51fe7ff737
Return device_code grant metadata when enabled
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Has been cancelled
Details
Execute Gradle Wrapper Upgrade / Execution (push) Has been cancelled
Details
Issue gh-17998
2025-10-04 05:38:11 -04:00
2473378fcd
Use RequiredFactorErrors
...
Closes gh-18002
2025-10-03 15:20:03 -05:00
ce36fc1e76
Add FactorGrantedAuthority
...
Closes gh-17996
2025-10-03 15:20:00 -05:00
477a456d6c
Disable device_code grant by default
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17998
2025-10-03 14:10:13 -04:00
8c65dc93f2
Enable PKCE by default
...
Closes gh-17507
Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
2025-10-03 13:08:04 -04:00
54aae36f98
Add support for OAuth 2.0 Protected Resource Metadata
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17244
2025-10-02 14:50:17 -04:00
681e166be8
Remove default HttpSecurity.securityMatcher() for authorization server
...
Closes gh-17965
2025-10-01 11:45:21 -04:00
f3761aff99
Add support for OAuth 2.0 Dynamic Client Registration Protocol
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17964
2025-09-25 16:33:16 -04:00
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config
...
Closes gh-17957
2025-09-25 11:50:13 -05:00
be20201bf7
FACTOR uses defaultEntryPoint when possible
...
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.
Issue gh-gh-17955
2025-09-25 11:18:20 -05:00
f652920bb3
Add @EnableGlobalMultiFactorAuthentication
...
Closes gh-17954
2025-09-24 14:47:26 -05:00
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY
...
Closes gh-17952
2025-09-24 09:53:56 -05:00
d757e6e44e
Response to Additional Feedback
...
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler
Issue gh-17901
Issue gh-17934
2025-09-23 18:16:22 -06:00
50ebd467c3
Polish Default Login Page
...
Issue gh-17901
2025-09-23 17:59:23 -06:00
42376e2eee
Prepopulate Username When Known
...
Closes gh-17935
2025-09-23 17:59:22 -06:00
e813aad82b
Support Showing One Part of Login Page
...
Closes gh-17901
2025-09-23 17:59:21 -06:00
9f317757c3
Make Public Missing Authority AccessDeniedHandler
...
Issue gh-17934
2025-09-23 17:59:19 -06:00
df7a7cdc99
Update Test for Method Security
...
Issue gh-17936
2025-09-23 17:16:33 -06:00
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities
...
Issue gh-17934
2025-09-23 17:16:32 -06:00
fe17f2904d
Initial Exception Handling
...
This commit hardcodes factors as a proof of concept for
multi-factor authentication
Issue gh-17934
2025-09-23 17:16:30 -06:00
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics
...
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory
Issue gh-17860
2025-09-23 10:32:02 -05:00
a63e87d8fb
Remove Static Mock
...
These can cause infinite loops when running
tests in an IDE.
2025-09-19 17:53:52 -06:00
229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL
...
Closes gh-17860
2025-09-19 16:38:02 -05:00
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager
...
Closes gh-17936
2025-09-19 12:07:59 -06:00
6e7a181eac
Polish Authentication Factors
...
Issue gh-17933
2025-09-19 11:32:28 -06:00
0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider
...
Issue gh-17933
2025-09-19 11:32:27 -06:00
e8accd0499
Add Factory Authority When Authentication Succeeds
...
Issue gh-17933
2025-09-19 11:32:26 -06:00
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot
...
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.
Issue gh-17932
2025-09-19 09:33:50 -05:00
bce8049815
Web uses AuthorizationManager<? super RequestAuthorizationContext>
...
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`
Closes gh-17931
2025-09-18 17:32:09 -05:00
675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles)
...
Closes gh-17932
2025-09-18 14:19:22 -05:00
9a3ae4b867
DelegatingAuthenticationEntryPoint uses RequestMatcherEntry
...
Closes gh-17915
2025-09-16 09:48:04 -05:00
2774948b92
Fix X509 WebFlux Configuration Checks
...
The changes for gh-17382 broke the checkstyle and tests. This fixes
them both.
Issue gh-17382
2025-09-12 16:45:51 -05:00
b502697731
feat: Add option to specify a custom ServerAuthenticationConverter for x509()
...
Signed-off-by: blake_bauman <blake_bauman@apple.com>
2025-09-12 16:45:51 -05:00
35f41f87d1
Temporarily fix integration tests
...
Issue gh-17880
2025-09-12 16:20:44 -04:00
7ef25cc101
Add HttpSecurity.oauth2AuthorizationServer()
...
Issue gh-17880
2025-09-12 16:20:44 -04:00
098574c50e
Remove redundant classes
...
Issue gh-17880
2025-09-12 16:20:43 -04:00
8399bc161d
Fix Serializable tests
...
Issue gh-17880
2025-09-12 16:20:42 -04:00
cc71be71e5
Move OAuth2AuthorizationServerConfigurer and OAuth2AuthorizationServerConfiguration
...
Issue gh-17880
2025-09-12 16:20:42 -04:00
eedcec9d5c
Move Core Access API
...
Issue gh-17847
2025-09-12 10:32:38 -06:00
3a1692f3c3
Remove Direct Runtime Dependency on Access API
...
Issue gh-17847
2025-09-12 10:32:37 -06:00
10935632ee
Remove PortResolver
...
Closes gh-15971
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-09-11 22:58:32 -05:00
2b87e3c5e2
Use withRoles
...
Issue gh-17843
2025-09-09 17:03:05 -06:00
3f774548d2
Move Authority Propagation Into Filters
...
Given that the filters are the level at which the
SecurityContextHolder is consulted, this commit moves
the operation that ProviderManager was doing into each
authentication filter.
Issue gh-17862
2025-09-09 14:49:13 -06:00
a0fe6a5fee
Polish Builders
...
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible
Issue gh-17861
2025-09-09 14:49:13 -06:00
44fef786aa
Pick Up SecurityContextHolderStrategy Bean
...
This commit provides the SecurityContextHolderStrategy bean to
ProviderManager instances that the HttpSecurity DSL constructs.
Issue gh-17862
2025-09-09 14:49:13 -06:00
eeb4574bb3
Add AuthorizationManagerFactory
...
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
2025-09-09 15:36:49 -05:00
a4f813ab29
Support Multiple ServerLogoutHandlers
...
This commit adds support to ServerHttpSecurity for registering
multiple ServerLogoutHandlers. This is handy so that an application
does not need to re-supply any handlers already configured by
the DSL.
Signed-off-by: blake_bauman <blake_bauman@apple.com>
2025-09-05 11:47:54 -06:00
f30cc9c5a9
Update to PropertySourcesPlaceholderConfigurer
...
This commit replaces deprecated usage of PropertyPlaceholderConfigurer
in favor of PropertySourcesPlaceholderConfigurer
2025-09-04 11:32:04 -06:00
c64b086878
Add SecurityAssertions
...
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.
Closes gh-17844
2025-09-03 17:53:42 -06:00
de10e08348
Make withRoles Check Only Roles
...
This commit clarifies the semantics of withRoles,
which is to check the role-based authorities in an
authentication.
Closes gh-17843
2025-09-03 17:53:41 -06:00
Joe Grandja
Rob Winch
Rohan Naik
Josh Cummings
blake_bauman
DingHao
Steve Riesenberg