root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity
17,627 Commits 50 Branches 348 Tags 114 MiB
Commit Graph

17627 Commits

Author SHA1 Message Date
ying.li 6494ea9b18 fix for typo 2025-02-10 12:22:57 -06:00
patpatpat123 b6f8046b2f Fix type for rest-client-access-token-response-client.adoc 
In line 260, there is the mention of "=== Customizing the `WebClient`" while it should be "=== Customizing the `RestClient`"

Signed-off-by: patpatpat123 <43899031+patpatpat123@users.noreply.github.com>
 2025-02-10 10:11:06 -06:00
Daniel Garnier-Moiroux 238f47ce5e One Time Token login registers the default login page 
closes gh-16414

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
Daniel Garnier-Moiroux 5ee6b83953 Introduce OneTimeTokenAuthenticationFilter 
closes gh-16539

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-02-10 09:55:51 -06:00
dependabot[bot] 8e2a4bf356 Bump org.seleniumhq.selenium:htmlunit3-driver from 4.27.0 to 4.28.0 
Bumps [org.seleniumhq.selenium:htmlunit3-driver](https://github.com/SeleniumHQ/htmlunit-driver) from 4.27.0 to 4.28.0.
- [Release notes](https://github.com/SeleniumHQ/htmlunit-driver/releases)
- [Commits](https://github.com/SeleniumHQ/htmlunit-driver/compare/4.27.0...4.28.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:htmlunit3-driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-05 15:06:50 -08:00
Josh Cummings 8e19b8039c
Merge branch '6.4.x' 2025-02-05 15:49:20 -07:00
Josh Cummings 4776446b14
Add Missing Serialzed AuthorizationDeniedException 
Issue gh-16544
 2025-02-05 15:48:55 -07:00
Max Batischev 9676739c88 TestServerOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Max Batischev be81377235 Add Support ServerGenerateOneTimeTokenRequestResolver 
Closes gh-16488

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-05 14:14:16 -07:00
Josh Cummings 981e3fd779
Merge branch '6.4.x' 2025-02-05 13:59:12 -07:00
Josh Cummings b4c7795699
Support Serialization for Authorization Components 
Closes gh-16544
 2025-02-05 13:58:32 -07:00
Josh Cummings 11113adf62 Polish Nimbus JWK Source Implementation 
Issue gh-16251
 2025-02-05 09:28:07 -07:00
Daeho Kwon 7b7abb28bb Remove Deprecated Usages of RemoteJWKSet 
Closes gh-16251

Signed-off-by: Daeho Kwon <trewq231@naver.com>
 2025-02-05 09:28:07 -07:00
Josh Cummings f9824fd688 Polish Tests 
Issue gh-16251
 2025-02-05 09:28:07 -07:00
DingHao f7e0f7fa8a Polish OneTimeTokenLoginConfigurer 
Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-02-04 12:38:27 -07:00
github-actions[bot] fc19bf8769 Merge branch '6.4.x' 2025-02-04 04:23:51 +00:00
dependabot[bot] 876f67715f Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 20:23:06 -08:00
github-actions[bot] df2bc8f394 Merge branch '6.4.x' 2025-02-04 04:00:20 +00:00
github-actions[bot] 007d7da42a Merge branch '6.3.x' into 6.4.x 2025-02-04 04:00:20 +00:00
dependabot[bot] 002dbf355a Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:59:36 -08:00
dependabot[bot] 60f14c2df6 Bump io.rsocket:rsocket-bom from 1.1.4 to 1.1.5 
Bumps [io.rsocket:rsocket-bom](https://github.com/rsocket/rsocket-java) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/rsocket/rsocket-java/releases)
- [Commits](https://github.com/rsocket/rsocket-java/compare/1.1.4...1.1.5)

---
updated-dependencies:
- dependency-name: io.rsocket:rsocket-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:57:07 -08:00
dependabot[bot] e8e41e936f Bump io.freefair.gradle:aspectj-plugin from 8.12 to 8.12.1 
Bumps [io.freefair.gradle:aspectj-plugin](https://github.com/freefair/gradle-plugins) from 8.12 to 8.12.1.
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](https://github.com/freefair/gradle-plugins/compare/8.12...8.12.1)

---
updated-dependencies:
- dependency-name: io.freefair.gradle:aspectj-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 19:55:43 -08:00
Steve Riesenberg 54a6a19e05 Polish gh-16214 
This commit applies the following changes:

* Added local Content-Security-Policy with script-src nonce directive
* Removed form-redirect.js and associated changes
* Renamed to FormPostRedirectStrategy
* Removed HtmlUtils usage
* Moved to same package as DefaultRedirectStrategy
 2025-02-03 14:52:30 -06:00
Craig Andrews 58534e7f60 Add FormRedirectStrategy to enable POST OIDC Logout 
FormRedirectStrategy redirects using an autosubmitting HTML form using the POST method versus DefaultRedirectStrategy which redirects using the GET method.

Can be used to implement POST binding for relying party initiated OIDC logout by setting FormRedirectStrategy as the redirection strategy on OidcClientInitiatedLogoutSuccessHandler.

Closes gh-13002

Signed-off-by: Craig Andrews <candrews@integralblue.com>
 2025-02-03 14:52:30 -06:00
Josh Cummings e63ef3cdc4
Merge branch '6.4.x' 2025-02-03 12:35:53 -07:00
Josh Cummings 47fd6befde
Ensure Serialization Compatibility for AuthenticationException 
Issue gh-16286
 2025-02-03 12:34:43 -07:00
dae won 6a94a294ea Lazily compose debug message in AbstractUserDetailsAuthenticationProvider 
Closes gh-16495

Signed-off-by: dae won <eodnjs01477@gmail.com>
 2025-02-03 12:27:49 -07:00
Max Batischev 61d92e9db9 Fix assertion message in DefaultGenerateOneTimeTokenRequestResolver 
Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-02-03 12:15:20 -07:00
Josh Cummings b98ece3e03
Clarify Commit Message Guideline 
We typically use imperative; however, this can feel unnatural on occasion.
For example 'S101 Depends On Assemble' would sound unnatural as 'S101 Depend On Assemble'
 2025-02-03 11:31:54 -07:00
Josh Cummings 6730167445
Correct Link Anchor Syntax 2025-02-03 10:33:23 -07:00
Josh Cummings 0f8e1936ff
Merge branch '6.4.x' 2025-02-03 10:19:31 -07:00
NeoTraveler e31f04bebc
`withValue` used incorrectly 
Closes gh-16525
Closes gh-16527

Signed-off-by: NeoTraveler <55753029+NeoTraveler@users.noreply.github.com>
 2025-02-03 10:18:33 -07:00
Josh Cummings 5efc60d380
Merge branch '6.4.x' 2025-02-03 10:13:37 -07:00
Josh Cummings 5ff87128b1
Make Saml2AuthenticationToken Serializable 
Issue gh-16286
 2025-02-03 10:13:14 -07:00
Tran Ngoc Nhan bcc4b415b3
Make RelyingPartyRegistration Serializable 
Closes gh-16286
 2025-02-03 10:13:13 -07:00
Steve Riesenberg b32f4f1afc Polish gh-16502 2025-02-03 09:21:53 -06:00
earlgrey02 1fa1848f9f Add HttpStatusAccessDeniedHandler 
Signed-off-by: earlgrey02 <san06036@naver.com>
 2025-02-03 09:21:53 -06:00
github-actions[bot] 22605be60e Merge branch '6.4.x' 2025-02-03 04:16:01 +00:00
dependabot[bot] eb4befa28e Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:15:24 -08:00
github-actions[bot] 043ec05334 Merge branch '6.4.x' 2025-02-03 04:14:47 +00:00
dependabot[bot] ca3c763c04 Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 20:14:06 -08:00
dependabot[bot] df1b3032c7 Bump com.webauthn4j:webauthn4j-core 
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j) from 0.28.4.RELEASE to 0.28.5.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases)
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml)
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.28.4.RELEASE...0.28.5.RELEASE)

---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:53:23 -08:00
dependabot[bot] 330489e04a Bump org.hibernate.orm:hibernate-core from 6.6.5.Final to 6.6.6.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.5.Final to 6.6.6.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.6/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.5...6.6.6)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 19:52:02 -08:00
github-actions[bot] 291fae89a9 Merge branch '6.3.x' into 6.4.x 2025-02-03 00:53:13 +00:00
github-actions[bot] db41f7e1ca Merge branch '6.4.x' 2025-02-03 00:53:13 +00:00
dependabot[bot] 7d5414b349 Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:52:21 -08:00
dependabot[bot] e5583de8de Bump @springio/asciidoctor-extensions in /docs 
Bumps [@springio/asciidoctor-extensions](https://github.com/spring-io/asciidoctor-extensions) from 1.0.0-alpha.14 to 1.0.0-alpha.16.
- [Changelog](https://github.com/spring-io/asciidoctor-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/asciidoctor-extensions/compare/v1.0.0-alpha.14...v1.0.0-alpha.16)

---
updated-dependencies:
- dependency-name: "@springio/asciidoctor-extensions"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-02 16:26:12 -08:00
Rob Winch 10394c8f2a
OTT Tests use Mocks Instead of Comparing Expires 
Previously, expires was compared to test if a custom implementations
were used. Now the tests verify this through mocks.

Closes gh-16515
 2025-01-31 16:47:50 -06:00
Christian b56650100a
Removes the use of `StringUtils` from `DelegatingPasswordEncoder` 
Closes gh-16442

Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>
 2025-01-31 15:43:24 -06:00
dependabot[bot] 2aa2e646d4 Bump com.google.code.gson:gson from 2.12.0 to 2.12.1 
Bumps [com.google.code.gson:gson](https://github.com/google/gson) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.12.0...gson-parent-2.12.1)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-30 19:33:34 -08:00