ce36fc1e76
Add FactorGrantedAuthority
...
Closes gh-17996
2025-10-03 15:20:00 -05:00
477a456d6c
Disable device_code grant by default
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17998
2025-10-03 14:10:13 -04:00
4dfef1483d
Polish gh-17507
2025-10-03 13:09:09 -04:00
8c65dc93f2
Enable PKCE by default
...
Closes gh-17507
Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
2025-10-03 13:08:04 -04:00
54aae36f98
Add support for OAuth 2.0 Protected Resource Metadata
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17244
2025-10-02 14:50:17 -04:00
64c9e3e210
Prevent Dupliate GrantedAuthority#getAuthority()
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
If the GrantedAuthority is not equal, but contains a duplicate
GrantedAuthority#getAuthority() then at the time of authentication,
the Filter or WebFilter will duplicate the GrantedAuthority which leads
to a memory leak. This is important to avoid for when we add support for
a GrantedAuthority that might have an issuedAt attribute. If it is too
old, then we'd want only the new GrantedAuthority to be added and the old
instance to be removed. However, the two GrantedAuthority instances
will not be equal because the issuedAt will not be equal.
Closes gh-17981
2025-10-01 15:37:23 -05:00
c9010345b9
Add TestingAuthenticationToken(principal,credential,grantedAuthorities...)
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17980
2025-10-01 13:05:56 -05:00
681e166be8
Remove default HttpSecurity.securityMatcher() for authorization server
...
Closes gh-17965
2025-10-01 11:45:21 -04:00
7f10897de3
SecurityMockMvcResultMatchers.withAuthorities(String...)
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17974
2025-09-30 10:39:14 -05:00
0e99324c43
Merge branch '6.5.x'
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
2025-09-29 13:44:37 -05:00
cf9568fe09
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
2025-09-29 13:43:45 -05:00
7409133cc0
Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1
...
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client ) from 5.5 to 5.5.1.
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.5.1/RELEASE_NOTES.txt )
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5...rel/v5.5.1 )
---
updated-dependencies:
- dependency-name: org.apache.httpcomponents.client5:httpclient5
dependency-version: 5.5.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-29 03:26:33 +00:00
f3761aff99
Add support for OAuth 2.0 Dynamic Client Registration Protocol
...
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Closes gh-17964
2025-09-25 16:33:16 -04:00
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config
...
Closes gh-17957
2025-09-25 11:50:13 -05:00
be20201bf7
FACTOR uses defaultEntryPoint when possible
...
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.
Issue gh-gh-17955
2025-09-25 11:18:20 -05:00
029e31ebe8
DelegatingAuthenticationEntryPoint.Builder allows just defaultEntryPoint
...
Previously build threw an Exception when entryPoints was empty and
defaultEntryPoint was specified.
This commit changes build to return the defaultEntryPoint instead.
Closes gh-17955
2025-09-25 09:45:52 -05:00
ad6fe4fdc3
Polish MFA Samples
...
This commit removes unneeded AuthorizationManagerFactory
implementations, simplifies the custom AuthorizationManagerFactory
example, and updates usage of hasAllAuthorities.
Issue gh-17934
2025-09-24 17:54:59 -06:00
f652920bb3
Add @EnableGlobalMultiFactorAuthentication
...
Closes gh-17954
2025-09-24 14:47:26 -05:00
e33e4d80a9
Fix Antora Warnings in servlet/authentication/adaptive.adoc
...
Issue gh-2603
2025-09-24 13:05:50 -05:00
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY
...
Closes gh-17952
2025-09-24 09:53:56 -05:00
28aad8855c
Merge branch 'mfa'
...
Closes gh-2603
2025-09-23 18:23:11 -06:00
bbba2930e9
Add Initial Documentation
...
Issue gh-17934
2025-09-23 18:16:36 -06:00
d757e6e44e
Response to Additional Feedback
...
- Moved request attribute to WebAttributes
- Renamed ExceptionHandlingConfigurer methods
- Removed varargs from DelegatingMissingAuthorityAccessDeniedHandler
Issue gh-17901
Issue gh-17934
2025-09-23 18:16:22 -06:00
50ebd467c3
Polish Default Login Page
...
Issue gh-17901
2025-09-23 17:59:23 -06:00
42376e2eee
Prepopulate Username When Known
...
Closes gh-17935
2025-09-23 17:59:22 -06:00
e813aad82b
Support Showing One Part of Login Page
...
Closes gh-17901
2025-09-23 17:59:21 -06:00
9f317757c3
Make Public Missing Authority AccessDeniedHandler
...
Issue gh-17934
2025-09-23 17:59:19 -06:00
df7a7cdc99
Update Test for Method Security
...
Issue gh-17936
2025-09-23 17:16:33 -06:00
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities
...
Issue gh-17934
2025-09-23 17:16:32 -06:00
fe17f2904d
Initial Exception Handling
...
This commit hardcodes factors as a proof of concept for
multi-factor authentication
Issue gh-17934
2025-09-23 17:16:30 -06:00
549569ea55
Add DefaultAuthorizationManagerFactory.additionalAuthorization
2025-09-23 16:52:10 -05:00
1608465a38
DefaultAuthorizationManagerFactory additionalAuthorization
...
This commit adds AuthorizationManager<T> additionalAuthorization to
DefaultAuthorizationManagerFactory which can be used for multi factor
authorization.
There is a builder that allows for creating an instance that requires
static additional authorities, but for more advanced cases users can
inject an additionalAuthorization that looks up if the user has settings
that enable additional required authorities.
The builder can later be updated to support checking that a particular
authority was granted within a specified amount of time.
Issue gh-17900
2025-09-23 15:25:26 -05:00
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics
...
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory
Issue gh-17860
2025-09-23 10:32:02 -05:00
02bc3adfb8
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
...
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj ) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases )
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6 )
---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
dependency-version: 3.27.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-23 03:17:16 +00:00
f8ab033c7b
Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
...
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj ) from 3.27.5 to 3.27.6.
- [Release notes](https://github.com/assertj/assertj/releases )
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.5...assertj-build-3.27.6 )
---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
dependency-version: 3.27.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-23 03:07:48 +00:00
628f3da30b
Revert "Add AuthorityUtils Methods"
...
This reverts commit 50bdaeb100
2025-09-22 12:26:07 -06:00
5ca5aca48e
Add Null Guard
...
Issue gh-17933
2025-09-22 12:23:29 -06:00
c61f53ad64
Copy Query to Parameters
...
Issue gh-17450
2025-09-22 12:17:24 -06:00
50bdaeb100
Add AuthorityUtils Methods
...
This commit adds a couple of utility methods for working with authorities
by type. Now that there are infrastructural authorities that Spring Secuirty
works with directly, it's helpful to be able to filter them out of the
authority list.
2025-09-22 11:42:14 -06:00
b31fdcd89f
Merge branch '6.5.x'
2025-09-22 11:57:34 -05:00
1878a1e03b
Merge branch '6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Waiting to run
Details
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run
Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run
Details
CI / Check Samples (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
2025-09-22 11:57:26 -05:00
f0f57ad560
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
2025-09-22 11:57:04 -05:00
93ded52236
Bump org.gretty:gretty from 4.1.7 to 4.1.10
2025-09-22 11:57:02 -05:00
329af112ed
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE
2025-09-22 11:55:59 -05:00
3f1a60b0b8
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
2025-09-22 11:55:56 -05:00
67373e8c13
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
2025-09-22 11:55:54 -05:00
4ef16b14d2
Update terminology to HTTP Service Clients
...
Closes gh-17947
2025-09-22 10:09:04 -05:00
7d93186c69
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-22 03:22:10 +00:00
ae4b2e50e2
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-22 03:14:46 +00:00
e323377768
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-09-22 03:09:34 +00:00
Rob Winch
Joe Grandja
Rohan Naik
dependabot[bot]
Josh Cummings