root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity
16,509 Commits 55 Branches 348 Tags 116 MiB
Commit Graph

2675 Commits

Author SHA1 Message Date
Steve Riesenberg 3c0fef59b5
Polish gh-16039
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Closes gh-16038
 2025-04-07 10:54:09 -05:00
Jonah Klöckner da94fbe431
Evaluate URI query parameter only if enabled 
Issue gh-16038
 2025-04-07 10:54:07 -05:00
Steve Riesenberg b7df86197c
Apply request-handler-ref to CsrfAuthenticationStrategy
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Closes gh-16801
 2025-03-28 16:25:52 -05:00
Steve Riesenberg c84c438075
Apply request-handler-ref to CsrfAuthenticationStrategy 
Closes gh-16801
 2025-03-28 16:08:36 -05:00
Josh Cummings 15b9a50060 Add Test 
Issue gh-16819
 2025-03-27 16:18:00 -06:00
Rob Winch adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Steve Riesenberg 211fa52649
Favor provided instances over shared objects 
Prior to this commit, providing oauth2Login() and oauth2Client() with
clientRegistrationRepository() and authorizedClientRepository() caused
objects to be shared across both configurers.

These configurers will now prefer explicitly provided instances of
those objects when they are available.

Closes gh-16105
 2025-01-22 17:07:44 -06:00
Josh Cummings a9f8a23e50
Merge branch '6.2.x' into 6.3.x 2024-12-19 08:55:25 -07:00
Josh Cummings 643a3f1206
Test Setting logoutRequestRepository 
Issue gh-16093
 2024-12-19 08:55:18 -07:00
Steven Williams 7aafe2ed5a
Set Saml2RelyingPartyInitiatedLogoutSuccessHandler#logoutRequestRepository 
Closes gh-16093
 2024-12-19 08:53:02 -07:00
Josh Cummings dd8ee38194
Merge branch '6.2.x' into 6.3.x 
Closes gh-16229
 2024-12-06 15:18:42 -07:00
Josh Cummings 87de6cea1b
Use Reactive JSON Encoder 
Closes gh-16177
 2024-12-06 15:14:07 -07:00
Josh Cummings 3d1e4b5f18
Polish Tests 
Confirm that responses are a valid JSON map

Issue gh-16177
 2024-12-06 15:14:07 -07:00
DingHao ef7b11ac01 Delay initialization UserDetailsService in Global Authentication 2024-12-05 12:26:04 -07:00
DingHao e8ba039a61 Delay initialization AuthenticationProvider in Global Authentication 2024-11-22 17:22:14 -07:00
Joe Grandja 709103e38c Merge branch '6.2.x' into 6.3.x 2024-11-18 04:45:38 -05:00
Joe Grandja a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00
Rob Winch e1ad989d38 Merge branch '6.2.x' into 6.3.x 
Closes gh-16062
 2024-11-11 14:58:39 -06:00
Rob Winch 81e74e65d4 Support ServerExchangeRejectedHandler @Bean 
Closes gh-16061
 2024-11-11 14:58:00 -06:00
Cedric Montfort d9d77bed82 Allow logout+jwt JWT type for reactive 
The OIDC back-channel spec recommends using a logout token typ `logout+jwt`
(see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken).

Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d)), so back
porting the same on the reactive side to close the gap.

Closes gh-15702
 2024-10-28 14:21:48 -07:00
Rob Winch 1ba6301afa Support ServerWebExchangeFirewall @Bean 
Closes gh-15987
 2024-10-25 12:13:41 -05:00
Rob Winch adc66e134b Merge branch '6.2.x' into 6.3.x 
Support ServerWebExchangeFirewall @Bean

Closes gh-15991
 2024-10-25 11:56:53 -05:00
Rob Winch 3ba1263d64 Support ServerWebExchangeFirewall @Bean 
Closes gh-15987
 2024-10-24 16:47:36 -05:00
Josh Cummings c104f44546 Merge branch '6.2.x' into 6.3.x 2024-10-23 15:23:15 -07:00
Scott Murphy Heiberg 18dba34bde Make RequestMatcherDelegatingAuthorizationManager Post-Processable 
Closes gh-15948
 2024-10-23 15:15:10 -07:00
Josh Cummings 746464e035
Merge branch '6.2.x' into 6.3.x 2024-09-30 17:21:13 -06:00
Josh Cummings c1857c0308 Fix Formatting 
Issue gh-15771
 2024-09-30 16:19:26 -07:00
chao.wang 690e012fb1 Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing 
Closes gh-15771
 2024-09-30 16:19:26 -07:00
Daniel Garnier-Moiroux 51d0a8b57d Fix getBeansWithName in global authentication configurers 2024-09-11 10:46:24 -07:00
DingHao 5c20505b0e Support Class Attributes in Annotation Template Processing 
Closes gh-15721
 2024-09-04 13:41:46 -07:00
Josh Cummings ff41521e1e
Merge branch '6.2.x' into 6.3.x 2024-09-03 16:33:46 -06:00
Josh Cummings b22061d0b6
Merge branch '5.8.x' into 6.2.x 2024-09-03 16:33:22 -06:00
Josh Cummings 97cefa6830 Update Formatting 
Issue gh-15714
 2024-09-03 15:32:59 -07:00
tugjg f836efb912 Address unnecessary method invocation 
Closes gh-15714
 2024-09-03 15:32:59 -07:00
Josh Cummings 279cb89eac
Merge branch '6.2.x' into 6.3.x 2024-08-26 16:32:58 -06:00
Hero Wanders f372f5cf52 Replace OidcSessionStrategy References with OidcSessionRegistry 2024-08-26 15:32:35 -07:00
Josh Cummings 4c0d969f1f
Merge branch '6.2.x' into 6.3.x 
Closes gh-15676
 2024-08-22 12:37:45 -06:00
Josh Cummings 3ee5a96e53
Merge branch '5.8.x' into 6.2.x 
Closes gh-15675
 2024-08-22 12:24:56 -06:00
Josh Cummings 5c604b95fb
Correct PostFilterAuthorizationMethodInterceptor Target Type 
Previously, `postFilterAuthorizationMethodInterceptor` mistakenly
was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar`
re-publishes each pre/post annotation interceptor also as an `Advisor`,
this resulted in a duplicate advisor for `@PostFilter`.

Closes gh-15651
 2024-08-22 12:10:25 -06:00
Josh Cummings ae8e4d148e
Produce Exactly One AuthorizationAdvisor Per Annotation 
Closes gh-15592
 2024-08-19 12:30:03 -06:00
Josh Cummings 27af1df87d
Simplify Method Interceptor Configuration 
Simplifies to use only one ObjectProvider for easier
future maintenance

Issue gh-15592
 2024-08-19 12:27:56 -06:00
Daniel Garnier-Moiroux b731623b3a Fix checkstyle errors with @Deprecated 2024-08-19 10:55:58 -03:00
Daniel Garnier-Moiroux b92ed92548 Fix checkstyle errors with @Deprecated 2024-08-19 10:55:28 -03:00
Marcus Hert Da Coregio 912062d307 Merge branch '6.2.x' into 6.3.x 2024-08-19 09:11:10 -03:00
Daniel Garnier-Moiroux 79fb0113c8 Bump io-spring-javaformat from 0.0.42 to 0.0.43 
Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43.

Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43
- [Release notes](https://github.com/spring-io/spring-javaformat/releases)
- [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43)

---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

---
Manual updates:
- Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST
  be used together

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-19 09:11:05 -03:00
Daniel Garnier-Moiroux 3b8cdc323f Remove unused method 2024-08-08 15:29:41 -05:00
Daniel Garnier-Moiroux 109da2719f Use explicit types everywhere instead of var 2024-08-08 15:29:41 -05:00
Josh Cummings f20ae1a71c
Revert gh-13783 
This feature unfortunately regresses pre-existing behavior
like that found in gh-15352. As such, this functionality
has been removed.

Closes gh-15352
 2024-07-31 16:16:34 -06:00
Marcus Hert Da Coregio c1b3b329af Merge branch '6.2.x' into 6.3.x 2024-07-29 14:56:09 -03:00
baezzys 3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource 
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
 2024-07-29 14:55:55 -03:00