spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	b1a50a25b6	Check If toBuilder Is Implemented Since RC1 is right around the corner, let's change the API footprint as little as possible by using reflection to check if a class has declared toBuilder themselves. If they have, we can assume that that class's builder will produce that class. Issue gh-18052	2025-10-16 13:41:45 -06:00
Josh Cummings	4281f6b00b	Prevent Duplicate Authorities Issue gh-17981	2025-10-16 13:41:45 -06:00
Josh Cummings	0fcef6dca2	Add Missing Mock Configuration	2025-10-16 13:41:45 -06:00
Josh Cummings	2e7cdd7b14	Revert "Merge branch 'builder-enhancements'" This reverts commit `95644fb73c`, reversing changes made to `fbf7bb3be1`. Reverting this commit will allow us more time to consider the ideal way to add this support to the public API.	2025-10-16 13:41:45 -06:00
Josh Cummings	cefc0cddec	Propagate All Missing Factors Closes gh-18000	2025-10-16 13:41:45 -06:00
Joe Grandja	af1de950ae	Align setRetrieveUserInfo() between OidcUserService and OidcReactiveOAuth2UserService Closes gh-18057	2025-10-16 15:12:10 -04:00
Joe Grandja	7f29585df4	Remove OidcUserService.setAccessibleScopes() Closes gh-18056	2025-10-16 15:12:10 -04:00
Rob Winch	2eb5da3764	Deprecate CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details The member is public, so we need to deprecate it rather than remove it. Issue gh-18035 Closes gh-18058	2025-10-16 14:03:19 -05:00
Tran Ngoc Nhan	f5d33457dc	Fix-typos Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-10-16 14:03:19 -05:00
parthokr	938a5a7c77	Fix typo in AuthenticationProvider Javadoc Signed-off-by: parthokr <partho.kr@proton.me>	2025-10-16 13:54:00 -05:00
dependabot[bot]	f03213383e	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-16 12:54:46 -05:00
Rob Winch	fc2b1f9923	Merge branch '6.5.x'	2025-10-16 12:53:33 -05:00
Rob Winch	dee33b5337	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details CI / Build (17, ubuntu-latest) (push) Has been cancelled Details CI / Build (17, windows-latest) (push) Has been cancelled Details CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details CI / Check Samples (push) Has been cancelled Details Deploy Docs / build (push) Has been cancelled Details CI / Deploy Artifacts (push) Has been cancelled Details CI / Deploy Docs (push) Has been cancelled Details CI / Deploy Schema (push) Has been cancelled Details CI / Perform Release (push) Has been cancelled Details CI / Send Notification (push) Has been cancelled Details	2025-10-16 12:52:50 -05:00
Rob Winch	9f936015ff	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12	2025-10-16 12:52:46 -05:00
Rob Winch	79dfbe14c2	Merge branch '6.4.x' into 6.5.x	2025-10-16 12:52:34 -05:00
Rob Winch	b75f2582c4	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details CI / Build (17, ubuntu-latest) (push) Has been cancelled Details CI / Build (17, windows-latest) (push) Has been cancelled Details CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details CI / Check Samples (push) Has been cancelled Details Deploy Docs / build (push) Has been cancelled Details CI / Deploy Artifacts (push) Has been cancelled Details CI / Deploy Docs (push) Has been cancelled Details CI / Deploy Schema (push) Has been cancelled Details CI / Perform Release (push) Has been cancelled Details CI / Send Notification (push) Has been cancelled Details	2025-10-16 12:51:41 -05:00
Joe Grandja	67c3ceb611	Fix NullAway error CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Related https://github.com/spring-projects/spring-framework/pull/35629	2025-10-15 14:53:06 -04:00
Josh Cummings	95644fb73c	Merge branch 'builder-enhancements' CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Issue gh-18052 Issue gh-18053	2025-10-15 12:02:41 -06:00
Josh Cummings	21ff7688cc	Move Builder to Authentication Leaving the Builder in Authentication allows authentication implementations to implement Builder without needing to implement BuildableAuthentication. Issue gh-18052	2025-10-15 12:01:11 -06:00
Josh Cummings	4102007119	Add Builder#authentication This commit consolidates logic common to applying one authenticaiton to another. Specifically, it will copy the authorities in one authentication into the builder instance of another. Closes gh-18053	2025-10-15 12:01:11 -06:00
Josh Cummings	e535e61c8b	Move toBuilder to BuildableAuthentication Closes gh-18052	2025-10-15 12:01:11 -06:00
Joe Grandja	fbf7bb3be1	Allow OAuth2AuthorizationRequest to be extended CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Closes gh-18049	2025-10-14 16:34:59 -04:00
Ivan Golovko	979ac7c336	Remove cache from (Reactive)OidcIdTokenDecoderFactory CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Closes gh-16647 Signed-off-by: iigolovko <iigolovko@ginc-it.ru>	2025-10-14 11:24:54 -04:00
dependabot[bot]	90a1c2c15d	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-14 03:20:40 +00:00
dependabot[bot]	978459bd1d	Bump io.micrometer:micrometer-observation from 1.14.11 to 1.14.12 Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.11 to 1.14.12. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.11...v1.14.12) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-observation dependency-version: 1.14.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-14 03:15:43 +00:00
Rob Winch	2af57c40ef	Update to JUnit 6.0.0 CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details To do this, we also need Spring Framework 7.0.0-SNAPSHOTs Closes gh-18040	2025-10-13 11:16:56 -05:00
Rob Winch	b864be92d8	Update to Reactor 2025.0.0-SNAPSHOT To prepare for the release we should update to Reactor 2025.0.0-SNAPSHOT to fix any issues that are present. Closes gh-18041	2025-10-13 11:16:27 -05:00
Rob Winch	4b6c9cca7e	Enable SNAPSHOT builds To use Reactor SNAPSHOTs in gh-18041 we need to enable the snapshot repositories. Issue gh-18041	2025-10-13 11:15:53 -05:00
dependabot[bot]	73690a928b	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.33.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-13 03:27:33 +00:00
dependabot[bot]	7cc9d2849e	Bump org.hibernate.orm:hibernate-core from 6.6.31.Final to 6.6.33.Final Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.31.Final to 6.6.33.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.33/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.31...6.6.33) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.33.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-13 03:16:24 +00:00
Rob Winch	78701f94ee	Document RequiredFactor Valid Duration CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Has been cancelled Details Issue gh-17997	2025-10-10 16:24:47 -05:00
Rob Winch	2b4e36c67f	Add RequiredFactor.Builder.<factor-name>Authority() Closes gh-18033	2025-10-10 16:24:47 -05:00
Rob Winch	702878acae	Create AuthorizationManagerFactories.multiFactor Closes gh-18032	2025-10-10 16:24:47 -05:00
Rob Winch	488e55032e	AllFactorsAuthorizationManager->AllRequiredFactorsAuthorizationManager This allows the authorization logic to be relaxed so that if RequiredFactor only has an authority specified, then the GrantedAuthority can be of any type. Closes gh-18031	2025-10-10 16:24:47 -05:00
Rob Winch	d18431a78d	Move FACTOR_ constants to FactorGrantedAuthority Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030	2025-10-10 16:24:46 -05:00
Rob Winch	e290c98e97	Document Multi-Factor Simple to Complex This reworks the Multi-Factor documentation to start with the simplest scenario and work to progressively more complex requirements. Closes gh-18029	2025-10-10 16:23:38 -05:00
Rob Winch	473baad6bd	Add RequiredAuthoritiesRepository Closes gh-18028	2025-10-10 15:42:17 -05:00
Joe Grandja	586081c125	Revert "Temporarily fix integration tests" This reverts commit `35f41f87d1`. Issue gh-17880	2025-10-10 13:33:42 -04:00
Rob Winch	864a9b2fb3	Fix ProviderManager.copyDetails Changes Authentication Type Closes gh-18027	2025-10-10 11:03:49 -05:00
Joe Grandja	1213dbe76f	Fix checkstyle CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details	2025-10-09 13:51:50 -04:00
Joe Grandja	3656e7ad8c	Add tests to OAuth2AuthorizationServerJackson2ModuleTests	2025-10-09 13:23:38 -04:00
Joe Grandja	1cca9c5822	Enable PKCE by default in authorization server CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Closes gh-18020	2025-10-09 09:51:17 -04:00
Joe Grandja	469ed09645	Allow setting Clock in OAuth2TokenGenerator implementations CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Has been cancelled Details Closes gh-18017	2025-10-07 16:34:43 -04:00
Joe Grandja	1d7f4c3b11	Polish javadoc for ClientSettings.requireAuthorizationConsent Issue gh-18016	2025-10-07 11:29:10 -04:00
Joe Grandja	baa3b287d6	Add Predicate for authorizationConsentRequired for device code grant Introduces customizable Predicate to determine if user consent is required in device authorization flows. Previously, device consent handling used fixed logic. Now applications can define custom logic for skipping or displaying consent pages. Adds OAuth2DeviceVerificationAuthenticationContext and updates OAuth2DeviceVerificationAuthenticationProvider with setAuthorizationConsentRequired method. Fixes gh-18016 Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>	2025-10-07 11:13:30 -04:00
dependabot[bot]	d5c5bb234c	Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 14:01:08 -05:00
Rob Winch	83da86a358	DefaultLoginPageGeneratingFilter uses List This fixes an ordering problem with query parameters of the tests. Issue gh-18002	2025-10-06 09:34:06 -05:00
dependabot[bot]	71e6d81910	Bump com.webauthn4j:webauthn4j-core Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.7.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:29:57 -05:00
dependabot[bot]	16475d3453	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:15:25 -05:00
Rob Winch	3f84e96711	Bump io.mockk:mockk from 1.14.5 to 1.14.6	2025-10-06 09:13:16 -05:00

... 2 3 4 5 6 ...

19809 Commits All Branches Search

19809 Commits

All Branches