16509 Commits

All Branches

Search

Author	SHA1	Message	Date
Gurunathan	a4cd6f4278	Advise Overriding equals() and hashCode() in UserDetails Implementations ... This commit adds a documentation note explaining the importance of overriding equals() and hashCode() in custom UserDetails implementations. The default SessionRegistryImpl in Spring Security uses an in-memory ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to associate principals with sessions. If a custom UserDetails class does not properly override equals() and hashCode(), user sessions may not be tracked or matched correctly. I believe this helps developers avoid subtle session management issues when implementing custom authentication logic. Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>	2025-05-21 12:41:44 -06:00
Rob Winch	5da31ab8a8	Use spring-io/codeql-actions	2025-05-20 15:52:36 -05:00
Mark Putsiata	cae3467a8d	Improve AbstractPreAuthenticatedProcessingFilter docs ... Clarify misleading SecurityContextRepository setter documentation. Note that AbstractPreAuthenticatedProcessingFilter saves the SecurityContext upon successful authentication, and this behavior can be customized via the setSecurityContextRepository setter. Closes gh-14137 Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>	2025-05-19 09:45:53 -06:00
dependabot[bot]	a17b2a18d9	Bump org.springframework.data:spring-data-bom ... Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.11 to 2024.0.12. - [Release notes](https://github.com/spring-projects/spring-data-bom/releases) - [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.11...2024.0.12) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-bom dependency-version: 2024.0.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-19 03:30:36 +00:00
dependabot[bot]	0cbc38cdd6	Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20 ... Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.19 to 6.1.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.19...v6.1.20) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.1.20 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-16 03:22:19 +00:00
Josh Cummings	eb30fd7f59	Add Missing Header ... Issue gh-11161	2025-05-15 18:16:36 -06:00
snowykte0426	260d298cc5	Add Migration Guide from Spring Security SAML Extension ... This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support. Includes: - Content migrated from the project wiki - xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata` - Metadata example moved to Examples Matrix - Cleanup and naming per review feedback Closes gh-11161 Signed-off-by: snowykte0426 <snowykte0426@naver.com>	2025-05-15 17:17:43 -06:00
dependabot[bot]	78a60d0d84	Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18 ... Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.17 to 2023.0.18. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2023.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-14 03:23:25 +00:00
dependabot[bot]	a001f27690	Bump org-apache-maven-resolver from 1.9.22 to 1.9.23 ... Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23. Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23) Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23 --- updated-dependencies: - dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-impl dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.apache.maven.resolver:maven-resolver-transport-http dependency-version: 1.9.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-13 12:15:42 -06:00
Danilo Piazzalunga	27319e3f9b	Add missing registration property in YAML listing ... Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
Danilo Piazzalunga	ec462e8bc5	Update assertingparty property usage in YAML snippets ... Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.* to spring.security.saml2.relyingparty.registration.*.assertingparty.*. Closes gh-12810. Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	2025-05-13 11:17:35 -06:00
dependabot[bot]	a4111a606b	Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6 ... Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-06 10:15:11 -06:00
Tran Ngoc Nhan	505fe3abed	Correct method name ... Closes gh-17031 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-05-06 10:17:29 -05:00
Rob Winch	9710492619	remove update-dependabot action	2025-05-05 13:34:16 -05:00
Rob Winch	9436796973	Use pull-request: write for gradlew updates ... Explicitly provide the permissions required for updating the Gradle wrapper	2025-05-05 11:49:08 -05:00
Josh Cummings	51239359ed	Fix ClearSiteData Code Snippet ... Closes gh-16948	2025-05-02 15:57:31 -06:00
Josh Cummings	e48f26e51e	Propagate StrictFirewallRequest Wrapper ... Closes gh-16978	2025-05-02 10:57:07 -06:00
Rob Winch	3b7e3a6c5c	codeql uses ubuntu-latest	2025-05-02 11:49:41 -05:00
Rob Winch	a04025c114	rm mark-duplicate-dependabot-prs.yml	2025-05-02 11:26:41 -05:00
Rob Winch	1564076276	Remove automerge forward	2025-05-02 11:23:01 -05:00
Rob Winch	ae09f36291	Add .github/workflows/codeql.yml	2025-05-02 11:15:37 -05:00
Soumik Sarker	bcef6ed74f	Reformatted lines in x509 overview documentation ... Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	2025-05-01 12:02:45 -06:00
github-actions[bot]	c8581683da	Bump Gradle Wrapper from 8.13 to 8.14. ... Release notes of Gradle 8.14 can be found here: https://docs.gradle.org/8.14/release-notes.html Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-04-29 14:48:42 -06:00
Josh Cummings	f631a0fcd5	Polish ClientRegistrationsTests ... Simplified the assertion so that it is focused on the core behavior being verified. This will likely also make the test more stable when updating Spring Framework versions. Issue gh-16860	2025-04-29 14:27:04 -06:00
Evgeniy Cheban	0e84f31a00	Add ClientRegistration's RestClient failed attempts information to exception message ... Closes gh-16860 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>	2025-04-29 13:43:20 -06:00
Yanming Zhou	9c76ab69f0	Use proper configuration key ... the getter method is `getOpaquetoken()` not `getOpaqueToken()` See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51) Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	2025-04-29 13:37:51 -06:00
Josh Cummings	5354e4d2c5	Check for Null Issuer ... Closes gh-16989	2025-04-28 11:18:32 -06:00
Rob Winch	db48d4ca50	rm merge-dependabot-pr.yml from Unsupported Branch	2025-04-25 13:17:14 -05:00
Josh Cummings	547d174f3e	Fix Formatting	2025-04-24 10:43:03 -06:00
Roman Trapickin	d2d1275b39	Fix IllegalArgumentException message for unknown Argon2 types ... Array index 0 points to an empty string. Use index 1 instead. Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>	2025-04-24 10:43:03 -06:00
dependabot[bot]	7bf776ec38	Bump org.springframework.data:spring-data-bom ... Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.10 to 2024.0.11. - [Release notes](https://github.com/spring-projects/spring-data-bom/releases) - [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.10...2024.0.11) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-bom dependency-version: 2024.0.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-22 20:49:38 -07:00
Rob Winch	e47a6714a5	Update to io.spring.gradle:spring-security-release-plugin:1.0.5 ... Closes gh-6.3.10	2025-04-21 13:44:10 -05:00
github-actions[bot]	b9cae82b89	Next development version	2025-04-21 16:26:30 +00:00
github-actions[bot]	f6354250a1	Release 6.3.9	2025-04-21 15:58:56 +00:00
dependabot[bot]	a5d963387b	Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19 ... Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.1.18 to 6.1.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.18...v6.1.19) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 6.1.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-17 20:49:18 -07:00
dependabot[bot]	99c4f58c34	Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 ... Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap) from 3.2.11 to 3.2.12. - [Release notes](https://github.com/spring-projects/spring-ldap/releases) - [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt) - [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.11...3.2.12) --- updated-dependencies: - dependency-name: org.springframework.ldap:spring-ldap-core dependency-version: 3.2.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-17 20:36:42 -07:00
Joe Grandja	c1aa99fdd2	Enforce BCrypt password length for new passwords only ... Closes gh-16802	2025-04-17 04:53:33 -04:00
dependabot[bot]	eb01394427	Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 ... Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.16 to 2023.0.17. - [Release notes](https://github.com/reactor/reactor/releases) - [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17) --- updated-dependencies: - dependency-name: io.projectreactor:reactor-bom dependency-version: 2023.0.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-15 20:50:56 -07:00
dependabot[bot]	0d3d6f75f8	Bump org-aspectj from 1.9.22.1 to 1.9.24 ... Bumps `org-aspectj` from 1.9.22.1 to 1.9.24. Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24 - [Release notes](https://github.com/eclipse/org.aspectj/releases) - [Commits](https://github.com/eclipse/org.aspectj/commits) Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24 - [Release notes](https://github.com/eclipse/org.aspectj/releases) - [Commits](https://github.com/eclipse/org.aspectj/commits) --- updated-dependencies: - dependency-name: org.aspectj:aspectjrt dependency-version: 1.9.24 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.aspectj:aspectjweaver dependency-version: 1.9.24 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-13 20:22:34 -07:00
dependabot[bot]	eb83c35ded	Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 ... Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/spring-io/spring-security-release-tools/releases) - [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4) --- updated-dependencies: - dependency-name: io.spring.gradle:spring-security-release-plugin dependency-version: 1.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-09 20:33:22 -07:00
Steve Riesenberg	3c0fef59b5	Polish gh-16039 ... Closes gh-16038	2025-04-07 10:54:09 -05:00
Jonah Klöckner	da94fbe431	Evaluate URI query parameter only if enabled ... Issue gh-16038	2025-04-07 10:54:07 -05:00
DingHao	857ef6fe08	WithHttpOnlyCookie defaults to false ... Closes gh-16820 Signed-off-by: DingHao <dh.hiekn@gmail.com>	2025-04-01 11:59:51 -06:00
Steve Riesenberg	b7df86197c	Apply request-handler-ref to CsrfAuthenticationStrategy ... Closes gh-16801	2025-03-28 16:25:52 -05:00
Steve Riesenberg	c84c438075	Apply request-handler-ref to CsrfAuthenticationStrategy ... Closes gh-16801	2025-03-28 16:08:36 -05:00
DingHao	1e7db094d1	Use correct message prompt ... Signed-off-by: DingHao <dh.hiekn@gmail.com>	2025-03-27 16:42:52 -06:00
Josh Cummings	456604ab45	Sort Default Advisors and Added Advisors ... This commit ensures that the default advisors and added advisors are sorted in the event that this component is not being published as a Spring bean. Issue gh-16819	2025-03-27 16:18:00 -06:00
Josh Cummings	15b9a50060	Add Test ... Issue gh-16819	2025-03-27 16:18:00 -06:00
Tran Ngoc Nhan	fcc1bd598d	Sort Advisors AfterSingletonsInstantiated ... In order to make so that authorization advisors are sorted only one time and also as part of the configuration lifecycle, AuthorizationAdvisorProxyFactory now implements SmartInitializingBean. Closes gh-16819 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-03-27 16:18:00 -06:00
github-actions[bot]	af2668f7cb	Bump Gradle Wrapper from 8.10.2 to 8.13. ... Release notes of Gradle 8.13 can be found here: https://docs.gradle.org/8.13/release-notes.html Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-03-25 15:11:10 -06:00