Branch: main

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/6.5.x/org.hibernate.orm-hibernate-core-6.6.45.Final

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

main-using-releases-v1-workflows

revert-18260-gh-18259

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

6.5.8

6.5.9

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.0.3

7.0.4

7.1.0-M1

7.1.0-M2

7.1.0-M3

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'main'

${ noResults }

Commit Graph

3272 Commits (main)

Author	SHA1	Message	Date
Joe Grandja	baad23caab	Enable null-safety in spring-security-oauth2-client ... Closes gh-17819	5 days ago
Robert Winch	ea2f2302da	Add MultiFactorCondition.WEBAUTHN_REGISTERED ... Closes gh-18923	6 days ago
Robert Winch	bd7171140e	Support Customizer<AdditionalRequiredFactorsBuilder<Object>>> ... Closes gh-18922	6 days ago
Robert Winch	c71b178f63	Remove Unnecessary ObjectProvider<RoleHierarchy> roleHierarchy parameter ... Closes gh-18921	6 days ago
Joe Grandja	22a98583f1	Enable null-safety in spring-security-oauth2-jose ... Closes gh-17821	1 week ago
Josh Cummings	5687867a09	Fix Checkstyle ... Issue gh-18874 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 weeks ago
Joe Grandja	36450d6c26	Fix checkstyle error ... Issue gh-18874	2 weeks ago
Josh Cummings	a980368f26	Move Integration Test from Spring LDAP ... Closes gh-18874 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 weeks ago
Joe Grandja	1906075b0c	OAuth2DeviceVerificationEndpointFilter is applied after AuthorizationFilter ... Closes gh-18873	2 weeks ago
Andrey Litvitski	d1ce69ca99	Specify charset in WWW-Authenticate for Basic Auth ... In this commit, we add support for the charset from RFC-7617, which definitely solves the problem when the client does not know what charset we are parsing with. Closes: gh-18755 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	2 weeks ago
Joe Grandja	c7235ec0a3	Allow custom token settings for OAuth 2.0 dynamic client registration ... Closes gh-18870	2 weeks ago
Ronny Perinke	e8e0da1ec6	Add Null Guard for Setting ReactiveUserDetailsPasswordService ... This use case specifically arises when using `ReactiveUserDetailsService` without `ReactiveUserDetailsPasswordService`. Closes gh-17986 Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>	2 weeks ago
wonderfulrosemari	07297e7a80	Add MessageExpressionAuthorizationManager ... Closes gh-12650 Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>	3 weeks ago
023-dev	b9f974b18f	Remove compiler warnings for spring-security-config ... Signed-off-by: 023-dev <0_2_3@naver.com>	3 weeks ago
Menashe Eliezer	ee97c83042	Update request-matcher schema and XML tests to use path ... Closes gh-18641 Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>	4 weeks ago
Robert Winch	701736da5d	Fix checkstyle ... Issue gh-18354 Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>	4 weeks ago
Mohammad Amin Pahlevani	9e5a425859	Make PublicKeyCredentialCreationOptions Serializable ... Closes gh-16431 Signed-off-by: Mohammad Amin Pahlevani <pahlevani@live.com>	4 weeks ago
Robert Winch	53300be8d7	Fix checkstyle ... Issue gh-18530	4 weeks ago
CHANHAN	d5ba9dcada	Add tests for intercept-url access attribute validation ... Fixes gh-18503 Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>	4 weeks ago
CHANHAN	fa87c78edb	fix missing access attribute validation in FilterInvocationSecurityMetadataSourceParser ... Fixes gh-18503 Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>	4 weeks ago
CHANHAN	f1e367f93d	fix missing access attribute validation in AuthorizationFilterParser ... Fixes gh-18503 Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>	4 weeks ago
Robert Winch	f8ac095d48	Add nullability contract to `PasswordEncoder#encode` implementations ... Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>AbstractValidatingPasswordEncoder.java	1 month ago
Minu Kim	18068c9099	fix compile warning in spring-security-test ... Signed-off-by: Minu Kim <kmw106933@naver.com>	1 month ago
DingHao	199473fcb3	Ability to configure authenticationDetailsSource in AnonymousConfigurer ... Closes gh-17831 Signed-off-by: DingHao <dh.hiekn@gmail.com>	2 months ago
Joe Grandja	d3c42a7a4f	Polish OAuth2ConfigurerUtils	2 months ago
Joe Grandja	e61c03f7c3	Fix to allow multiple PasswordEncoder beans ... Closes gh-18645	2 months ago
Josh Cummings	70fc8fef3a	Add Sample SAML Response in Test ... Issue gh-17823 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 months ago
Josh Cummings	c5632ccd83	Add security-nullability to ldap ... Closes gh-17818 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 months ago
Michael Lück	7513c859bd	Fix javadoc warnings and apply plugin javadoc-warnings-error ... Closes to gh-18448 Signed-off-by: Michael Lück <michael@lueckonline.net>	2 months ago
Robert Winch	d7fbf3673a	Fix consistency with Nullability Usage ... Issue gh-18564	2 months ago
dev.paramjot	af73f85f66	Fix formatting in HttpSecurity.java documentation ... Signed-off-by: dev.paramjot <50148441+ParamjotSingh5@users.noreply.github.com>	2 months ago
Robert Winch	048b6bdd88	Update to JDK 25 (release = 17) ... This commit updates the build to use JDK 25 while remaining compatable with JDK 17. Note that we must update our JAAS related tests to use release=25 due to the disabling of the Security Manager. See https://docs.oracle.com/en/java/javase/25/security/security-manager-is-permanently-disabled.html Closes gh-18512	2 months ago
Robert Winch	63c99b9438	Revert "Update to 7.1.0-SNAPSHOT" ... This reverts commit b77ea8d3a3.	2 months ago
Pavel Vassiliev	641d8a362b	Fix Gradle 9.0 deprecations ... This commit addresses several build warnings and errors to prepare for Gradle 9.0 and resolve static analysis issues. Closes: gh-18472 Signed-off-by: Pavel Vassiliev <paulvas@gmail.com> Signed-off-by: Pavel Vassiliev <paulvas@gmail.com>	2 months ago
Robert Winch	b77ea8d3a3	Update to 7.1.0-SNAPSHOT	2 months ago
Robert Winch	3833650d33	Update to 7.1.0-SNAPSHOT	2 months ago
Tran Ngoc Nhan	d20c88ecef	Format code ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Tran Ngoc Nhan	79815e044e	Fix typos ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Josh Cummings	0155d4a345	Restore Check for DispatcherServlet on Classpath ... Closes gh-18315	3 months ago
dependabot[bot]	e033086ab0	Bump org.springframework:spring-framework-bom from 7.0.1 to 7.0.2 ... Includes fixes for Breaking Changes in Spring Framework 7.0.2: - spring-projects/spring-framework#35916 - spring-projects/spring-framework#35947 Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) from 7.0.1 to 7.0.2. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v7.0.1...v7.0.2) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-version: 7.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 months ago
Josh Cummings	dbf93acb05	Check for spring-security-web on Classpath ... This commit refines the check for adding AuthorizationWebProxyConfiguration to the application context. The web-based authorization proxy support is intended for applying Spring Security Method Security primitives to Spring Web components; as such, this implies a dependency on Spring Security Web. Closes gh-18307	3 months ago
Joe Grandja	c53e66a217	OAuth2AuthorizationEndpointFilter is applied after AuthorizationFilter ... Closes gh-18251	4 months ago
Daniel Garnier-Moiroux	7cb57ab940	Improve webauthn webdriver tests ... Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	4 months ago
Daniel Garnier-Moiroux	fed6df5167	Default WebAuthnConfigurer#rpName to rpId ... In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated: > This member is deprecated because many clients do not display it, > but it remains a required dictionary member for backwards compatibility. > Relying Parties MAY, as a safe default, set this equal to the RP ID. Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	5 months ago
Rob Winch	0928a60cd2	Post Process WebAuthnAuthenticationFilter ... This commit ensures that WebAuthnAuthenticationFilter is post processed by BeanPostProcessors and ObjectPostProcessor. Closes gh-18128	5 months ago
Rob Winch	884cf0d62e	EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication ... Closes gh-18127	5 months ago
Rob Winch	aaf738f7ac	MFA is now Opt In ... This commit ensures that MFA is only performed when users opt in. By doing so, we allow users to decide if they will opt into the semantics of merging two Authentication instances. Closes gh-18126	5 months ago
Simon Von	0927bed66a	📔 Documentation ... 1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description Signed-off-by: Simon Von <g1672943850@gmail.com>	5 months ago
Josh Cummings	9c7b34a48b	Favor Relative Redirects by Default ... Closes gh-16300	5 months ago
Joe Grandja	fc8b6b5863	Return PAR endpoint metadata only when enabled ... Issue https://github.com/spring-projects/spring-authorization-server/issues/2219	5 months ago