1
0
mirror of synced 2026-07-12 06:10:02 +00:00

Compare commits

...

130 Commits

Author SHA1 Message Date
github-actions[bot] 182cbbbbb7 Release 6.2.6 2024-08-19 18:22:43 +00:00
Daniel Garnier-Moiroux b92ed92548 Fix checkstyle errors with @Deprecated 2024-08-19 10:55:28 -03:00
Daniel Garnier-Moiroux 79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-19 09:11:05 -03:00
dependabot[bot] 6118ef696f Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9
Bumps [org.apache.maven:maven-resolver-provider](https://github.com/apache/maven) from 3.9.8 to 3.9.9.
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.8...maven-3.9.9)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 20:45:35 -07:00
dependabot[bot] 23d8601db1 Bump org.springframework.data:spring-data-bom from 2023.1.8 to 2023.1.9
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2023.1.8 to 2023.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2023.1.8...2023.1.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 20:45:12 -07:00
dependabot[bot] f10a9b8b33 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:43:42 -07:00
dependabot[bot] 2923bc161d Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.1 to 1.14.2.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.1...v1.14.2)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:43:29 -07:00
github-actions[bot] cedd068851 Merge branch '5.8.x' into 6.2.x 2024-08-19 00:35:55 +00:00
dependabot[bot] 6b69edb9a7 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:35:26 -07:00
dependabot[bot] 0ba26176db Bump @springio/antora-extensions from 1.13.1 to 1.14.2 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.1 to 1.14.2.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.1...v1.14.2)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-18 17:35:04 -07:00
dependabot[bot] e4b38bbfab Bump org.springframework.ldap:spring-ldap-core from 3.2.4 to 3.2.6
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.4 to 3.2.6.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.4...3.2.6)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-15 20:53:26 -07:00
github-actions[bot] 62d5c61cfa Merge branch '5.8.x' into 6.2.x 2024-08-15 03:33:53 +00:00
dependabot[bot] 85775fe794 Bump org.springframework:spring-framework-bom from 5.3.37 to 5.3.39
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 5.3.37 to 5.3.39.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.37...v5.3.39)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-14 20:33:05 -07:00
dependabot[bot] 1b8607b5e3 Bump org.springframework:spring-framework-bom from 6.1.11 to 6.1.12
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.11 to 6.1.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.11...v6.1.12)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-14 20:27:45 -07:00
github-actions[bot] 5102098b9e Merge branch '5.8.x' into 6.2.x 2024-08-14 04:22:18 +00:00
dependabot[bot] 1ca53164ee Bump io.projectreactor.netty:reactor-netty from 1.0.47 to 1.0.48
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.0.47 to 1.0.48.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.0.47...v1.0.48)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 21:21:27 -07:00
github-actions[bot] a5ab4e32ef Merge branch '5.8.x' into 6.2.x 2024-08-14 04:06:49 +00:00
dependabot[bot] 47a521ca26 Bump io.projectreactor:reactor-bom from 2020.0.46 to 2020.0.47
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2020.0.46 to 2020.0.47.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2020.0.46...2020.0.47)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 21:06:03 -07:00
dependabot[bot] 4da172be00 Bump io.projectreactor:reactor-bom from 2023.0.8 to 2023.0.9
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.8 to 2023.0.9.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.8...2023.0.9)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 20:54:31 -07:00
dependabot[bot] 86fc752afa Bump io.micrometer:micrometer-observation from 1.12.8 to 1.12.9
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.12.8 to 1.12.9.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.12.8...v1.12.9)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-12 21:06:10 -07:00
dependabot[bot] 4e84e9f1ba Bump jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
Bumps [jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api](https://github.com/eclipse-ee4j/jstl-api) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/eclipse-ee4j/jstl-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jstl-api/commits)

---
updated-dependencies:
- dependency-name: jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-12 20:58:58 -07:00
dependabot[bot] ccc36f967d Bump org.slf4j:slf4j-api from 2.0.15 to 2.0.16
Bumps org.slf4j:slf4j-api from 2.0.15 to 2.0.16.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 20:31:19 -07:00
dependabot[bot] 0c931afa6a Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.0 to 1.13.1.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:35:20 -07:00
dependabot[bot] d2c430b752 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:34:50 -07:00
github-actions[bot] 4887eff69e Merge branch '5.8.x' into 6.2.x 2024-08-12 00:30:23 +00:00
dependabot[bot] 751c6a762a Bump @springio/antora-extensions from 1.13.0 to 1.13.1 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.13.0 to 1.13.1.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:30:01 -07:00
dependabot[bot] 7d7b59bea4 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-11 17:29:17 -07:00
Steve Riesenberg 5be8322f7a Merge branch '5.8.x' into 6.2.x
# Conflicts:
#	.github/workflows/continuous-integration-workflow.yml
#	.github/workflows/update-scheduled-release-version.yml
2024-08-09 10:48:08 -05:00
Steve Riesenberg 7149622efd Revert "Migrate slack notifications to GChat"
This reverts commits:
- 5d335ccf8d
- a5b1dec99a
2024-08-09 10:39:34 -05:00
dependabot[bot] 41bec3c838 Bump org.slf4j:slf4j-api from 2.0.14 to 2.0.15
Bumps org.slf4j:slf4j-api from 2.0.14 to 2.0.15.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-08 20:26:02 -07:00
dependabot[bot] 1490061bc1 Bump org-apache-maven-resolver from 1.9.21 to 1.9.22
Bumps `org-apache-maven-resolver` from 1.9.21 to 1.9.22.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.21 to 1.9.22
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.21...maven-resolver-1.9.22)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.21 to 1.9.22
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.21...maven-resolver-1.9.22)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.21 to 1.9.22

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-08 20:24:34 -07:00
dependabot[bot] f1bcdd2a41 Bump org.slf4j:slf4j-api from 2.0.13 to 2.0.14
Bumps org.slf4j:slf4j-api from 2.0.13 to 2.0.14.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-06 20:23:55 -07:00
github-actions[bot] 1b708a1aec Merge branch '5.8.x' into 6.2.x 2024-08-05 01:29:19 +00:00
dependabot[bot] e9e0ec89fb Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.12.0 to 1.13.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 18:28:27 -07:00
github-actions[bot] 154a540682 Merge branch '5.8.x' into 6.2.x 2024-08-05 01:14:00 +00:00
dependabot[bot] 596c5f9b0c Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.11 to 1.0.0-alpha.12.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.11...v1.0.0-alpha.12)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 18:13:16 -07:00
dependabot[bot] a6c4031b6b Bump @springio/antora-extensions from 1.12.0 to 1.13.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.12.0 to 1.13.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 17:40:29 -07:00
dependabot[bot] 64b938ad80 Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.11 to 1.0.0-alpha.12.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.11...v1.0.0-alpha.12)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-04 17:31:57 -07:00
Steve Riesenberg d2ebde2418 Revert merged file
Issue gh-15503
2024-07-31 17:04:09 -05:00
Steve Riesenberg 5895f19a73 Merge branch '5.8.x' into 6.2.x 2024-07-31 17:00:07 -05:00
Steve Riesenberg 5d335ccf8d Fix job dependencies
Issue gh-15503
2024-07-31 16:59:35 -05:00
Josh Cummings 8d43f1bd7d Merge branch '5.8.x' into 6.2.x 2024-07-31 15:48:44 -06:00
Josh Cummings 5cdcdc9bcb Suppress Node Files From Nohttp Analysis
Given that we have no control over the contents of
third-party code, it isn't helpful to have nohttp
generate errors for the usage of http:// in that code.
2024-07-31 15:48:28 -06:00
Steve Riesenberg dae2674dbe Merge branch '5.8.x' into 6.2.x
Closes gh-15504
2024-07-31 15:42:08 -05:00
Steve Riesenberg a5b1dec99a Migrate slack notifications to GChat
Closes gh-15503
2024-07-31 14:59:04 -05:00
Josh Cummings e51507e32d Polish Inline Code Formatting 2024-07-29 14:08:01 -07:00
Junhyunny bfee6927c2 Correct Explanation for HttpSessionCsrfTokenRepository 2024-07-29 14:08:01 -07:00
Josh Cummings 9a83986b91 Merge branch '5.8.x' into 6.2.x
Closes gh-15494
2024-07-29 15:04:49 -06:00
Roman Zabaluev ea2ec04633 Clarify url Parameter Usage in AD Provider
Closes gh-7760
2024-07-29 14:04:13 -07:00
baezzys 3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
2024-07-29 14:55:55 -03:00
dependabot[bot] 0190763a02 Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.5 to 3.2.0-alpha.6.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.5...v3.2.0-alpha.6)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 18:06:53 -07:00
dependabot[bot] f27d7d28f4 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 18:06:45 -07:00
github-actions[bot] aeec67e8cb Merge branch '5.8.x' into 6.2.x 2024-07-29 00:40:15 +00:00
github-actions[bot] cf8c6cd051 Merge branch '5.8.x' into 6.2.x 2024-07-29 00:39:21 +00:00
dependabot[bot] c6bc1ec969 Bump antora from 3.2.0-alpha.5 to 3.2.0-alpha.6 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.5 to 3.2.0-alpha.6.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.5...v3.2.0-alpha.6)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 17:39:11 -07:00
dependabot[bot] 9ac5ee9bdb Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-28 17:38:32 -07:00
Marcus Hert Da Coregio 82c77adacd Merge branch '5.8.x' into 6.2.x 2024-07-26 10:25:38 -03:00
Marcus Hert Da Coregio 31babecfbd Only Merge PRs from Original Repository 2024-07-26 10:25:30 -03:00
Marcus Hert Da Coregio 8512dab3dc Merge branch '5.8.x' into 6.2.x 2024-07-26 10:19:07 -03:00
Marcus Hert Da Coregio 4c12940304 Change Skip Condition 2024-07-26 10:18:48 -03:00
dependabot[bot] 5089b88db3 Bump com.gradle.develocity from 3.17.5 to 3.17.6
Bumps com.gradle.develocity from 3.17.5 to 3.17.6.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-22 21:06:35 -07:00
github-actions[bot] 52414d3832 Merge branch '5.8.x' into 6.2.x 2024-07-23 03:59:34 +00:00
dependabot[bot] bb3738dbfd Bump com.gradle.develocity from 3.17.5 to 3.17.6
Bumps com.gradle.develocity from 3.17.5 to 3.17.6.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-22 20:58:46 -07:00
Josh Cummings 4406462346 Merge branch '5.8.x' into 6.2.x
Closes gh-15459
2024-07-22 15:34:08 -06:00
Josh Cummings 5c1a108b8b Remove Stray JavaDoc Statement
As of the 5.2 release, a separate registrar bean was no longer necessary

Closes gh-15425
2024-07-22 15:33:57 -06:00
dependabot[bot] 41e140730b Bump org.jetbrains.kotlin:kotlin-bom from 1.9.24 to 1.9.25
Bumps [org.jetbrains.kotlin:kotlin-bom](https://github.com/JetBrains/kotlin) from 1.9.24 to 1.9.25.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.9.25/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.9.24...v1.9.25)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-21 20:19:23 -07:00
dependabot[bot] 93bc82d621 Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.24 to 1.9.25
Bumps [org.jetbrains.kotlin:kotlin-gradle-plugin](https://github.com/JetBrains/kotlin) from 1.9.24 to 1.9.25.
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/v1.9.25/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v1.9.24...v1.9.25)

---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-21 20:18:13 -07:00
github-actions[bot] 06d1c0822c Merge branch '5.8.x' into 6.2.x 2024-07-22 00:43:44 +00:00
dependabot[bot] 1c4a63387b Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-21 17:42:57 -07:00
dependabot[bot] 385011f4b1 Bump @antora/collector-extension in /docs
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-21 17:14:00 -07:00
Josh Cummings 3daeeb8789 Merge branch '5.8.x' into 6.2.x
Closes gh-15439
2024-07-18 15:50:58 -06:00
Josh Cummings dab48d25b0 Improve Error Message When Registration Missing
Closes gh-15363
2024-07-18 15:50:41 -06:00
dependabot[bot] 055090c112 Bump io.mockk:mockk from 1.13.11 to 1.13.12
Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.13.11 to 1.13.12.
- [Release notes](https://github.com/mockk/mockk/releases)
- [Commits](https://github.com/mockk/mockk/compare/1.13.11...1.13.12)

---
updated-dependencies:
- dependency-name: io.mockk:mockk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-15 20:21:01 -07:00
dependabot[bot] be5c072ef2 Bump org.springframework.data:spring-data-bom from 2023.1.7 to 2023.1.8
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2023.1.7 to 2023.1.8.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2023.1.7...2023.1.8)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 20:45:25 -07:00
github-actions[bot] 2ba6562473 Merge branch '5.8.x' into 6.2.x 2024-07-15 01:14:59 +00:00
dependabot[bot] caa325f92e Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.11.1 to 1.12.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.11.1...v1.12.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 18:14:10 -07:00
github-actions[bot] 2b8ae64f49 Merge branch '5.8.x' into 6.2.x 2024-07-15 00:57:13 +00:00
dependabot[bot] 174e3ef356 Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.10 to 1.0.0-alpha.11.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.10...v1.0.0-alpha.11)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 17:56:21 -07:00
dependabot[bot] 43aaa68bb3 Bump @springio/antora-extensions from 1.11.1 to 1.12.0 in /docs
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.11.1 to 1.12.0.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.11.1...v1.12.0)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 17:47:38 -07:00
dependabot[bot] 083c41244c Bump @springio/asciidoctor-extensions in /docs
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.10 to 1.0.0-alpha.11.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.10...v1.0.0-alpha.11)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-14 17:35:52 -07:00
Josh Cummings 7422a1134a Allow logout+jwt JWT type
Closes gh-15003
2024-07-12 10:03:40 -07:00
dependabot[bot] 82b6d0806b Bump org.springframework:spring-framework-bom from 6.1.10 to 6.1.11
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.10 to 6.1.11.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.10...v6.1.11)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-11 21:06:14 -07:00
Josh Cummings e1fdc61360 Merge branch '5.8.x' into 6.2.x 2024-07-10 17:12:43 -06:00
Josh Cummings 32e2735f45 Clarify Valid Metadata Locations 2024-07-10 17:10:49 -06:00
Marcus Hert Da Coregio dff7e83e3f Merge branch '5.8.x' into 6.2.x 2024-07-10 12:48:45 -03:00
Marcus Hert Da Coregio 9cfc9bb8a8 Use in:title
Issue gh-14484
2024-07-10 12:48:39 -03:00
github-actions[bot] e95100a179 Merge branch '5.8.x' into 6.2.x 2024-07-10 04:35:51 +00:00
dependabot[bot] 341f58d411 Bump io.projectreactor:reactor-bom from 2020.0.45 to 2020.0.46
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2020.0.45 to 2020.0.46.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2020.0.45...2020.0.46)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 21:35:04 -07:00
github-actions[bot] 3aac1bcdc8 Merge branch '5.8.x' into 6.2.x 2024-07-10 04:20:16 +00:00
dependabot[bot] c00197bdf5 Bump io.projectreactor.netty:reactor-netty from 1.0.46 to 1.0.47
Bumps [io.projectreactor.netty:reactor-netty](https://github.com/reactor/reactor-netty) from 1.0.46 to 1.0.47.
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](https://github.com/reactor/reactor-netty/compare/v1.0.46...v1.0.47)

---
updated-dependencies:
- dependency-name: io.projectreactor.netty:reactor-netty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 21:19:30 -07:00
dependabot[bot] 902d60d019 Bump io.projectreactor:reactor-bom from 2023.0.7 to 2023.0.8
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.7 to 2023.0.8.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.7...2023.0.8)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 21:13:44 -07:00
Marcus Hert Da Coregio 90ff25337d Merge branch '5.8.x' into 6.2.x 2024-07-09 08:16:48 -03:00
Marcus Hert Da Coregio 01e1813020 Remove single quotes from boolean value
Issue gh-14484
2024-07-09 08:16:06 -03:00
dependabot[bot] b4f3966c79 Bump io.micrometer:micrometer-observation from 1.12.7 to 1.12.8
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.12.7 to 1.12.8.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.12.7...v1.12.8)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-08 21:08:38 -07:00
Seungrae f4cbaaa2dd Fix typos and formatting in documentation
Closes gh-15353
2024-07-08 20:52:06 -06:00
Marcus Hert Da Coregio cd404aaf04 Merge branch '5.8.x' into 6.2.x 2024-07-08 11:09:17 -03:00
Marcus Hert Da Coregio 65c037853e Debug PR event payload
Issue gh-14484
2024-07-08 11:08:36 -03:00
github-actions[bot] a34e24a7c6 Merge branch '5.8.x' into 6.2.x 2024-07-08 04:00:21 +00:00
dependabot[bot] 7fceda4d7b Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.13 to 0.9.14.
- [Commits](https://github.com/spullara/mustache.java/compare/mustache.java-0.9.13...mustache.java-0.9.14)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-07 21:00:11 -07:00
dependabot[bot] 36f31949e0 Bump org-apache-maven-resolver from 1.9.20 to 1.9.21
Bumps `org-apache-maven-resolver` from 1.9.20 to 1.9.21.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.20 to 1.9.21
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.20...maven-resolver-1.9.21)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.20 to 1.9.21
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.20...maven-resolver-1.9.21)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.20 to 1.9.21

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-07 20:59:39 -07:00
dependabot[bot] 05256da801 Bump com.github.spullara.mustache.java:compiler from 0.9.13 to 0.9.14
Bumps [com.github.spullara.mustache.java:compiler](https://github.com/spullara/mustache.java) from 0.9.13 to 0.9.14.
- [Commits](https://github.com/spullara/mustache.java/compare/mustache.java-0.9.13...mustache.java-0.9.14)

---
updated-dependencies:
- dependency-name: com.github.spullara.mustache.java:compiler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-07 20:59:36 -07:00
github-actions[bot] a8fe03dad5 Merge branch '5.8.x' into 6.2.x 2024-07-04 04:09:20 +00:00
dependabot[bot] 2bdb57a8a8 Bump org-eclipse-jetty from 9.4.54.v20240208 to 9.4.55.v20240627
Bumps `org-eclipse-jetty` from 9.4.54.v20240208 to 9.4.55.v20240627.

Updates `org.eclipse.jetty:jetty-server` from 9.4.54.v20240208 to 9.4.55.v20240627

Updates `org.eclipse.jetty:jetty-servlet` from 9.4.54.v20240208 to 9.4.55.v20240627

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-03 21:08:34 -07:00
dependabot[bot] 138daec14c Bump org-eclipse-jetty from 11.0.21 to 11.0.22
Bumps `org-eclipse-jetty` from 11.0.21 to 11.0.22.

Updates `org.eclipse.jetty:jetty-server` from 11.0.21 to 11.0.22

Updates `org.eclipse.jetty:jetty-servlet` from 11.0.21 to 11.0.22

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-servlet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-03 20:32:09 -07:00
Marcus Hert Da Coregio cdb8403ba7 Merge branch '5.8.x' into 6.2.x 2024-07-03 13:48:17 -03:00
Marcus Hert Da Coregio a3095527a0 Label superseded dependabot updates as duplicates
Issue gh-14484
2024-07-03 13:47:35 -03:00
Antoine Rey 99cda31579 Update prerequisites documentation
Raises the minimum version of the Java runtime for Spring
Security from 8 to 17

Closes gh-15323
2024-07-01 17:19:22 -06:00
github-actions[bot] 174435beff Merge branch '5.8.x' into 6.2.x 2024-07-01 04:16:28 +00:00
dependabot[bot] 9189916287 Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3
Bumps [org.skyscreamer:jsonassert](https://github.com/skyscreamer/JSONassert) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/skyscreamer/JSONassert/releases)
- [Changelog](https://github.com/skyscreamer/JSONassert/blob/master/CHANGELOG.md)
- [Commits](https://github.com/skyscreamer/JSONassert/compare/jsonassert-1.5.1...jsonassert-1.5.3)

---
updated-dependencies:
- dependency-name: org.skyscreamer:jsonassert
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 21:15:38 -07:00
dependabot[bot] f564385004 Bump org.skyscreamer:jsonassert from 1.5.1 to 1.5.3
Bumps [org.skyscreamer:jsonassert](https://github.com/skyscreamer/JSONassert) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/skyscreamer/JSONassert/releases)
- [Changelog](https://github.com/skyscreamer/JSONassert/blob/master/CHANGELOG.md)
- [Commits](https://github.com/skyscreamer/JSONassert/compare/jsonassert-1.5.1...jsonassert-1.5.3)

---
updated-dependencies:
- dependency-name: org.skyscreamer:jsonassert
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 20:43:21 -07:00
github-actions[bot] 523080c061 Merge branch '5.8.x' into 6.2.x 2024-07-01 01:20:50 +00:00
dependabot[bot] 97e6ac76af Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.4 to 3.2.0-alpha.5.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.4...v3.2.0-alpha.5)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 18:20:05 -07:00
dependabot[bot] 260411acac Bump antora from 3.2.0-alpha.4 to 3.2.0-alpha.5 in /docs
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.4 to 3.2.0-alpha.5.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.4...v3.2.0-alpha.5)

---
updated-dependencies:
- dependency-name: antora
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-30 17:48:57 -07:00
Marcus Hert Da Coregio 462ce1ee91 Merge branch '5.8.x' into 6.2.x
Closes gh-15320
2024-06-28 15:33:59 -03:00
Marcus Hert Da Coregio 779030b6cd Document the role of CredentialsContainer
Closes gh-15319
2024-06-28 15:33:34 -03:00
dependabot[bot] ef85ed5460 Bump org.junit:junit-bom from 5.10.2 to 5.10.3
Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.2 to 5.10.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.2...r5.10.3)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-28 05:44:05 -07:00
Marcus Hert Da Coregio 24f573dd4c Merge branch '5.8.x' into 6.2.x 2024-06-28 09:32:25 -03:00
Marcus Hert Da Coregio 1135ad5a5a Skip checkExpectedBranchVersion task on PR Build workflow
Issue gh-15226
2024-06-28 09:31:48 -03:00
Marcus Hert Da Coregio 87e3c23d3c Merge branch '5.8.x' into 6.2.x
Closes gh-15309
2024-06-27 14:35:45 -03:00
Marcus Hert Da Coregio e3d642ce7c Add Task to Verify Branch Version Matches the Project Version
Closes gh-15226
2024-06-27 14:34:41 -03:00
dependabot[bot] 2c28a396e6 Bump org.apache.maven:maven-resolver-provider from 3.9.7 to 3.9.8
Bumps [org.apache.maven:maven-resolver-provider](https://github.com/apache/maven) from 3.9.7 to 3.9.8.
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.7...maven-3.9.8)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-24 12:13:46 -07:00
Josh Cummings c4f70bee4b Fix Broken Link
Closes gh-15288
2024-06-24 13:01:49 -06:00
Marcus Hert Da Coregio 06065761a3 Merge branch '5.8.x' into 6.2.x 2024-06-20 15:48:41 -03:00
github-actions[bot] 92269118e2 Update Antora Spring UI to v0.4.16 2024-06-20 15:48:21 -03:00
github-actions[bot] 00247350d0 Update Antora Spring UI to v0.4.16 2024-06-20 15:47:54 -03:00
dependabot[bot] de87115462 Bump org.springframework:spring-framework-bom from 6.1.9 to 6.1.10
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.9 to 6.1.10.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.9...v6.1.10)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-19 20:52:56 -07:00
Marcus Hert Da Coregio 5bf1ba59ee Merge branch '5.8.x' into 6.2.x 2024-06-17 16:04:03 -03:00
github-actions[bot] aa55e71d96 Next development version 2024-06-17 18:14:31 +00:00
github-actions[bot] 9e2cadb475 Next development version 2024-06-17 16:00:03 +00:00
github-actions[bot] 20332fedb0 Release 5.8.13 2024-06-17 15:22:54 +00:00
34 changed files with 306 additions and 75 deletions
@@ -0,0 +1,46 @@
name: Mark Duplicate Dependabot PRs
on:
pull_request:
types: [closed]
jobs:
check_duplicate_prs:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Extract Dependency Name from PR Title
id: extract
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
DEPENDENCY_NAME=$(echo "$PR_TITLE" | awk -F ' from ' '{print $1}')
echo "dependency_name=$DEPENDENCY_NAME" >> $GITHUB_OUTPUT
- name: Find PRs
id: find_duplicates
env:
DEPENDENCY_NAME: ${{ steps.extract.outputs.dependency_name }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PRS=$(gh pr list --search 'milestone:${{ github.event.pull_request.milestone.title }} is:merged in:title "$DEPENDENCY_NAME"' --json number --jq 'map(.number) | join(",")')
echo "prs=$PRS" >> $GITHUB_OUTPUT
- name: Label Duplicate PRs
if: steps.find_duplicates.outputs.prs != ''
env:
PRS: ${{ steps.find_duplicates.outputs.prs }}
CURRENT_PR_NUMBER: ${{ github.event.pull_request.number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
for i in ${PRS//,/ }
do
if [ ! $i -eq "$CURRENT_PR_NUMBER" ]; then
echo "Marking PR $i as duplicate"
gh pr edit "$i" --add-label "status: duplicate"
gh pr comment "$i" --body "Duplicate of #$CURRENT_PR_NUMBER"
fi
done
+1 -1
View File
@@ -9,7 +9,7 @@ permissions: write-all
jobs:
merge-dependabot-pr:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
steps:
- uses: actions/checkout@v4
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
java-version: '17'
distribution: 'temurin'
- name: Build with Gradle
run: ./gradlew clean build --continue
run: ./gradlew clean build -PskipCheckExpectedBranchVersion --continue
generate-docs:
name: Generate Docs
runs-on: ubuntu-latest
+1
View File
@@ -24,6 +24,7 @@ apply plugin: 's101'
apply plugin: 'io.spring.convention.root'
apply plugin: 'org.jetbrains.kotlin.jvm'
apply plugin: 'org.springframework.security.versions.verify-dependencies-versions'
apply plugin: 'org.springframework.security.check-expected-branch-version'
apply plugin: 'io.spring.security.release'
group = 'org.springframework.security'
+4
View File
@@ -47,6 +47,10 @@ gradlePlugin {
id = "org.springframework.security.versions.verify-dependencies-versions"
implementationClass = "org.springframework.security.convention.versions.VerifyDependenciesVersionsPlugin"
}
checkExpectedBranchVersion {
id = "org.springframework.security.check-expected-branch-version"
implementationClass = "org.springframework.security.CheckExpectedBranchVersionPlugin"
}
}
}
@@ -0,0 +1,85 @@
/*
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.gradle.api.DefaultTask;
import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.plugins.JavaBasePlugin;
import org.gradle.api.tasks.TaskAction;
import org.gradle.api.tasks.TaskProvider;
/**
* @author Marcus da Coregio
*/
public class CheckExpectedBranchVersionPlugin implements Plugin<Project> {
@Override
public void apply(Project project) {
TaskProvider<CheckExpectedBranchVersionTask> checkExpectedBranchVersionTask = project.getTasks().register("checkExpectedBranchVersion", CheckExpectedBranchVersionTask.class, (task) -> {
task.setGroup("Build");
task.setDescription("Check if the project version matches the branch version");
});
project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkExpectedBranchVersionTask));
}
public static class CheckExpectedBranchVersionTask extends DefaultTask {
@TaskAction
public void run() throws IOException {
Project project = getProject();
if (project.hasProperty("skipCheckExpectedBranchVersion")) {
return;
}
String version = (String) project.getVersion();
String branchVersion = getBranchVersion(project);
if (!branchVersion.matches("^[0-9]+\\.[0-9]+\\.x$")) {
System.out.println("Branch version does not match *.x, ignoring");
return;
}
if (!versionsMatch(version, branchVersion)) {
throw new IllegalStateException(String.format("Project version [%s] does not match branch version [%s]. " +
"Please verify that the branch contains the right version.", version, branchVersion));
}
}
private static String getBranchVersion(Project project) throws IOException {
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
project.exec((exec) -> {
exec.commandLine("git", "symbolic-ref", "--short", "HEAD");
exec.setErrorOutput(System.err);
exec.setStandardOutput(baos);
});
return baos.toString();
}
}
private boolean versionsMatch(String projectVersion, String branchVersion) {
String[] projectVersionParts = projectVersion.split("\\.");
String[] branchVersionParts = branchVersion.split("\\.");
if (projectVersionParts.length < 2 || branchVersionParts.length < 2) {
return false;
}
return projectVersionParts[0].equals(branchVersionParts[0]) && projectVersionParts[1].equals(branchVersionParts[1]);
}
}
}
@@ -315,7 +315,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
}
}
private String computeErrorMessage(Collection<? extends ServletRegistration> registrations) {
private static String computeErrorMessage(Collection<? extends ServletRegistration> registrations) {
String template = "This method cannot decide whether these patterns are Spring MVC patterns or not. "
+ "If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); "
+ "otherwise, please use requestMatchers(AntPathRequestMatcher).\n\n"
@@ -509,7 +509,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
public boolean matches(HttpServletRequest request) {
String name = request.getHttpServletMapping().getServletName();
ServletRegistration registration = this.servletContext.getServletRegistration(name);
Assert.notNull(name, "Failed to find servlet [" + name + "] in the servlet context");
Assert.notNull(registration, computeErrorMessage(this.servletContext.getServletRegistrations().values()));
try {
Class<?> clazz = Class.forName(registration.getClassName());
return DispatcherServlet.class.isAssignableFrom(clazz);
@@ -551,18 +551,12 @@ public abstract class AbstractRequestMatcherRegistry<C> {
@Override
public boolean matches(HttpServletRequest request) {
if (this.dispatcherServlet.matches(request)) {
return this.mvc.matches(request);
}
return this.ant.matches(request);
return requestMatcher(request).matches(request);
}
@Override
public MatchResult matcher(HttpServletRequest request) {
if (this.dispatcherServlet.matches(request)) {
return this.mvc.matcher(request);
}
return this.ant.matcher(request);
return requestMatcher(request).matcher(request);
}
@Override
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2023 the original author or authors.
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import static org.springframework.security.config.Customizer.withDefaults;
@@ -55,6 +55,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
* {@link Configuration} that exposes the {@link HttpSecurity} bean.
*
* @author Eleftheria Stein
* @author Jinwoo Bae
* @since 5.4
*/
@Configuration(proxyBeanMethods = false)
@@ -131,8 +132,7 @@ class HttpSecurityConfiguration {
}
private void applyCorsIfAvailable(HttpSecurity http) throws Exception {
String[] beanNames = this.context.getBeanNamesForType(CorsConfigurationSource.class);
if (beanNames.length == 1) {
if (this.context.getBeanNamesForType(UrlBasedCorsConfigurationSource.class).length > 0) {
http.cors(withDefaults());
}
}
@@ -16,6 +16,11 @@
package org.springframework.security.config.annotation.web.configurers.oauth2.client;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.SecurityContext;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
@@ -26,11 +31,14 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.converter.ClaimTypeConverter;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* An {@link AuthenticationProvider} that authenticates an OIDC Logout Token; namely
@@ -56,9 +64,27 @@ final class OidcBackChannelLogoutAuthenticationProvider implements Authenticatio
* Construct an {@link OidcBackChannelLogoutAuthenticationProvider}
*/
OidcBackChannelLogoutAuthenticationProvider() {
OidcIdTokenDecoderFactory logoutTokenDecoderFactory = new OidcIdTokenDecoderFactory();
logoutTokenDecoderFactory.setJwtValidatorFactory(new DefaultOidcLogoutTokenValidatorFactory());
this.logoutTokenDecoderFactory = logoutTokenDecoderFactory;
DefaultOidcLogoutTokenValidatorFactory jwtValidator = new DefaultOidcLogoutTokenValidatorFactory();
this.logoutTokenDecoderFactory = (clientRegistration) -> {
String jwkSetUri = clientRegistration.getProviderDetails().getJwkSetUri();
if (!StringUtils.hasText(jwkSetUri)) {
OAuth2Error oauth2Error = new OAuth2Error("missing_signature_verifier",
"Failed to find a Signature Verifier for Client Registration: '"
+ clientRegistration.getRegistrationId()
+ "'. Check to ensure you have configured the JwkSet URI.",
null);
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
JOSEObjectTypeVerifier<SecurityContext> typeVerifier = new DefaultJOSEObjectTypeVerifier<>(null,
JOSEObjectType.JWT, new JOSEObjectType("logout+jwt"));
NimbusJwtDecoder decoder = NimbusJwtDecoder.withJwkSetUri(jwkSetUri)
.jwtProcessorCustomizer((processor) -> processor.setJWSTypeVerifier(typeVerifier))
.build();
decoder.setJwtValidator(jwtValidator.apply(clientRegistration));
decoder.setClaimSetConverter(
new ClaimTypeConverter(OidcIdTokenDecoderFactory.createDefaultClaimTypeConverters()));
return decoder;
};
}
/**
@@ -341,6 +341,19 @@ public class AbstractRequestMatcherRegistryTests {
verifyNoMoreInteractions(mvc);
}
@Test
public void matchesWhenNoMappingThenException() {
MockServletContext servletContext = new MockServletContext();
servletContext.addServlet("default", DispatcherServlet.class).addMapping("/");
servletContext.addServlet("path", Servlet.class).addMapping("/services/*");
MvcRequestMatcher mvc = mock(MvcRequestMatcher.class);
AntPathRequestMatcher ant = mock(AntPathRequestMatcher.class);
DispatcherServletDelegatingRequestMatcher requestMatcher = new DispatcherServletDelegatingRequestMatcher(ant,
mvc, servletContext);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/services/endpoint");
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> requestMatcher.matcher(request));
}
private void mockMvcIntrospector(boolean isPresent) {
ApplicationContext context = this.matcherRegistry.getApplicationContext();
given(context.containsBean("mvcHandlerMappingIntrospector")).willReturn(isPresent);
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2023 the original author or authors.
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -362,7 +362,7 @@ public class HttpSecurityConfigurationTests {
}
@Test
public void configureWhenCorsConfigurationSourceThenApplyCors() {
public void configureWhenCorsConfigurationSourceThenApplyCors() throws Exception {
this.spring.register(CorsConfigurationSourceConfig.class, DefaultWithFilterChainConfig.class).autowire();
SecurityFilterChain filterChain = this.spring.getContext().getBean(SecurityFilterChain.class);
CorsFilter corsFilter = (CorsFilter) filterChain.getFilters()
@@ -374,6 +374,16 @@ public class HttpSecurityConfigurationTests {
assertThat(configSource).isInstanceOf(UrlBasedCorsConfigurationSource.class);
}
// gh-15378
@Test
public void configureWhenNoUrlBasedCorsConfigThenNoCorsAppliedAndVaryHeaderNotPresent() throws Exception {
this.spring.register(NonUrlBasedCorsConfig.class, DefaultWithFilterChainConfig.class).autowire();
SecurityFilterChain filterChain = this.spring.getContext().getBean(SecurityFilterChain.class);
assertThat(filterChain.getFilters()).noneMatch((filter) -> filter instanceof CorsFilter);
this.mockMvc.perform(get("/")).andExpect(header().doesNotExist("Vary"));
}
@Test
public void configureWhenAddingCustomDslUsingWithThenApplied() throws Exception {
this.spring.register(WithCustomDslConfig.class, UserDetailsConfig.class).autowire();
@@ -673,6 +683,33 @@ public class HttpSecurityConfigurationTests {
}
@Configuration
@EnableWebSecurity
static class NonUrlBasedCorsConfig {
@Bean
CorsConfigurationSource corsConfigurationSource() {
return new CustomCorsConfigurationSource();
}
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build();
}
}
static class CustomCorsConfigurationSource implements CorsConfigurationSource {
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://localhost:8080"));
return configuration;
}
}
static class DefaultConfigurer extends AbstractHttpConfigurer<DefaultConfigurer, HttpSecurity> {
boolean init;
@@ -73,6 +73,8 @@ import org.springframework.security.oauth2.client.registration.TestClientRegistr
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwsHeader;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
@@ -513,8 +515,9 @@ public class OidcLogoutConfigurerTests {
String logoutToken(@AuthenticationPrincipal OidcUser user) {
OidcLogoutToken token = TestOidcLogoutTokens.withUser(user)
.audience(List.of(this.registration.getClientId())).build();
JwtEncoderParameters parameters = JwtEncoderParameters
.from(JwtClaimsSet.builder().claims((claims) -> claims.putAll(token.getClaims())).build());
JwsHeader header = JwsHeader.with(SignatureAlgorithm.RS256).type("logout+jwt").build();
JwtClaimsSet claims = JwtClaimsSet.builder().claims((c) -> c.putAll(token.getClaims())).build();
JwtEncoderParameters parameters = JwtEncoderParameters.from(header, claims);
return this.encoder.encode(parameters).getTokenValue();
}
@@ -523,8 +526,9 @@ public class OidcLogoutConfigurerTests {
OidcLogoutToken token = TestOidcLogoutTokens.withUser(user)
.audience(List.of(this.registration.getClientId()))
.claims((claims) -> claims.remove(LogoutTokenClaimNames.SID)).build();
JwtEncoderParameters parameters = JwtEncoderParameters
.from(JwtClaimsSet.builder().claims((claims) -> claims.putAll(token.getClaims())).build());
JwsHeader header = JwsHeader.with(SignatureAlgorithm.RS256).type("JWT").build();
JwtClaimsSet claims = JwtClaimsSet.builder().claims((c) -> c.putAll(token.getClaims())).build();
JwtEncoderParameters parameters = JwtEncoderParameters.from(header, claims);
return this.encoder.encode(parameters).getTokenValue();
}
}
@@ -34,6 +34,7 @@ import org.springframework.security.authorization.AuthorizationManager;
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/
@Deprecated
public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
@@ -26,6 +26,7 @@ import org.springframework.security.authorization.AuthorizationManager;
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/
@Deprecated
public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject,
+1 -1
View File
@@ -30,7 +30,7 @@ urls:
redirect_facility: httpd
ui:
bundle:
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.15/ui-bundle.zip
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.16/ui-bundle.zip
snapshot: true
runtime:
log:
+1
View File
@@ -38,6 +38,7 @@
***** xref:servlet/authentication/passwords/in-memory.adoc[In Memory]
***** xref:servlet/authentication/passwords/jdbc.adoc[JDBC]
***** xref:servlet/authentication/passwords/user-details.adoc[UserDetails]
***** xref:servlet/authentication/passwords/credentials-container.adoc[CredentialsContainer]
***** xref:servlet/authentication/passwords/user-details-service.adoc[UserDetailsService]
***** xref:servlet/authentication/passwords/password-encoder.adoc[PasswordEncoder]
***** xref:servlet/authentication/passwords/dao-authentication-provider.adoc[DaoAuthenticationProvider]
+1 -1
View File
@@ -1,7 +1,7 @@
[[prerequisites]]
= Prerequisites
Spring Security requires a Java 8 or higher Runtime Environment.
Spring Security requires a Java 17 or higher Runtime Environment.
As Spring Security aims to operate in a self-contained manner, you do not need to place any special configuration files in your Java Runtime Environment.
In particular, you need not configure a special Java Authentication and Authorization Service (JAAS) policy file or place Spring Security into common classpath locations.
@@ -0,0 +1,12 @@
[[servlet-authentication-credentialscontainer]]
= CredentialsContainer
{security-api-url}org/springframework/security/core/CredentialsContainer.html[The `CredentialsContainer`] interface indicates that the implementing object contains sensitive data, and is used internally by Spring Security to erase the authentication credentials after a successful authentication.
This interface is implemented by most of Spring Security internal domain classes, like {security-api-url}org/springframework/security/core/userdetails/User.html[User] and {security-api-url}org/springframework/security/authentication/UsernamePasswordAuthenticationToken.html[UsernamePasswordAuthenticationToken].
The `ProviderManager` manager checks whether the returned `Authentication` implements this interface.
If so, xref:servlet/authentication/architecture.adoc#servlet-authentication-providermanager-erasing-credentials[it calls the `eraseCredentials` method] to remove the credentials from the object.
If you want your custom authentication objects to have their credentials erased after authentication, you should ensure that the classes implement the `CredentialsContainer` interface.
Users who are writing their own `AuthenticationProvider` implementations should create and return an appropriate `Authentication` object there, minus any sensitive data, rather than using this interface.
@@ -116,7 +116,7 @@ A given invocation to `MyCustomerService#readCustomer` may look something like t
image::{figures}/methodsecurity.png[]
1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an {security-api-url}org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor/html[`AuthorizationManagerBeforeMethodInterceptor`] that matches <<annotation-method-pointcuts,the `@PreAuthorize` pointcut>>
1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an {security-api-url}org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.html[`AuthorizationManagerBeforeMethodInterceptor`] that matches <<annotation-method-pointcuts,the `@PreAuthorize` pointcut>>
2. The interceptor invokes {security-api-url}org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.html[`PreAuthorizeAuthorizationManager#check`]
3. The authorization manager uses a `MethodSecurityExpressionHandler` to parse the annotation's <<authorization-expressions,SpEL expression>> and constructs a corresponding `EvaluationContext` from a `MethodSecurityExpressionRoot` containing xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[a `Supplier<Authentication>`] and `MethodInvocation`.
4. The interceptor uses this context to evaluate the expression; specifically, it reads xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[the `Authentication`] from the `Supplier` and checks whether it has `permission:read` in its collection of xref:servlet/authorization/architecture.adoc#authz-authorities[authorities]
@@ -239,7 +239,7 @@ static RoleHierarchy roleHierarchy() {
Kotlin::
+
[source,java,role="secondary"]
[source,kotlin,role="secondary"]
----
companion object {
@Bean
@@ -130,7 +130,7 @@ You can also specify <<csrf-token-repository-custom,your own implementation>> to
By default, Spring Security stores the expected CSRF token in the `HttpSession` by using {security-api-url}org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.html[`HttpSessionCsrfTokenRepository`], so no additional code is necessary.
The `HttpSessionCsrfTokenRepository` reads the token from an HTTP request header named `X-CSRF-TOKEN` or the request parameter `_csrf` by default.
The `HttpSessionCsrfTokenRepository` reads the token from a session (whether in-memory, cache, or database). If you need to access the session attribute directly, please first configure the session attribute name using `HttpSessionCsrfTokenRepository#setSessionAttributeName`.
You can specify the default configuration explicitly using the following configuration:
@@ -6,7 +6,7 @@ CORS must be processed before Spring Security, because the pre-flight request do
If the request does not contain any cookies and Spring Security is first, the request determines that the user is not authenticated (since there are no cookies in the request) and rejects it.
The easiest way to ensure that CORS is handled first is to use the `CorsFilter`.
Users can integrate the `CorsFilter` with Spring Security by providing a `CorsConfigurationSource`.
Users can integrate the `CorsFilter` with Spring Security by providing a `CorsConfigurationSource`. Note that Spring Security will automatically configure CORS only if a `UrlBasedCorsConfigurationSource` instance is present.
For example, the following will integrate CORS support within Spring Security:
[tabs]
@@ -87,7 +87,7 @@ RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.wit
Kotlin::
+
[source,java,role="secondary"]
[source,kotlin,role="secondary"]
----
var relyingPartyRegistration: RelyingPartyRegistration =
RelyingPartyRegistration.withRegistrationId("okta")
@@ -96,7 +96,7 @@ var relyingPartyRegistration: RelyingPartyRegistration =
// ...
.wantAuthnRequestsSigned(false)
}
.build();
.build()
----
======
@@ -141,7 +141,7 @@ var relyingPartyRegistration: RelyingPartyRegistration =
)
}
}
.build();
.build()
----
======
@@ -949,12 +949,12 @@ Collection<RelyingPartyRegistration> registrations = RelyingPartyRegistrations
.entityId("https://example.org/saml2/sp")
.build()
)
.collect(Collectors.toList()));
.collect(Collectors.toList());
----
Kotlin::
+
[source,java,role="secondary"]
[source,kotlin,role="secondary"]
----
var registrations: Collection<RelyingPartyRegistration> = RelyingPartyRegistrations
.collectionFromMetadataLocation("https://example.org/saml2/idp/metadata.xml")
@@ -964,7 +964,7 @@ var registrations: Collection<RelyingPartyRegistration> = RelyingPartyRegistrati
.assertionConsumerServiceLocation("{baseUrl}/login/saml2/sso")
.build()
}
.collect(Collectors.toList()));
.collect(Collectors.toList())
----
======
+4 -4
View File
@@ -1,10 +1,10 @@
{
"dependencies": {
"antora": "3.2.0-alpha.4",
"antora": "3.2.0-alpha.6",
"@antora/atlas-extension": "1.0.0-alpha.2",
"@antora/collector-extension": "1.0.0-alpha.4",
"@antora/collector-extension": "1.0.0-beta.2",
"@asciidoctor/tabs": "1.0.0-beta.6",
"@springio/antora-extensions": "1.11.1",
"@springio/asciidoctor-extensions": "1.0.0-alpha.10"
"@springio/antora-extensions": "1.14.2",
"@springio/asciidoctor-extensions": "1.0.0-alpha.12"
}
}
+3
View File
@@ -12,4 +12,7 @@
<property name="optional" value="true"/>
</module>
<module name="SuppressWithPlainTextCommentFilter"/>
<module name="BeforeExecutionExclusionFileFilter">
<property name="fileNamePattern" value=".*[\\/]node(_modules|js)[\\/].*$"/>
</module>
</module>
+1 -1
View File
@@ -1,5 +1,5 @@
springBootVersion=3.1.1
version=6.2.5
version=6.2.6
samplesBranch=6.2.x
org.gradle.jvmargs=-Xmx3g -XX:+HeapDumpOnOutOfMemoryError
org.gradle.parallel=true
+17 -17
View File
@@ -1,19 +1,19 @@
[versions]
com-squareup-okhttp3 = "3.14.9"
io-rsocket = "1.1.4"
io-spring-javaformat = "0.0.42"
io-spring-javaformat = "0.0.43"
io-spring-nohttp = "0.0.11"
jakarta-websocket = "2.1.1"
org-apache-directory-server = "1.5.5"
org-apache-maven-resolver = "1.9.20"
org-apache-maven-resolver = "1.9.22"
org-aspectj = "1.9.22.1"
org-bouncycastle = "1.70"
org-eclipse-jetty = "11.0.21"
org-jetbrains-kotlin = "1.9.24"
org-eclipse-jetty = "11.0.22"
org-jetbrains-kotlin = "1.9.25"
org-jetbrains-kotlinx = "1.7.3"
org-mockito = "5.5.0"
org-opensaml = "4.3.2"
org-springframework = "6.1.9"
org-springframework = "6.1.12"
[libraries]
ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.4.14"
@@ -26,9 +26,9 @@ com-squareup-okhttp3-mockwebserver = { module = "com.squareup.okhttp3:mockwebser
com-squareup-okhttp3-okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "com-squareup-okhttp3" }
com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:6.0.11"
commons-collections = "commons-collections:commons-collections:3.2.2"
io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.12.7"
io-mockk = "io.mockk:mockk:1.13.11"
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2023.0.7"
io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.12.9"
io-mockk = "io.mockk:mockk:1.13.12"
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2023.0.9"
io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" }
io-spring-javaformat-spring-javaformat-checkstyle = { module = "io.spring.javaformat:spring-javaformat-checkstyle", version.ref = "io-spring-javaformat" }
io-spring-javaformat-spring-javaformat-gradle-plugin = { module = "io.spring.javaformat:spring-javaformat-gradle-plugin", version.ref = "io-spring-javaformat" }
@@ -40,7 +40,7 @@ jakarta-inject-jakarta-inject-api = "jakarta.inject:jakarta.inject-api:2.0.1"
jakarta-persistence-jakarta-persistence-api = "jakarta.persistence:jakarta.persistence-api:3.1.0"
jakarta-servlet-jakarta-servlet-api = "jakarta.servlet:jakarta.servlet-api:6.0.0"
jakarta-servlet-jsp-jakarta-servlet-jsp-api = "jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1"
jakarta-servlet-jsp-jstl-jakarta-servlet-jsp-jstl-api = "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api:3.0.0"
jakarta-servlet-jsp-jstl-jakarta-servlet-jsp-jstl-api = "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api:3.0.1"
jakarta-websocket-jakarta-websocket-api = { module = "jakarta.websocket:jakarta.websocket-api", version.ref = "jakarta-websocket" }
jakarta-websocket-jakarta-websocket-client-api = { module = "jakarta.websocket:jakarta.websocket-client-api", version.ref = "jakarta-websocket" }
jakarta-xml-bind-jakarta-xml-bind-api = "jakarta.xml.bind:jakarta.xml.bind-api:4.0.2"
@@ -53,7 +53,7 @@ org-apache-directory-server-apacheds-protocol-shared = { module = "org.apache.di
org-apache-directory-server-apacheds-server-jndi = { module = "org.apache.directory.server:apacheds-server-jndi", version.ref = "org-apache-directory-server" }
org-apache-directory-shared-shared-ldap = "org.apache.directory.shared:shared-ldap:0.9.15"
org-apache-httpcomponents-httpclient = "org.apache.httpcomponents:httpclient:4.5.14"
org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.7"
org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.9"
org-apache-maven-resolver-maven-resolver-connector-basic = { module = "org.apache.maven.resolver:maven-resolver-connector-basic", version.ref = "org-apache-maven-resolver" }
org-apache-maven-resolver-maven-resolver-impl = { module = "org.apache.maven.resolver:maven-resolver-impl", version.ref = "org-apache-maven-resolver" }
org-apache-maven-resolver-maven-resolver-transport-http = { module = "org.apache.maven.resolver:maven-resolver-transport-http", version.ref = "org-apache-maven-resolver" }
@@ -70,9 +70,9 @@ org-hamcrest = "org.hamcrest:hamcrest:2.2"
org-hibernate-orm-hibernate-core = "org.hibernate.orm:hibernate-core:6.3.2.Final"
org-hsqldb = "org.hsqldb:hsqldb:2.7.3"
org-jetbrains-kotlin-kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "org-jetbrains-kotlin" }
org-jetbrains-kotlin-kotlin-gradle-plugin = "org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.24"
org-jetbrains-kotlin-kotlin-gradle-plugin = "org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.25"
org-jetbrains-kotlinx-kotlinx-coroutines-bom = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-bom", version.ref = "org-jetbrains-kotlinx" }
org-junit-junit-bom = "org.junit:junit-bom:5.10.2"
org-junit-junit-bom = "org.junit:junit-bom:5.10.3"
org-mockito-mockito-bom = { module = "org.mockito:mockito-bom", version.ref = "org-mockito" }
org-opensaml-opensaml-core = { module = "org.opensaml:opensaml-core", version.ref = "org-opensaml" }
org-opensaml-opensaml-saml-api = { module = "org.opensaml:opensaml-saml-api", version.ref = "org-opensaml" }
@@ -81,11 +81,11 @@ org-python-jython = { module = "org.python:jython", version = "2.5.3" }
org-seleniumhq-selenium-htmlunit-driver = "org.seleniumhq.selenium:htmlunit-driver:2.70.0"
org-seleniumhq-selenium-selenium-java = "org.seleniumhq.selenium:selenium-java:3.141.59"
org-seleniumhq-selenium-selenium-support = "org.seleniumhq.selenium:selenium-support:3.141.59"
org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.1"
org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.3"
org-slf4j-log4j-over-slf4j = "org.slf4j:log4j-over-slf4j:1.7.36"
org-slf4j-slf4j-api = "org.slf4j:slf4j-api:2.0.13"
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2023.1.7"
org-springframework-ldap-spring-ldap-core = "org.springframework.ldap:spring-ldap-core:3.2.4"
org-slf4j-slf4j-api = "org.slf4j:slf4j-api:2.0.16"
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2023.1.9"
org-springframework-ldap-spring-ldap-core = "org.springframework.ldap:spring-ldap-core:3.2.6"
org-springframework-spring-framework-bom = { module = "org.springframework:spring-framework-bom", version.ref = "org-springframework" }
org-synchronoss-cloud-nio-multipart-parser = "org.synchronoss.cloud:nio-multipart-parser:1.1.0"
@@ -97,7 +97,7 @@ org-apache-commons-commons-io = "org.apache.commons:commons-io:1.3.2"
io-github-gradle-nexus-publish-plugin = "io.github.gradle-nexus:publish-plugin:1.1.0"
org-gretty-gretty = "org.gretty:gretty:4.0.3"
com-github-ben-manes-gradle-versions-plugin = "com.github.ben-manes:gradle-versions-plugin:0.38.0"
com-github-spullara-mustache-java-compiler = "com.github.spullara.mustache.java:compiler:0.9.13"
com-github-spullara-mustache-java-compiler = "com.github.spullara.mustache.java:compiler:0.9.14"
org-hidetake-gradle-ssh-plugin = "org.hidetake:gradle-ssh-plugin:2.10.1"
org-jfrog-buildinfo-build-info-extractor-gradle = "org.jfrog.buildinfo:build-info-extractor-gradle:4.29.4"
org-sonarsource-scanner-gradle-sonarqube-gradle-plugin = "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1"
@@ -136,9 +136,11 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLda
ContextFactory contextFactory = new ContextFactory();
/**
* @param domain the domain name (may be null or empty)
* @param url an LDAP url (or multiple URLs)
* @param rootDn the root DN (may be null or empty)
* @param domain the domain name (can be null or empty)
* @param url an LDAP url (or multiple space-delimited URLs).
* @param rootDn the root DN (can be null or empty)
* @see <a href="https://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html">JNDI
* URL format documentation</a>
*/
public ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn) {
Assert.isTrue(StringUtils.hasText(url), "Url cannot be empty");
@@ -284,7 +284,9 @@ public class LdapUserDetailsManager implements UserDetailsManager {
* Creates a DN from a group name.
* @param group the name of the group
* @return the DN of the corresponding group, including the groupSearchBase
* @deprecated
*/
@Deprecated
protected DistinguishedName buildGroupDn(String group) {
DistinguishedName dn = new DistinguishedName(this.groupSearchBase);
dn.add(this.groupRoleAttributeName, group.toLowerCase());
@@ -50,11 +50,6 @@ import org.springframework.web.reactive.function.client.ExchangeFunction;
* To locate the bearer token, this looks in the Reactor {@link Context} for a key of type
* {@link Authentication}.
*
* Registering
* {@see org.springframework.security.config.annotation.web.configuration.OAuth2ResourceServerConfiguration.OAuth2ResourceServerWebFluxSecurityConfiguration.BearerRequestContextSubscriberRegistrar},
* as a {@code @Bean} will take care of this automatically, but certainly an application
* can supply a {@link Context} of its own to override.
*
* @author Josh Cummings
* @since 5.2
*/
@@ -49,6 +49,8 @@ import static org.mockito.BDDMockito.verify;
/**
* Tests for {@link JwtIssuerAuthenticationManagerResolver}
*
* @deprecated Superseded by {@link JwtIssuerAuthenticationManagerResolverTests}
*/
@Deprecated
public class JwtIssuerAuthenticationManagerResolverDeprecatedTests {
@@ -52,6 +52,8 @@ import static org.mockito.BDDMockito.verify;
/**
* Tests for {@link JwtIssuerReactiveAuthenticationManagerResolver}
*
* @deprecated Superseded by {@link JwtIssuerReactiveAuthenticationManagerResolverTests}
*/
@Deprecated
public class JwtIssuerReactiveAuthenticationManagerResolverDeprecatedTests {
@@ -45,8 +45,8 @@ public final class RelyingPartyRegistrations {
* Return a {@link RelyingPartyRegistration.Builder} based off of the given SAML 2.0
* Asserting Party (IDP) metadata location.
*
* Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some
* valid endpoints might include:
* Valid locations can be classpath- or file-based or they can be HTTPS endpoints.
* Some valid endpoints might include:
*
* <pre>
* metadataLocation = "classpath:asserting-party-metadata.xml";
@@ -69,8 +69,8 @@ public final class RelyingPartyRegistrations {
* about the asserting party. Thus, you will need to remember to still populate
* anything about the relying party, like any private keys the relying party will use
* for signing AuthnRequests.
* @param metadataLocation The classpath- or file-based locations or HTTP endpoints of
* the asserting party metadata file
* @param metadataLocation The classpath- or file-based locations or HTTPS endpoints
* of the asserting party metadata file
* @return the {@link RelyingPartyRegistration.Builder} for further configuration
*/
public static RelyingPartyRegistration.Builder fromMetadataLocation(String metadataLocation) {
@@ -130,8 +130,8 @@ public final class RelyingPartyRegistrations {
* Return a {@link Collection} of {@link RelyingPartyRegistration.Builder}s based off
* of the given SAML 2.0 Asserting Party (IDP) metadata location.
*
* Valid locations can be classpath- or file-based or they can be HTTP endpoints. Some
* valid endpoints might include:
* Valid locations can be classpath- or file-based or they can be HTTPS endpoints.
* Some valid endpoints might include:
*
* <pre>
* metadataLocation = "classpath:asserting-party-metadata.xml";
@@ -155,7 +155,7 @@ public final class RelyingPartyRegistrations {
* about the asserting party. Thus, you will need to remember to still populate
* anything about the relying party, like any private keys the relying party will use
* for signing AuthnRequests.
* @param location The classpath- or file-based locations or HTTP endpoints of the
* @param location The classpath- or file-based locations or HTTPS endpoints of the
* asserting party metadata file
* @return the {@link Collection} of {@link RelyingPartyRegistration.Builder}s for
* further configuration
+1 -1
View File
@@ -5,7 +5,7 @@ pluginManagement {
}
plugins {
id "com.gradle.develocity" version "3.17.5"
id "com.gradle.develocity" version "3.17.6"
id "io.spring.ge.conventions" version "0.0.17"
}