eeb4574bb3
Add AuthorizationManagerFactory
...
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com >
2025-09-09 15:36:49 -05:00
a4f813ab29
Support Multiple ServerLogoutHandlers
...
This commit adds support to ServerHttpSecurity for registering
multiple ServerLogoutHandlers. This is handy so that an application
does not need to re-supply any handlers already configured by
the DSL.
Signed-off-by: blake_bauman <blake_bauman@apple.com >
2025-09-05 11:47:54 -06:00
686f8398dd
Merge branch '6.5.x'
2025-09-04 22:40:45 -05:00
653f22d4a1
Merge branch '6.4.x' into 6.5.x
2025-09-04 22:40:08 -05:00
f54c293078
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9
2025-09-04 22:39:33 -05:00
34fccf45c2
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE
2025-09-04 22:39:31 -05:00
f840ee06eb
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final
2025-09-04 22:39:29 -05:00
8429c23108
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10
2025-09-04 22:38:50 -05:00
97f3567702
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final
2025-09-04 22:38:46 -05:00
2cfdcb9d95
Bump org-opensaml5 from 5.1.5 to 5.1.6
...
Bumps `org-opensaml5` from 5.1.5 to 5.1.6.
Updates `org.opensaml:opensaml-saml-api` from 5.1.5 to 5.1.6
Updates `org.opensaml:opensaml-saml-impl` from 5.1.5 to 5.1.6
---
updated-dependencies:
- dependency-name: org.opensaml:opensaml-saml-api
dependency-version: 5.1.6
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.opensaml:opensaml-saml-impl
dependency-version: 5.1.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-04 22:37:50 -05:00
3c344ff491
Bump com.webauthn4j:webauthn4j-core
...
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j ) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases )
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml )
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE )
---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
dependency-version: 0.29.6.RELEASE
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-04 22:37:36 -05:00
f30cc9c5a9
Update to PropertySourcesPlaceholderConfigurer
...
This commit replaces deprecated usage of PropertyPlaceholderConfigurer
in favor of PropertySourcesPlaceholderConfigurer
2025-09-04 11:32:04 -06:00
c64b086878
Add SecurityAssertions
...
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.
Closes gh-17844
2025-09-03 17:53:42 -06:00
de10e08348
Make withRoles Check Only Roles
...
This commit clarifies the semantics of withRoles,
which is to check the role-based authorities in an
authentication.
Closes gh-17843
2025-09-03 17:53:41 -06:00
bd119ac411
Implement Equals and HashCode
...
Internally, RequestMatcher is sometimes used as a key to a
HashMap. Accordingly, each implementation should implement
equals and hashCode.
Closes gh-17842
2025-09-03 17:48:50 -06:00
24ffda28d8
Fixes for webauthn tests after JSpecify
...
Issue gh-17839
2025-09-03 14:44:58 -05:00
6a84f96930
Enable Null checking in spring-security-test via JSpecify
...
Closes gh-17840
2025-09-03 12:59:46 -05:00
194be8ffb6
Checkstyle fixes for webauthn JSpecify
...
Issue gh-17839
2025-09-03 12:58:27 -05:00
47b4b155da
Add security-nullability to webauthn
...
Issue gh-17839
2025-09-03 12:17:56 -05:00
0a991a91ce
Enable Null checking in spring-security-webauthn via JSpecify
...
Closes gh-17839
2025-09-03 12:06:53 -05:00
d2e934ca54
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.28.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.26.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.28 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.28.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-03 00:33:27 +00:00
fee4d08de3
Bump com.webauthn4j:webauthn4j-core
...
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j ) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases )
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml )
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE )
---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
dependency-version: 0.29.6.RELEASE
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-02 23:19:43 +00:00
3dbcf266e9
Merge branch '6.5.x'
2025-09-02 16:45:30 -06:00
eeb67650ee
Deprecate RequiresChannelDsl
...
Issue gh-16680
2025-09-02 16:41:39 -06:00
b4fc01194f
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.28.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.23.Final to 6.6.28.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.28/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.28 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.28.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-02 22:32:54 +00:00
3534b74945
Replace InteractiveAuthenticationSuccessEvent 7.0.x Sample
...
Given that 7e3bf9662c
2025-09-02 14:18:25 -06:00
dc0ab4c805
Merge branch '6.5.x'
2025-09-02 14:15:20 -06:00
c982753d46
Replace InteractiveAuthenticationSuccessEvent 6.5.x Sample
...
Given that 7e3bf9662c
2025-09-02 14:14:13 -06:00
910df479be
Provider Default Timeouts For JWK Retrieval
...
Issue gh-14269
Signed-off-by: Fridolin Jackstadt <fridolin.jackstadt@unic.com >
2025-09-02 08:51:10 -06:00
9866435946
Fix security-nullability plugin in taglibs
...
Issue gh-17828
2025-08-30 20:44:29 -05:00
5370f1190f
Enable Null checking in spring-security-taglibs via JSpecify
...
Closes gh-17828
2025-08-30 20:40:34 -05:00
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator
...
Issue gh-17535
2025-08-30 20:38:58 -05:00
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify
...
Closes gh-16882
2025-08-30 20:04:32 -05:00
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify
...
Closes gh-16882
2025-08-30 11:22:30 -05:00
0ff9f10696
Merge branch '6.4.x' into 6.5.x
2025-08-30 10:00:45 -06:00
7e3bf9662c
Polish InteractiveAuthenticationSuccessEvent Sample
...
The sample better matches a value that would be used in the constructor
Issue gh-16276
2025-08-30 10:00:24 -06:00
be64c67af5
Enable Null checking in spring-security-web via JSpecify
...
Closes gh-16882
2025-08-29 16:17:49 -05:00
a58f3282d9
Fix config/src/test/kotlin nullability for web
...
Issue gh-17535
2025-08-29 15:46:08 -05:00
c2ba662b91
Enable Null checking in spring-security-web via JSpecify
...
Closes gh-17535
2025-08-29 15:06:48 -05:00
49f308adb0
Use Supplier<? extends @Nullable Authentication>
...
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.
Closes gh-17814
2025-08-29 09:46:58 -05:00
4cbe8de7ea
Polish RSocket Anonymous Support
...
Changed the DSL method name to anonymous to align with jwt.
Since basicAuthenication is deprecated, we don't need to
align with its naming convention.
Also added a since attribute to the method.
Issue gh-17132
2025-08-26 17:33:40 -06:00
559b73b39f
Add Disabling Anonymous Authentication in RSocketSecurity
...
Closes: gh-17132
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
1
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
1
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2025-08-26 17:33:40 -06:00
3278f3a410
Add discoverJwsAlgorithms() in NimbusJwtDecoder
...
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2025-08-26 17:07:47 -06:00
36f1de945f
Add OneTimeTokenAuthentication
...
Closes gh-17799
2025-08-22 15:46:54 -06:00
6663eea65f
Polish OTT Tests
...
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.
Issue gh-17799
2025-08-22 15:46:53 -06:00
89b2f9cf54
Improve Test Runnability in IDE
...
In some configurations, Configuration classes with static elements
may cause a test to hang. This commit changes JeeConfigurerTests
test configuration classes to use mock beans instead of referencing
them as static fields.
2025-08-22 15:46:53 -06:00
0e39685b9c
Merge branch '6.5.x'
2025-08-22 12:40:41 -06:00
9d64880ea9
Merge branch '6.4.x' into 6.5.x
2025-08-22 12:40:12 -06:00
8b2a453301
Advise Favoring PostAuthorize on Reads
...
Closes gh-17797
2025-08-22 12:39:51 -06:00
d1962201b5
Merge branch '6.5.x'
2025-08-22 11:07:59 -06:00
Steve Riesenberg