Commit Graph

16509 Commits

Author SHA1 Message Date
Gurunathan a4cd6f4278
Advise Overriding equals() and hashCode() in UserDetails Implementations
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.

The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.

I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.

Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
2025-05-21 12:41:44 -06:00
Rob Winch 5da31ab8a8
Use spring-io/codeql-actions
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
2025-05-20 15:52:36 -05:00
Mark Putsiata cae3467a8d Improve AbstractPreAuthenticatedProcessingFilter docs
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.

Closes gh-14137

Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
2025-05-19 09:45:53 -06:00
dependabot[bot] a17b2a18d9
Bump org.springframework.data:spring-data-bom
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.11 to 2024.0.12.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.11...2024.0.12)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-19 03:30:36 +00:00
dependabot[bot] 0cbc38cdd6
Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.19 to 6.1.20.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.19...v6.1.20)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.1.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-16 03:22:19 +00:00
Josh Cummings eb30fd7f59
Add Missing Header
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Issue gh-11161
2025-05-15 18:16:36 -06:00
snowykte0426 260d298cc5 Add Migration Guide from Spring Security SAML Extension
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.

Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback

Closes gh-11161

Signed-off-by: snowykte0426 <snowykte0426@naver.com>
2025-05-15 17:17:43 -06:00
dependabot[bot] 78a60d0d84
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-14 03:23:25 +00:00
dependabot[bot] a001f27690 Bump org-apache-maven-resolver from 1.9.22 to 1.9.23
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23

---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-13 12:15:42 -06:00
Danilo Piazzalunga 27319e3f9b Add missing registration property in YAML listing
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
Danilo Piazzalunga ec462e8bc5 Update assertingparty property usage in YAML snippets
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
dependabot[bot] a4111a606b Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-06 10:15:11 -06:00
Tran Ngoc Nhan 505fe3abed
Correct method name
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-06 10:17:29 -05:00
Rob Winch 9710492619
remove update-dependabot action
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
2025-05-05 13:34:16 -05:00
Rob Winch 9436796973
Use pull-request: write for gradlew updates
Explicitly provide the permissions required for updating the Gradle
wrapper
2025-05-05 11:49:08 -05:00
Josh Cummings 51239359ed
Fix ClearSiteData Code Snippet
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-16948
2025-05-02 15:57:31 -06:00
Josh Cummings e48f26e51e
Propagate StrictFirewallRequest Wrapper
CodeQL Advanced / Analyze (${{ matrix.language }}) (none, actions) (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Closes gh-16978
2025-05-02 10:57:07 -06:00
Rob Winch 3b7e3a6c5c
codeql uses ubuntu-latest 2025-05-02 11:49:41 -05:00
Rob Winch a04025c114
rm mark-duplicate-dependabot-prs.yml 2025-05-02 11:26:41 -05:00
Rob Winch 1564076276
Remove automerge forward 2025-05-02 11:23:01 -05:00
Rob Winch ae09f36291
Add .github/workflows/codeql.yml 2025-05-02 11:15:37 -05:00
Soumik Sarker bcef6ed74f Reformatted lines in x509 overview documentation
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
2025-05-01 12:02:45 -06:00
github-actions[bot] c8581683da
Bump Gradle Wrapper from 8.13 to 8.14.
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Release notes of Gradle 8.14 can be found here:
https://docs.gradle.org/8.14/release-notes.html

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2025-04-29 14:48:42 -06:00
Josh Cummings f631a0fcd5
Polish ClientRegistrationsTests
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.

Issue gh-16860
2025-04-29 14:27:04 -06:00
Evgeniy Cheban 0e84f31a00 Add ClientRegistration's RestClient failed attempts information to exception message
Closes gh-16860

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
2025-04-29 13:43:20 -06:00
Yanming Zhou 9c76ab69f0 Use proper configuration key
the getter method is `getOpaquetoken()` not `getOpaqueToken()`

See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-29 13:37:51 -06:00
Josh Cummings 5354e4d2c5
Check for Null Issuer
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-16989
2025-04-28 11:18:32 -06:00
Rob Winch db48d4ca50
rm merge-dependabot-pr.yml from Unsupported Branch
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-04-25 13:17:14 -05:00
Josh Cummings 547d174f3e Fix Formatting
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run Details
2025-04-24 10:43:03 -06:00
Roman Trapickin d2d1275b39 Fix IllegalArgumentException message for unknown Argon2 types
Array index 0 points to an empty string. Use index 1 instead.

Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
2025-04-24 10:43:03 -06:00
dependabot[bot] 7bf776ec38 Bump org.springframework.data:spring-data-bom
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.10 to 2024.0.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.10...2024.0.11)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-version: 2024.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-22 20:49:38 -07:00
Rob Winch e47a6714a5
Update to io.spring.gradle:spring-security-release-plugin:1.0.5
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-6.3.10
2025-04-21 13:44:10 -05:00
github-actions[bot] b9cae82b89 Next development version 2025-04-21 16:26:30 +00:00
github-actions[bot] f6354250a1 Release 6.3.9 2025-04-21 15:58:56 +00:00
dependabot[bot] a5d963387b Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.18 to 6.1.19.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.18...v6.1.19)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-17 20:49:18 -07:00
dependabot[bot] 99c4f58c34 Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases)
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt)
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.11...3.2.12)

---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
  dependency-version: 3.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-17 20:36:42 -07:00
Joe Grandja c1aa99fdd2 Enforce BCrypt password length for new passwords only
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run Details
Closes gh-16802
2025-04-17 04:53:33 -04:00
dependabot[bot] eb01394427 Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run Details
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.16 to 2023.0.17.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-version: 2023.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-15 20:50:56 -07:00
dependabot[bot] 0d3d6f75f8 Bump org-aspectj from 1.9.22.1 to 1.9.24
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.

Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases)
- [Commits](https://github.com/eclipse/org.aspectj/commits)

---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-13 20:22:34 -07:00
dependabot[bot] eb83c35ded Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases)
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-04-09 20:33:22 -07:00
Steve Riesenberg 3c0fef59b5
Polish gh-16039
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-16038
2025-04-07 10:54:09 -05:00
Jonah Klöckner da94fbe431
Evaluate URI query parameter only if enabled
Issue gh-16038
2025-04-07 10:54:07 -05:00
DingHao 857ef6fe08 WithHttpOnlyCookie defaults to false
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-16820

Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-04-01 11:59:51 -06:00
Steve Riesenberg b7df86197c
Apply request-handler-ref to CsrfAuthenticationStrategy
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Closes gh-16801
2025-03-28 16:25:52 -05:00
Steve Riesenberg c84c438075
Apply request-handler-ref to CsrfAuthenticationStrategy
Closes gh-16801
2025-03-28 16:08:36 -05:00
DingHao 1e7db094d1 Use correct message prompt
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run Details
Signed-off-by: DingHao <dh.hiekn@gmail.com>
2025-03-27 16:42:52 -06:00
Josh Cummings 456604ab45 Sort Default Advisors and Added Advisors
This commit ensures that the default advisors and added advisors
are sorted in the event that this component is not being published
as a Spring bean.

Issue gh-16819
2025-03-27 16:18:00 -06:00
Josh Cummings 15b9a50060 Add Test
Issue gh-16819
2025-03-27 16:18:00 -06:00
Tran Ngoc Nhan fcc1bd598d Sort Advisors AfterSingletonsInstantiated
In order to make so that authorization advisors are sorted
only one time and also as part of the configuration lifecycle,
AuthorizationAdvisorProxyFactory now implements
SmartInitializingBean.

Closes gh-16819

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-03-27 16:18:00 -06:00
github-actions[bot] af2668f7cb Bump Gradle Wrapper from 8.10.2 to 8.13.
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
Release notes of Gradle 8.13 can be found here:
https://docs.gradle.org/8.13/release-notes.html

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2025-03-25 15:11:10 -06:00