Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

master->main 

Closes gh-9683
This commit is contained in:
Rob Winch 2021-04-26 16:50:35 -05:00
parent 32ac31c101
commit 006b9b9607
14 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/continuous-integration-workflow.yml vendored
View File

@ -3,7 +3,7 @@ name: CI
on: on:
push: push:
branches: branches:
- master - main
schedule: schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC - cron: '0 10 * * *' # Once per day at 10am UTC
workflow_dispatch: # Manual trigger workflow_dispatch: # Manual trigger
@ -102,16 +102,16 @@ jobs:
uses: actions/setup-java@v1 uses: actions/setup-java@v1
with: with:
java-version: '11' java-version: '11'
- name: Run Sonar on given (non-master) branch - name: Run Sonar on given (non-main) branch
if: ${{ github.ref != 'refs/heads/master' }} if: ${{ github.ref != 'refs/heads/main' }}
run: | run: |
export BRANCH=${GITHUB_REF#refs/heads/} export BRANCH=${GITHUB_REF#refs/heads/}
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER" export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD" export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY" export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.projectKey="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.projectName="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace ./gradlew sonarqube -PartifactoryUsername="$ARTIFACTORY_USERNAME" -PartifactoryPassword="$ARTIFACTORY_PASSWORD" -PexcludeProjects='**/samples/**' -Dsonar.projectKey="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.projectName="spring-security-${GITHUB_REF#refs/heads/}" -Dsonar.host.url="$SONAR_URL" -Dsonar.login="$SONAR_TOKEN" --stacktrace
- name: Run Sonar on master - name: Run Sonar on main
if: ${{ github.ref == 'refs/heads/master' }} if: ${{ github.ref == 'refs/heads/main' }}
run: | run: |
export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER" export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD" export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"

6
CONTRIBUTING.adoc
View File

@ -4,7 +4,7 @@ _Please refer back to this document as a checklist before issuing any pull reque
= Code of Conduct = Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct]. Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct].
= Similar but different = Similar but different
@ -43,9 +43,9 @@ If you're considering anything more than correcting a typo or fixing a minor bug
If you have not previously done so, please fill out and submit the https://cla.pivotal.io/sign/spring[Contributor License Agreement]. If you have not previously done so, please fill out and submit the https://cla.pivotal.io/sign/spring[Contributor License Agreement].
= Create your branch from master = Create your branch from main
Create your topic branch to be submitted as a pull request from master. The Spring team will consider your pull request for backporting on a case-by-case basis; you don't need to worry about submitting anything for backporting. Create your topic branch to be submitted as a pull request from main. The Spring team will consider your pull request for backporting on a case-by-case basis; you don't need to worry about submitting anything for backporting.
= Use short branch names = Use short branch names

6
README.adoc
View File

@ -1,6 +1,6 @@
image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge] image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]
image:https://github.com/spring-projects/spring-security/workflows/CI/badge.svg?branch=master["Build Status", link="https://github.com/spring-projects/spring-security/actions?query=workflow%3ACI"] image:https://github.com/spring-projects/spring-security/workflows/CI/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-security/actions?query=workflow%3ACI"]
image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Gradle Enterprise", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"] image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Gradle Enterprise", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"]
@ -12,7 +12,7 @@ a minimum and also requires Java 8.
For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects]. For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].
== Code of Conduct == Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct] Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct]
== Downloading Artifacts == Downloading Artifacts
See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting[Getting Spring Security] for how to obtain Spring Security. See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting[Getting Spring Security] for how to obtain Spring Security.
@ -60,7 +60,7 @@ Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring
https://spring.io/services[Commercial support] is available too. https://spring.io/services[Commercial support] is available too.
== Contributing == Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc[contributor guidelines] for details. https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[contributor guidelines] for details.
== License == License
Spring Security is Open Source software released under the Spring Security is Open Source software released under the

2
buildSrc/src/main/java/org/springframework/gradle/sagan/SaganApi.java
View File

@ -23,7 +23,7 @@ import java.io.IOException;
import java.util.Base64; import java.util.Base64;
/** /**
* Implements necessary calls to the Sagan API See https://github.com/spring-io/sagan/blob/master/sagan-site/src/docs/asciidoc/index.adoc * Implements necessary calls to the Sagan API See https://spring.io/restdocs/index.html
*/ */
public class SaganApi { public class SaganApi {
private String baseUrl = "https://spring.io/api"; private String baseUrl = "https://spring.io/api";

2
docs/guides/spring-security-docs-guides.gradle
View File

@ -28,7 +28,7 @@ ext.spec = copySpec {
} }
def getDownloadUrl() { def getDownloadUrl() {
snapshotBuild ? "https://github.com/spring-projects/spring-security/archive/master.zip" : "https://github.com/spring-projects/spring-security/archive/${project.version}.zip" snapshotBuild ? "https://github.com/spring-projects/spring-security/archive/main.zip" : "https://github.com/spring-projects/spring-security/archive/${project.version}.zip"
} }

2
docs/guides/src/docs/asciidoc/Guardfile
View File

@ -5,7 +5,7 @@ guard 'shell' do
watch(/^.*\.asc$/) {|m| watch(/^.*\.asc$/) {|m|
Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'revnumber' => '3.2.0.CI-SNAPSHOT', Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'revnumber' => '3.2.0.CI-SNAPSHOT',
'spring-security-version' => '3.2.0.CI-SNAPSHOT', 'spring-security-version' => '3.2.0.CI-SNAPSHOT',
'download-url' => 'https://github.com/spring-projects/spring-security/archive/master.zip', 'download-url' => 'https://github.com/spring-projects/spring-security/archive/main.zip',
'include-maven-repository' => '_includes/maven-repository-snapshot.asc' }) 'include-maven-repository' => '_includes/maven-repository-snapshot.asc' })
} }
end end

2
docs/manual/spring-security-docs-manual.gradle
View File

@ -14,7 +14,7 @@ asciidoctor {
} }
asciidoctorj { asciidoctorj {
def ghTag = snapshotBuild ? 'master' : project.version def ghTag = snapshotBuild ? 'main' : project.version
def ghUrl = "https://github.com/spring-projects/spring-security/tree/$ghTag" def ghUrl = "https://github.com/spring-projects/spring-security/tree/$ghTag"
attributes 'spring-security-version' : project.version, attributes 'spring-security-version' : project.version,
'spring-boot-version' : springBootVersion, 'spring-boot-version' : springBootVersion,

2
docs/manual/src/docs/asciidoc/_includes/about/community.adoc
View File

@ -19,7 +19,7 @@ The following are some of the best ways to get help:
== Becoming Involved == Becoming Involved
We welcome your involvement in the Spring Security project. We welcome your involvement in the Spring Security project.
There are many ways to contribute, including answering questions on Stack Overflow, writing new code, improving existing code, assisting with documentation, developing samples or tutorials, reporting bugs, or simply making suggestions. There are many ways to contribute, including answering questions on Stack Overflow, writing new code, improving existing code, assisting with documentation, developing samples or tutorials, reporting bugs, or simply making suggestions.
For more information, see our https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc[Contributing] documentation. For more information, see our https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[Contributing] documentation.
[[community-source]] [[community-source]]
== Source Code == Source Code

2
docs/manual/src/docs/asciidoc/_includes/reactive/x509.adoc
View File

@ -49,4 +49,4 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
In this example, a username is extracted from the OU field of a client certificate instead of CN, and account lookup using `ReactiveUserDetailsService` is not performed at all. Instead, if the provided certificate issued to an OU named "Trusted Org Unit", a request will be authenticated. In this example, a username is extracted from the OU field of a client certificate instead of CN, and account lookup using `ReactiveUserDetailsService` is not performed at all. Instead, if the provided certificate issued to an OU named "Trusted Org Unit", a request will be authenticated.
For an example of configuring Netty and `WebClient` or `curl` command-line tool to use mutual TLS and enable X.509 authentication, please refer to https://github.com/spring-projects/spring-security/tree/master/samples/boot/webflux-x509. For an example of configuring Netty and `WebClient` or `curl` command-line tool to use mutual TLS and enable X.509 authentication, please refer to https://github.com/spring-projects/spring-security-samples/tree/main/servlet/java-configuration/authentication/x509.

2
docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc
View File

@ -4,7 +4,7 @@ This appendix provides a reference to the elements available in the security nam
If you haven't used the namespace before, please read the <<ns-config,introductory chapter>> on namespace configuration, as this is intended as a supplement to the information there. If you haven't used the namespace before, please read the <<ns-config,introductory chapter>> on namespace configuration, as this is intended as a supplement to the information there.
Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose. Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose.
The namespace is written in https://relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema. The namespace is written in https://relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema.
If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/master/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc[schema file] directly. If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/main/config/src/main/resources/org/springframework/security/config/spring-security-4.1.rnc[schema file] directly.
[[nsa-web]] [[nsa-web]]
=== Web Application Security === Web Application Security

1
docs/manual/src/docs/asciidoc/_includes/servlet/integrations/servlet-api.adoc
View File

@ -1,7 +1,6 @@
[[servletapi]] [[servletapi]]
== Servlet API integration == Servlet API integration
This section describes how Spring Security is integrated with the Servlet API. This section describes how Spring Security is integrated with the Servlet API.
The https://github.com/spring-projects/spring-security/tree/master/samples/xml/servletapi[servletapi-xml] sample application demonstrates the usage of each of these methods.
[[servletapi-25]] [[servletapi-25]]

2
docs/manual/src/docs/asciidoc/_includes/servlet/integrations/websocket.adoc
View File

@ -4,8 +4,6 @@
Spring Security 4 added support for securing https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html[Spring's WebSocket support]. Spring Security 4 added support for securing https://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html[Spring's WebSocket support].
This section describes how to use Spring Security's WebSocket support. This section describes how to use Spring Security's WebSocket support.
NOTE: You can find a complete working sample of WebSocket security at https://github.com/spring-projects/spring-session/tree/master/spring-session-samples/spring-session-sample-boot-websocket.
.Direct JSR-356 Support .Direct JSR-356 Support
**** ****
Spring Security does not provide direct JSR-356 support because doing so would provide little value. Spring Security does not provide direct JSR-356 support because doing so would provide little value.

2
docs/manual/src/docs/asciidoc/_includes/servlet/java-configuration/index.adoc
View File

@ -7,7 +7,7 @@ Since Spring Security 3.2 there has been Spring Security Java Configuration supp
If you are familiar with the <<ns-config>> then you should find quite a few similarities between it and the Security Java Configuration support. If you are familiar with the <<ns-config>> then you should find quite a few similarities between it and the Security Java Configuration support.
NOTE: Spring Security provides https://github.com/spring-projects/spring-security/tree/master/samples/javaconfig[lots of sample applications] which demonstrate the use of Spring Security Java Configuration. NOTE: Spring Security provides https://github.com/spring-projects/spring-security-samples/tree/main/servlet/java-configuration[lots of sample applications] which demonstrate the use of Spring Security Java Configuration.
== Hello Web Security Java Configuration == Hello Web Security Java Configuration

2
docs/manual/src/docs/asciidoc/_includes/servlet/kotlin-configuration/index.adoc
View File

@ -4,7 +4,7 @@
Spring Security Kotlin Configuration support has been available since Spring Security 5.3. Spring Security Kotlin Configuration support has been available since Spring Security 5.3.
It enables users to easily configure Spring Security using a native Kotlin DSL. It enables users to easily configure Spring Security using a native Kotlin DSL.
NOTE: Spring Security provides https://github.com/spring-projects/spring-security/tree/master/samples/boot/kotlin[a sample application] which demonstrates the use of Spring Security Kotlin Configuration. NOTE: Spring Security provides https://github.com/spring-projects/spring-security-samples/tree/main/servlet/spring-boot/kotlin/hello-security[a sample application] which demonstrates the use of Spring Security Kotlin Configuration.
[[kotlin-config-httpsecurity]] [[kotlin-config-httpsecurity]]
== HttpSecurity == HttpSecurity