Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,674 Commits 54 Branches 379 Tags
fc795a81d43c08b0e75570eb7da9004e2d9bd311
Commit Graph

19674 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Grandja fc795a81d4 PAR uses requested scopes on consent 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
 2025-10-17 16:14:31 -04:00
Josh Cummings 4bc319883b Address Nullability 2025-10-17 14:03:15 -06:00
dependabot[bot] cb7a6292b7 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.5...v0.0.6)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 14:03:15 -06:00
Josh Cummings bbf6a4e786 Merge branch '6.5.x' 2025-10-17 13:50:05 -06:00
Josh Cummings ba2619cb8a Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-10-17 13:49:54 -06:00
dependabot[bot] 43c53c3b78 Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:50 -06:00
dependabot[bot] b1e16cd147 Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:30 -06:00
dependabot[bot] 9961e6d56c Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:48:13 -06:00
dependabot[bot] cbad2ff5ca Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:47:56 -06:00
dependabot[bot] 63c8b0faa3 Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.13 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.15)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-17 13:46:16 -06:00
Josh Cummings a435175723 Clean Up Generic Typing in Builder 
Issue gh-17997
 2025-10-17 11:13:00 -06:00
Joe Grandja 4b810a8971 Disallow usage of the openid scope in device authorization requests 
Issue https://github.com/spring-projects/spring-authorization-server/pull/2177
 2025-10-17 11:41:30 -04:00
Joe Grandja 0d261e9c32 Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18060
 2025-10-16 16:29:52 -04:00
Josh Cummings c5e141ad07 Change JavaDoc to FactorGrantedAuthority 
Issue gh-18030
 2025-10-16 14:00:43 -06:00
Josh Cummings ba42b9c4cc Update Documentation for All-Factor Propagation 
Issue gh-18000
 2025-10-16 13:41:46 -06:00
Josh Cummings b1a50a25b6 Check If toBuilder Is Implemented 
Since RC1 is right around the corner, let's change the API
footprint as little as possible by using reflection to check
if a class has declared toBuilder themselves. If they have, we
can assume that that class's builder will produce that class.

Issue gh-18052
 2025-10-16 13:41:45 -06:00
Josh Cummings 4281f6b00b Prevent Duplicate Authorities 
Issue gh-17981
 2025-10-16 13:41:45 -06:00
Josh Cummings 0fcef6dca2 Add Missing Mock Configuration 2025-10-16 13:41:45 -06:00
Josh Cummings 2e7cdd7b14 Revert "Merge branch 'builder-enhancements'" 
This reverts commit 95644fb73c, reversing
changes made to fbf7bb3be1.

Reverting this commit will allow us more time to
consider the ideal way to add this support to the public API.
 2025-10-16 13:41:45 -06:00
Josh Cummings cefc0cddec Propagate All Missing Factors 
Closes gh-18000
 2025-10-16 13:41:45 -06:00
Joe Grandja af1de950ae Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService 
Closes gh-18057
 2025-10-16 15:12:10 -04:00
Joe Grandja 7f29585df4 Remove OidcUserService.setAccessibleScopes() 
Closes gh-18056
 2025-10-16 15:12:10 -04:00
Rob Winch 2eb5da3764 Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE 
The member is public, so we need to deprecate it rather than remove it.

Issue gh-18035

Closes gh-18058
 2025-10-16 14:03:19 -05:00
Tran Ngoc Nhan f5d33457dc Fix-typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-10-16 14:03:19 -05:00
parthokr 938a5a7c77 Fix typo in AuthenticationProvider Javadoc 
Signed-off-by: parthokr <partho.kr@proton.me>
 2025-10-16 13:54:00 -05:00
dependabot[bot] f03213383e Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-16 12:54:46 -05:00
Rob Winch fc2b1f9923 Merge branch '6.5.x' 2025-10-16 12:53:33 -05:00
Rob Winch dee33b5337 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:52:50 -05:00
Rob Winch 9f936015ff Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 2025-10-16 12:52:46 -05:00
Rob Winch 79dfbe14c2 Merge branch '6.4.x' into 6.5.x 2025-10-16 12:52:34 -05:00
Rob Winch b75f2582c4 Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 2025-10-16 12:51:41 -05:00
Joe Grandja 67c3ceb611 Fix NullAway error 
Related https://github.com/spring-projects/spring-framework/pull/35629
 2025-10-15 14:53:06 -04:00
Josh Cummings 95644fb73c Merge branch 'builder-enhancements' 
Issue gh-18052
Issue gh-18053
 2025-10-15 12:02:41 -06:00
Josh Cummings 21ff7688cc Move Builder to Authentication 
Leaving the Builder in Authentication allows
authentication implementations to implement Builder
without needing to implement BuildableAuthentication.

Issue gh-18052
 2025-10-15 12:01:11 -06:00
Josh Cummings 4102007119 Add Builder#authentication 
This commit consolidates logic common to applying one
authenticaiton to another. Specifically, it will copy the
authorities in one authentication into the builder instance
of another.

Closes gh-18053
 2025-10-15 12:01:11 -06:00
Josh Cummings e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Joe Grandja fbf7bb3be1 Allow OAuth2AuthorizationRequest to be extended 
Closes gh-18049
 2025-10-14 16:34:59 -04:00
Ivan Golovko 979ac7c336 Remove cache from (Reactive)OidcIdTokenDecoderFactory 
Closes gh-16647

Signed-off-by: iigolovko <iigolovko@ginc-it.ru>
 2025-10-14 11:24:54 -04:00
dependabot[bot] 90a1c2c15d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:20:40 +00:00
dependabot[bot] 978459bd1d Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 03:15:43 +00:00
Rob Winch 2af57c40ef Update to JUnit 6.0.0 
To do this, we also need Spring Framework 7.0.0-SNAPSHOTs

Closes gh-18040
 2025-10-13 11:16:56 -05:00
Rob Winch b864be92d8 Update to Reactor 2025.0.0-SNAPSHOT 
To prepare for the release we should update to Reactor
2025.0.0-SNAPSHOT to fix any issues that are present.

Closes gh-18041
 2025-10-13 11:16:27 -05:00
Rob Winch 4b6c9cca7e Enable SNAPSHOT builds 
To use Reactor SNAPSHOTs in gh-18041 we need to enable the
snapshot repositories.

Issue gh-18041
 2025-10-13 11:15:53 -05:00
dependabot[bot] 73690a928b Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:27:33 +00:00
dependabot[bot] 7cc9d2849e Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.33.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:16:24 +00:00
Rob Winch 78701f94ee Document RequiredFactor Valid Duration 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch 2b4e36c67f Add RequiredFactor.Builder.<factor-name>Authority() 
Closes gh-18033
 2025-10-10 16:24:47 -05:00
Rob Winch 702878acae Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch 488e55032e AllFactorsAuthorizationManager->AllRequiredFactorsAuthorizationManager 
This allows the authorization logic to be relaxed so that if RequiredFactor
only has an authority specified, then the GrantedAuthority can be of any
type.

Closes gh-18031
 2025-10-10 16:24:47 -05:00
Rob Winch d18431a78d Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00