19617 Commits

All Branches

Search

Author	SHA1	Message	Date
Joe Grandja	469ed09645	Allow setting Clock in OAuth2TokenGenerator implementations ... Closes gh-18017	2025-10-07 16:34:43 -04:00
Joe Grandja	1d7f4c3b11	Polish javadoc for ClientSettings.requireAuthorizationConsent ... Issue gh-18016	2025-10-07 11:29:10 -04:00
Joe Grandja	baa3b287d6	Add Predicate for authorizationConsentRequired for device code grant ... Introduces customizable Predicate to determine if user consent is required in device authorization flows. Previously, device consent handling used fixed logic. Now applications can define custom logic for skipping or displaying consent pages. Adds OAuth2DeviceVerificationAuthenticationContext and updates OAuth2DeviceVerificationAuthenticationProvider with setAuthorizationConsentRequired method. Fixes gh-18016 Signed-off-by: Dinesh Gupta <dineshgupta630@outlook.com>	2025-10-07 11:13:30 -04:00
dependabot[bot]	d5c5bb234c	Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs ... Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 14:01:08 -05:00
Rob Winch	83da86a358	DefaultLoginPageGeneratingFilter uses List ... This fixes an ordering problem with query parameters of the tests. Issue gh-18002	2025-10-06 09:34:06 -05:00
dependabot[bot]	71e6d81910	Bump com.webauthn4j:webauthn4j-core ... Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.7.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:29:57 -05:00
dependabot[bot]	16475d3453	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 ... Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 09:15:25 -05:00
Rob Winch	3f84e96711	Bump io.mockk:mockk from 1.14.5 to 1.14.6	2025-10-06 09:13:16 -05:00
Rob Winch	1c870f25e9	Bump io.spring.nullability:io.spring.nullability.gradle.plugin from 0.0.4 to 0.0.5	2025-10-06 09:13:12 -05:00
Rob Winch	79e2d4b688	Merge branch '6.5.x'	2025-10-06 09:12:06 -05:00
Rob Winch	9f8ebdcf4d	Merge branch '6.4.x' into 6.5.x	2025-10-06 09:11:56 -05:00
Rob Winch	8ce38af608	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19	2025-10-06 09:11:20 -05:00
Rob Winch	607b1dfffe	Bump io.mockk:mockk from 1.14.5 to 1.14.6	2025-10-06 09:11:17 -05:00
Rob Winch	904f5157fa	Bump com.webauthn4j:webauthn4j-core from 0.29.6.RELEASE to 0.29.7.RELEASE	2025-10-06 09:11:15 -05:00
Rob Winch	f57c9ffcbb	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19	2025-10-06 09:10:34 -05:00
dependabot[bot]	b7f40a4e08	Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.31.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 03:21:28 +00:00
dependabot[bot]	dd7f809564	Bump org.hibernate.orm:hibernate-core from 6.6.29.Final to 6.6.31.Final ... Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.29.Final to 6.6.31.Final. - [Release notes](https://github.com/hibernate/hibernate-orm/releases) - [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.31/changelog.txt) - [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.29...6.6.31) --- updated-dependencies: - dependency-name: org.hibernate.orm:hibernate-core dependency-version: 6.6.31.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 03:13:36 +00:00
Joe Grandja	51fe7ff737	Return device_code grant metadata when enabled ... Issue gh-17998	2025-10-04 05:38:11 -04:00
Rob Winch	9595d37c14	Integration Test for DefaultLoginPageGeneratingFilterTests ... Add a minimal test to ensure that DelegatingMissingAuthorityAccessDeniedHandler and DefaultLoginPageGeneratingFilterTests work together properly. Issue gh-18002	2025-10-03 15:20:03 -05:00
Rob Winch	2473378fcd	Use RequiredFactorErrors ... Closes gh-18002	2025-10-03 15:20:03 -05:00
Rob Winch	d1ff983c11	Add AllFactorsAuthorizationManager ... Closes gh-17997	2025-10-03 15:20:03 -05:00
Rob Winch	3f74991ce9	Authentication adds FactorGrantedAuthority ... Closes gh-18001	2025-10-03 15:20:03 -05:00
Rob Winch	ce36fc1e76	Add FactorGrantedAuthority ... Closes gh-17996	2025-10-03 15:20:00 -05:00
Joe Grandja	477a456d6c	Disable device_code grant by default ... Closes gh-17998	2025-10-03 14:10:13 -04:00
Joe Grandja	4dfef1483d	Polish gh-17507	2025-10-03 13:09:09 -04:00
Rohan Naik	8c65dc93f2	Enable PKCE by default ... Closes gh-17507 Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>	2025-10-03 13:08:04 -04:00
dependabot[bot]	0f40f694b8	Bump io.spring.nullability:io.spring.nullability.gradle.plugin ... Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin) from 0.0.4 to 0.0.5. - [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases) - [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.4...v0.0.5) --- updated-dependencies: - dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin dependency-version: 0.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-03 03:08:45 +00:00
Joe Grandja	54aae36f98	Add support for OAuth 2.0 Protected Resource Metadata ... Closes gh-17244	2025-10-02 14:50:17 -04:00
dependabot[bot]	564726adea	Bump com.webauthn4j:webauthn4j-core ... Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.29.6.RELEASE to 0.29.7.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.6.RELEASE...0.29.7.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-core dependency-version: 0.29.7.RELEASE dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-02 03:19:11 +00:00
dependabot[bot]	c1375b857a	Bump io.mockk:mockk from 1.14.5 to 1.14.6 ... Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.5 to 1.14.6. - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](https://github.com/mockk/mockk/compare/1.14.5...1.14.6) --- updated-dependencies: - dependency-name: io.mockk:mockk dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-02 03:17:57 +00:00
dependabot[bot]	c5a335ac91	Bump io.mockk:mockk from 1.14.5 to 1.14.6 ... Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.5 to 1.14.6. - [Release notes](https://github.com/mockk/mockk/releases) - [Commits](https://github.com/mockk/mockk/compare/1.14.5...1.14.6) --- updated-dependencies: - dependency-name: io.mockk:mockk dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-02 03:08:25 +00:00
Rob Winch	64c9e3e210	Prevent Dupliate GrantedAuthority#getAuthority() ... If the GrantedAuthority is not equal, but contains a duplicate GrantedAuthority#getAuthority() then at the time of authentication, the Filter or WebFilter will duplicate the GrantedAuthority which leads to a memory leak. This is important to avoid for when we add support for a GrantedAuthority that might have an issuedAt attribute. If it is too old, then we'd want only the new GrantedAuthority to be added and the old instance to be removed. However, the two GrantedAuthority instances will not be equal because the issuedAt will not be equal. Closes gh-17981	2025-10-01 15:37:23 -05:00
Rob Winch	c9010345b9	Add TestingAuthenticationToken(principal,credential,grantedAuthorities...) ... Closes gh-17980	2025-10-01 13:05:56 -05:00
Joe Grandja	681e166be8	Remove default HttpSecurity.securityMatcher() for authorization server ... Closes gh-17965	2025-10-01 11:45:21 -04:00
dependabot[bot]	dc5962af16	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 ... Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-01 03:20:55 +00:00
dependabot[bot]	70da545463	Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 ... Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.19. - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.19) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-01 03:20:01 +00:00
Rob Winch	7f10897de3	SecurityMockMvcResultMatchers.withAuthorities(String...) ... Closes gh-17974	2025-09-30 10:39:14 -05:00
Rob Winch	0e99324c43	Merge branch '6.5.x'	2025-09-29 13:44:37 -05:00
Rob Winch	cf9568fe09	Bump org.assertj:assertj-core from 3.27.5 to 3.27.6	2025-09-29 13:43:45 -05:00
dependabot[bot]	7409133cc0	Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 ... Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5 to 5.5.1. - [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.5.1/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5...rel/v5.5.1) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-29 03:26:33 +00:00
Joe Grandja	f3761aff99	Add support for OAuth 2.0 Dynamic Client Registration Protocol ... Closes gh-17964	2025-09-25 16:33:16 -04:00
Rob Winch	667cd4aa7c	Remove unnecessary throws Exception from spring-security-config ... Closes gh-17957	2025-09-25 11:50:13 -05:00
Rob Winch	be20201bf7	FACTOR uses defaultEntryPoint when possible ... Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to work around gh-17955. They now can use defaultEntryPoint which is more concise. Issue gh-gh-17955	2025-09-25 11:18:20 -05:00
Rob Winch	029e31ebe8	DelegatingAuthenticationEntryPoint.Builder allows just defaultEntryPoint ... Previously build threw an Exception when entryPoints was empty and defaultEntryPoint was specified. This commit changes build to return the defaultEntryPoint instead. Closes gh-17955	2025-09-25 09:45:52 -05:00
Josh Cummings	ad6fe4fdc3	Polish MFA Samples ... This commit removes unneeded AuthorizationManagerFactory implementations, simplifies the custom AuthorizationManagerFactory example, and updates usage of hasAllAuthorities. Issue gh-17934	2025-09-24 17:54:59 -06:00
Rob Winch	f652920bb3	Add @EnableGlobalMultiFactorAuthentication ... Closes gh-17954	2025-09-24 14:47:26 -05:00
Rob Winch	e33e4d80a9	Fix Antora Warnings in servlet/authentication/adaptive.adoc ... Issue gh-2603	2025-09-24 13:05:50 -05:00
Rob Winch	b2d76dfe66	Add GrantedAuthorities.FACTOR_*_AUTHORITY ... Closes gh-17952	2025-09-24 09:53:56 -05:00
Josh Cummings	28aad8855c	Merge branch 'mfa' ... Closes gh-2603	2025-09-23 18:23:11 -06:00
Josh Cummings	bbba2930e9	Add Initial Documentation ... Issue gh-17934	2025-09-23 18:16:36 -06:00