Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,301 Commits 38 Branches 345 Tags
Commit Graph

2558 Commits

Author SHA1 Message Date
Josh Cummings
6d3b54df21
Change Type Validation Default 
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
 2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide 
Closes gh-17182
 2025-05-28 16:11:12 -06:00
Felix Hagemans
1a4de49977 Create CsrfCustomizer for SPA configuration 
Closes gh-14149

Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
 2025-05-27 11:44:33 -06:00
Rob Winch
cd27290260
Merge branch '6.5.x' 
Closes gh-17163
 2025-05-22 15:01:27 -05:00
Rob Winch
e686621e92
Merge branch '6.5.x' 
Closes gh-17162
 2025-05-22 15:01:13 -05:00
Rob Winch
6eee256e12
Demonstrate include-code usage 
Closes gh-17161
 2025-05-22 14:59:35 -05:00
Rob Winch
0fecaf4924
Add include-code extension setup for docs 
Closes gh-17160
 2025-05-22 14:59:35 -05:00
Josh Cummings
45e81c2d0a
Merge branch '6.5.x' 2025-05-21 14:44:23 -06:00
Josh Cummings
7d49c41e03
Merge branch '6.4.x' into 6.5.x 2025-05-21 14:44:03 -06:00
Josh Cummings
fbfb28456a
Merge branch '6.3.x' into 6.4.x 2025-05-21 14:43:44 -06:00
Gurunathan
a4cd6f4278
Advise Overriding equals() and hashCode() in UserDetails Implementations 
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.

The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.

I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.

Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
 2025-05-21 12:41:44 -06:00
Josh Cummings
07a50b460a
Merge branch '6.5.x' 2025-05-15 18:17:05 -06:00
Josh Cummings
02a516d7f2
Merge branch '6.4.x' into 6.5.x 2025-05-15 18:16:53 -06:00
Josh Cummings
70c940fd4f
Merge branch '6.3.x' into 6.4.x 2025-05-15 18:16:44 -06:00
Josh Cummings
eb30fd7f59
Add Missing Header 
Issue gh-11161
 2025-05-15 18:16:36 -06:00
Josh Cummings
b5db32994f
Merge branch '6.5.x' 2025-05-15 17:20:23 -06:00
Josh Cummings
8548d8e18a
Merge branch '6.4.x' into 6.5.x 2025-05-15 17:20:08 -06:00
Josh Cummings
fbdf4a88a0
Merge branch '6.3.x' into 6.4.x 2025-05-15 17:19:55 -06:00
snowykte0426
260d298cc5 Add Migration Guide from Spring Security SAML Extension 
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.

Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback

Closes gh-11161

Signed-off-by: snowykte0426 <snowykte0426@naver.com>
 2025-05-15 17:17:43 -06:00
Josh Cummings
0698d3527d
Merge branch '6.5.x' 2025-05-13 11:18:43 -06:00
Josh Cummings
26f359a4db
Merge branch '6.4.x' into 6.5.x 2025-05-13 11:18:31 -06:00
Josh Cummings
5ba4ab5e11
Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b Add missing registration property in YAML listing 
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5 Update assertingparty property usage in YAML snippets 
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
 2025-05-13 11:17:35 -06:00
Joe Grandja
ba7be9c8b9 Merge branch '6.5.x' 2025-05-09 16:14:34 -04:00
Joe Grandja
e3c39f02bc Add documentation for DPoP support 
Closes gh-17072
 2025-05-09 16:02:14 -04:00
Rob Winch
f13836c9c8
Add X to CommonOAuth2Provider Reference 
Issue gh-16510

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-07 11:31:28 -05:00
Josh Cummings
211b1b7285
Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312
Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1
Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e
Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458
Update SAML 2.0 Migration Steps 2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b
Add ACL Migration Steps 2025-05-06 16:38:19 -06:00
Rob Winch
5abbcecccc
Update to 7.0.0-SNAPSHOT 
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
 2025-05-06 13:26:14 -05:00
Rob Winch
9b79b99150
Merge branch '6.4.x' 
- Correct method name in logout.adoc

Closes gh-17049
 2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x 
- Correct method name in logout.adoc

Closes gh-17048
 2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name 
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-05-06 10:17:29 -05:00
Josh Cummings
df640f22dc
Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x 
Closes gh-17034
 2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet 
Closes gh-16948
 2025-05-02 15:57:31 -06:00
Josh Cummings
28091c8563 Merge branch '6.4.x' 2025-05-01 12:03:19 -06:00
Josh Cummings
c4a0dfe838 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-01 12:03:05 -06:00
Soumik Sarker
bcef6ed74f Reformatted lines in x509 overview documentation 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-05-01 12:02:45 -06:00
Josh Cummings
d0a97917ad
Merge branch '6.4.x' 2025-04-29 13:39:00 -06:00
Josh Cummings
d76ccc6856
Merge branch '6.3.x' into 6.4.x 2025-04-29 13:38:41 -06:00
Yanming Zhou
9c76ab69f0 Use proper configuration key 
the getter method is `getOpaquetoken()` not `getOpaqueToken()`

See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-04-29 13:37:51 -06:00
Yanming Zhou
ce5a12b2f7 Revise document to replace outdated NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-04-23 14:10:02 -06:00
Josh Cummings
61d6fbc2a9
Update Documentation for PathPatternRequestMatcher 
Issue gh-16765
 2025-04-23 12:11:09 -06:00
Steve Riesenberg
15c2b156f1
Update Client Authentication examples 
Closes gh-16925

987d9c9788ba0343f543083c87613fb5
 2025-04-11 15:10:05 -05:00
Josh Cummings
6438603cb6
Pick Up TargetVisitor Beans 
Closes gh-16923
 2025-04-10 15:48:09 -06:00