Rob Winch
f6cb0bd610
Merge Use 2004-present Copyright Header
...
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
2025-07-29 10:52:42 -05:00
Josh Cummings
4775fe41db
Merge branch '6.5.x'
2025-07-29 09:28:20 -06:00
Josh Cummings
a9fcec8b46
Merge branch '6.4.x' into 6.5.x
2025-07-29 09:27:47 -06:00
Josh Cummings
452d311a9b
Merge remote-tracking branch 'origin/6.3.x' into 6.4.x
2025-07-29 09:27:23 -06:00
Bernie Schelberg
edcb3b024e
Update Shibboleth repository URL
...
Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>
2025-07-29 09:26:42 -06:00
Rob Winch
2fdca16c1a
Merge branch '6.4.x' into 6.5.x
...
Closes gh-17634
2025-07-29 09:47:52 -05:00
Josh Cummings
fca30e3d25
Update What's New in Spring Security 7
...
Closes gh-17582
2025-07-21 15:00:47 -06:00
dependabot[bot]
66ddfb43a0
Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs
...
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-18 09:15:29 -05:00
dependabot[bot]
759736672d
Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs
...
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions ) from 1.14.4 to 1.14.6.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc )
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.4...v1.14.6 )
---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
dependency-version: 1.14.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-14 01:05:46 +00:00
Josh Cummings
0c42b61cc1
Restore legacy-websocket-configuration Link
...
In this way, links to this section will still arrive at something
helpful.
Issue gh-17295
2025-07-10 15:03:10 -06:00
Josh Cummings
7960d2803d
Add Migration Steps for PathMatcher Usage
...
Issue gh-17509
2025-07-10 14:53:39 -06:00
Josh Cummings
4b15b2b94e
Add Migration Steps for Messaging
...
Closes gh-17509
2025-07-10 13:19:42 -06:00
Josh Cummings
2c87270dbc
Use authorizeHttpRequests
...
Issue gh-15174
2025-07-09 17:33:11 -06:00
Josh Cummings
dadf10899c
Add WebExpressionAuthorizationManager.Builder
...
Closes gh-17504
2025-07-09 17:33:10 -06:00
Josh Cummings
c312d18191
Add Publishing Predicate
...
Closes gh-17503
2025-07-09 17:33:10 -06:00
Josh Cummings
901b386ca6
Merge branch '6.5.x'
2025-07-09 14:11:14 -06:00
Josh Cummings
9209a33678
Remove References to Deprecated OpenSaml Components
...
Issue gh-11658
2025-07-09 14:10:33 -06:00
Rob Winch
e48fdd5ed4
Use UserWebTestClientConfigurer
...
Closes gh-17496
2025-07-07 15:15:51 -05:00
Rob Winch
dbb3b7e1f5
Remove Unused import
2025-07-07 15:15:51 -05:00
Rob Winch
bfa2a3613c
Fix frameworkVersion
...
Should not strip -SNAPSHOT
2025-07-07 15:15:51 -05:00
Josh Cummings
02d69ec864
Keep EnableWebMvcSecurity Link
...
So that links across the Internet that are pointed at
#mvc-enablewebmvcsecurity still arrive at a relevant place,
this commit re-adds the mvc-enablewebmvcsecurity link, even
though @EnableWebMvcSecurity itself is now removed.
Issue gh-17294
2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
a439bc65d6
Remove EnableWebMvcSecurity
...
Closes gh-17294
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
242956a63c
Remove deprecated elements from DaoAuthenticationProvider
...
Closes gh-17298
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan
9312fb7004
Remove Deprecated AuthorizationDecision Elements
...
Closes gh-17299
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-03 14:32:49 -06:00
Josh Cummings
ce107795d8
Fix Broken JavaDoc Link
...
Issue gh-16886
2025-07-03 14:14:00 -06:00
Josh Cummings
b71a66bdaa
Use PathPatternRequestMatcher in docs
...
Issue gh-16886
Issue gh-16887
2025-07-03 13:37:50 -06:00
Joe Grandja
e869bcdfa3
Remove deprecated implementations of OAuth2AccessTokenResponseClient
...
Closes gh-16909
2025-07-03 14:23:23 -04:00
Joe Grandja
cfe38957d7
Remove Resource Owner Password Credentials grant
...
Closes gh-17446
2025-07-03 14:23:23 -04:00
Konstantin Filtschew
e4a2ac27d6
Fixed link to CSRF checks
2025-06-27 14:18:01 -05:00
Rob Winch
00ead7f24d
Update to Kotlin 2.2
2025-06-26 17:29:12 -05:00
Tran Ngoc Nhan
e686ac6b11
Remove AbstractSecurityWebSocketMessageBrokerConfigurer
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-06-24 12:56:05 -06:00
Josh Cummings
a4c338f8a5
Format authorizeExchange Blocks
...
This commit formats authorizeExchange blocks to
use a common variable name and ensure the
variable and reference are on the same line.
Issue gh-13067
2025-06-20 10:46:52 -06:00
Josh Cummings
777447e1d9
Format authorizeHttpRequests Blocks
...
This commit formats authorizeHttpRequests blocks
to use the same parameter name and places the
reference on the same line as the parameter.
Issue gh-13067
2025-06-20 10:46:51 -06:00
Josh Cummings
c43afbf5e1
Format Lambda Expressions
...
This commit updats lambda expressions so that
their variable is surrounded in parentheses.
Issue gh-13067
2025-06-20 10:41:29 -06:00
Josh Cummings
6ddb964c61
Remove ApacheDS Support
...
Closes gh-13852
2025-06-19 11:55:34 -06:00
Rob Winch
b2325e4176
Add OAuth Support for HTTP Interface Client
...
Closes gh-16858
2025-06-17 09:53:51 -05:00
Rob Winch
040ffe17e5
Add SubjectX500PrincipalExtractor to Whats New
...
Issue gh-16984
2025-06-12 12:19:37 -05:00
Rob Winch
e3add59550
Update x509 Reference
...
- Use include-code
- Demo how to customize SubjectX500PrincipalExtractor
2025-06-12 12:09:20 -05:00
Rob Winch
7bf2730a53
Add x509@principal-extractor-ref
...
Enables customizing the X500PrincipalExtractor
2025-06-12 12:09:20 -05:00
Rob Winch
88ed4a5ccf
Use principalExtractor reference instead of properties
2025-06-12 12:09:20 -05:00
Max Batischev
aba437d469
Add Support SubjectX500PrincipalExtractor
...
Closes gh-16980
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-06-12 12:09:20 -05:00
Josh Cummings
9b724377ce
Rework Saml2 Authentication Statement
...
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.
Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.
As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.
Closes gh-10820
2025-06-10 17:21:03 -06:00
Lidoca
d0db5e3ea3
Update database-schema.adoc
...
docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc
Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>
2025-06-09 22:17:57 -05:00
Josh Cummings
aa3135169d
Polish Documentation
...
Closes gh-14635
2025-06-09 16:49:36 -06:00
Josh Cummings
eaab42a73c
Polish BearerTokenAuthenticationConverter Support
...
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs
Issue gh-14750
2025-06-04 18:17:17 -06:00
Max Batischev
4967f3feee
Add Support BearerTokenAuthenticationConverter
...
Closes gh-14750
Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-06-04 18:17:17 -06:00
Josh Cummings
492444c588
Update shouldConvertGetRequests Migration Steps
...
Issue gh-17099
2025-06-03 13:12:38 -06:00
Josh Cummings
4ed131f6ab
Add shouldConvertGetRequests Migration Steps
...
Issue gh-17099
2025-06-03 13:10:45 -06:00
Josh Cummings
6d3b54df21
Change Type Validation Default
...
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide
...
Closes gh-17182
2025-05-28 16:11:12 -06:00