56a23d9ddc
Release 6.5.6
2 months ago
dc5aed9b5f
Release 6.4.12
2 months ago
9c7b34a48b
Favor Relative Redirects by Default
...
Closes gh-16300
2 months ago
d5d7fd414d
Update What's New
2 months ago
491a3e8f68
Update to Spring LDAP 4.0.0-RC1
...
Closes gh-18086
2 months ago
43d20ea91f
Update to Spring Data 2025.1.0-RC1
...
Closes gh-18085
2 months ago
24241d0384
Update to Spring Framework 7.0.0-RC1
...
Closes gh-18084
2 months ago
cb8c2b090c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
e94de4d0e3
Merge branch '6.5.x'
2 months ago
cb994aad6c
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
2 months ago
6f6ee0c060
Bump org.springframework.data:spring-data-bom from 2024.1.10 to 2024.1.11
2 months ago
9cecc2cf09
Merge branch '6.4.x' into 6.5.x
2 months ago
f19c9c8625
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
2 months ago
95abf61c88
Refine Jackson 3 format description
2 months ago
22cbb13f7d
Add comments to SQL-scripts to ensure robust timezone handling
...
Issue https://github.com/spring-projects/spring-authorization-server/pull/2217
2 months ago
fc8b6b5863
Return PAR endpoint metadata only when enabled
...
Issue https://github.com/spring-projects/spring-authorization-server/issues/2219
2 months ago
8b89e31e3d
Bump org.springframework.data:spring-data-bom
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.1.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
67b15be917
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
217a29e6ba
Bump org.springframework.data:spring-data-bom
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.1.10 to 2024.1.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.1.10...2024.1.11 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.1.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
b2d6380633
Bump ch.qos.logback:logback-classic from 1.5.19 to 1.5.20
...
Bumps [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback ) from 1.5.19 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases )
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.19...v_1.5.20 )
---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
dependency-version: 1.5.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
9dc27bee03
Link to gh-18077
2 months ago
a181733365
Encapsulate GenericHttpMessageConverterAdapter
...
This will allow its removal in gh-18073
2 months ago
51e8f8f1c6
Deprecate WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter)
...
This makes sense given that Framework's new Jackson support is a
SmartHttpMessageConverter. Additionally,
GenericHttpMessageConverterAdapter is now package private to encapsulate
it.
Issue gh-18073
2 months ago
d309f1887e
Remove Extra Blank Line from CoreJacksonModule
2 months ago
5e851e0b26
Remove JdbcOAuth2AuthorizationService.Mapper
...
- We should not introduce an unnecessary public API
- It would need to be removed when Jackson 2 support was removed, but
was required to configure Jackson 3 support
- There are already existing interfaces that could be used
- OAuth2AuthorizationRowMapper & OAuth2AuthorizationParametersMapper had
unnecessary breaking changes by removing getter/setter for ObjectMapper
- To prevent NoClassDefFoundErrors all optional (Jackson) dependencies
need to be on different classes & we wish to preserve the existing
accessors for ObjectMapper which is this uses subclasses
- With added TestAuthenticationTokenMixin support, no need to explicitly
add it in tests
2 months ago
803936cfbe
JacksonDelegate uses SecurityJacksonModules
2 months ago
50568da1e5
Add Jackson 3 TestingAuthenticationToken Support
...
Without this many of the tests fail when using Jackson 3
2 months ago
8f8a25533a
Refine documentation for Jackson 3
...
This commit refines the documentation by:
- Updating Jackson documentation for Jackson 3
- Removing the outdated documentation in servlet
- Adding migration guidelines
Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
137f8fd670
Add support for JacksonJsonHttpMessageConverter
...
This commit introduces classpath checks and instantiation of
JacksonJsonHttpMessageConverter (based on Jackson 3) leveraging
a new GenericHttpMessageConverterAdapter which allows to adapt
SmartHttpMessageConverter to GenericHttpMessageConverter.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
702a177e25
Add webauthn Jackson 3 support and deprecate Jackson 2 one
...
Since this module was already using the jackson sub-package for Jackson 2
support, both Jackson 2 and Jackson 3 support lives in the same subpackage
and the former package-private classes has been renamed with a Jackson2
qualifier.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
48854c3ac9
Deprecate Jackson 2 support
...
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
65a14d6c6d
Add Jackson 3 support
...
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
- jackson subpackage instead of jackson2
- Jackson type prefix instead of Jackson2
- JsonMapper instead of ObjectMapper
- For configuration, JsonMapper.Builder instead of ObjectMapper
since the latter is now immutable
- Remove custom support for unmodifiable collections
- Use safe default typing via a PolymorphicTypeValidator
Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md .
This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
916a687b29
Add Jackson 3 BOM
...
See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
762fcbb516
Add .kotlin/ to .gitignore
...
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
2 months ago
fc795a81d4
PAR uses requested scopes on consent
...
Issue https://github.com/spring-projects/spring-authorization-server/pull/2182
2 months ago
4bc319883b
Address Nullability
2 months ago
cb7a6292b7
Bump io.spring.nullability:io.spring.nullability.gradle.plugin
...
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin ) from 0.0.5 to 0.0.6.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases )
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.5...v0.0.6 )
---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
dependency-version: 0.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
bbf6a4e786
Merge branch '6.5.x'
2 months ago
ba2619cb8a
Merge remote-tracking branch 'origin/6.4.x' into 6.5.x
2 months ago
43c53c3b78
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
b1e16cd147
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
9961e6d56c
Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.2.11 to 6.2.12.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.11...v6.2.12 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.2.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
cbad2ff5ca
Bump org.springframework.ldap:spring-ldap-core from 3.2.14 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.14...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
63c8b0faa3
Bump org.springframework.ldap:spring-ldap-core from 3.2.13 to 3.2.15
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.13 to 3.2.15.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.13...3.2.15 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
a435175723
Clean Up Generic Typing in Builder
...
Issue gh-17997
2 months ago
4b810a8971
Disallow usage of the openid scope in device authorization requests
...
Issue https://github.com/spring-projects/spring-authorization-server/pull/2177
2 months ago
0d261e9c32
Remove setOidcUserMapper() in OidcUserService and OidcReactiveOAuth2UserService
...
Closes gh-18060
2 months ago
c5e141ad07
Change JavaDoc to FactorGrantedAuthority
...
Issue gh-18030
2 months ago
ba42b9c4cc
Update Documentation for All-Factor Propagation
...
Issue gh-18000
2 months ago
b1a50a25b6
Check If toBuilder Is Implemented
...
Since RC1 is right around the corner, let's change the API
footprint as little as possible by using reflection to check
if a class has declared toBuilder themselves. If they have, we
can assume that that class's builder will produce that class.
Issue gh-18052
2 months ago
github-actions[bot]
Josh Cummings
Rob Winch
dependabot[bot]
Joe Grandja
Sébastien Deleuze