root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 21 Packages Projects Releases Wiki Activity
19,841 Commits 47 Branches 367 Tags 124 MiB
Commit Graph

19841 Commits

Author SHA1 Message Date
dependabot[bot] ae4b2e50e2
Bump org.gretty:gretty from 4.1.7 to 4.1.10
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:14:46 +00:00
dependabot[bot] e323377768
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:09:34 +00:00
Andrey Litvitski 68742e170c Support Automatically Checking for Required Authorities in Authorization Rules 
Closes: gh-17900

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-09-22 00:15:13 +03:00
Josh Cummings a63e87d8fb
Remove Static Mock 
These can cause infinite loops when running
tests in an IDE.
 2025-09-19 17:53:52 -06:00
Rob Winch 229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL 
Closes gh-17860
 2025-09-19 16:38:02 -05:00
Josh Cummings 765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings 25e413127c
Merge branch 'authentication-factors' 
Closes gh-17933
 2025-09-19 11:32:44 -06:00
Josh Cummings 1e1cb0097a
Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings 6e7a181eac
Polish Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings 758b35df9c
Add Factor Tests for Authentication Providers 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings 39e2bb67fc
Create Authentication Only Once 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings 0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings e8accd0499
Add Factory Authority When Authentication Succeeds 
Issue gh-17933
 2025-09-19 11:32:26 -06:00
Rob Winch 9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
dependabot[bot] a3b2ebff6e
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 03:18:06 +00:00
dependabot[bot] 476e5c5a3a
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 03:08:13 +00:00
Rob Winch bce8049815
Web uses AuthorizationManager<? super RequestAuthorizationContext> 
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931
 2025-09-18 17:32:09 -05:00
Rob Winch 675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
dependabot[bot] 0da79925cd
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-18 03:19:16 +00:00
dependabot[bot] c001a57ac6
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-18 03:18:08 +00:00
github-actions[bot] b007219055 Next development version 2025-09-17 15:23:57 +00:00
github-actions[bot] c43f1f85ef Release 6.4.11 2025-09-17 14:56:44 +00:00
github-actions[bot] 2abde7da16 Next development version 2025-09-17 14:32:41 +00:00
github-actions[bot] 096ce047c4 Release 6.5.5 2025-09-17 14:01:10 +00:00
Rob Winch ebc391cb97
Merge branch '6.5.x' 2025-09-17 08:52:21 -05:00
Rob Winch c5d48fe3a9
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 2025-09-17 08:51:01 -05:00
Rob Winch 22a9300003
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 2025-09-17 08:50:59 -05:00
Rob Winch 44c8a1ec27
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final 2025-09-17 08:50:56 -05:00
Rob Winch ed00ddabf6
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 2025-09-17 08:50:54 -05:00
Rob Winch a8c642370b
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 2025-09-17 08:50:52 -05:00
Rob Winch 226494f2c1
Merge branch '6.5.x' 2025-09-17 08:49:51 -05:00
Rob Winch bd9df5cd70
Merge branch '6.4.x' into 6.5.x 2025-09-17 08:48:44 -05:00
Rob Winch 4d6cc92bcd
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final 2025-09-17 08:44:35 -05:00
Rob Winch 1aa315a6b0
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 2025-09-17 08:44:33 -05:00
Rob Winch a9e884fb02
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 2025-09-17 08:44:31 -05:00
Rob Winch f98f0c86b8
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 2025-09-17 08:44:26 -05:00
dependabot[bot] 86a19b482c
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.10 to 6.2.11.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.10...v6.2.11)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:18:56 +00:00
dependabot[bot] 52ad9547a7
Bump org.springframework.data:spring-data-bom from 2024.1.8 to 2024.1.10 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.8 to 2024.1.10.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.8...2024.1.10)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:18:47 +00:00
dependabot[bot] 752beab1b0
Bump org.hibernate.orm:hibernate-core from 6.6.26.Final to 6.6.29.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.26.Final to 6.6.29.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.29/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.26...6.6.29)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.29.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:18:39 +00:00
dependabot[bot] f882f0dda7
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.2 to 4.0.4.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.2...4.0.4)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:18:29 +00:00
dependabot[bot] a232bd2890
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.10 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.10...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:18:22 +00:00
dependabot[bot] 3824c90cea
Bump io.micrometer:micrometer-observation from 1.14.9 to 1.14.11 
Bumps [io.micrometer:micrometer-observation](https://github.com/micrometer-metrics/micrometer) from 1.14.9 to 1.14.11.
- [Release notes](https://github.com/micrometer-metrics/micrometer/releases)
- [Commits](https://github.com/micrometer-metrics/micrometer/compare/v1.14.9...v1.14.11)

---
updated-dependencies:
- dependency-name: io.micrometer:micrometer-observation
  dependency-version: 1.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:15:10 +00:00
dependabot[bot] 00506b32f1
Bump org.springframework:spring-framework-bom from 6.2.10 to 6.2.11 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.10 to 6.2.11.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.10...v6.2.11)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:14:45 +00:00
dependabot[bot] ae1028eda2
Bump org.springframework.data:spring-data-bom from 2024.1.9 to 2024.1.10 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.9 to 2024.1.10.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.9...2024.1.10)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:14:17 +00:00
dependabot[bot] 000d02d1ad
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.2 to 4.0.4.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.2...4.0.4)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:14:07 +00:00
dependabot[bot] e140147dd6
Bump org.hibernate.orm:hibernate-core from 6.6.23.Final to 6.6.29.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.23.Final to 6.6.29.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.29/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.23...6.6.29)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-version: 6.6.29.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 03:14:02 +00:00
dependabot[bot] 2ecd8424a5 Bump com.password4j:password4j from 1.8.2 to 1.8.4 
Bumps [com.password4j:password4j](https://github.com/Password4j/password4j) from 1.8.2 to 1.8.4.
- [Release notes](https://github.com/Password4j/password4j/releases)
- [Changelog](https://github.com/Password4j/password4j/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Password4j/password4j/compare/1.8.2...1.8.4)

---
updated-dependencies:
- dependency-name: com.password4j:password4j
  dependency-version: 1.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-16 21:56:51 -05:00
dependabot[bot] 9d5cbf0e05 Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4 
Bumps [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) from 4.0.2 to 4.0.4.
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](https://github.com/jakartaee/jaxb-api/compare/4.0.2...4.0.4)

---
updated-dependencies:
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-16 21:56:40 -05:00
Rob Winch 45f39218cd
Merge branch '6.5.x' 2025-09-16 21:55:48 -05:00
Rob Winch 676c456a77
Merge branch '6.4.x' into 6.5.x 2025-09-16 21:55:39 -05:00