7cb57ab940
Improve webauthn webdriver tests
...
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-11-14 15:21:20 -06:00
6471a32d66
Merge branch '6.5.x'
...
Closes gh-18132
2025-11-04 11:37:11 -06:00
c1e9e10bf0
Merge branch '6.4.x' into 6.5.x
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run
Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run
Details
CI / Check Samples (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-18131
2025-11-04 11:28:40 -06:00
fed6df5167
Default WebAuthnConfigurer#rpName to rpId
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run
Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run
Details
CI / Check Samples (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:
> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.
Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-11-04 11:16:22 -06:00
0928a60cd2
Post Process WebAuthnAuthenticationFilter
...
This commit ensures that WebAuthnAuthenticationFilter is
post processed by BeanPostProcessors and
ObjectPostProcessor.
Closes gh-18128
2025-11-04 10:54:45 -06:00
884cf0d62e
EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication
...
Closes gh-18127
2025-11-03 22:42:28 -06:00
aaf738f7ac
MFA is now Opt In
...
This commit ensures that MFA is only performed when users opt in. By
doing so, we allow users to decide if they will opt into the semantics
of merging two Authentication instances.
Closes gh-18126
2025-11-03 22:42:27 -06:00
0927bed66a
📔 Documentation
...
1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description
Signed-off-by: Simon Von <g1672943850@gmail.com>
2025-10-20 15:17:32 -06:00
9c7b34a48b
Favor Relative Redirects by Default
...
Closes gh-16300
2025-10-20 10:25:17 -06:00
fc8b6b5863
Return PAR endpoint metadata only when enabled
...
Issue https://github.com/spring-projects/spring-authorization-server/issues/2219
2025-10-20 06:06:24 -04:00
a181733365
Encapsulate GenericHttpMessageConverterAdapter
...
This will allow its removal in gh-18073
2025-10-19 17:03:19 -05:00
5e851e0b26
Remove JdbcOAuth2AuthorizationService.Mapper
...
- We should not introduce an unnecessary public API
- It would need to be removed when Jackson 2 support was removed, but
was required to configure Jackson 3 support
- There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
need to be on different classes & we wish to preserve the existing
accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
add it in tests
2025-10-19 17:03:19 -05:00
137f8fd670
Add support for JacksonJsonHttpMessageConverter
...
This commit introduces classpath checks and instantiation of
JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging
a new GenericHttpMessageConverterAdapter which allows to adapt
SmartHttpMessageConverter to GenericHttpMessageConverter.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
65a14d6c6d
Add Jackson 3 support
...
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
- jackson subpackage instead of jackson2
- Jackson type prefix instead of Jackson2
- JsonMapper instead of ObjectMapper
- For configuration, JsonMapper.Builder instead of ObjectMapper
since the latter is now immutable
- Remove custom support for unmodifiable collections
- Use safe default typing via a PolymorphicTypeValidator
Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md .
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2025-10-19 17:03:19 -05:00
fc795a81d4
PAR uses requested scopes on consent
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Has been cancelled
Details
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
2025-10-17 16:14:31 -04:00
c5e141ad07
Change JavaDoc to FactorGrantedAuthority
...
Issue gh-18030
2025-10-16 14:00:43 -06:00
cefc0cddec
Propagate All Missing Factors
...
Closes gh-18000
2025-10-16 13:41:45 -06:00
7f29585df4
Remove OidcUserService.setAccessibleScopes()
...
Closes gh-18056
2025-10-16 15:12:10 -04:00
702878acae
Create AuthorizationManagerFactories.multiFactor
...
Closes gh-18032
2025-10-10 16:24:47 -05:00
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority
...
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.
This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.
Closes gh-18030
2025-10-10 16:24:46 -05:00
586081c125
Revert "Temporarily fix integration tests"
...
This reverts commit 35f41f87d1
2025-10-10 13:33:42 -04:00
1cca9c5822
Enable PKCE by default in authorization server
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-18020
2025-10-09 09:51:17 -04:00
51fe7ff737
Return device_code grant metadata when enabled
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Has been cancelled
Details
Execute Gradle Wrapper Upgrade / Execution (push) Has been cancelled
Details
Issue gh-17998
2025-10-04 05:38:11 -04:00
2473378fcd
Use RequiredFactorErrors
...
Closes gh-18002
2025-10-03 15:20:03 -05:00
ce36fc1e76
Add FactorGrantedAuthority
...
Closes gh-17996
2025-10-03 15:20:00 -05:00
477a456d6c
Disable device_code grant by default
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17998
2025-10-03 14:10:13 -04:00
8c65dc93f2
Enable PKCE by default
...
Closes gh-17507
Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
2025-10-03 13:08:04 -04:00
54aae36f98
Add support for OAuth 2.0 Protected Resource Metadata
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17244
2025-10-02 14:50:17 -04:00
681e166be8
Remove default HttpSecurity.securityMatcher() for authorization server
...
Closes gh-17965
2025-10-01 11:45:21 -04:00
f3761aff99
Add support for OAuth 2.0 Dynamic Client Registration Protocol
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17964
2025-09-25 16:33:16 -04:00
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config
...
Closes gh-17957
2025-09-25 11:50:13 -05:00
be20201bf7
FACTOR uses defaultEntryPoint when possible
...
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.
Issue gh-gh-17955
2025-09-25 11:18:20 -05:00
f652920bb3
Add @EnableGlobalMultiFactorAuthentication
...
Closes gh-17954
2025-09-24 14:47:26 -05:00
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY
...
Closes gh-17952
2025-09-24 09:53:56 -05:00
d757e6e44e
Response to Additional Feedback
...
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler
Issue gh-17901
Issue gh-17934
2025-09-23 18:16:22 -06:00
50ebd467c3
Polish Default Login Page
...
Issue gh-17901
2025-09-23 17:59:23 -06:00
42376e2eee
Prepopulate Username When Known
...
Closes gh-17935
2025-09-23 17:59:22 -06:00
e813aad82b
Support Showing One Part of Login Page
...
Closes gh-17901
2025-09-23 17:59:21 -06:00
9f317757c3
Make Public Missing Authority AccessDeniedHandler
...
Issue gh-17934
2025-09-23 17:59:19 -06:00
df7a7cdc99
Update Test for Method Security
...
Issue gh-17936
2025-09-23 17:16:33 -06:00
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities
...
Issue gh-17934
2025-09-23 17:16:32 -06:00
fe17f2904d
Initial Exception Handling
...
This commit hardcodes factors as a proof of concept for
multi-factor authentication
Issue gh-17934
2025-09-23 17:16:30 -06:00
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics
...
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory
Issue gh-17860
2025-09-23 10:32:02 -05:00
a63e87d8fb
Remove Static Mock
...
These can cause infinite loops when running
tests in an IDE.
2025-09-19 17:53:52 -06:00
229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL
...
Closes gh-17860
2025-09-19 16:38:02 -05:00
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager
...
Closes gh-17936
2025-09-19 12:07:59 -06:00
6e7a181eac
Polish Authentication Factors
...
Issue gh-17933
2025-09-19 11:32:28 -06:00
0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider
...
Issue gh-17933
2025-09-19 11:32:27 -06:00
e8accd0499
Add Factory Authority When Authentication Succeeds
...
Issue gh-17933
2025-09-19 11:32:26 -06:00
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot
...
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.
Issue gh-17932
2025-09-19 09:33:50 -05:00
Daniel Garnier-Moiroux
Rob Winch
Simon Von
Josh Cummings
Joe Grandja
Sébastien Deleuze
Rohan Naik