root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 36 Packages Projects Releases Wiki Activity
17,627 Commits 55 Branches 348 Tags 115 MiB
Commit Graph

17627 Commits

Author SHA1 Message Date
dependabot[bot] b555593904 Bump org.seleniumhq.selenium:selenium-java from 4.27.0 to 4.28.0 
Bumps [org.seleniumhq.selenium:selenium-java](https://github.com/SeleniumHQ/selenium) from 4.27.0 to 4.28.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.27.0...selenium-4.28.0)

---
updated-dependencies:
- dependency-name: org.seleniumhq.selenium:selenium-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-20 20:14:50 -08:00
github-actions[bot] d5c2b6b3c9 Next development version 2025-01-20 15:50:53 +00:00
github-actions[bot] 9ec4dfa1a2 Release 6.5.0-M1 2025-01-20 15:28:02 +00:00
github-actions[bot] 3edb01c6df Merge branch '6.4.x' 2025-01-20 04:17:23 +00:00
dependabot[bot] 42a49bbd78 Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:51 -08:00
dependabot[bot] 331812df16 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 20:16:43 -08:00
github-actions[bot] 41565c5811 Merge branch '6.4.x' 2025-01-20 03:53:17 +00:00
github-actions[bot] 46aa65de59 Merge branch '6.3.x' into 6.4.x 2025-01-20 03:53:17 +00:00
dependabot[bot] 7f410ce5b4 Bump org.springframework.data:spring-data-bom from 2024.0.7 to 2024.0.8 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.0.7 to 2024.0.8.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.7...2024.0.8)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:52:35 -08:00
dependabot[bot] a23b8c5861 Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.2 to 3.27.3.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.2...assertj-build-3.27.3)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:23:32 -08:00
dependabot[bot] a02f0136cc Bump org.springframework.data:spring-data-bom from 2024.1.1 to 2024.1.2 
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom) from 2024.1.1 to 2024.1.2.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases)
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.1...2024.1.2)

---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:44 -08:00
dependabot[bot] 88ce68cb06 Bump org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final 
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 6.6.4.Final to 6.6.5.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases)
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.5/changelog.txt)
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.4...6.6.5)

---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-19 19:22:35 -08:00
Rob Winch d3332e1956
Document JDBC Persistence for WebAuthn 
Issue gh-16282
 2025-01-17 21:37:27 -06:00
Rob Winch 1f9845485c
Document custom HttpMessageConverter support for WebAuthn 
Issue gh-16397
 2025-01-17 21:08:16 -06:00
Rob Winch a2abe3c33e
Add HttpMessageConverter WebAuthnDsl Support 
Issue gh-16397
 2025-01-17 21:07:46 -06:00
Rob Winch 683f1f4bc5
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16396
 2025-01-17 20:52:01 -06:00
Rob Winch 718c90d7ad
Document PublicKeyCredentialCreationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch 4314e68329
Add WebAuthenticationDsl.creationOptionsRepository 
Issue gh-16396
 2025-01-17 20:51:43 -06:00
Rob Winch bea232237f
Fix whitespace 2025-01-17 20:51:43 -06:00
DingHao f4491f388e
Set PublicKeyCredentialCreationOptionsRepository by DSL or Bean 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:57:08 -06:00
Rob Winch 4dc1dcbf24
WebAuthnConfigurer Supports HttpMessageConverter 
Closes gh-16397
 2025-01-17 18:29:40 -06:00
Rob Winch 5462b4c358
webauthnWhenConfiguredMessageConverter uses mock 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
Rob Winch 0d4f786484
Fix WebAuthnConfigurer Javadoc 
Issue gh-16397
 2025-01-17 18:29:23 -06:00
DingHao 8181cec06c
Set HttpMessageConverter by DSL 
Closes gh-16369

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 18:29:23 -06:00
Rob Winch 4fc99aa9e1
Add ClientRegistration.clientSettings.requireProofKey 
Setting ClientRegistration.clientSettings.requireProofKey=true will
enable PKCE for clients using authorization_code grant type.

Closes gh-16386
 2025-01-17 17:27:04 -06:00
Rob Winch 85d7cc1335
Document requireProofKey 
Issue gh-16386
 2025-01-17 17:26:48 -06:00
Rob Winch 004f38639d
Move ClientSettings to ClientRegistration 
Initially it was proposed to put ClientSettings as a top level class, but
to be consistent with ProviderDetails, this commit moves ClientSettings to
be an inner class of ClientRegistration

Issue gh-16382


# Conflicts:
#	oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientSettings.java
 2025-01-17 17:26:48 -06:00
Rob Winch 4c533569bb
Ensure missing ClientRegistration.clientSettings JSON node works 
Issue gh-16382
 2025-01-17 17:26:48 -06:00
Rob Winch f9498d3885
PKCE cannot be true and AuthorizationGrantType != AUTHORIZATION_CODE 
PKCE is only valid for AuthorizationGrantType.AUTHORIZATION_CODE so the
code should validate this.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch ab629cc1ca
Add AuthorizationGrantType.toString() 
This adds AuthorizationGrantType.toString() which makes debuging easier.
In particular, it will help when performing unit tests which validate the
AuthorizationGrantType.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch b0a4dcb89e
ClientSettings equals, hashCode, toString 
Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch 2665a92107
Ensure that ClientSettings cannot be null 
This ensures that ClientRegistration.Builder.ClientSettings cannot be null.
This has a slight advantage in terms of null safety to making this check
happen in the build method since the Builder does not have a null field
either.

Issue gh-16382
 2025-01-17 17:26:47 -06:00
Rob Winch 0ed7b18f42
DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support 
When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
 2025-01-17 17:26:46 -06:00
DingHao 8d3e0844c5
Add ClientRegistration.clientSettings.requireProofKey to Enable PKCE 
Closes gh-16382

Signed-off-by: DingHao <dh.hiekn@gmail.com>
 2025-01-17 17:26:46 -06:00
Rob Winch 8acd1d3f51
Fix checkstyleNohttp OutOfMemoryError 2025-01-17 17:26:46 -06:00
Josh Cummings c2a5709e0f
Merge branch '6.4.x' 2025-01-17 16:09:01 -07:00
Josh Cummings bbe4f87641
Mark Serialization Support for Events 
Issue gh-16276
 2025-01-17 16:08:31 -07:00
Josh Cummings 9a3bbf8d00
Merge branch '6.4.x' 2025-01-17 14:17:16 -07:00
Josh Cummings 45da5c94b6
Support Serialization in Test Classes 
Issue gh-16276
 2025-01-17 14:15:30 -07:00
Rob Winch fd0024730e
Merge branch '6.4.x' 
Closes gh-16441
 2025-01-17 08:45:39 -06:00
Rob Winch b098739349
Case insenstive 2025-01-17 08:45:30 -06:00
Daniel Garnier-Moiroux 5bf42bb7a8 webauthn: ensure allowCredentials[].id is an ArrayBuffer 
closes gh-16439

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-01-17 15:14:33 +01:00
github-actions[bot] d8783b30d9 Merge branch '6.4.x' 2025-01-17 04:01:38 +00:00
dependabot[bot] 60dbeba985 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 20:00:52 -08:00
Josh Cummings aea7f333f7
Document OpaqueTokenIntrospector Migration 
Issue gh-15988
 2025-01-16 20:41:56 -07:00
dependabot[bot] d3fe73fb92 Bump org.springframework:spring-framework-bom from 6.2.1 to 6.2.2 
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-16 19:24:21 -08:00
Josh Cummings a5af8503df
Update OpaqueTokenIntrospector Documentation 
Issue gh-15988
 2025-01-16 16:46:46 -07:00
Tran Ngoc Nhan aced3bcf16 Encode Introspection clientId and clientSecret 
Closes gh-15988

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-01-16 16:32:01 -07:00
Marco Haase 7c4448c588 Fix broken link to MockMvc documentation 
Link to Test chapter of Spring Framework documentation is broken,
this commit fixes it.

Signed-off-by: Marco Haase <marco.haase@de.bosch.com>
 2025-01-16 16:30:47 -07:00
2-say 33ecb443ea Suggest replacing size() == 0 with isEmpty() for collection check 
Consider using isEmpty() instead of size() == 0 to improve code readability
and follow modern Java practices.

Signed-off-by: 2-say <dev2say@gmail.com>
 2025-01-16 16:27:50 -07:00