root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity
19,617 Commits 38 Branches 359 Tags 130 MiB
Commit Graph

113 Commits

Author SHA1 Message Date
Joe Grandja cf7e258ea0 Fix checkstyle 
Issue gh-17880
 2025-09-12 16:20:37 -04:00
Steve Riesenberg eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Tran Ngoc Nhan 1a56023f7f Use Spring Framework Nullability Annotations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-31 10:18:51 -06:00
Rob Winch f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Josh Cummings f1725b25a0
Remove authorizeRequests 
Closes gh-15174
 2025-07-09 17:33:11 -06:00
Josh Cummings d3e9e3138d
Remove AntPath and MvcRequestMatcher 
Closes gh-16886
Closes gh-16887
 2025-07-03 13:37:50 -06:00
Josh Cummings f709a9efef
Add pathPattern Factory Methods 
Closes gh-17476
 2025-07-03 13:37:47 -06:00
Josh Cummings 98686a5139
Standardize Mock Request Paths 
Closes gh-17449
 2025-07-03 13:37:47 -06:00
Joe Grandja e869bcdfa3 Remove deprecated implementations of OAuth2AccessTokenResponseClient 
Closes gh-16909
 2025-07-03 14:23:23 -04:00
Tran Ngoc Nhan e686ac6b11 Remove AbstractSecurityWebSocketMessageBrokerConfigurer
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-24 12:56:05 -06:00
Josh Cummings 60bed7f68a Polish AuthenticationRequest Property 
- Add getter for reading the request
- Update BadCredentialsMixing to ignore authentication
- Allow exception to be mutable

Issue gh-16444
 2025-03-21 21:54:32 -06:00
Joe Grandja c2cfe92a02 Merge branch '6.3.x' 2024-11-18 05:16:16 -05:00
Joe Grandja a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00
Marcus Hert Da Coregio 00e4a8fb54 Add support for One-Time Token Login 
Closes gh-15114
 2024-09-03 10:07:56 -03:00
Josh Cummings 4635dabf87
Merge branch '6.3.x' 2024-08-22 19:44:55 -06:00
Josh Cummings a3b88a8d4b
Enable Runtime Method Parameter Reflection 
Several method security tests rely on method parameters
being preserved, in order to demonstrate the difference
between relying on runtime reflection and using the @P
annotation.

Closes gh-15680
 2024-08-22 19:44:11 -06:00
Daniel Garnier-Moiroux bc8ba7f3b7 Inline CSS for default login and logout page 
- Remove the dependency on Bootstrap CSS. Results in faster load times, no failures
  in air-gapped or offline scenarios, and no dependency on an external CDN that may
  go away some day.
 2024-08-05 09:27:18 -05:00
Josh Cummings 8d43f1bd7d
Merge branch '5.8.x' into 6.2.x 2024-07-31 15:48:44 -06:00
Josh Cummings 5cdcdc9bcb
Suppress Node Files From Nohttp Analysis 
Given that we have no control over the contents of
third-party code, it isn't helpful to have nohttp
generate errors for the usage of http:// in that code.
 2024-07-31 15:48:28 -06:00
Josh Cummings f231ea277d
Merge branch '5.8.x' into 6.2.x 
Closes gh-15210
 2024-06-06 13:35:56 -06:00
Josh Cummings 6aabd768a8
Pick MvcRequestMatcher for MockMvc requests 
Closes gh-13849
 2024-06-06 13:17:43 -06:00
Steve Riesenberg f8fde0d79d
Update nohttp allow list 
Issue gh-14609
 2024-03-25 14:51:53 -05:00
Josh Cummings 65cce7e305
Merge branch '6.1.x' into 6.2.x 
Closes gh-14640
 2024-02-20 15:59:32 -07:00
Josh Cummings 008296cce2
Exclude Deprecated Classes 
Closes gh-14630
 2024-02-20 15:58:55 -07:00
Josh Cummings 238bc9733a
Remove stray projects 2024-02-20 15:57:46 -07:00
Steve Riesenberg 9db33f33c7
Revert unnecessary merges on 6.0.x 
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:

- 5dce82c48b
 2023-10-31 15:11:45 -05:00
Josh Cummings cb33fd7850
Add OIDC Back-Channel Logout Support 
Closes gh-12570
 2023-09-16 15:12:21 -06:00
Steve Riesenberg ac7fbea248
Add nohttp exclusions 2023-05-12 14:30:12 -05:00
Steve Riesenberg 1eff924598
Merge branch '5.8.x' into 6.0.x 2023-02-28 16:53:33 -06:00
Steve Riesenberg b2240f376e
Merge branch '5.7.x' into 5.8.x 2023-02-28 16:53:14 -06:00
Steve Riesenberg 7b88ab289d
Add nohttp exclusion 
Issue gh-12804
 2023-02-28 16:52:19 -06:00
Marcus Da Coregio 7094ee3710 Add runtime hints for annotations using @WithSecurityContext 
Closes gh-12215
 2022-11-16 10:02:34 -03:00
Marcus Da Coregio fd25568330 Merge branch '5.8.x' 
Closes gh-12159
 2022-11-08 13:29:36 -03:00
Marcus Da Coregio 9195521eea Merge branch '5.7.x' into 5.8.x 
Closes gh-12158
 2022-11-08 13:28:28 -03:00
Marcus Da Coregio 40548eb963 Merge branch '5.6.x' into 5.7.x 
Closes gh-12157
 2022-11-08 13:27:51 -03:00
Marcus Da Coregio 8cde8fb363 Update Gradle to 7.5.1 
Closes gh-11779
 2022-11-08 13:27:25 -03:00
Josh Cummings 5afc7cb04f
Merge remote-tracking branch 'origin/5.8.x' 2022-10-13 19:48:05 -06:00
Daniel Garnier-Moiroux 200b7fecd3
Add (Server)AuthenticationEntryPointFailureHandlerAdapter 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
 2022-10-13 19:25:04 -06:00
Marcus Da Coregio c5e35bf32e Merge branch '5.8.x' 
Closes gh-11978
 2022-10-10 09:24:50 -03:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher 
Closes gh-11938
 2022-10-10 09:24:15 -03:00
Rob Winch 0efe26c1fd Merge branch '5.8.x' 
Closes gh-11894
 2022-09-22 13:47:04 -05:00
Rob Winch d94677f87e CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler 
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.

Closes gh-11892
 2022-09-22 11:09:44 -05:00
Steve Riesenberg 1be9be97a1
Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 13:03:45 -05:00
Marcus Da Coregio ee11c3ade7 Exclude JavadocPackageCheck from Spring Checks 
Issue gh-11422
 2022-07-15 14:10:53 -03:00
Joe Grandja f87df42500 Remove deprecated OAuth2IntrospectionClaimAccessor 
Closes gh-11499
 2022-07-13 15:51:58 -04:00
Joe Grandja 7b18336c6a Change interface with constants to final class 
Closes gh-10960
 2022-07-13 15:51:58 -04:00
Josh Cummings a31a99b591
Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:58:36 -06:00
Josh Cummings 31e25b115e Add SecurityContextHolderStrategy to Default Components 
Issue gh-11060
 2022-06-17 11:28:10 -06:00
Marcus Da Coregio 1cbe7a75d3 Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 10:40:26 -03:00
Marcus Da Coregio 73f839312d Add SAML 2.0 Login XML Support 
Closes gh-9012
 2022-03-09 09:18:01 -03:00