root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 11 Packages Projects Releases Wiki Activity
19,809 Commits 51 Branches 367 Tags 125 MiB
Commit Graph

19809 Commits

Author SHA1 Message Date
github-actions[bot] 007d7da42a Merge branch '6.3.x' into 6.4.x 2025-02-04 04:00:20 +00:00
dependabot[bot] 002dbf355a Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:59:36 -08:00
dependabot[bot] 60f14c2df6 Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:57:07 -08:00
dependabot[bot] e8e41e936f Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.12 to 8.12.1.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.12...8.12.1)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:55:43 -08:00
Steve Riesenberg 54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews 58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Josh Cummings e63ef3cdc4
Merge branch '6.4.x' 2025-02-03 12:35:53 -07:00
Josh Cummings 47fd6befde
Ensure Serialization Compatibility for AuthenticationException 
Issue gh-16286
 2025-02-03 12:34:43 -07:00
dae won 6a94a294ea Lazily compose debug message in AbstractUserDetailsAuthenticationProvider 
Closes gh-16495

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-02-03 12:27:49 -07:00
Max Batischev 61d92e9db9 Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-03 12:15:20 -07:00
Josh Cummings b98ece3e03
Clarify Commit Message Guideline 
We typically use imperative; however, this can feel unnatural on occasion.
For example 'S101 Depends On Assemble' would sound unnatural as 'S101 Depend On Assemble'
 2025-02-03 11:31:54 -07:00
Josh Cummings 6730167445
Correct Link Anchor Syntax 2025-02-03 10:33:23 -07:00
Josh Cummings 0f8e1936ff
Merge branch '6.4.x' 2025-02-03 10:19:31 -07:00
NeoTraveler e31f04bebc
`withValue` used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00
Josh Cummings 5efc60d380
Merge branch '6.4.x' 2025-02-03 10:13:37 -07:00
Josh Cummings 5ff87128b1
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-02-03 10:13:14 -07:00
Tran Ngoc Nhan bcc4b415b3
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-02-03 10:13:13 -07:00
Steve Riesenberg b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02 1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
github-actions[bot] 22605be60e Merge branch '6.4.x' 2025-02-03 04:16:01 +00:00
dependabot[bot] eb4befa28e Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:15:24 -08:00
github-actions[bot] 043ec05334 Merge branch '6.4.x' 2025-02-03 04:14:47 +00:00
dependabot[bot] ca3c763c04 Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:14:06 -08:00
dependabot[bot] df1b3032c7 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:53:23 -08:00
dependabot[bot] 330489e04a Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:52:02 -08:00
github-actions[bot] 291fae89a9 Merge branch '6.3.x' into 6.4.x 2025-02-03 00:53:13 +00:00
github-actions[bot] db41f7e1ca Merge branch '6.4.x' 2025-02-03 00:53:13 +00:00
dependabot[bot] 7d5414b349 Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:52:21 -08:00
dependabot[bot] e5583de8de Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:26:12 -08:00
Rob Winch 10394c8f2a
OTT Tests use Mocks Instead of Comparing Expires 
Previously, expires was compared to test if a custom implementations
were used. Now the tests verify this through mocks.

Closes gh-16515
 2025-01-31 16:47:50 -06:00
Christian b56650100a
Removes the use of `StringUtils` from `DelegatingPasswordEncoder` 
Closes gh-16442

Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>
 2025-01-31 15:43:24 -06:00
dependabot[bot] 2aa2e646d4 Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.12.0...gson-parent-2.12.1)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-30 19:33:34 -08:00
tejas-teju e724ea16a4 Update UsernameNotFoundException message 
Closes gh-16497

Signed-off-by: tejas-teju <tejas8196@gmail.com>
 2025-01-30 18:25:52 -07:00
Josh Cummings 5af4b9a2ad
Merge branch '6.4.x' 2025-01-30 18:06:01 -07:00
Josh Cummings 4b5bacf71a
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-01-30 18:05:17 -07:00
Tran Ngoc Nhan e50415de85
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-01-30 17:45:41 -07:00
guesshe 67c1438282
Update settings.gradle 
Closes gh-16322

Signed-off-by: guesshe <42242590+guesshe@users.noreply.github.com>
 2025-01-30 13:51:40 -06:00
dependabot[bot] cb16f48041 Bump com.google.code.gson:gson from 2.11.0 to 2.12.0 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.11.0 to 2.12.0.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-29 19:28:39 -08:00
Josh Cummings 174f17e8a7
Merge branch '6.4.x' 2025-01-27 16:36:56 -07:00
Josh Cummings fbebd03c08
Merge branch '6.3.x' into 6.4.x 2025-01-27 16:36:03 -07:00
Josh Cummings 2de2e3803a
Update to Gradle 8.12.1 
Closes gh-16485
 2025-01-27 16:35:13 -07:00
Josh Cummings 7030a62c76
Merge branch '6.4.x' 2025-01-24 11:48:13 -07:00
Josh Cummings 28615e7f64
Remove Stray Import 2025-01-24 11:47:40 -07:00
Josh Cummings 6707b06fcc
Merge branch '6.4.x' 2025-01-24 11:31:53 -07:00
Josh Cummings 47fc2bff95
Merge branch '6.3.x' into 6.4.x 2025-01-24 11:31:44 -07:00
Josh Cummings 43a2fbf5ad
Ensure s101 Runs After Assemble 
Issue gh-16482
 2025-01-24 11:31:22 -07:00
Josh Cummings 351f6c9a1e
Merge branch '6.4.x' 2025-01-24 11:26:09 -07:00
Josh Cummings f4d2b61405
Merge branch '6.3.x' into 6.4.x 2025-01-24 11:25:42 -07:00
Josh Cummings d6b295ba2c
S101 Depends On Assemble 
Closes gh-16482
 2025-01-24 11:25:26 -07:00
dependabot[bot] 5d9011b745 Bump org.seleniumhq.selenium:selenium-java from 4.28.0 to 4.28.1 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.28.0 to 4.28.1.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-23 19:39:59 -08:00