Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,327 Commits 54 Branches 379 Tags
7.0.5
Commit Graph

20327 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot] 03a5de1955 Update Antora Spring UI to v0.4.26 2026-03-13 17:45:05 +00:00
dependabot[bot] 91167adaa8 Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:09:24 +00:00
dependabot[bot] 06cbea383e Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 
Bumps org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:07:50 +00:00
Andrey Litvitski e250236279 Read relayState from authenticationRequest 
Closes gh-18243

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-12 10:30:11 -06:00
Josh Cummings 5b4fc73878 Merge branch '6.5.x' into 7.0.x 2026-03-11 16:46:51 -06:00
Josh Cummings ef76ba040d Require non-null authenticationRequest 
Closes gh-18880

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-11 16:45:23 -06:00
dependabot[bot] 763a8d4691 Bump io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2025.0.3 to 2025.0.4.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2025.0.3...2025.0.4)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2025.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 03:08:26 +00:00
dependabot[bot] d69af716c8 Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2024.0.15 to 2024.0.16.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2024.0.15...2024.0.16)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2024.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 03:06:57 +00:00
Joe Grandja 1906075b0c OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter 
Closes gh-18873
 2026-03-10 15:32:24 -04:00
Ronny Perinke e8e0da1ec6 Add Null Guard for Setting ReactiveUserDetailsPasswordService 
This use case specifically arises when using `ReactiveUserDetailsService`
without `ReactiveUserDetailsPasswordService`.

Closes gh-17986

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
 2026-03-09 17:12:59 -06:00
Rob Winch 2f81d2d99e Merge Fix spring-security-webauthn dependency in passkeys documentation 2026-03-09 15:39:54 -04:00
Rob Winch 6cf4a5eed9 Merge Fix CookieRequestCache parameters 2026-03-09 15:30:46 -04:00
Robert Winch 26937bf06c Remove unnecessary webauthn4j dependency 2026-03-09 14:25:08 -05:00
Rob Winch 7e37aa2b75 Merge Fix CookieRequestCache parameters 2026-03-09 15:25:05 -04:00
Tran Ngoc Nhan 8e8e1a80a9 Add Passkeys webauthn in example 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-03-09 14:23:14 -05:00
Robert Winch 3110c9074f Merge Fix CookieRequestCache parameters 2026-03-09 14:11:27 -05:00
Vishnutheep B 07bfe371b4 Fix CookieRequestCache parameters 
Previously the parameters were not restored.

This commit ensures the parameters are restored.

Closes gh-18204

Signed-off-by: Vishnutheep B <vishnutheep@gmail.com>
 2026-03-09 14:10:30 -05:00
Robert Winch c29775a79e Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:42 -05:00
Robert Winch bc96812461 Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 2026-03-09 09:58:37 -05:00
Robert Winch 7d9c2ce9d7 Merge branch '6.5.x' into 7.0.x 2026-03-09 09:58:22 -05:00
Robert Winch e12edf43f2 Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 2026-03-09 09:58:04 -05:00
dependabot[bot] ca6dccf8d7 Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:13:40 +00:00
dependabot[bot] a499e56b9b Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 
Bumps org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 03:09:41 +00:00
dependabot[bot] 8c3f6ea0d4 Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:07 +00:00
dependabot[bot] 40682415ba Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 00:37:05 +00:00
Josh Cummings 9893048ec9 Merge branch '6.5.x' into 7.0.x 2026-03-03 18:51:53 -07:00
Josh Cummings e17d85e460 Add IDE Setup Documentation 
Issue gh-17833

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-03-03 18:51:32 -07:00
Andrey Litvitski 4f97217f68 Refine upgradeEncoding condition in DaoAuthenticationProvider 
After adding jspecify support in the module that contains the
DaoAuthenticationProvider class, we actually changed the contract logic,
which is a good thing, and this commit fixes it.

Closes: gh-18781

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 18:18:13 -07:00
Josh Cummings fdaa883fb7 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 18:17:08 -07:00
dependabot[bot] f12036db05 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 18:16:39 -07:00
dependabot[bot] fbd9880a33 Bump actions/upload-artifact from 6.0.0 to 7.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:48:29 -07:00
Josh Cummings 5e38c2aa88 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-03-03 17:47:40 -07:00
dependabot[bot] 7b5c502a97 Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.43.Final to 6.6.44.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.44/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.43...6.6.44)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.44.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 17:47:07 -07:00
Andrey Litvitski 57434fc597 Update RestTemplateBuilder usage in opaque-token.adoc 
We just now use a new form instead of the deprecate one.

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2026-03-03 16:48:22 -07:00
Josh Cummings 20a7f96062 Merge branch '6.5.x' into 7.0.x 2026-03-03 16:44:12 -07:00
HaiYan 706b059ea8 Update logout.adoc 
Directives should be Directive

Signed-off-by: HaiYan <haiyan_qi@hotmail.com>
 2026-03-03 16:43:18 -07:00
dependabot[bot] 7c49e0b457 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.31.1.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:52:30 -07:00
Rob Winch 04b270a0a3 Merge Fix Flaky Crypto Tests 
Forward merge gh-18841
 2026-03-03 16:02:33 -06:00
Rob Winch ea3b112bea Fix Flaky Crypto Tests 2026-03-03 15:58:17 -06:00
Robert Winch 17776e4738 Merge Fix Flaky Crypto Tests 2026-03-03 15:26:53 -06:00
Robert Winch 1261c229a3 Fix Flaky Crypto Tests 
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.

This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
 2026-03-03 14:52:28 -06:00
Rob Winch 9ce2d76508 Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 2026-03-02 11:48:14 -06:00
Robert Winch fb84e24893 HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3 
Closes gh-18804
 2026-03-02 11:31:52 -06:00
Josh Cummings 1575610d49 Add Tests 
Issue gh-18486

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 17:10:55 -07:00
Michael Lück 3a14745d92 Delegate calls of hasAuthority to AuthorizationManager#hasAuthority 
Closes gh-18486

Signed-off-by: Michael Lück <michael@lueckonline.net>
 2026-02-26 17:10:55 -07:00
Josh Cummings c29af014f4 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-26 17:10:16 -07:00
Josh Cummings 4501ae7d1c Update Reactive Resource Server startup exceptations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
Josh Cummings 48112d3d74 Polish Resource Server startup expectations 
Issue gh-16708

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-26 16:56:22 -07:00
[CLOUD4] 한현 b8735abb63 Clarify Resource Server startup expectations 
Clarify that Spring Boot defers OIDC discovery by default.

Closes gh-16708

Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
 2026-02-26 16:56:22 -07:00
Tran Ngoc Nhan 7c3c8bbdcb Update Remember-Me example 
Closes gh-18639

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-26 15:28:32 -07:00