3226 Commits

Author	SHA1	Message	Date
Josh Cummings	057b7c68fb	Add Serializable Sample ... Closes gh-17728	2025-08-14 16:39:49 -06:00
Josh Cummings	7b1c917593	Merge branch '6.5.x'	2025-08-14 16:34:48 -06:00
Josh Cummings	9b7e0e10fc	Add Serializable Sample ... Closes gh-17727	2025-08-14 16:20:06 -06:00
Josh Cummings	4fab90b2b8	Merge branch '6.4.x' into 6.5.x	2025-08-14 15:54:16 -06:00
Josh Cummings	10948b5b7a	Make OpenSamlAssertingPartyDetails Serializable ... Closes gh-17622	2025-08-14 15:52:58 -06:00
Joe Grandja	df3080b0e2	Merge branch '6.5.x'	2025-08-12 14:45:23 -04:00
Joe Grandja	518ae27105	Fix JwtDecoderFactory ClassNotFoundException with DPoP authentication ... Closes gh-17249	2025-08-12 14:28:30 -04:00
Josh Cummings	6d1a886f92	Deprecate SERIAL_VERSION_UID ... Closes gh-17623	2025-08-07 11:09:35 -06:00
Tran Ngoc Nhan	d6e378e9bb	Apply Diamond Operator ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-31 10:59:55 -06:00
Deep Dhamala	ca557a9880	Simplify Error Message for Unsupported Security XSD Versions ... Closes gh-17153 Signed-off-by: Deep Dhamala <dhamaladeep2@gmail.com>	2025-07-31 10:40:54 -06:00
Tran Ngoc Nhan	1a56023f7f	Use Spring Framework Nullability Annotations ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-31 10:18:51 -06:00
Rob Winch	f6cb0bd610	Merge Use 2004-present Copyright Header ... The original merge into main did not apply the changes. This fixes it. Closes gh-17635	2025-07-29 10:52:42 -05:00
Rob Winch	2fdca16c1a	Merge branch '6.4.x' into 6.5.x ... Closes gh-17634	2025-07-29 09:47:52 -05:00
Rob Winch	392129b616	Use 2004-present Copyright Header ... The Spring portfolio is changing to use <inception-year>-present in the copyright headers to simplify keeping headers up to date. This commit updates the headers and the checkstyle accordingly. The commit updated etc/checkstyle/header.txt It also updated the copyright headers using the following find/replace: Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors. Replace: Copyright 2004-present the original author or authors. Closes gh-17633	2025-07-29 09:45:23 -05:00
Rob Winch	79cd982341	Extract spring-security-webauthn ... Closes gh-17586	2025-07-22 17:18:38 -05:00
Rob Winch	7c887d2da1	Add nullability to spring-security-core ... Closes gh-17534	2025-07-22 16:29:13 -05:00
Rob Winch	85dc06bbdf	Merge branch '6.5.x' ... Closes gh-17581	2025-07-21 09:30:11 -05:00
Rob Winch	80ccb9b3cf	Merge branch '6.4.x' into 6.5.x ... Closes gh-17580	2025-07-21 09:29:20 -05:00
Rob Winch	829af961f0	Use Meaningful Configurer Names in Test ... This just renames the Configurer names used in AbstractConfiguredSecurityBuilderTests to be more meaningful. Issue gh-17020 gh-17011 Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>	2025-07-21 09:27:36 -05:00
Rob Winch	fca704e61f	Fix getConfigurersInInitializing Semantics ... A getter should not mutate state. This removes getConfigurersInInitializing in favor of inline code since this is just used once. Issue gh-17020 gh-17011 Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>	2025-07-21 09:27:36 -05:00
Rob Winch	ea9dd2728e	Support add nested security configurers during builder initialization ... Closes gh-17011 Signed-off-by: DingHao <dh.hiekn@gmail.com>	2025-07-21 09:27:27 -05:00
Josh Cummings	63e0a56bee	Add setBasePath ... Originally, it was thought that this feature would be rather uncommon; however, given some feedback from the Boot team, it makes sense to make this easier to configure. Of specific note is migrating from an earlier version were the servlet path did not need to be specified in authorizeHttpRequests. Since it does in 7, this will be a significant migration for those who have a servlet path configured. This setter simplifies that a great deal, including simplifying Boot's support of it. Closes gh-17579	2025-07-20 22:57:06 -06:00
Josh Cummings	15fc898804	Make DataTargetVisitor package-private ... Closes gh-17561	2025-07-18 11:03:21 -06:00
Joe Grandja	a1f5b343ab	Merge branch '6.5.x'	2025-07-18 09:01:01 -04:00
Joe Grandja	ecec7cb98f	Merge branch '6.4.x' into 6.5.x ... Closes gh-17557	2025-07-18 08:40:31 -04:00
Marcus Hert da Coregio	2a38de48b8	Fix securityContextRepository() initialization in oauth2Login() DSL ... Closes gh-17502 Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>	2025-07-18 07:48:05 -04:00
Josh Cummings	25f69e92c7	Merge branch '6.5.x'	2025-07-17 18:04:52 -06:00
Josh Cummings	72eb3065de	Remove AuthorizationWebProxyConfiguration From Reactive ... Closes gh-17545	2025-07-17 17:42:45 -06:00
DingHao	dadf4c0b8a	Remove shouldFilterAllDispatcherTypes ... Closes gh-12139 Signed-off-by: DingHao <dh.hiekn@gmail.com>	2025-07-14 12:34:16 -06:00
DingHao	5fefdd5bb3	Remove AbstractConfiguredSecurityBuilder apply ... Closes gh-13441 Signed-off-by: DingHao <dh.hiekn@gmail.com>	2025-07-11 16:13:25 -06:00
Josh Cummings	4d3024cb49	Remove MessageSecurityMetadataSourceRegistry ... Issue gh-17295	2025-07-10 14:38:03 -06:00
Josh Cummings	684775b46a	Use PathPatternMessageMatcher By Default ... Issue gh-17501	2025-07-10 14:38:03 -06:00
Josh Cummings	ec16322000	Merge branch '6.5.x'	2025-07-10 13:19:14 -06:00
Josh Cummings	bc0d706275	Use PathPatternMessageMatcher.Builder in XML Config ... Closes gh-17508	2025-07-10 13:16:14 -06:00
Josh Cummings	7f8b9c895f	Use with Instead of Apply ... Issue gh-13204	2025-07-09 18:58:23 -06:00
Josh Cummings	728b5224cb	Add withDefaults Shortcut for Custom Configurers ... Issue gh-13204	2025-07-09 18:58:23 -06:00
Josh Cummings	f1725b25a0	Remove authorizeRequests ... Closes gh-15174	2025-07-09 17:33:11 -06:00
Josh Cummings	2c87270dbc	Use authorizeHttpRequests ... Issue gh-15174	2025-07-09 17:33:11 -06:00
Josh Cummings	da182a2d7c	Remove Deprecated OpenSaml Components ... Closes gh-17306	2025-07-09 14:06:51 -06:00
Rob Winch	e48fdd5ed4	Use UserWebTestClientConfigurer ... Closes gh-17496	2025-07-07 15:15:51 -05:00
Tran Ngoc Nhan	a439bc65d6	Remove EnableWebMvcSecurity ... Closes gh-17294 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:46:03 -06:00
Josh Cummings	19e88f5e35	Polish Tests ... Issue gh-17298	2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan	242956a63c	Remove deprecated elements from DaoAuthenticationProvider ... Closes gh-17298 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan	e52987d03c	Remove RoleHierarchyImpl Deprecations ... Closes gh-17297 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:22:22 -06:00
Matt Magoffin	62252c1232	Default to XorCsrfChannelInterceptor in XML ... Change WebSocketMessageBrokerSecurityBeanDefinitionParser to use XorCsrfChannelInterceptor by default, so WebSocket XML configuration matches the default Xor-based configuration already in WebSocketMessageBrokerSecurityConfiguration. Closes gh-17260 Signed-off-by: Matt Magoffin <matt@solarnetwork.net>	2025-07-07 13:02:15 -06:00
Josh Cummings	a9636c72d1	Merge branch '6.5.x'	2025-07-07 12:54:26 -06:00
Josh Cummings	bc20bd6340	Merge branch '6.4.x' into 6.5.x ... Closes gh-17495	2025-07-07 12:53:59 -06:00
Josh Cummings	8461feb028	Merge branch '6.3.x' into 6.4.x ... Closes gh-17494	2025-07-07 12:53:47 -06:00
Josh Cummings	4f5b17334e	Pick Up csrfChannelInterceptor in XML ... Closes gh-17493	2025-07-07 12:53:27 -06:00
Josh Cummings	42283a5c1d	Add Missing File ... Issue gh-17484	2025-07-07 11:18:57 -06:00
Josh Cummings	5ae1b73bae	Fix Cyclic Bean Dependency ... Closes gh-17484	2025-07-07 10:32:56 -06:00
Tran Ngoc Nhan	d8043dc8a7	Remove PrePostTemplateDefaults ... Closes gh-17296 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 15:47:27 -06:00
Tran Ngoc Nhan	21036c94b4	Remove Nimbus(Reactive)OpaqueTokenIntrospector ... Closes gh-17302 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan	519ae241f4	Fix Mock for Spring(Reactive)OpaqueTokenIntrospector ... Issue gh-17302 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 15:41:57 -06:00
Tran Ngoc Nhan	9312fb7004	Remove Deprecated AuthorizationDecision Elements ... Closes gh-17299 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 14:32:49 -06:00
Josh Cummings	d3e9e3138d	Remove AntPath and MvcRequestMatcher ... Closes gh-16886 Closes gh-16887	2025-07-03 13:37:50 -06:00
Josh Cummings	919ae1d636	Use PathPatternRequestMatcher in oauth2 ... Issue gh-16887	2025-07-03 13:37:49 -06:00
Josh Cummings	7da352129c	Use PathPatternRequestMatcher in saml2 ... Issue gh-16887	2025-07-03 13:37:48 -06:00
Josh Cummings	3e53cc2c4a	Use PathPatternRequestMatcher in config ... This commit changes the config module to use PathPatternRequestMatcher in favor of MvcRequestMatcher and AntPathRequestMatcher. This allows removing several HandlerMappingIntrospector support classes as well which were in place to support MvcRequestMatcher. Issue gh-16886 Issue gh-16887	2025-07-03 13:37:47 -06:00
Josh Cummings	98686a5139	Standardize Mock Request Paths ... Closes gh-17449	2025-07-03 13:37:47 -06:00
Josh Cummings	d5f986f733	Deprecate createMvcMatchers ... Issue gh-16631	2025-07-03 13:37:46 -06:00
Tran Ngoc Nhan	4d524b1fe1	Remove RelyingPartyRegistration Deprecations ... Closes gh-17309 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 13:15:44 -06:00
Soumik Sarker	526f8a6200	Removed deprecated class BearerTokenAuthenticationToken ... Issue gh-17309 Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2025-07-03 12:44:06 -06:00
Soumik Sarker	edb7a642c7	Removed deprecated class ObjectPostProcessor ... Issue gh-17309 Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2025-07-03 12:44:06 -06:00
Joe Grandja	e869bcdfa3	Remove deprecated implementations of OAuth2AccessTokenResponseClient ... Closes gh-16909	2025-07-03 14:23:23 -04:00
Joe Grandja	cfe38957d7	Remove Resource Owner Password Credentials grant ... Closes gh-17446	2025-07-03 14:23:23 -04:00
Kevin Yue	7de4217469	Don't cache WebSocket request ... PR gh-16741 Signed-off-by: Kevin Yue <yuezk001@gmail.com>	2025-06-27 15:47:05 -05:00
Rob Winch	00ead7f24d	Update to Kotlin 2.2	2025-06-26 17:29:12 -05:00
Tran Ngoc Nhan	e686ac6b11	Remove AbstractSecurityWebSocketMessageBrokerConfigurer ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-24 12:56:05 -06:00
Tran Ngoc Nhan	a74ce06dae	Remove JwtIssuer(Reactive)AuthenticationManagerResolver deprecations ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-24 12:33:00 -06:00
Josh Cummings	08cbdb4640	Merge remote-tracking branch 'origin/6.5.x'	2025-06-20 14:43:25 -06:00
Josh Cummings	9f88ef83eb	Polish Post-Processor Test ... Issue gh-17175 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2025-06-20 14:41:58 -06:00
Maciej Kowalski	46283b3452	Relax ObjectPostProcessor Type Constraints ... Closes gh-17175 Signed-off-by: Maciej Kowalski <f.kowal@gmail.com>	2025-06-20 14:41:58 -06:00
Josh Cummings	a4c338f8a5	Format authorizeExchange Blocks ... This commit formats authorizeExchange blocks to use a common variable name and ensure the variable and reference are on the same line. Issue gh-13067	2025-06-20 10:46:52 -06:00
Josh Cummings	da6c7b8759	Format Lambda Usage ... This commit updates Lambda DSL usage to favor having the variable and reference on the same line Issue gh-13067	2025-06-20 10:46:52 -06:00
Josh Cummings	777447e1d9	Format authorizeHttpRequests Blocks ... This commit formats authorizeHttpRequests blocks to use the same parameter name and places the reference on the same line as the parameter. Issue gh-13067	2025-06-20 10:46:51 -06:00
Josh Cummings	cf6b52d6f7	Format authorizeRequests Blocks ... This commit changes all auhorizeRequests declarations to use the same variable name and declare the lambda parameter and reference on the same line. Issue gh-13067	2025-06-20 10:46:51 -06:00
Josh Cummings	5dd40a7f10	Remove ServerHttpSecurity and() DSL Methods ... This commit removes all and() DSL methods with the exception of featurePolicy, which will be removed as a whole at another time. Closes gh-13067	2025-06-20 10:46:43 -06:00
Josh Cummings	f789abc87f	Use ServerHttpSecurity Lambda DSL in JavaDoc ... Issue gh-13067	2025-06-20 10:41:32 -06:00
Josh Cummings	461f00ed38	Use ServerHttpSecurity Lambda DSL in Config ... Issue gh-13067	2025-06-20 10:41:31 -06:00
Josh Cummings	9fcfacf283	Use ServerHttpSecurity Lambda DSL in Tests ... Issue gh-13067	2025-06-20 10:41:31 -06:00
Josh Cummings	1a7b1fcc7c	Remove HttpSecurity and() DSL Methods ... This commit removes all and() methods that have been deprecated in the HttpSecurity DSL with the exception of featurePolicy, which will be removed when that feature is removed. Note that since featurePolicy does not have a lambda equivalent, the and support needs to remain for the moment. Issue gh-13067	2025-06-20 10:41:31 -06:00
Josh Cummings	45a1447e9b	Use HttpSecurity Lambda DSL in JavaDoc ... Issue gh-13067	2025-06-20 10:41:30 -06:00
Josh Cummings	1435e0f3d3	Use HttpSecurity Lambda DSL in Config Tests ... Issue gh-13067	2025-06-20 10:41:30 -06:00
Josh Cummings	6ddb964c61	Remove ApacheDS Support ... Closes gh-13852	2025-06-19 11:55:34 -06:00
Josh Cummings	42e24aa53c	Fix Formatting	2025-06-17 16:55:22 -06:00
evga7	06ed6ef342	Simplify Csrf Processor Decision Logic ... Replaces repeated if-else string comparisons with a Set.contains() check for known WebSocket handshake handler class names in MessageSecurityPostProcessor. Improves readability and maintainability without changing behavior. Signed-off-by: Wonpyo Hong <evga7@naver.com>	2025-06-17 16:55:22 -06:00
Tran Ngoc Nhan	c2c84c4243	Update HttpSecurity javadoc ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-17 13:31:24 -05:00
Evgeniy Cheban	b0cecb37d2	Replace deprecated #check calls with #authorize ... Closes gh-16936 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-06-12 11:11:49 -06:00
Rob Winch	7bf2730a53	Add x509@principal-extractor-ref ... Enables customizing the X500PrincipalExtractor	2025-06-12 12:09:20 -05:00
Rob Winch	88ed4a5ccf	Use principalExtractor reference instead of properties	2025-06-12 12:09:20 -05:00
Max Batischev	aba437d469	Add Support SubjectX500PrincipalExtractor ... Closes gh-16980 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-12 12:09:20 -05:00
Josh Cummings	9b724377ce	Rework Saml2 Authentication Statement ... This commit separates the authentication principal, the assertion details, and the relying party tenant into separate components. This allows the principal to be completely decoupled from how Spring Security triggers and processes SLO. Specifically, it adds Saml2AssertionAuthentication, a new authentication implementation that allows an Object principal and a Saml2ResponseAssertionAccessor credential. It also moves the relying party registration id from Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication. As such, Saml2AuthenticatedPrincipal is now deprecated in favor of placing its assertion components in Saml2ResponseAssertionAccessor and the relying party registration id in Saml2AssertionAuthentication. Closes gh-10820	2025-06-10 17:21:03 -06:00
Christian Schuster	36c7b91fb9	SAML 2.0 Single Logout Uses Saml2AuthenticationInfo ... This allows SLO to be triggered without the authentication principal needing to implement a given interface. Issue gh-10820	2025-06-10 17:21:03 -06:00
Josh Cummings	aa3135169d	Polish Documentation ... Closes gh-14635	2025-06-09 16:49:36 -06:00
Liviu Gheorghe	3ddf201d66	Updated Copyrights ... Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>	2025-06-09 16:45:24 -06:00
1livv	edfd7b9b43	Addressed review comments ... Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>	2025-06-09 16:45:24 -06:00
1livv	358f6c96b5	Update config tests ... Signed-off-by: Liviu Gheorghe <liviu.gheorghe.ro@gmail.com>	2025-06-09 16:45:24 -06:00
Joe Grandja	2e913d2af9	Merge branch '6.5.x'	2025-06-05 16:22:35 -04:00
Joe Grandja	dab989d7c3	Fix NPE with DPoP tokenAuthenticationManager ... Closes gh-17172	2025-06-05 16:06:55 -04:00
Josh Cummings	c8b843c4c5	Merge branch '6.5.x'	2025-06-05 12:36:53 -06:00
damable-nuvolex	3b12e758d3	Fix inconsistent constructor declaration ... Closes gh-16325 Signed-off-by: damable-nuvolex <damable@nuvolex.com>	2025-06-05 12:36:27 -06:00
damable-nuvolex	a0c5504eca	Fix inconsistent constructor declaration ... Closes gh-16325 Signed-off-by: damable-nuvolex <damable@nuvolex.com>	2025-06-05 12:34:35 -06:00
Josh Cummings	eaab42a73c	Polish BearerTokenAuthenticationConverter Support ... - Moved to BearerTokenAuthenticationFilter constructor to align with AuthenticationFilter - Undeprecated BearerTokenResolver to reduce number of migration scenarios - Updated to 7.0 schema - Added migration docs Issue gh-14750	2025-06-04 18:17:17 -06:00
Max Batischev	4967f3feee	Add Support BearerTokenAuthenticationConverter ... Closes gh-14750 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-04 18:17:17 -06:00
Josh Cummings	3f0326d3f1	Merge remote-tracking branch 'origin/6.5.x'	2025-06-04 12:49:12 -06:00
Evgeniy Cheban	33ae1711a7	Set Precedence Order for Spring MVC TargetVisitor ... Closes gh-17185 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-06-04 12:47:36 -06:00
Josh Cummings	195f933438	Allow Default Ordering for TargetVisitor ... In tests, we want to both test that functionality works and also demonstrate common or expected usage, where possible. It is likely incorrect to use @Order(0) for a target visitor as this states that it should take precedence over all Spring Security visitors defined at a lower precedence. Also, it appears this may have been added this way because of a mock visitor that appears to be unused by any tests. Further, when an application has multiple visitors, they should use the TargetVisitor.of method to publish one bean with the order determined by the order of the method parameters instead of having two separate beans. This commit removes the @Order(0) annotation and also the mock visitor, deferring to the natural ordering afforded by the framework. Issue gh-15994	2025-06-02 13:41:21 -06:00
Evgeniy Cheban	fd4f06a66e	Support Spring Data container types for AuthorizeReturnObject ... Closes gh-15994 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-05-29 17:05:27 -06:00
Josh Cummings	6d3b54df21	Change Type Validation Default ... NimbusJwtDecoder and NimbusReactiveJwtDecoder now use Spring Security's JwtTypeValidator by default instead of Nimbus's type validator. Closes gh-17181	2025-05-28 16:11:13 -06:00
Yanming Zhou	42790403da	Use SpringReactiveOpaqueTokenIntrospector ... Now that NimbusReactiveOpaqueTokenIntrospector is deprecated, this commit changes the Spring Security default to now use SpringReactiveOpaqueTokenIntrospector. Issue gh-15988 Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	2025-05-27 14:25:31 -06:00
Josh Cummings	596449d882	Polish ... Issue gh-14149	2025-05-27 11:44:33 -06:00
Felix Hagemans	1a4de49977	Create CsrfCustomizer for SPA configuration ... Closes gh-14149 Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>	2025-05-27 11:44:33 -06:00
Josh Cummings	52394c1f07	Propagate Any AccessDeniedException ... Any time a response handler throws an exception, we want to propagate an underlying AccessDeniedException if their is one. Issue gh-16058	2025-05-23 15:18:01 -06:00
Evgeniy Cheban	fae61b9426	Propagate AccessDeniedException for Authorized Objects Returned from a Controller ... Closes gh-16058 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-05-23 15:18:01 -06:00
dae won	8612e952fe	Make AuthorizationProxyFactory#proxy Generic ... Closes gh-16706 Signed-off-by: dae won <eodnjs01477@gmail.com>	2025-05-23 14:48:11 -06:00
Max Batischev	f4b8e2421a	Add Support Credentialless COEP Header ... Closes gh-16991 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-23 14:45:59 -06:00
Josh Cummings	97923ebfaf	Merge branch '6.5.x'	2025-05-21 16:47:45 -06:00
Josh Cummings	4bf03bde5b	Merge branch '6.4.x' into 6.5.x	2025-05-21 16:47:25 -06:00
Josh Cummings	3186e8df84	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-05-21 16:46:54 -06:00
Andrey Litvitski	4048b2bd7d	Use `HttpStatus` in BackChannel Logout Filters ... Closes gh-17125 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2025-05-21 16:45:46 -06:00
Tran Ngoc Nhan	a511171309	Add test and update javadoc for CommonOAuth2Provider ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-13 12:45:38 -06:00
Joe Grandja	44303d2c80	Polish gh-17080	2025-05-13 14:36:44 -04:00
Joe Grandja	a265ac6ae7	Polish gh-17080	2025-05-13 14:35:23 -04:00
Joe Grandja	ba7be9c8b9	Merge branch '6.5.x'	2025-05-09 16:14:34 -04:00
Joe Grandja	e3c39f02bc	Add documentation for DPoP support ... Closes gh-17072	2025-05-09 16:02:14 -04:00
Rob Winch	693a5beb24	Format CommonOAuth2Provider	2025-05-07 14:55:04 -05:00
kiruthiga1793	23e7c9eeaa	Add Twitter/X to CommonOAuth2Provider ... Signed-off-by: kiruthiga1793 <pkiruthiga93@gmail.com>	2025-05-07 11:24:29 -05:00
Rob Winch	506a801f29	Merge branch '6.5.x' ... - WebAuthnConfigurer Code Cleanup Closes gh-17063	2025-05-06 15:22:36 -05:00
Max Batischev	66e614cb0b	WebAuthnConfigurer Code Cleanup ... Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-06 15:20:08 -05:00
Max Batischev	421fcaee12	Add Assertions To WebAuthnConfigurer ... Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-05-06 15:20:08 -05:00
Rob Winch	b453840c0a	HttpHeaders no longer a MultiValueMap ... Closes gh-17060	2025-05-06 13:27:13 -05:00
Rob Winch	3976e7d456	BodyInserters.fromObject -> fromProducer ... Closes gh-17055	2025-05-06 13:26:16 -05:00
Rob Winch	b467c47ed5	ClientRequest.method->create ... ClientRequest.method was deprecated in favor of the create method Closes gh-17054	2025-05-06 13:26:15 -05:00
Rob Winch	11105a5c51	UriComponentsBuilder.fromHttpUrl->fromUriString ... The fromHttpUrl method is deprecated and replaced with fromUriString Closes gh-	2025-05-06 13:26:15 -05:00
Rob Winch	38a9aa1da9	Remove Deprecated PathMatchConfigurer usage ... Closes gh-17052	2025-05-06 13:26:15 -05:00
Rob Winch	222faae1cb	Add junit-jupiter-engine ... This fixes some of the compatability problems that can happen with newer versions of junit	2025-05-06 13:26:15 -05:00
Rob Winch	5abbcecccc	Update to 7.0.0-SNAPSHOT ... Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>	2025-05-06 13:26:14 -05:00
Josh Cummings	1a9f62dce4	Merge branch '6.4.x'	2025-05-05 16:00:59 -06:00
Josh Cummings	0220e471bb	Move Serialization Samples ... To make SpringSecurityCoreVersionSerializableTests more manageable, this commit moves the sample class constructions to a separate file. In this way, the tests file only changes when serialization tests are added. When classes are introduced, they can be added to SerializationSamples, separating the two concerns	2025-05-05 15:51:10 -06:00
Josh Cummings	12a18c3792	Polish Serialization Tests ... If Instancio fails to instatiate the class sample, it will now also delete the serialized sample file. Otherwise, it will leave a zero-byte file on the filesystem, confusing future test runs	2025-05-05 15:39:33 -06:00
Josh Cummings	d04f7071c2	Add Missing Serialization Samples ... Closes gh-17038	2025-05-05 15:34:24 -06:00
Josh Cummings	8726e547d5	Add Serialization Samples for 6.5 ... Issue gh-16221	2025-05-05 15:31:51 -06:00
Josh Cummings	2949b5d5a4	Regenerate Incorrect Serialization Files ... Given that these classes each have a consistent serialization UID across minor versions, but that the 6.5.x serialized version is using a different UID, these serialized files were likely generated in error. As such, this commit replaces the serialized files with correct ones. Issue gh-16432	2025-05-05 15:30:15 -06:00
Josh Cummings	34a9f57aa6	Merge branch '6.4.x'	2025-05-05 15:29:44 -06:00
Josh Cummings	c3c2bcd6b7	Ignore Serialization in Test Components ... Since we don't need to ensure the serializability of test components across versions, we can ignore missing version UIDs when those test components aren't about testing Java serialization. Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	39fdceab59	Add Missing Serializable Samples ... Issue gh-17038	2025-05-05 15:09:50 -06:00
Josh Cummings	65d53beff8	Polish Serialization Tests ... - Error when public, non-ignored, serializable file is missing a sample - Provide mechanism for creating an InstancioApi from scratch Issue gh-17038	2025-05-05 15:09:49 -06:00
Josh Cummings	34afa64c0c	Add Current-Version Deserialization Test ... We should test that serialized files from the current minor version can be deserialized. This ensures that serializations remain deserializable in patch releases. Issue gh-3737	2025-05-05 15:09:43 -06:00
Josh Cummings	f44ab7afdf	Update Deprecated Security Usage	2025-04-23 14:16:29 -06:00