c1e9e10bf0
Merge branch '6.4.x' into 6.5.x
...
Closes gh-18131
1 month ago
fed6df5167
Default WebAuthnConfigurer#rpName to rpId
...
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:
> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.
Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
1 month ago
20ae9dc6bc
Remove Stray Needs Declaration
1 month ago
03eadb846c
Add Workflow to Finalize a Release
1 month ago
0928a60cd2
Post Process WebAuthnAuthenticationFilter
...
This commit ensures that WebAuthnAuthenticationFilter is
post processed by BeanPostProcessors and
ObjectPostProcessor.
Closes gh-18128
1 month ago
322634ca6a
Next Development Version
1 month ago
5213cc44fc
Merge branch '6.5.x'
1 month ago
8fa2fc0e1e
Merge branch '6.4.x' into 6.5.x
1 month ago
4feeb0f843
Docs: document effects of disabling CORS configurer
...
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
1 month ago
ea88671f4c
Update webauthn4j usage, use non-deprecated methods
...
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
1 month ago
9dde69746f
Release 7.0.0-RC2
1 month ago
884cf0d62e
EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication
...
Closes gh-18127
1 month ago
aaf738f7ac
MFA is now Opt In
...
This commit ensures that MFA is only performed when users opt in. By
doing so, we allow users to decide if they will opt into the semantics
of merging two Authentication instances.
Closes gh-18126
1 month ago
ccd39a23c9
Only perform MFA if Authentication.getName() is the same
...
Closes gh-18112
1 month ago
793820acfa
Remove Authority Copying From Reactive
...
We will re-address this when adding factors to
ReactiveAuthenticationManager implementations.
Issue gh-2603
1 month ago
b6ed037c39
Document device_code grant disabled by default
...
Issue gh-17998
2 months ago
5da0cbea4b
Document OAuth 2.0 Dynamic Client Registration support
...
Issue gh-17964
2 months ago
e6b4d461e7
Fix OAuth2AuthorizationServerJacksonModule type validator configuration
...
Closes gh-18102
2 months ago
4daf089e46
Merge remote-tracking branch 'origin/6.5.x'
2 months ago
6501e97ece
Fix sensitive case in JwtTypeValidator
...
Closes gh-18092
Signed-off-by: namest504 <namest504@gmail.com>
2 months ago
ee49c18ce2
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.34.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
f0afca7610
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.18.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
8b0689cbb8
Bump org.hibernate.orm:hibernate-core from 6.6.33.Final to 6.6.34.Final
...
Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm ) from 6.6.33.Final to 6.6.34.Final.
- [Release notes](https://github.com/hibernate/hibernate-orm/releases )
- [Changelog](https://github.com/hibernate/hibernate-orm/blob/6.6.34/changelog.txt )
- [Commits](https://github.com/hibernate/hibernate-orm/compare/6.6.33...6.6.34 )
---
updated-dependencies:
- dependency-name: org.hibernate.orm:hibernate-core
dependency-version: 6.6.34.Final
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
28e158d1cb
Bump com.fasterxml.jackson:jackson-bom from 2.18.4.1 to 2.18.5
...
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 2.18.4.1 to 2.18.5.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.18.4.1...jackson-bom-2.18.5 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.18.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
3a84894bf4
Revert "Add AuthorizationProxyMixin"
...
This reverts commit 743817fc15
2 months ago
90855aa128
Missing response_type in POST authorization request returns invalid_request
...
Issue https://github.com/spring-projects/spring-authorization-server/issues/2226
2 months ago
36f1f2ca4f
Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 2.2.20 to 2.2.21
...
Bumps [org.jetbrains.kotlin:kotlin-gradle-plugin](https://github.com/JetBrains/kotlin ) from 2.2.20 to 2.2.21.
- [Release notes](https://github.com/JetBrains/kotlin/releases )
- [Changelog](https://github.com/JetBrains/kotlin/blob/v2.2.21/ChangeLog.md )
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.20...v2.2.21 )
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin
dependency-version: 2.2.21
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
46b6744b42
Bump org.jetbrains.kotlin:kotlin-bom from 2.2.20 to 2.2.21
...
Bumps [org.jetbrains.kotlin:kotlin-bom](https://github.com/JetBrains/kotlin ) from 2.2.20 to 2.2.21.
- [Release notes](https://github.com/JetBrains/kotlin/releases )
- [Changelog](https://github.com/JetBrains/kotlin/blob/v2.2.21/ChangeLog.md )
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.2.20...v2.2.21 )
---
updated-dependencies:
- dependency-name: org.jetbrains.kotlin:kotlin-bom
dependency-version: 2.2.21
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
9f7e92d6f2
Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1
...
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 3.0.0 to 3.0.1.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.0...jackson-bom-3.0.1 )
---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
dependency-version: 3.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
727f0e27d6
Merge branch '6.5.x'
2 months ago
f548aaf5c5
Merge branch '6.4.x' into 6.5.x
2 months ago
743817fc15
Add AuthorizationProxyMixin
...
This commit adds Jackson configuration specific to
authorization proxies created by Spring Security
Closes gh-18077
2 months ago
fb701e4615
Merge remote-tracking branch 'origin/6.5.x'
2 months ago
1c112005fa
Don't Attempt to Generate Token Without Valid Token Request
...
Closes gh-18088
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2 months ago
e0a71eb00e
Fix GenerateOneTimeTokenRequestResolver ignored if username param not present
...
Signed-off-by: Marcus Hert da Coregio <marcusdacoregio@gmail.com>
2 months ago
69d28dc35b
Merge branch '6.5.x'
2 months ago
42ddaba870
Next Development Version
2 months ago
da46ba2619
Update Password Samples for Nullability
...
Issue gh-16226
2 months ago
a406f5fe2d
Merge remote-tracking branch 'origin/6.5.x'
2 months ago
dcb4e47cd5
Add Include-Code to the Password Storage page
...
References gh-16226
Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
2 months ago
82f87cf2b6
Next Development Version
2 months ago
0a2f55d485
Clarify Nullability in Granted Authority Lambda
...
Issue gh-17999
2 months ago
9b61533db2
Mark `GrantedAuthority#getAuthority` as `@Nullable`
...
Closes: gh-17999
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
2 months ago
eb43830260
Polish JavaDoc
...
1. Removed comment about not changing field name in a
serialized object as this is true for all fields in a
Java-serialize POJO
2. Added example value for the constructor that demonstrates
the relationship between a role and an authority
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2 months ago
b55c28cf25
Polish SimpleGrantedAuthority
...
1. Add Javadoc to state that role is prefixed.
2. Rename constructor argument from `role` to `authority` for better readability.
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2 months ago
0927bed66a
📔 Documentation
...
1. Correct the org.springframework.security.config.annotation.web.LogoutDsl's property description
Signed-off-by: Simon Von <g1672943850@gmail.com>
2 months ago
9ed446e6f5
Next Development Version
2 months ago
d5e6da5aba
Release 7.0.0-RC1
2 months ago
4d2bd30c75
Update to Reactor 2025.0.0-RC1
...
Closes gh-18087
2 months ago
5acad99852
Revert "Release 7.0.0-RC1"
...
This reverts commit e616688f56
2 months ago
Rob Winch
Daniel Garnier-Moiroux
Josh Cummings
github-actions[bot]
Joe Grandja
namest504
dependabot[bot]
Marcus Hert da Coregio
Himanshu Pareek
Andrey Litvitski
Yanming Zhou
Simon Von