Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-01 16:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,597 Commits 56 Branches 348 Tags
Commit Graph

43 Commits

Author SHA1 Message Date
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Josh Cummings
aa3135169d Polish Documentation 
Closes gh-14635
 2025-06-09 16:49:36 -06:00
Josh Cummings
eaab42a73c Polish BearerTokenAuthenticationConverter Support 
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs

Issue gh-14750
 2025-06-04 18:17:17 -06:00
Josh Cummings
492444c588
Update shouldConvertGetRequests Migration Steps 
Issue gh-17099
 2025-06-03 13:12:38 -06:00
Josh Cummings
4ed131f6ab Add shouldConvertGetRequests Migration Steps 
Issue gh-17099
 2025-06-03 13:10:45 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide 
Closes gh-17182
 2025-05-28 16:11:12 -06:00
Josh Cummings
616b43f261 Restore 6.x Migration Steps 
Issue gh-16873
 2025-04-03 11:05:53 -06:00
Marcus Da Coregio
4c77a550ae Change to Migrating to 6.2 
Issue gh-13552
 2023-07-19 10:30:23 -03:00
Rob Winch
8407c9ebee Merge branch '6.0.x' 
Closes gh-13407
 2023-06-18 21:41:16 -05:00
Rob Winch
f66a5bab99 Merge branch '5.8.x' into 6.0.x 
Closes gh-13406
 2023-06-18 21:33:58 -05:00
Rob Winch
7da99acca7 Merge branch '5.7.x' into 5.8.x 
Closes gh-13405
 2023-06-18 21:32:35 -05:00
Rob Winch
312b758b3a Merge branch '5.7.x' into 5.8.x 
Closes gh-13292
 2023-06-08 17:14:34 -05:00
Josh Cummings
9d19435eb0
Merge branch '6.0.x' 2023-06-05 13:08:47 -06:00
delver
2629fb2061 Fix Kotlin typo 2023-06-05 13:08:17 -06:00
delver
77c337bac4 Fix invalid link 2023-06-05 13:08:17 -06:00
Marcus Da Coregio
5c88b95af5 Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults 
Closes gh-13227
 2023-05-25 09:51:36 -03:00
Josh Cummings
68b052218a
Add @EnableTransactionManagement Details 
Closes gh-13152
 2023-05-24 10:10:00 -06:00
daisuzz
734dc98e50 Fix typo in authorization.adoc 2023-05-18 09:59:23 -06:00
Steve Riesenberg
491041dc60
Merge branch '6.0.x' 2023-05-12 15:44:33 -05:00
Steve Riesenberg
e234f85b2f
Fix hard-coded link in remote build 
Issue gh-13156
 2023-05-12 15:43:14 -05:00
Steve Riesenberg
e96a5e9bd1
Merge branch '6.0.x' 
Closes gh-13157
 2023-05-12 13:54:56 -05:00
Steve Riesenberg
72d86f1cbc
Update links to 5.8 migration guide 
Closes gh-13156
 2023-05-12 13:46:54 -05:00
Josh Cummings
e5fcf1ebcf
Revisit Request and Method Security Docs 
Issue gh-13088
 2023-05-01 14:09:22 -06:00
Josh Cummings
9244989b2e
Fix allOf/anyOf Abstain Logic 
Closes gh-13069
 2023-04-24 15:36:17 -06:00
Brummolix
a513fc0f38 Fix SecurityWebApplicationInitializer.getSecurityDispatcherTypes example in doc #12939 2023-03-30 09:38:17 -03:00
Marcus Da Coregio
b4b4cd0ffa Merge branch '5.8.x' into 6.0.x 
Closes gh-12941
 2023-03-28 15:23:21 -03:00
Marcus Da Coregio
eb58655fa9 Improve Docs by mentioning that Empty SecurityContext should be saved 
Closes gh-12906
 2023-03-28 15:21:30 -03:00
Josh Cummings
35cf52d3bd
Add DefaultMethodSecurityExpressionHandler 
Closes gh-12356
 2023-02-21 16:58:08 -07:00
Josh Cummings
6bf11181ef
Adjust AfterInvocationManager Migration Docs 
The original documentation only addresses the post-authorize case.
Some implementations want also to modify the return type.

Issue gh-12620
 2023-02-21 15:07:17 -07:00
Steve Riesenberg
bf2951b5af
Add sections for migrating exploit protection in 6.0 
Issue gh-12462
 2023-02-15 17:18:09 -06:00
Tao Sun
6f5c633241
Fix typo in Authentication Migrations page 2023-02-15 15:14:09 -07:00
Steve Riesenberg
45b81b194b
Expand migration docs regarding CSRF 
Closes gh-12462
 2023-02-15 14:53:28 -06:00
Steve Riesenberg
179428f7da
Add section for migrating WebSocket support 
Issue gh-12378
 2023-01-26 15:45:09 -06:00
Steve Riesenberg
33e72b35f9
Add section for migrating WebSocket support 
Issue gh-12378
 2023-01-23 16:00:36 -06:00
Josh Cummings
88a8ef647b
Add Details about @Configuration 
Closes gh-12486
 2023-01-06 13:56:56 -07:00
Marcus Da Coregio
88d50a531b Add EnableWebSecurity migration steps to 5.8 guide 
Closes gh-12334
 2022-12-07 10:22:54 -08:00
Marc Becker
50da5b6498 Fix securityMatchers code sample 
Closes gh-12296
 2022-11-25 10:18:40 -03:00
Steve Riesenberg
4994e67eda
Add servlet opt out steps for CSRF BREACH 
Issue gh-12107
 2022-11-19 22:11:18 -06:00
Josh Cummings
3f5d8b39ce
Restructure Migration Guide 
Closes gh-12242
 2022-11-18 16:57:32 -07:00
Marcus Da Coregio
1919b4e38b Migration guide for CAS support removal 
Issue gh-12163
 2022-11-18 15:35:39 -03:00
Josh Cummings
17123a3b0f
Polish JwtAuthenticationConverter Preparation Steps 
Issue gh-12022
 2022-11-16 12:00:10 -07:00
Josh Cummings
63aec87c61
Use Imperative in Headers 
Issue gh-12224
 2022-11-16 11:58:25 -07:00
Josh Cummings
7675874137
Restructure Migration Steps 
CLoses gh-12224
 2022-11-16 11:35:47 -07:00