root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity
19,617 Commits 38 Branches 359 Tags 130 MiB
Commit Graph

19617 Commits

Author SHA1 Message Date
Josh Cummings d757e6e44e
Response to Additional Feedback 
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler

Issue gh-17901
Issue gh-17934
 2025-09-23 18:16:22 -06:00
Josh Cummings 50ebd467c3
Polish Default Login Page 
Issue gh-17901
 2025-09-23 17:59:23 -06:00
Josh Cummings 42376e2eee
Prepopulate Username When Known 
Closes gh-17935
 2025-09-23 17:59:22 -06:00
Josh Cummings e813aad82b
Support Showing One Part of Login Page 
Closes gh-17901
 2025-09-23 17:59:21 -06:00
Josh Cummings 9f317757c3
Make Public Missing Authority AccessDeniedHandler 
Issue gh-17934
 2025-09-23 17:59:19 -06:00
Josh Cummings df7a7cdc99
Update Test for Method Security 
Issue gh-17936
 2025-09-23 17:16:33 -06:00
Josh Cummings e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities 
Issue gh-17934
 2025-09-23 17:16:32 -06:00
Josh Cummings fe17f2904d
Initial Exception Handling 
This commit hardcodes factors as a proof of concept for
multi-factor authentication

Issue gh-17934
 2025-09-23 17:16:30 -06:00
Rob Winch 549569ea55
Add DefaultAuthorizationManagerFactory.additionalAuthorization 2025-09-23 16:52:10 -05:00
Rob Winch 1608465a38
DefaultAuthorizationManagerFactory additionalAuthorization 
This commit adds AuthorizationManager<T> additionalAuthorization to
DefaultAuthorizationManagerFactory which can be used for multi factor
authorization.

There is a builder that allows for creating an instance that requires
static additional authorities, but for more advanced cases users can
inject an additionalAuthorization that looks up if the user has settings
that enable additional required authorities.

The builder can later be updated to support checking that a particular
authority was granted within a specified amount of time.

Issue gh-17900
 2025-09-23 15:25:26 -05:00
Rob Winch 459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics 
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory

Issue gh-17860
 2025-09-23 10:32:02 -05:00
dependabot[bot] 02bc3adfb8
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 03:17:16 +00:00
dependabot[bot] f8ab033c7b
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 03:07:48 +00:00
Josh Cummings 628f3da30b
Revert "Add AuthorityUtils Methods" 
This reverts commit 50bdaeb100 that
was accidentally committed
 2025-09-22 12:26:07 -06:00
Josh Cummings 5ca5aca48e
Add Null Guard 
Issue gh-17933
 2025-09-22 12:23:29 -06:00
Josh Cummings c61f53ad64
Copy Query to Parameters 
Issue gh-17450
 2025-09-22 12:17:24 -06:00
Josh Cummings 50bdaeb100
Add AuthorityUtils Methods 
This commit adds a couple of utility methods for working with authorities
by type. Now that there are infrastructural authorities that Spring Secuirty
works with directly, it's helpful to be able to filter them out of the
authority list.
 2025-09-22 11:42:14 -06:00
Rob Winch b31fdcd89f
Merge branch '6.5.x' 2025-09-22 11:57:34 -05:00
Rob Winch 1878a1e03b
Merge branch '6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-09-22 11:57:26 -05:00
Rob Winch f0f57ad560
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 2025-09-22 11:57:04 -05:00
Rob Winch 93ded52236
Bump org.gretty:gretty from 4.1.7 to 4.1.10 2025-09-22 11:57:02 -05:00
Rob Winch 329af112ed
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE 2025-09-22 11:55:59 -05:00
Rob Winch 3f1a60b0b8
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 2025-09-22 11:55:56 -05:00
Rob Winch 67373e8c13
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 2025-09-22 11:55:54 -05:00
Rob Winch 4ef16b14d2
Update terminology to HTTP Service Clients 
Closes gh-17947
 2025-09-22 10:09:04 -05:00
dependabot[bot] 7d93186c69
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:22:10 +00:00
dependabot[bot] ae4b2e50e2
Bump org.gretty:gretty from 4.1.7 to 4.1.10
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:14:46 +00:00
dependabot[bot] e323377768
Bump org.gretty:gretty from 4.1.7 to 4.1.10 
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases)
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md)
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10)

---
updated-dependencies:
- dependency-name: org.gretty:gretty
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-22 03:09:34 +00:00
Andrey Litvitski 68742e170c Support Automatically Checking for Required Authorities in Authorization Rules 
Closes: gh-17900

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-09-22 00:15:13 +03:00
Josh Cummings a63e87d8fb
Remove Static Mock 
These can cause infinite loops when running
tests in an IDE.
 2025-09-19 17:53:52 -06:00
Rob Winch 229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL 
Closes gh-17860
 2025-09-19 16:38:02 -05:00
Josh Cummings 765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings 25e413127c
Merge branch 'authentication-factors' 
Closes gh-17933
 2025-09-19 11:32:44 -06:00
Josh Cummings 1e1cb0097a
Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings 6e7a181eac
Polish Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings 758b35df9c
Add Factor Tests for Authentication Providers 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings 39e2bb67fc
Create Authentication Only Once 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings 0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings e8accd0499
Add Factory Authority When Authentication Succeeds 
Issue gh-17933
 2025-09-19 11:32:26 -06:00
Rob Winch 9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
dependabot[bot] a3b2ebff6e
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 03:18:06 +00:00
dependabot[bot] 476e5c5a3a
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 03:08:13 +00:00
Rob Winch bce8049815
Web uses AuthorizationManager<? super RequestAuthorizationContext> 
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931
 2025-09-18 17:32:09 -05:00
Rob Winch 675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
dependabot[bot] 0da79925cd
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-18 03:19:16 +00:00
dependabot[bot] c001a57ac6
Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-version: 0.29.6.RELEASE
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-18 03:18:08 +00:00
github-actions[bot] b007219055 Next development version 2025-09-17 15:23:57 +00:00
github-actions[bot] c43f1f85ef Release 6.4.11 2025-09-17 14:56:44 +00:00
github-actions[bot] 2abde7da16 Next development version 2025-09-17 14:32:41 +00:00
github-actions[bot] 096ce047c4 Release 6.5.5 2025-09-17 14:01:10 +00:00