9866435946
Fix security-nullability plugin in taglibs
...
Issue gh-17828
2025-08-30 20:44:29 -05:00
5370f1190f
Enable Null checking in spring-security-taglibs via JSpecify
...
Closes gh-17828
2025-08-30 20:40:34 -05:00
f13d8d5c75
Fix Nullability in WebInvocationPrivilegeEvaluator
...
Issue gh-17535
2025-08-30 20:38:58 -05:00
1216ee598f
Enable Null checking in spring-security-rsocket via JSpecify
...
Closes gh-16882
2025-08-30 20:04:32 -05:00
a4a4908d71
Enable Null checking in spring-security-cas via JSpecify
...
Closes gh-16882
2025-08-30 11:22:30 -05:00
0ff9f10696
Merge branch '6.4.x' into 6.5.x
2025-08-30 10:00:45 -06:00
7e3bf9662c
Polish InteractiveAuthenticationSuccessEvent Sample
...
The sample better matches a value that would be used in the constructor
Issue gh-16276
2025-08-30 10:00:24 -06:00
be64c67af5
Enable Null checking in spring-security-web via JSpecify
...
Closes gh-16882
2025-08-29 16:17:49 -05:00
a58f3282d9
Fix config/src/test/kotlin nullability for web
...
Issue gh-17535
2025-08-29 15:46:08 -05:00
c2ba662b91
Enable Null checking in spring-security-web via JSpecify
...
Closes gh-17535
2025-08-29 15:06:48 -05:00
49f308adb0
Use Supplier<? extends @Nullable Authentication>
...
Previously Supplier<@Nullable Authentication> was used. This prevented
Supplier<Authentication> from being used. The code now uses
Supplier<? extends @Nullable Authentication> which allows for both
Supplier<@Nullable Authentication> and Supplier<Authentication>.
Closes gh-17814
2025-08-29 09:46:58 -05:00
4cbe8de7ea
Polish RSocket Anonymous Support
...
Changed the DSL method name to anonymous to align with jwt.
Since basicAuthenication is deprecated, we don't need to
align with its naming convention.
Also added a since attribute to the method.
Issue gh-17132
2025-08-26 17:33:40 -06:00
559b73b39f
Add Disabling Anonymous Authentication in RSocketSecurity
...
Closes: gh-17132
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
2025-08-26 17:33:40 -06:00
3278f3a410
Add discoverJwsAlgorithms() in NimbusJwtDecoder
...
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
2025-08-26 17:07:47 -06:00
36f1de945f
Add OneTimeTokenAuthentication
...
Closes gh-17799
2025-08-22 15:46:54 -06:00
6663eea65f
Polish OTT Tests
...
Improve tests so that they do not rely on OneTimeTokenAuthenticationToken
as the concrete type.
Issue gh-17799
2025-08-22 15:46:53 -06:00
89b2f9cf54
Improve Test Runnability in IDE
...
In some configurations, Configuration classes with static elements
may cause a test to hang. This commit changes JeeConfigurerTests
test configuration classes to use mock beans instead of referencing
them as static fields.
2025-08-22 15:46:53 -06:00
0e39685b9c
Merge branch '6.5.x'
2025-08-22 12:40:41 -06:00
9d64880ea9
Merge branch '6.4.x' into 6.5.x
2025-08-22 12:40:12 -06:00
8b2a453301
Advise Favoring PostAuthorize on Reads
...
Closes gh-17797
2025-08-22 12:39:51 -06:00
d1962201b5
Merge branch '6.5.x'
2025-08-22 11:07:59 -06:00
857ca9c412
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x
2025-08-22 11:07:37 -06:00
894105aab5
Fix traceId discrepancy in case error in servlet web
...
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
2025-08-22 11:06:37 -06:00
f7f41ba6c4
Add missing @NullMarked to spring-data package-info
...
Issue gh-17789
2025-08-22 12:03:16 -05:00
f496ded4e5
AuthorizationManager allows null Authentication
...
It is possible to have a null Authentication and so the
AuthorizationManager APIs should allow for passing it in.
Closes gh-17795
2025-08-22 12:03:16 -05:00
583e668c6b
Remove opensaml5Test Task
...
Issue gh-17707
2025-08-22 09:19:20 -06:00
d6a0e3bf78
Fix Nullability Imports
...
Issue gh-17789
2025-08-22 09:00:15 -05:00
312c2049f3
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10
...
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer ) from 1.14.9 to 1.14.10.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases )
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.10 )
---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
dependency-version: 1.14.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-22 04:10:44 +00:00
3dd4686feb
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.1.8 to 2024.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.9 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.1.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-22 03:38:28 +00:00
29bb4919ca
Add Nullability to spring-security-data
...
Closes gh-17789
2025-08-21 13:42:27 -05:00
d9210c6596
Fix Nullability
2025-08-21 13:41:02 -05:00
b8b1a92ad4
Revert "Apply Nullability to spring-security-data"
...
This reverts commit bbcdb23698
2025-08-21 13:35:39 -05:00
bbcdb23698
Apply Nullability to spring-security-data
2025-08-21 13:27:47 -05:00
9bbf837c7c
Merge branch '6.5.x'
2025-08-21 12:44:42 -05:00
8a1e2a22f9
Merge branch 'gh-16226-servlet-test-method' into 6.5.x
2025-08-21 12:44:27 -05:00
0404996f87
import Assertions.assertThat
...
This adds a static import for assertThat in the Kotlin docs code
2025-08-21 12:35:13 -05:00
0f63d98c84
Use @EnableMethodSecurity in docs tests
...
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
2025-08-21 12:35:13 -05:00
fbfbb1e571
Use 2004-present for Copyright
...
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
2025-08-21 12:35:13 -05:00
d002e68231
Update servlet test method docs to use include-code
...
References gh-16226
Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
2025-08-21 12:35:13 -05:00
41162aa7e3
Polish WebFluxSecurityConfiguration
...
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-08-21 11:16:12 -06:00
d86f2c957d
Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor
...
It's friendly for Spring Boot's `@ConditionalOnMissingBean`, and:
>> When defining a Spring `@Bean` method, it is generally recommended to declare the most specific type possible as the method's return type. This means returning the concrete class of the bean, or the most specific interface that the bean implements and through which it will be referenced in the application.
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-08-21 11:16:12 -06:00
62b5b1a77c
import Assertions.assertThat
...
This adds a static import for assertThat in the Kotlin docs code
2025-08-21 11:19:05 -05:00
523222c24d
Use @EnableMethodSecurity in docs tests
...
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
2025-08-21 11:15:42 -05:00
69f38d4933
Use 2004-present for Copyright
...
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
2025-08-21 11:13:45 -05:00
0179a811c7
Update servlet test method docs to use include-code
...
References gh-16226
Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
2025-08-21 11:12:42 -05:00
7ce2bdd701
Merge branch '6.5.x'
2025-08-21 08:55:57 -05:00
de4ceffc4f
Merge branch '6.4.x' into 6.5.x
2025-08-21 08:55:48 -05:00
8c920a7ee7
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9
2025-08-21 08:55:15 -05:00
b9653346a1
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final
2025-08-21 08:54:19 -05:00
9e6bcbd1d0
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10
2025-08-21 08:54:18 -05:00
Rob Winch
Josh Cummings
Andrey Litvitski
Nikita Konev
dependabot[bot]
Joe Kuhel
Yanming Zhou