root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity
18,865 Commits 40 Branches 359 Tags 131 MiB
Commit Graph

1399 Commits

Author SHA1 Message Date
Josh Cummings 571b6fe4a8
Fix Formatting 
Issue gh-16858
 2025-07-09 14:05:41 -06:00
Josh Cummings 9dea1c2eb5
Update to Latest HttpRequestValues Contract 
Issue gh-16858
 2025-07-09 13:47:06 -06:00
Tran Ngoc Nhan 6dc77bd98b Update JwtIssuerAuthenticationManagerResolver constructor javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 11:37:52 -06:00
Tran Ngoc Nhan 21036c94b4 Remove Nimbus(Reactive)OpaqueTokenIntrospector 
Closes gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Josh Cummings 919ae1d636
Use PathPatternRequestMatcher in oauth2 
Issue gh-16887
 2025-07-03 13:37:49 -06:00
Josh Cummings 98686a5139
Standardize Mock Request Paths 
Closes gh-17449
 2025-07-03 13:37:47 -06:00
Soumik Sarker 06bd81b1da Removed deprecated class BearerTokenAuthenticationFilter 
Closes gh-17309

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-07-03 12:44:06 -06:00
Soumik Sarker 526f8a6200 Removed deprecated class BearerTokenAuthenticationToken 
Issue gh-17309

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-07-03 12:44:06 -06:00
Joe Grandja e869bcdfa3 Remove deprecated implementations of OAuth2AccessTokenResponseClient 
Closes gh-16909
 2025-07-03 14:23:23 -04:00
Joe Grandja cfe38957d7 Remove Resource Owner Password Credentials grant 
Closes gh-17446
 2025-07-03 14:23:23 -04:00
Rob Winch e37424c637 Fix cycle in DefaultOAuth2AuthorizationRequestResolver
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details 
DefaultOAuth2AuthorizationRequestResolver should not depend on
OAuth2AuthorizationRequestRedirectFilter because
OAuth2AuthorizationRequestRedirectFilter already depends on
DefaultOAuth2AuthorizationRequestResolver.

OAuth2AuthorizationRequestRedirectFilter also takes advantage of the
new constructor that defaults the base uri.

Polishes gh-16384
 2025-06-27 15:49:28 -05:00
DingHao 7587048f95 Add default authorizationRequestBaseUri to DefaultOAuth2AuthorizationRequestResolver 
Closes gh-16383

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-06-27 15:49:28 -05:00
Tran Ngoc Nhan a74ce06dae Remove JwtIssuer(Reactive)AuthenticationManagerResolver deprecations 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-24 12:33:00 -06:00
Josh Cummings 676b44ebb0 Polish NimbusJwtEncoder Builders 
- Simplify withKeyPair methods to match withPublicKey convention
in NimbusJwtDecoder
- Update tests to confirm support of other algorithms
- Update constructor to apply additional JWK properties
to the default header
- Deduce the possibly algorithms for a given key based
on curve and key size
- Remove algorithm method from EC builder since the
algorithm is determined by the Curve of the EC Key

Issue gh-16267

Co-Authored-By: Suraj Bhadrike <surajbh2233@gmail.com>
 2025-06-17 16:47:39 -06:00
Suraj Bhadrike ee09215f89 Add NimbusJwtEncoder Builders 
Closes gh-16267

Signed-off-by: Suraj Bhadrike <surajbh2233@gmail.com>
 2025-06-17 16:47:39 -06:00
Rob Winch 18010f9914 Fix JwtAuthenticationProvider Checkstyle 
Issue gh-17251
 2025-06-17 13:32:43 -05:00
chanbinme 9cf5638914 Add null check for authentication token in JwtAuthenticationProvider 
Add Assert.notNull validation to ensure the authentication token returned by jwtAuthenticationConverter is not null, preventing potential NullPointerException in subsequent operations.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
 2025-06-17 13:32:43 -05:00
Rob Winch b2325e4176
Add OAuth Support for HTTP Interface Client 
Closes gh-16858
 2025-06-17 09:53:51 -05:00
Josh Cummings eaab42a73c Polish BearerTokenAuthenticationConverter Support
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs

Issue gh-14750
 2025-06-04 18:17:17 -06:00
Max Batischev 30577bd291 Add Additional Tests To BearerTokenAuthenticationFilterTests 
Issue gh-14750

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-04 18:17:17 -06:00
Max Batischev 4967f3feee Add Support BearerTokenAuthenticationConverter 
Closes gh-14750

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-04 18:17:17 -06:00
Josh Cummings d52e0b6a05
Polish NimbusJwtDecoder 
- Aligned JwkSourceJwtDecoderBuilder's relative position with its
corresponding static factory
- Added @since to JwkSourceJwtDecoderBuilder

PR gh-17046
 2025-06-02 15:53:59 -06:00
Mark Bonnekessel ada75e76a6 Add builder to create NimbusJwtDecoder with JwkSource 
Signed-off-by: Mark Bonnekessel <2949525+marbon87@users.noreply.github.com>
 2025-06-02 13:33:39 -06:00
Pat McCusker 5517d8fe3a Deprecate the X5T JOSE Header name
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details 
Closes gh-16979

Signed-off-by: Pat McCusker <patmccusker14@gmail.com>
 2025-05-30 06:45:02 -06:00
Josh Cummings 6d3b54df21
Change Type Validation Default
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Maximilian Klose ec05e65668 Add Equals and HashCode methods for better comparison. 
Closes gh-16394

Signed-off-by: Maximilian Klose <maximilian.klose@adesso.de>
 2025-05-27 13:53:07 -06:00
Ferenc Kemeny bf05b8b430 Support Requiring exp and nbf in JwtTimestampsValidator 
Closes gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Ferenc Kemeny 91b21663db Polish JwtTimestampValidatorTests 
This commit corrects the test that checks for both
nbf and exp missing. It also adds one for just exp
and on for just nbf.

Issue gh-17004

Signed-off-by: Ferenc Kemeny <ferenc.kemeny79+oss@gmail.com>
 2025-05-27 12:22:25 -06:00
Joe Grandja a8edcca961 Merge branch '6.5.x' 2025-05-14 05:36:04 -04:00
Joe Grandja 5f7155bfc7 Implement internal cache in JtiClaimValidator 
Closes gh-17107
 2025-05-14 05:21:00 -04:00
Joe Grandja 44303d2c80 Polish gh-17080 2025-05-13 14:36:44 -04:00
David Kowis 462e38c0e3 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:36:44 -04:00
Joe Grandja a265ac6ae7 Polish gh-17080
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-05-13 14:35:23 -04:00
David Kowis 2090f44f74 Fix DPoP jkt claim to be JWK SHA-256 thumbprint 
Just used the nimbus JOSE library to do it, because it already has a
compliant implementation.

Closes gh-17080

Signed-off-by: David Kowis <david@kow.is>
 2025-05-13 14:35:23 -04:00
Joe Grandja ba7be9c8b9 Merge branch '6.5.x'
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
2025-05-09 16:14:34 -04:00
Joe Grandja e3c39f02bc Add documentation for DPoP support
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Tran Ngoc Nhan 48eb243012 Update javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Tran Ngoc Nhan 1e4dd713c5 Remove APPLICATION_JSON_UTF8 usage 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-07 14:59:14 -05:00
Rob Winch b453840c0a
HttpHeaders no longer a MultiValueMap 
Closes gh-17060
 2025-05-06 13:27:13 -05:00
Rob Winch 2dbf3a2d18
WebClient.exchange->exchangeToMono 
Closes gh-17057
 2025-05-06 13:26:16 -05:00
Rob Winch 5704582c52
ResponseErrorHandler.handleError(URI, HttpMethod,ClientHttpResponse) 
Closes gh-17056
 2025-05-06 13:26:16 -05:00
Rob Winch 11105a5c51
UriComponentsBuilder.fromHttpUrl->fromUriString 
The fromHttpUrl method is deprecated and replaced with fromUriString

Closes gh-
 2025-05-06 13:26:15 -05:00
Rob Winch cb0fdef236
Remove MediaType.APPLICATION_JSON_UTF 
Closes gh-17050
 2025-05-06 13:26:14 -05:00
hammadirshad 1a4602c8c3 Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Closes gh-16806

Signed-off-by: muha <muha@kreftregisteret.no>
 2025-04-30 10:09:41 -04:00
Josh Cummings 804d79d96a
Merge branch '6.4.x' 2025-04-29 14:27:47 -06:00
Josh Cummings a4126aa27d
Merge branch '6.3.x' into 6.4.x 2025-04-29 14:27:40 -06:00
Josh Cummings f631a0fcd5
Polish ClientRegistrationsTests 
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
 2025-04-29 14:27:04 -06:00
Josh Cummings fe6ddd0c8f
Merge branch '6.4.x' 2025-04-29 14:26:44 -06:00
Josh Cummings 656ad72608
Merge branch '6.3.x' into 6.4.x 
Closes gh-17016
 2025-04-29 14:22:52 -06:00
Evgeniy Cheban 0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message 
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
 2025-04-29 13:43:20 -06:00