in RequestMethod 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-12-01 18:06:42 -06:00
Josh Cummings 5662e17370 Add Nullable Annotations 
Added Nullable to methods that may return a null value

Closes gh-18046
 2025-11-04 15:08:12 -07:00
Rob Winch aaf738f7ac MFA is now Opt In 
This commit ensures that MFA is only performed when users opt in. By
doing so, we allow users to decide if they will opt into the semantics
of merging two Authentication instances.

Closes gh-18126
 2025-11-03 22:42:27 -06:00
Rob Winch ccd39a23c9 Only perform MFA if Authentication.getName() is the same 
Closes gh-18112
 2025-11-03 22:42:27 -06:00
Josh Cummings 793820acfa Remove Authority Copying From Reactive 
We will re-address this when adding factors to
ReactiveAuthenticationManager implementations.

Issue gh-2603
 2025-11-03 13:31:30 -07:00
Josh Cummings fb701e4615 Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 17:10:05 -06:00