root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 10 Packages Projects Releases Wiki Activity
19,841 Commits 47 Branches 367 Tags 125 MiB
Commit Graph

19841 Commits

Author SHA1 Message Date
Josh Cummings 9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings 8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Josh Cummings d1962201b5 Merge branch '6.5.x' 2025-08-22 11:07:59 -06:00
Josh Cummings 857ca9c412 Merge remote-tracking branch 'origin/6.4.x' into 6.5.x 2025-08-22 11:07:37 -06:00
Nikita Konev 894105aab5 Fix traceId discrepancy in case error in servlet web 
Signed-off-by: Nikita Konev <nikit.cpp@yandex.ru>
 2025-08-22 11:06:37 -06:00
Rob Winch f7f41ba6c4
Add missing @NullMarked to spring-data package-info 
Issue gh-17789
 2025-08-22 12:03:16 -05:00
Rob Winch f496ded4e5
AuthorizationManager allows null Authentication 
It is possible to have a null Authentication and so the
AuthorizationManager APIs should allow for passing it in.

Closes gh-17795
 2025-08-22 12:03:16 -05:00
Josh Cummings 583e668c6b Remove opensaml5Test Task 
Issue gh-17707
 2025-08-22 09:19:20 -06:00
Rob Winch d6a0e3bf78
Fix Nullability Imports 
Issue gh-17789
 2025-08-22 09:00:15 -05:00
dependabot[bot] 312c2049f3
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.10.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-22 04:10:44 +00:00
dependabot[bot] 3dd4686feb
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.8 to 2024.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-22 03:38:28 +00:00
Rob Winch 29bb4919ca
Add Nullability to spring-security-data 
Closes gh-17789
 2025-08-21 13:42:27 -05:00
Rob Winch d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch b8b1a92ad4
Revert "Apply Nullability to spring-security-data" 
This reverts commit bbcdb23698.
 2025-08-21 13:35:39 -05:00
Rob Winch bbcdb23698
Apply Nullability to spring-security-data 2025-08-21 13:27:47 -05:00
Rob Winch 9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch 8a1e2a22f9
Merge branch 'gh-16226-servlet-test-method' into 6.5.x 2025-08-21 12:44:27 -05:00
Rob Winch 0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch 0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00
Joe Kuhel d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Yanming Zhou 41162aa7e3 Polish WebFluxSecurityConfiguration 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-08-21 11:16:12 -06:00
Yanming Zhou d86f2c957d Change @Bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor 
It's friendly for Spring Boot's `@ConditionalOnMissingBean`, and:

>> When defining a Spring `@Bean` method, it is generally recommended to declare the most specific type possible as the method's return type. This means returning the concrete class of the bean, or the most specific interface that the bean implements and through which it will be referenced in the application.

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-08-21 11:16:12 -06:00
Rob Winch 62b5b1a77c
import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 11:19:05 -05:00
Rob Winch 523222c24d
Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 11:15:42 -05:00
Rob Winch 69f38d4933
Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 11:13:45 -05:00
Joe Kuhel 0179a811c7
Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 11:12:42 -05:00
Rob Winch 7ce2bdd701
Merge branch '6.5.x' 2025-08-21 08:55:57 -05:00
Rob Winch de4ceffc4f
Merge branch '6.4.x' into 6.5.x 2025-08-21 08:55:48 -05:00
Rob Winch 8c920a7ee7
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 2025-08-21 08:55:15 -05:00
Rob Winch b9653346a1
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 2025-08-21 08:54:19 -05:00
Rob Winch 9e6bcbd1d0
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 2025-08-21 08:54:18 -05:00
dependabot[bot] 8d888edc71 Bump io.spring.nullability:io.spring.nullability.gradle.plugin 
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases)
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 17:10:31 -05:00
Rob Winch f82fe9c8c6
Remove stray modular from the documentation 
Issue gh-16258
 2025-08-20 12:24:33 -05:00
Rob Winch a8f045eb50
Add Modular Spring Security Configuration 
Closes gh-16258
 2025-08-20 12:16:08 -05:00
Rob Winch 5c5efc9092
SpringTestContext registers WebTestClient Bean 
Closes gh-17780
 2025-08-20 12:15:58 -05:00
dependabot[bot] 5453224377
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.10.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.10)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 06:23:02 +00:00
dependabot[bot] a14ad770ab
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.26.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.26/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.26)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.26.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 04:41:59 +00:00
Jaehwan Lee 806297da23 Fix misleading variable name in authentication filter 
Rename DEFAULT_ANT_PATH_REQUEST_MATCHER to DEFAULT_PATH_REQUEST_MATCHER
to reflect PathPatternRequestMatcher usage instead of legacy Ant
pattern terminology.

Signed-off-by: Jaehwan Lee <jhrick0129@gmail.com>
 2025-08-19 22:21:35 -05:00
dependabot[bot] 8846b44b81
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.9 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.8 to 2024.1.9.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.9)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-20 03:21:13 +00:00
Rob Winch 7f103b2d0a
Merge branch '6.5.x' 2025-08-19 22:19:46 -05:00
dependabot[bot] c06ff59747
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.26.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.26/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.26)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.26.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 22:19:01 -05:00
dependabot[bot] f1194de45e
Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.3 to 3.27.4.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.3...assertj-build-3.27.4)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 22:19:01 -05:00
dependabot[bot] 1f16009c8d
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.14 
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.13 to 3.2.14.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.14)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 22:19:01 -05:00
Rob Winch 3e13437b1a
Merge branch '6.4.x' into 6.5.x 2025-08-19 22:16:16 -05:00
Rob Winch 20a6863e07
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.26.Final 2025-08-19 22:15:40 -05:00
Rob Winch e145c07d5b
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.10 2025-08-19 22:15:38 -05:00
Rob Winch 68a7f1702f
Merge branch '6.5.x' 2025-08-19 22:15:14 -05:00
Rob Winch 3e8b606aac
Merge branch '6.4.x' into 6.5.x 2025-08-19 22:14:37 -05:00
Tran Ngoc Nhan ef5c703010 Remove unused import 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-19 22:05:25 -05:00