1
0
mirror of synced 2026-07-09 21:00:02 +00:00

Compare commits

...

21 Commits

Author SHA1 Message Date
Robert Winch 4f52b71be8 Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final 2026-01-21 15:31:04 -06:00
Robert Winch 398430f672 Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25 2026-01-21 15:30:50 -06:00
dependabot[bot] e54bb9f3f5 Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25
Bumps [io.spring.develocity.conventions](https://github.com/spring-io/develocity-conventions) from 0.0.24 to 0.0.25.
- [Release notes](https://github.com/spring-io/develocity-conventions/releases)
- [Commits](https://github.com/spring-io/develocity-conventions/compare/v0.0.24...v0.0.25)

---
updated-dependencies:
- dependency-name: io.spring.develocity.conventions
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-21 03:06:52 +00:00
dependabot[bot] aa21e62fb8 Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.25
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.24 to 1.5.25.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.24...v_1.5.25)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 03:21:35 +00:00
dependabot[bot] b58187082a Bump org.hibernate.orm:hibernate-core from 6.6.40.Final to 6.6.41.Final
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.40.Final to 6.6.41.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.41/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.40...6.6.41)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.41.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 03:21:26 +00:00
songhee fee6a9bb0e docs: add CurrentSecurityContext section and link references
Signed-off-by: songhee <songhee9327@gmail.com>
2026-01-15 12:31:58 -07:00
github-actions[bot] e588a3528f Update Antora Spring UI to v0.4.25 2026-01-09 15:22:22 -06:00
Robert Winch 334df75c39 Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final 2026-01-08 12:58:34 -06:00
Robert Winch 11b601159d Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 2026-01-08 12:58:25 -06:00
dependabot[bot] 8521b7d5a6 Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.22 to 1.5.24.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.22...v_1.5.24)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-07 03:21:38 +00:00
dependabot[bot] 00fbe052f4 Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12
Bumps org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
  dependency-version: 3.9.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-22 03:10:38 +00:00
dependabot[bot] 5023cc7e4c Bump org.hibernate.orm:hibernate-core from 6.6.39.Final to 6.6.40.Final
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.39.Final to 6.6.40.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.40/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.39...6.6.40)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.40.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-22 03:10:27 +00:00
Robert Winch 3cd8dc5c44 Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14 2025-12-19 16:47:42 -06:00
Robert Winch 97342f83fd Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16 2025-12-19 16:47:19 -06:00
Robert Winch dfe062b390 Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final 2025-12-19 16:45:18 -06:00
Robert Winch 703a81390e Bump org.springframework.data:spring-data-bom from 2024.1.12 to 2024.1.13 2025-12-19 16:45:10 -06:00
dependabot[bot] 18c4c4c528 Bump org-aspectj from 1.9.25 to 1.9.25.1
Bumps `org-aspectj` from 1.9.25 to 1.9.25.1.

Updates `org.aspectj:aspectjrt` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.25 to 1.9.25.1
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-17 03:12:14 +00:00
dependabot[bot] 6d722edab1 Bump org.springframework.data:spring-data-bom
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.12 to 2024.1.13.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.12...2024.1.13)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-16 03:13:17 +00:00
dependabot[bot] e712531555 Bump org.hibernate.orm:hibernate-core from 6.6.38.Final to 6.6.39.Final
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.38.Final to 6.6.39.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.39/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.38...6.6.39)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.39.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-16 03:13:08 +00:00
dependabot[bot] 100c07de98 Bump org.springframework.ldap:spring-ldap-core from 3.2.15 to 3.2.16
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-16 03:12:14 +00:00
dependabot[bot] 279afe3e28 Bump io.micrometer:micrometer-observation from 1.14.13 to 1.14.14
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.13 to 1.14.14.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.13...v1.14.14)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-15 15:54:23 +00:00
6 changed files with 82 additions and 11 deletions
+1 -1
View File
@@ -31,7 +31,7 @@ urls:
redirect_facility: httpd
ui:
bundle:
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.18/ui-bundle.zip
url: https://github.com/spring-io/antora-ui-spring/releases/download/v0.4.25/ui-bundle.zip
snapshot: true
runtime:
log:
@@ -137,7 +137,8 @@ fun method(authentication: Authentication?): String {
will always return "not anonymous", even for anonymous requests.
The reason is that Spring MVC resolves the parameter using `HttpServletRequest#getPrincipal`, which is `null` when the request is anonymous.
If you'd like to obtain the `Authentication` in anonymous requests, use `@CurrentSecurityContext` instead:
If you'd like to obtain the `Authentication` in anonymous requests, use
xref:servlet/integrations/mvc.adoc#mvc-current-security-context[`@CurrentSecurityContext`] instead:
.Use CurrentSecurityContext for Anonymous requests
[tabs]
@@ -97,7 +97,11 @@ val authorities = authentication.authorities
----
======
// FIXME: Add links to and relevant description of HttpServletRequest.getRemoteUser() and @CurrentSecurityContext @AuthenticationPrincipal
In Spring MVC, you can resolve the current principal with
xref:servlet/integrations/mvc.adoc#mvc-authentication-principal[`@AuthenticationPrincipal`]
and the full `SecurityContext` with
xref:servlet/integrations/mvc.adoc#mvc-current-security-context[`@CurrentSecurityContext`].
For Servlet API access, use `HttpServletRequest#getRemoteUser`.
By default, `SecurityContextHolder` uses a `ThreadLocal` to store these details, which means that the `SecurityContext` is always available to methods in the same thread, even if the `SecurityContext` is not explicitly passed around as an argument to those methods.
Using a `ThreadLocal` in this way is quite safe if you take care to clear the thread after the present principal's request is processed.
@@ -624,6 +624,72 @@ open fun findMessagesForUser(@CurrentUser("user_id") userId: String?): ModelAndV
----
======
[[mvc-current-security-context]]
== @CurrentSecurityContext
Spring Security provides `CurrentSecurityContextArgumentResolver`, which can automatically resolve the current `SecurityContext` for Spring MVC arguments.
By using `@EnableWebSecurity`, you automatically have this added to your Spring MVC configuration.
If you use XML-based configuration, you must add this yourself:
[source,xml]
----
<mvc:annotation-driven>
<mvc:argument-resolvers>
<bean class="org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver" />
</mvc:argument-resolvers>
</mvc:annotation-driven>
----
Once `CurrentSecurityContextArgumentResolver` is configured, you can access the `SecurityContext` directly:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@GetMapping("/me")
public String me(@CurrentSecurityContext SecurityContext context) {
return context.getAuthentication().getName();
}
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
@GetMapping("/me")
fun me(@CurrentSecurityContext context: SecurityContext): String {
return context.authentication.name
}
----
======
You can also use a SpEL expression that is rooted at the `SecurityContext`:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@GetMapping("/me")
public String me(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
return authentication.getName();
}
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
@GetMapping("/me")
fun me(@CurrentSecurityContext(expression = "authentication") authentication: Authentication): String {
return authentication.name
}
----
======
[[mvc-async]]
== Spring MVC Async Integration
+7 -7
View File
@@ -6,7 +6,7 @@ io-spring-nohttp = "0.0.11"
jakarta-websocket = "2.2.0"
org-apache-directory-server = "1.5.5"
org-apache-maven-resolver = "1.9.25"
org-aspectj = "1.9.25"
org-aspectj = "1.9.25.1"
org-bouncycastle = "1.79"
org-eclipse-jetty = "11.0.26"
org-jetbrains-kotlin = "1.9.25"
@@ -17,7 +17,7 @@ org-opensaml5 = "5.1.2"
org-springframework = "6.2.15"
[libraries]
ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.22"
ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.25"
com-fasterxml-jackson-jackson-bom = "com.fasterxml.jackson:jackson-bom:2.18.5"
com-google-inject-guice = "com.google.inject:guice:3.0"
com-netflix-nebula-nebula-project-plugin = "com.netflix.nebula:nebula-project-plugin:8.2.0"
@@ -28,7 +28,7 @@ com-squareup-okhttp3-okhttp = { module = "com.squareup.okhttp3:okhttp", version.
com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:6.0.11"
com-unboundid-unboundid-ldapsdk7 = "com.unboundid:unboundid-ldapsdk:7.0.1"
commons-collections = "commons-collections:commons-collections:3.2.2"
io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.14.13"
io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.14.14"
io-mockk = "io.mockk:mockk:1.13.17"
io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2024.0.13"
io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" }
@@ -56,7 +56,7 @@ org-apache-directory-server-apacheds-protocol-shared = { module = "org.apache.di
org-apache-directory-server-apacheds-server-jndi = { module = "org.apache.directory.server:apacheds-server-jndi", version.ref = "org-apache-directory-server" }
org-apache-directory-shared-shared-ldap = "org.apache.directory.shared:shared-ldap:0.9.15"
org-apache-httpcomponents-httpclient = "org.apache.httpcomponents:httpclient:4.5.14"
org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.11"
org-apache-maven-maven-resolver-provider = "org.apache.maven:maven-resolver-provider:3.9.12"
org-apache-maven-resolver-maven-resolver-connector-basic = { module = "org.apache.maven.resolver:maven-resolver-connector-basic", version.ref = "org-apache-maven-resolver" }
org-apache-maven-resolver-maven-resolver-impl = { module = "org.apache.maven.resolver:maven-resolver-impl", version.ref = "org-apache-maven-resolver" }
org-apache-maven-resolver-maven-resolver-transport-http = { module = "org.apache.maven.resolver:maven-resolver-transport-http", version.ref = "org-apache-maven-resolver" }
@@ -70,7 +70,7 @@ org-bouncycastle-bcprov-jdk15on = { module = "org.bouncycastle:bcprov-jdk18on",
org-eclipse-jetty-jetty-server = { module = "org.eclipse.jetty:jetty-server", version.ref = "org-eclipse-jetty" }
org-eclipse-jetty-jetty-servlet = { module = "org.eclipse.jetty:jetty-servlet", version.ref = "org-eclipse-jetty" }
org-hamcrest = "org.hamcrest:hamcrest:2.2"
org-hibernate-orm-hibernate-core = "org.hibernate.orm:hibernate-core:6.6.38.Final"
org-hibernate-orm-hibernate-core = "org.hibernate.orm:hibernate-core:6.6.41.Final"
org-hsqldb = "org.hsqldb:hsqldb:2.7.4"
org-jetbrains-kotlin-kotlin-bom = { module = "org.jetbrains.kotlin:kotlin-bom", version.ref = "org-jetbrains-kotlin" }
org-jetbrains-kotlin-kotlin-gradle-plugin = "org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.25"
@@ -88,8 +88,8 @@ org-seleniumhq-selenium-selenium-support = "org.seleniumhq.selenium:selenium-sup
org-skyscreamer-jsonassert = "org.skyscreamer:jsonassert:1.5.3"
org-slf4j-log4j-over-slf4j = "org.slf4j:log4j-over-slf4j:1.7.36"
org-slf4j-slf4j-api = "org.slf4j:slf4j-api:2.0.17"
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2024.1.12"
org-springframework-ldap-spring-ldap-core = "org.springframework.ldap:spring-ldap-core:3.2.15"
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2024.1.13"
org-springframework-ldap-spring-ldap-core = "org.springframework.ldap:spring-ldap-core:3.2.16"
org-springframework-spring-framework-bom = { module = "org.springframework:spring-framework-bom", version.ref = "org-springframework" }
org-synchronoss-cloud-nio-multipart-parser = "org.synchronoss.cloud:nio-multipart-parser:1.1.0"
+1 -1
View File
@@ -5,7 +5,7 @@ pluginManagement {
}
plugins {
id "io.spring.develocity.conventions" version "0.0.24"
id "io.spring.develocity.conventions" version "0.0.25"
}
dependencyResolutionManagement {