bafd4034a0
Provide RestClientSpringOpaqueTokenIntrospector
...
Since similar classes have alternative versions using RestClient instead
of RestTemplate, I think we should do the same with this class.
Closes: gh-18745
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1 month ago
ca34ec26d8
This commit fixes the @param tag typo in ClientAttributes.java
...
to ensure the Javadoc build passes.
Signed-off-by: kimyounguk1 <kyw020108@gmail.com>
Fix javadoc @param typo in ClientAttributes
Signed-off-by: kimyounguk1 <kyw020108@gmail.com>
1 month ago
30dd328272
Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient
...
Replaces SpringSecurityLdapTemplate with LdapClient for user search
operations.
Closes: gh-17291
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1 month ago
9f9bc0f729
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3
1 month ago
0bb697c4a7
Merge HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3
1 month ago
fb84e24893
HttpMessageConverterAuthenticationSuccessHandler Supports Jackson 3
...
Closes gh-18804
1 month ago
b19e0e1ff3
Bump com.webauthn4j:webauthn4j-core
...
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j ) from 0.31.0.RELEASE to 0.31.1.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases )
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.31.0.RELEASE...0.31.1.RELEASE )
---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
dependency-version: 0.31.1.RELEASE
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
c869565ab6
Bump io.spring.nullability:io.spring.nullability.gradle.plugin
...
Bumps [io.spring.nullability:io.spring.nullability.gradle.plugin](https://github.com/spring-gradle-plugins/nullability-plugin ) from 0.0.11 to 0.0.12.
- [Release notes](https://github.com/spring-gradle-plugins/nullability-plugin/releases )
- [Commits](https://github.com/spring-gradle-plugins/nullability-plugin/compare/v0.0.11...v0.0.12 )
---
updated-dependencies:
- dependency-name: io.spring.nullability:io.spring.nullability.gradle.plugin
dependency-version: 0.0.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
6118557b3e
Bump org.mockito:mockito-bom from 5.21.0 to 5.22.0
...
Bumps [org.mockito:mockito-bom](https://github.com/mockito/mockito ) from 5.21.0 to 5.22.0.
- [Release notes](https://github.com/mockito/mockito/releases )
- [Commits](https://github.com/mockito/mockito/compare/v5.21.0...v5.22.0 )
---
updated-dependencies:
- dependency-name: org.mockito:mockito-bom
dependency-version: 5.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
b9f974b18f
Remove compiler warnings for spring-security-config
...
Signed-off-by: 023-dev <0_2_3@naver.com>
1 month ago
e43275d1db
Bump minimatch from 3.1.2 to 3.1.5 in /javascript
...
Bumps [minimatch](https://github.com/isaacs/minimatch ) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md )
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5 )
---
updated-dependencies:
- dependency-name: minimatch
dependency-version: 3.1.5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
18995c89ee
Bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
1 month ago
0c42016781
Merge branch '7.0.x'
1 month ago
1575610d49
Add Tests
...
Issue gh-18486
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
3a14745d92
Delegate calls of hasAuthority to AuthorizationManager#hasAuthority
...
Closes gh-18486
Signed-off-by: Michael Lück <michael@lueckonline.net>
1 month ago
bd51ecd691
Merge branch '7.0.x'
1 month ago
c29af014f4
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
1 month ago
4501ae7d1c
Update Reactive Resource Server startup exceptations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
48112d3d74
Polish Resource Server startup expectations
...
Issue gh-16708
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
b8735abb63
Clarify Resource Server startup expectations
...
Clarify that Spring Boot defers OIDC discovery by default.
Closes gh-16708
Signed-off-by: [CLOUD4] 한현 <gusgus1467@naver.com>
1 month ago
50caf0cb28
Merge branch '7.0.x'
1 month ago
7c3c8bbdcb
Update Remember-Me example
...
Closes gh-18639
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
1 month ago
b7dbb12c66
Merge branch '7.0.x'
1 month ago
731848d5d3
Merge branch '6.5.x' into 7.0.x
1 month ago
eb25bbaa24
Merge branch '7.0.x'
1 month ago
68a02ff176
Update Link to CRSF Docs in FAQ
...
Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
1 month ago
ee97c83042
Update request-matcher schema and XML tests to use path
...
Closes gh-18641
Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
1 month ago
6304ea78cc
Merge branch '7.0.x'
1 month ago
10b835693c
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
1 month ago
ba12f5e6d0
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27
...
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
f37a706d62
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27
...
Bumps `org-apache-maven-resolver` from 1.9.26 to 1.9.27.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.26 to 1.9.27
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.26...maven-resolver-1.9.27 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.26 to 1.9.27
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.27
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
e30d9240c9
Add Docs for Custom Jwt Principal Converters
...
Issue gh-6237
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
c208410a91
Polish Jwt Authentication Converter
...
- Replace conditional logic with adapter class
- Added tests
Issue gh-6237
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
aabc9fc1cc
Support Custom Principal in Jwt Authentication Flow
...
Closes gh-6237
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1 month ago
d3474e704f
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
1 month ago
b48967eebc
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
1 month ago
522c48b3b5
Merge Add Missing OnCommitedResponseWrapper Header Overrides
...
Add Missing OnCommitedResponseWrapper Header Overrides
1 month ago
9cc3161055
Merge Add Missing OnCommitedResponseWrapper Header Overrides
1 month ago
6898de8003
Merge Add Missing OnCommitedResponseWrapper Header Overrides
1 month ago
1dae9aa459
Add Missing OnCommitedResponseWrapper Header Overrides
...
Spring Security's `OnCommitedResponseWrapper` does not override the `setHeader`, `setIntHeader`, `addIntHeader`
methods. This means that if the `Content-Length` response header is specified using any of those methods then
the response body length is not tracked and can be committed before the response headers are written.
Spring Security should override the missing methods and track `Content-Length` as is already done for `addHeader`.
This issue is the underlying problem for spring-projects/spring-framework#36381
Closes gh-18797
1 month ago
4b0be84a0e
Merge branch '7.0.x'
1 month ago
73ee893d98
Merge remote-tracking branch 'origin/6.5.x' into 7.0.x
1 month ago
bec25edeb0
Merge pull request #18566 from Hann244/docs/gh-16530-jsp-method-attribute
...
Clarify need for method attribute in JSP authorize tag
1 month ago
4d43edfb20
Polish Documentation
...
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format
Issue gh-16530
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
1 month ago
9f9699f8a5
Clarify need for method attribute in JSP authorize tag
...
Closes gh-16530
This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.
Signed-off-by: onhann <gusgus1467@naver.com>
1 month ago
6d4726bfb7
Mark targetDomainObject as `@Nullable` in PermissionEvaluator
...
Closes: gh-18259
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1 month ago
d31ca7a758
Fix SecurityContextLogoutHandler.logout @param response Javadoc (cannot be null)
...
Closes gh-18357
1 month ago
ac06067d02
Revert "Mark targetDomainObject as `@Nullable` in PermissionEvaluator"
...
This reverts commit 9f1381c382
1 month ago
9f1381c382
Mark targetDomainObject as `@Nullable` in PermissionEvaluator
...
Closes: gh-18259
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
1 month ago
f700aeac0f
Bump tools.jackson:jackson-bom from 3.0.4 to 3.1.0
...
Bumps [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom ) from 3.0.4 to 3.1.0.
- [Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-3.0.4...jackson-bom-3.1.0 )
---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
dependency-version: 3.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
1 month ago
Andrey Litvitski
kimyounguk1
Rob Winch
dependabot[bot]
023-dev
Josh Cummings
Michael Lück
[CLOUD4] 한현
Tran Ngoc Nhan
Guillaume Husta
Menashe Eliezer