Josh Cummings
6d3b54df21
Change Type Validation Default
...
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.
Closes gh-17181
2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29
Add 7.0 -> 8.0 Migration Guide
...
Closes gh-17182
2025-05-28 16:11:12 -06:00
Felix Hagemans
1a4de49977
Create CsrfCustomizer for SPA configuration
...
Closes gh-14149
Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
2025-05-27 11:44:33 -06:00
Rob Winch
cd27290260
Merge branch '6.5.x'
...
Closes gh-17163
2025-05-22 15:01:27 -05:00
Rob Winch
e686621e92
Merge branch '6.5.x'
...
Closes gh-17162
2025-05-22 15:01:13 -05:00
Rob Winch
6eee256e12
Demonstrate include-code usage
...
Closes gh-17161
2025-05-22 14:59:35 -05:00
Rob Winch
0fecaf4924
Add include-code extension setup for docs
...
Closes gh-17160
2025-05-22 14:59:35 -05:00
Josh Cummings
45e81c2d0a
Merge branch '6.5.x'
2025-05-21 14:44:23 -06:00
Josh Cummings
7d49c41e03
Merge branch '6.4.x' into 6.5.x
2025-05-21 14:44:03 -06:00
Josh Cummings
fbfb28456a
Merge branch '6.3.x' into 6.4.x
2025-05-21 14:43:44 -06:00
Gurunathan
a4cd6f4278
Advise Overriding equals() and hashCode() in UserDetails Implementations
...
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.
The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.
I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.
Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
2025-05-21 12:41:44 -06:00
Josh Cummings
07a50b460a
Merge branch '6.5.x'
2025-05-15 18:17:05 -06:00
Josh Cummings
02a516d7f2
Merge branch '6.4.x' into 6.5.x
2025-05-15 18:16:53 -06:00
Josh Cummings
70c940fd4f
Merge branch '6.3.x' into 6.4.x
2025-05-15 18:16:44 -06:00
Josh Cummings
eb30fd7f59
Add Missing Header
...
Issue gh-11161
2025-05-15 18:16:36 -06:00
Josh Cummings
b5db32994f
Merge branch '6.5.x'
2025-05-15 17:20:23 -06:00
Josh Cummings
8548d8e18a
Merge branch '6.4.x' into 6.5.x
2025-05-15 17:20:08 -06:00
Josh Cummings
fbdf4a88a0
Merge branch '6.3.x' into 6.4.x
2025-05-15 17:19:55 -06:00
snowykte0426
260d298cc5
Add Migration Guide from Spring Security SAML Extension
...
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.
Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback
Closes gh-11161
Signed-off-by: snowykte0426 <snowykte0426@naver.com>
2025-05-15 17:17:43 -06:00
Josh Cummings
0698d3527d
Merge branch '6.5.x'
2025-05-13 11:18:43 -06:00
Josh Cummings
26f359a4db
Merge branch '6.4.x' into 6.5.x
2025-05-13 11:18:31 -06:00
Josh Cummings
5ba4ab5e11
Merge branch '6.3.x' into 6.4.x
2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b
Add missing registration property in YAML listing
...
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5
Update assertingparty property usage in YAML snippets
...
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.
Closes gh-12810.
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
Joe Grandja
ba7be9c8b9
Merge branch '6.5.x'
2025-05-09 16:14:34 -04:00
Joe Grandja
e3c39f02bc
Add documentation for DPoP support
...
Closes gh-17072
2025-05-09 16:02:14 -04:00
Rob Winch
f13836c9c8
Add X to CommonOAuth2Provider Reference
...
Issue gh-16510
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2025-05-07 11:31:28 -05:00
Josh Cummings
211b1b7285
Update Method Security Migration Steps
2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312
Add Cookie Customizer Migration Steps
2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1
Add shouldFilterAllDispatcherTypes Migration Steps
2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e
Move Opaque Token Migration Steps
2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458
Update SAML 2.0 Migration Steps
2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b
Add ACL Migration Steps
2025-05-06 16:38:19 -06:00
Rob Winch
5abbcecccc
Update to 7.0.0-SNAPSHOT
...
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2025-05-06 13:26:14 -05:00
Rob Winch
9b79b99150
Merge branch '6.4.x'
...
- Correct method name in logout.adoc
Closes gh-17049
2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x
...
- Correct method name in logout.adoc
Closes gh-17048
2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name
...
Closes gh-17031
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-06 10:17:29 -05:00
Josh Cummings
df640f22dc
Merge branch '6.4.x'
2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x
...
Closes gh-17034
2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet
...
Closes gh-16948
2025-05-02 15:57:31 -06:00
Josh Cummings
28091c8563
Merge branch '6.4.x'
2025-05-01 12:03:19 -06:00
Josh Cummings
c4a0dfe838
Merge remote-tracking branch 'origin/6.3.x' into 6.4.x
2025-05-01 12:03:05 -06:00
Soumik Sarker
bcef6ed74f
Reformatted lines in x509 overview documentation
...
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
2025-05-01 12:02:45 -06:00
Josh Cummings
d0a97917ad
Merge branch '6.4.x'
2025-04-29 13:39:00 -06:00
Josh Cummings
d76ccc6856
Merge branch '6.3.x' into 6.4.x
2025-04-29 13:38:41 -06:00
Yanming Zhou
9c76ab69f0
Use proper configuration key
...
the getter method is `getOpaquetoken()` not `getOpaqueToken()`
See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-29 13:37:51 -06:00
Yanming Zhou
ce5a12b2f7
Revise document to replace outdated NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector
...
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-23 14:10:02 -06:00
Josh Cummings
61d6fbc2a9
Update Documentation for PathPatternRequestMatcher
...
Issue gh-16765
2025-04-23 12:11:09 -06:00
Steve Riesenberg
15c2b156f1
Update Client Authentication examples
...
Closes gh-16925
987d9c9788ba0343f543083c87613fb5
2025-04-11 15:10:05 -05:00
Josh Cummings
6438603cb6
Pick Up TargetVisitor Beans
...
Closes gh-16923
2025-04-10 15:48:09 -06:00