e8028e15c0
Merge branch 'gradle/6.3.x/org.apache.maven-maven-resolver-provider-3.9.10' into 6.3.x
10 months ago
482eb0e2cd
Bump io-spring-javaformat from 0.0.45 to 0.0.46
10 months ago
b0f8aa5ea0
Fix to allow multiple AuthenticationFilter instances to process each request
...
Closes gh-17173
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
10 months ago
f75ac6c837
Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10
...
Bumps org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10.
---
updated-dependencies:
- dependency-name: org.apache.maven:maven-resolver-provider
dependency-version: 3.9.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
5e56fc13be
Bump io-spring-javaformat from 0.0.45 to 0.0.46
...
Bumps `io-spring-javaformat` from 0.0.45 to 0.0.46.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46 )
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.45 to 0.0.46
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.45...v0.0.46 )
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-version: 0.0.46
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-version: 0.0.46
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
c0568ea9b0
Log Request Mismatch Only When Mismatches
...
Signed-off-by: Joaquin Santana <joaquinjsb@outlook.com>
11 months ago
4048b2bd7d
Use `HttpStatus` in BackChannel Logout Filters
...
Closes gh-17125
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
11 months ago
86acba9d22
Bump io-spring-javaformat from 0.0.43 to 0.0.45
...
Bumps `io-spring-javaformat` from 0.0.43 to 0.0.45.
Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.43 to 0.0.45
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45 )
Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.43 to 0.0.45
- [Release notes](https://github.com/spring-io/spring-javaformat/releases )
- [Commits](https://github.com/spring-io/spring-javaformat/compare/v0.0.43...v0.0.45 )
---
updated-dependencies:
- dependency-name: io.spring.javaformat:spring-javaformat-checkstyle
dependency-version: 0.0.45
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin
dependency-version: 0.0.45
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
a4cd6f4278
Advise Overriding equals() and hashCode() in UserDetails Implementations
...
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.
The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.
I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.
Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
11 months ago
5da31ab8a8
Use spring-io/codeql-actions
11 months ago
cae3467a8d
Improve AbstractPreAuthenticatedProcessingFilter docs
...
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.
Closes gh-14137
Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
11 months ago
a17b2a18d9
Bump org.springframework.data:spring-data-bom
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.0.11 to 2024.0.12.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.11...2024.0.12 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.0.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
0cbc38cdd6
Bump org.springframework:spring-framework-bom from 6.1.19 to 6.1.20
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.1.19 to 6.1.20.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.19...v6.1.20 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.1.20
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
eb30fd7f59
Add Missing Header
...
Issue gh-11161
11 months ago
260d298cc5
Add Migration Guide from Spring Security SAML Extension
...
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.
Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback
Closes gh-11161
Signed-off-by: snowykte0426 <snowykte0426@naver.com>
11 months ago
78a60d0d84
Bump io.projectreactor:reactor-bom from 2023.0.17 to 2023.0.18
...
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor ) from 2023.0.17 to 2023.0.18.
- [Release notes](https://github.com/reactor/reactor/releases )
- [Commits](https://github.com/reactor/reactor/compare/2023.0.17...2023.0.18 )
---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
dependency-version: 2023.0.18
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
a001f27690
Bump org-apache-maven-resolver from 1.9.22 to 1.9.23
...
Bumps `org-apache-maven-resolver` from 1.9.22 to 1.9.23.
Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23 )
Updates `org.apache.maven.resolver:maven-resolver-impl` from 1.9.22 to 1.9.23
- [Release notes](https://github.com/apache/maven-resolver/releases )
- [Commits](https://github.com/apache/maven-resolver/compare/maven-resolver-1.9.22...maven-resolver-1.9.23 )
Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.22 to 1.9.23
---
updated-dependencies:
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
dependency-version: 1.9.23
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-impl
dependency-version: 1.9.23
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
dependency-version: 1.9.23
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
27319e3f9b
Add missing registration property in YAML listing
...
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
11 months ago
ec462e8bc5
Update assertingparty property usage in YAML snippets
...
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.
Closes gh-12810.
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
11 months ago
a4111a606b
Bump io.spring.gradle:spring-security-release-plugin from 1.0.5 to 1.0.6
...
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools ) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.5...v1.0.6 )
---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
dependency-version: 1.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
11 months ago
505fe3abed
Correct method name
...
Closes gh-17031
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
11 months ago
9710492619
remove update-dependabot action
11 months ago
9436796973
Use pull-request: write for gradlew updates
...
Explicitly provide the permissions required for updating the Gradle
wrapper
11 months ago
51239359ed
Fix ClearSiteData Code Snippet
...
Closes gh-16948
11 months ago
e48f26e51e
Propagate StrictFirewallRequest Wrapper
...
Closes gh-16978
11 months ago
3b7e3a6c5c
codeql uses ubuntu-latest
11 months ago
a04025c114
rm mark-duplicate-dependabot-prs.yml
11 months ago
1564076276
Remove automerge forward
11 months ago
ae09f36291
Add .github/workflows/codeql.yml
11 months ago
bcef6ed74f
Reformatted lines in x509 overview documentation
...
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
11 months ago
c8581683da
Bump Gradle Wrapper from 8.13 to 8.14.
...
Release notes of Gradle 8.14 can be found here:
https://docs.gradle.org/8.14/release-notes.html
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
11 months ago
f631a0fcd5
Polish ClientRegistrationsTests
...
Simplified the assertion so that it is focused on the core
behavior being verified. This will likely also make the test
more stable when updating Spring Framework versions.
Issue gh-16860
11 months ago
0e84f31a00
Add ClientRegistration's RestClient failed attempts information to exception message
...
Closes gh-16860
Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
11 months ago
9c76ab69f0
Use proper configuration key
...
the getter method is `getOpaquetoken()` not `getOpaqueToken()`
See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)
11 months ago
5354e4d2c5
Check for Null Issuer
...
Closes gh-16989
11 months ago
db48d4ca50
rm merge-dependabot-pr.yml from Unsupported Branch
11 months ago
547d174f3e
Fix Formatting
12 months ago
d2d1275b39
Fix IllegalArgumentException message for unknown Argon2 types
...
Array index 0 points to an empty string. Use index 1 instead.
Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
12 months ago
7bf776ec38
Bump org.springframework.data:spring-data-bom
...
Bumps [org.springframework.data:spring-data-bom](https://github.com/spring-projects/spring-data-bom ) from 2024.0.10 to 2024.0.11.
- [Release notes](https://github.com/spring-projects/spring-data-bom/releases )
- [Commits](https://github.com/spring-projects/spring-data-bom/compare/2024.0.10...2024.0.11 )
---
updated-dependencies:
- dependency-name: org.springframework.data:spring-data-bom
dependency-version: 2024.0.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
e47a6714a5
Update to io.spring.gradle:spring-security-release-plugin:1.0.5
...
Closes gh-6.3.10
12 months ago
b9cae82b89
Next development version
12 months ago
f6354250a1
Release 6.3.9
12 months ago
a5d963387b
Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19
...
Bumps [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework ) from 6.1.18 to 6.1.19.
- [Release notes](https://github.com/spring-projects/spring-framework/releases )
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.1.18...v6.1.19 )
---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
dependency-version: 6.1.19
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
99c4f58c34
Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12
...
Bumps [org.springframework.ldap:spring-ldap-core](https://github.com/spring-projects/spring-ldap ) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/spring-projects/spring-ldap/releases )
- [Changelog](https://github.com/spring-projects/spring-ldap/blob/main/changelog.txt )
- [Commits](https://github.com/spring-projects/spring-ldap/compare/3.2.11...3.2.12 )
---
updated-dependencies:
- dependency-name: org.springframework.ldap:spring-ldap-core
dependency-version: 3.2.12
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
c1aa99fdd2
Enforce BCrypt password length for new passwords only
...
Closes gh-16802
12 months ago
eb01394427
Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17
...
Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor ) from 2023.0.16 to 2023.0.17.
- [Release notes](https://github.com/reactor/reactor/releases )
- [Commits](https://github.com/reactor/reactor/compare/2023.0.16...2023.0.17 )
---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
dependency-version: 2023.0.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
0d3d6f75f8
Bump org-aspectj from 1.9.22.1 to 1.9.24
...
Bumps `org-aspectj` from 1.9.22.1 to 1.9.24.
Updates `org.aspectj:aspectjrt` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases )
- [Commits](https://github.com/eclipse/org.aspectj/commits )
Updates `org.aspectj:aspectjweaver` from 1.9.22.1 to 1.9.24
- [Release notes](https://github.com/eclipse/org.aspectj/releases )
- [Commits](https://github.com/eclipse/org.aspectj/commits )
---
updated-dependencies:
- dependency-name: org.aspectj:aspectjrt
dependency-version: 1.9.24
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: org.aspectj:aspectjweaver
dependency-version: 1.9.24
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
eb83c35ded
Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4
...
Bumps [io.spring.gradle:spring-security-release-plugin](https://github.com/spring-io/spring-security-release-tools ) from 1.0.3 to 1.0.4.
- [Release notes](https://github.com/spring-io/spring-security-release-tools/releases )
- [Commits](https://github.com/spring-io/spring-security-release-tools/compare/v1.0.3...v1.0.4 )
---
updated-dependencies:
- dependency-name: io.spring.gradle:spring-security-release-plugin
dependency-version: 1.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
12 months ago
3c0fef59b5
Polish gh-16039
...
Closes gh-16038
1 year ago
da94fbe431
Evaluate URI query parameter only if enabled
...
Issue gh-16038
1 year ago
Rob Winch
Andrey Litvitski
dependabot[bot]
Joaquin Santana
Gurunathan
Mark Putsiata
Josh Cummings
snowykte0426
Danilo Piazzalunga
Tran Ngoc Nhan
Soumik Sarker
github-actions[bot]
Evgeniy Cheban
Yanming Zhou
Roman Trapickin
Joe Grandja
Steve Riesenberg
Jonah Klöckner