17559 Commits

All Branches

Search

Author	SHA1	Message	Date
Josh Cummings	2989d12743	Merge branch '6.3.x' into 6.4.x	2025-05-23 11:35:25 -06:00
Joaquin Santana	c0568ea9b0	Log Request Mismatch Only When Mismatches ... Signed-off-by: Joaquin Santana <joaquinjsb@outlook.com>	2025-05-23 11:34:48 -06:00
Josh Cummings	3186e8df84	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-05-21 16:46:54 -06:00
Andrey Litvitski	4048b2bd7d	Use `HttpStatus` in BackChannel Logout Filters ... Closes gh-17125 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2025-05-21 16:45:46 -06:00
dependabot[bot]	e77388ca16	Bump io-spring-javaformat from 0.0.43 to 0.0.45 ... Bumps `io-spring-javaformat` from 0.0.43 to 0.0.45. Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.43 to 0.0.45 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45) Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.43 to 0.0.45 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45) --- updated-dependencies: - dependency-name: io.spring.javaformat:spring-javaformat-checkstyle dependency-version: 0.0.45 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin dependency-version: 0.0.45 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-21 14:52:21 -06:00
Josh Cummings	22b8294f7f	Merge branch '6.3.x' into 6.4.x	2025-05-21 14:51:24 -06:00
dependabot[bot]	86acba9d22	Bump io-spring-javaformat from 0.0.43 to 0.0.45 ... Bumps `io-spring-javaformat` from 0.0.43 to 0.0.45. Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.43 to 0.0.45 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45) Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.43 to 0.0.45 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45) --- updated-dependencies: - dependency-name: io.spring.javaformat:spring-javaformat-checkstyle dependency-version: 0.0.45 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin dependency-version: 0.0.45 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-21 14:50:17 -06:00
Josh Cummings	fbfb28456a	Merge branch '6.3.x' into 6.4.x	2025-05-21 14:43:44 -06:00
Gurunathan	a4cd6f4278	Advise Overriding equals() and hashCode() in UserDetails Implementations ... This commit adds a documentation note explaining the importance of overriding equals() and hashCode() in custom UserDetails implementations. The default SessionRegistryImpl in Spring Security uses an in-memory ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to associate principals with sessions. If a custom UserDetails class does not properly override equals() and hashCode(), user sessions may not be tracked or matched correctly. I believe this helps developers avoid subtle session management issues when implementing custom authentication logic. Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>	2025-05-21 12:41:44 -06:00
Rob Winch	233a6651cc	Merge branch '6.3.x' into 6.4.x	2025-05-20 15:53:04 -05:00
Rob Winch	5da31ab8a8	Use spring-io/codeql-actions	2025-05-20 15:52:36 -05:00
github-actions[bot]	4a2953fa5b	Next development version	2025-05-19 16:33:25 +00:00
github-actions[bot]	3fbcd5f62a	Release 6.4.6	2025-05-19 15:53:05 +00:00
Josh Cummings	edc8735eb8	Merge branch '6.3.x' into 6.4.x ... Closes gh-17146	2025-05-19 09:46:10 -06:00
Mark Putsiata	cae3467a8d	Improve AbstractPreAuthenticatedProcessingFilter docs ... Clarify misleading SecurityContextRepository setter documentation. Note that AbstractPreAuthenticatedProcessingFilter saves the SecurityContext upon successful authentication, and this behavior can be customized via the setSecurityContextRepository setter. Closes gh-14137 Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>	2025-05-19 09:45:53 -06:00
Josh Cummings	bf2aaa1b18	Use .equals to Compare Methods ... Closes gh-17143	2025-05-19 09:17:44 -06:00
Rob Winch	3690517395	Merge branch 'gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.6' into 6.4.x	2025-05-19 08:43:44 -05:00
Rob Winch	d0e9128db5	Merge branch '6.3.x' into 6.4.x	2025-05-19 08:41:21 -05:00
dependabot[bot]	1864c876d1	Bump org.springframework.data:spring-data-bom from 2024.1.5 to 2024.1.6 ... Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.5 to 2024.1.6. - [Release notes](https://github.com/spring-projects/spring-data-bom/releases) - [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.5...2024.1.6) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-bom dependency-version: 2024.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-19 03:51:09 +00:00
dependabot[bot]	a17b2a18d9	Bump org.springframework.data:spring-data-bom ... Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.11 to 2024.0.12. - [Release notes](https://github.com/spring-projects/spring-data-bom/releases) - [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.11...2024.0.12) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-bom dependency-version: 2024.0.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-19 03:30:36 +00:00
Rob Winch	16c979460e	Merge Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20	2025-05-16 10:40:59 -05:00
Rob Winch	ce08aa49f7	Merge branch '6.3.x' into 6.4.x ... - Ignore Bump org.springframework:spring-framework-bom	2025-05-16 10:39:59 -05:00
dependabot[bot]	0cbc38cdd6	Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 ... Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.19 to 6.1.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.19...v6.1.20) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.1.20 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-16 03:22:19 +00:00
dependabot[bot]	e5d62e0bdd	Bump org.springframework:spring-framework-bom from 6.2.6 to 6.2.7 ... Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.6 to 6.2.7. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.6...v6.2.7) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.2.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-16 03:15:15 +00:00
Josh Cummings	70c940fd4f	Merge branch '6.3.x' into 6.4.x	2025-05-15 18:16:44 -06:00
Josh Cummings	eb30fd7f59	Add Missing Header ... Issue gh-11161	2025-05-15 18:16:36 -06:00
Josh Cummings	fbdf4a88a0	Merge branch '6.3.x' into 6.4.x	2025-05-15 17:19:55 -06:00
snowykte0426	260d298cc5	Add Migration Guide from Spring Security SAML Extension ... This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support. Includes: - Content migrated from the project wiki - xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata` - Metadata example moved to Examples Matrix - Cleanup and naming per review feedback Closes gh-11161 Signed-off-by: snowykte0426 <snowykte0426@naver.com>	2025-05-15 17:17:43 -06:00
Rob Winch	b38cf1fc16	Merge branch 'gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.15.Final' into 6.4.x	2025-05-14 11:12:24 -05:00
Rob Winch	5a2bd2b825	Merge branch '6.3.x' into 6.4.x ... - Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 Closes gh-17110	2025-05-14 11:00:22 -05:00
dependabot[bot]	91afd49faf	Bump org.hibernate.orm:hibernate-core from 6.6.14.Final to 6.6.15.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.14.Final to 6.6.15.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.15/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.14...6.6.15) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.15.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-14 03:33:33 +00:00
dependabot[bot]	78a60d0d84	Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 ... Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2023.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-14 03:23:25 +00:00
dependabot[bot]	d34fd236f6	Bump io.micrometer:micrometer-observation from 1.14.6 to 1.14.7 ... Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.6 to 1.14.7. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:30:10 -06:00
dependabot[bot]	ad934efc24	Bump org.hibernate.orm:hibernate-core from 6.6.13.Final to 6.6.14.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.13.Final to 6.6.14.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.14/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.13...6.6.14) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.14.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:24:36 -06:00
dependabot[bot]	11eac05dfd	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 ... Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:20:38 -06:00
Josh Cummings	3a36197d7a	Merge branch '6.3.x' into 6.4.x	2025-05-13 12:17:29 -06:00
dependabot[bot]	a001f27690	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 ... Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:15:42 -06:00
Josh Cummings	5ba4ab5e11	Merge branch '6.3.x' into 6.4.x	2025-05-13 11:18:02 -06:00
Danilo Piazzalunga	27319e3f9b	Add missing registration property in YAML listing ... Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
Danilo Piazzalunga	ec462e8bc5	Update assertingparty property usage in YAML snippets ... Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.* to spring.security.saml2.relyingparty.registration.*.assertingparty.*. Closes gh-12810. Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
dependabot[bot]	8fcf181ff0	Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.18.4 ... Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.18.3 to 2.18.4. - [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.3...jackson-bom-2.18.4) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.18.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-07 03:30:49 +00:00
dependabot[bot]	dd0b26a992	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 ... Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:39 -06:00
dependabot[bot]	a4111a606b	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 ... Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:11 -06:00
Rob Winch	63d79a97db	Merge branch '6.3.x' into 6.4.x ... - Correct method name in logout.adoc Closes gh-17048	2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan	505fe3abed	Correct method name ... Closes gh-17031 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-06 10:17:29 -05:00
Josh Cummings	0220e471bb	Move Serialization Samples ... To make SpringSecurityCoreVersionSerializableTests more manageable, this commit moves the sample class constructions to a separate file. In this way, the tests file only changes when serialization tests are added. When classes are introduced, they can be added to SerializationSamples, separating the two concerns	2025-05-05 15:51:10 -06:00
Josh Cummings	c3c2bcd6b7	Ignore Serialization in Test Components ... Since we don't need to ensure the serializability of test components across versions, we can ignore missing version UIDs when those test components aren't about testing Java serialization. Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	39fdceab59	Add Missing Serializable Samples ... Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	65d53beff8	Polish Serialization Tests ... - Error when public, non-ignored, serializable file is missing a sample - Provide mechanism for creating an InstancioApi from scratch Issue gh-17038	2025-05-05 15:09:49 -06:00
Josh Cummings	34afa64c0c	Add Current-Version Deserialization Test ... We should test that serialized files from the current minor version can be deserialized. This ensures that serializations remain deserializable in patch releases. Issue gh-3737	2025-05-05 15:09:43 -06:00