root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity
19,614 Commits 38 Branches 359 Tags 130 MiB
Commit Graph

1442 Commits

Author SHA1 Message Date
Joe Grandja 51fe7ff737 Return device_code grant metadata when enabled
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details
Execute Gradle Wrapper Upgrade / Execution (push) Has been cancelled Details 
Issue gh-17998
 2025-10-04 05:38:11 -04:00
Rob Winch 3f74991ce9
Authentication adds FactorGrantedAuthority 
Closes gh-18001
 2025-10-03 15:20:03 -05:00
Joe Grandja 4dfef1483d Polish gh-17507 2025-10-03 13:09:09 -04:00
Rohan Naik 8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja 54aae36f98 Add support for OAuth 2.0 Protected Resource Metadata
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Closes gh-17244
 2025-10-02 14:50:17 -04:00
Joe Grandja f3761aff99 Add support for OAuth 2.0 Dynamic Client Registration Protocol
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Closes gh-17964
 2025-09-25 16:33:16 -04:00
Rob Winch b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings 6e7a181eac
Polish Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Josh Cummings 758b35df9c
Add Factor Tests for Authentication Providers 
Issue gh-17933
 2025-09-19 11:32:27 -06:00
Josh Cummings e8accd0499
Add Factory Authority When Authentication Succeeds 
Issue gh-17933
 2025-09-19 11:32:26 -06:00
Bernard Budano 02a948da81 Address reviewer requested changes 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Bernard Budano 8e3cf9677c Support @ClientRegistrationId at Class Level 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Joe Grandja 35f41f87d1 Temporarily fix integration tests 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja 098574c50e Remove redundant classes 
Issue gh-17880
 2025-09-12 16:20:43 -04:00
Joe Grandja cc71be71e5 Move OAuth2AuthorizationServerConfigurer and OAuth2AuthorizationServerConfiguration 
Issue gh-17880
 2025-09-12 16:20:42 -04:00
Joe Grandja b5a4cdc9eb Polish OAuth2AuthorizationServerJackson2Module 
Issue gh-17880
 2025-09-12 16:20:41 -04:00
Joe Grandja 592510c725 Update to @since 7.0 
Issue gh-17880
 2025-09-12 16:20:41 -04:00
Joe Grandja e5dc46270a Fix checkstyle 
Issue gh-17880
 2025-09-12 16:20:39 -04:00
Joe Grandja 6484d1ae25 Update copyright headers to 2004-present 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the copyright headers.

The copyright headers were updated using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Issue gh-17880
 2025-09-12 16:20:39 -04:00
Joe Grandja a620113264 Add test dependencies 
Issue gh-17880
 2025-09-12 16:20:38 -04:00
Joe Grandja 1ff1d88866 Manual move of spring-projects/spring-authorization-server src/test 
Issue gh-17880
 2025-09-12 16:20:38 -04:00
Joe Grandja 072f413dd7 Update copyright headers to 2004-present 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the copyright headers.

The copyright headers were updated using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Issue gh-17880
 2025-09-12 16:20:37 -04:00
Joe Grandja 327996c964 Add spring-security-oauth2-authorization-server.gradle 
Issue gh-17880
 2025-09-12 16:20:36 -04:00
Joe Grandja 745e2153ed Manual move of spring-projects/spring-authorization-server src/main 
Issue gh-17880
 2025-09-12 16:20:36 -04:00
Rob Winch 093e930c32
Merge branch '6.5.x' 2025-09-10 12:00:31 -05:00
Rob Winch ab634d1099
Merge branch '6.4.x' into 6.5.x 2025-09-10 11:58:55 -05:00
Rob Winch a79a2b031a
Remove MockWebServer from JwtIssuerAuthenticationManagerResolverTests 
This prevents timeouts on GitHub Windows runners due to overtaxed
systems.

Closes gh-17869
 2025-09-10 11:56:07 -05:00
Josh Cummings ed344ece70
Use Fixed Clock 
This commit stabilizes time-sensitive tests that
verify the behavior of DPoP iat validation.

Issue gh-14915
 2025-09-09 16:22:07 -06:00
Josh Cummings 69ee8d9aec Polish OAuth 2.0 Authentication Builders 
Issue gh-17861
 2025-09-09 14:59:14 -06:00
Josh Cummings dd50dc0c40 Remove Generic Typing From Authentication.Builder 
It would be better to introduce parameter types for
principal and credentials into Authentication.Builder
at the same time as doing so for Authentication

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings a0fe6a5fee Polish Builders 
- Added remaining properties
- Removed apply method since Spring Security isn't using
it right now
- Made builders extensible since the authentications are
extensible

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings a201a2b862 Add Authentication.Builder 
This commit adds a new default method to Authentication
for the purposes of creating a Builder based on the current
authentication, allowing other authentications to be
applied to it as a composite.

It also adds Builders for each one of the authentication
result classes.

Issue gh-17861
 2025-09-09 14:49:13 -06:00
Josh Cummings c64b086878
Add SecurityAssertions 
This commit introduces a simple, internal test API for
verifying aspects of an Authentication, like its name
and authorities.

Closes gh-17844
 2025-09-03 17:53:42 -06:00
Fridolin Jackstadt 910df479be Provider Default Timeouts For JWK Retrieval 
Issue gh-14269

Signed-off-by: Fridolin Jackstadt <fridolin.jackstadt@unic.com>
 2025-09-02 08:51:10 -06:00
Andrey Litvitski 3278f3a410 Add discoverJwsAlgorithms() in NimbusJwtDecoder 
Closes: gh-17785
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-08-26 17:07:47 -06:00
chanbinme 08fa272749 Remove authoritiesClaimName Field 
This commit simplfies the logic in JwtGrantedAuthoritiesConverter
to no longer need the authoritiesClaimName field.

Signed-off-by: chanbinme <gksmfcksqls@gmail.com>
 2025-08-13 10:57:15 -06:00
Josh Cummings eeb383ac46 Fix Checkstyle 
Issue gh-17623
 2025-08-07 14:32:18 -06:00
Josh Cummings 6d1a886f92 Deprecate SERIAL_VERSION_UID 
Closes gh-17623
 2025-08-07 11:09:35 -06:00
Rob Winch f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Rob Winch 2fdca16c1a
Merge branch '6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Closes gh-17634
 2025-07-29 09:47:52 -05:00
Rob Winch 392129b616
Use 2004-present Copyright Header
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Rob Winch bf877a9864
Add OAuth2User to OidcUser Conversion Params
Deploy Docs / build (push) Has been cancelled Details
Execute Gradle Wrapper Upgrade / Execution (push) Has been cancelled Details
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (5.8.x) (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (6.2.x) (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (6.3.x) (push) Has been cancelled Details
Update Antora UI Spring / Update on Supported Branches (main) (push) Has been cancelled Details
Update Antora UI Spring / Update on docs-build (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
Clean build artifacts / main (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Previously the Oidc(Reactive)OAuth2UserService APIs allowed a strategy
for converting to the OidcUser with the OidcUserRequest and OidcUserInfo.
The input should also include the OAuth2User to make
it simple to use the OAuth2User as a part of the conversion.

This commit introduces OidcUserSource as a POJO containing
OidcUserRequest, OidcUserInfo, and OAuth2User.

It then updates the OidcUser conversion strategy in OidcUserService and
OidcReactiveOAuth2UserService to accept OidcUserSource as the source for
the Converter used to create OidUser.

Closes gh-17626
 2025-07-25 09:09:24 -05:00
Joe Grandja b8796d84b7 Fix tests in ClientRegistrationsTests 
Issue gh-17542
 2025-07-17 09:52:55 -04:00
Josh Cummings 571b6fe4a8
Fix Formatting 
Issue gh-16858
 2025-07-09 14:05:41 -06:00
Josh Cummings 9dea1c2eb5
Update to Latest HttpRequestValues Contract 
Issue gh-16858
 2025-07-09 13:47:06 -06:00
Tran Ngoc Nhan 6dc77bd98b Update JwtIssuerAuthenticationManagerResolver constructor javadoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 11:37:52 -06:00
Tran Ngoc Nhan 21036c94b4 Remove Nimbus(Reactive)OpaqueTokenIntrospector 
Closes gh-17302

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 15:41:57 -06:00
Josh Cummings 919ae1d636
Use PathPatternRequestMatcher in oauth2 
Issue gh-16887
 2025-07-03 13:37:49 -06:00
Josh Cummings 98686a5139
Standardize Mock Request Paths 
Closes gh-17449
 2025-07-03 13:37:47 -06:00
Soumik Sarker 06bd81b1da Removed deprecated class BearerTokenAuthenticationFilter 
Closes gh-17309

Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-07-03 12:44:06 -06:00