Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-09-08 20:51:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,337 Commits 43 Branches 354 Tags
Commit Graph

870 Commits

Author SHA1 Message Date
Josh Cummings
0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Rob Winch
9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Joe Kuhel
d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Rob Winch
a8f045eb50
Add Modular Spring Security Configuration 
Closes gh-16258
 2025-08-20 12:16:08 -05:00
Josh Cummings
60c42e3f24
Update SAML 2.0 Documentation to use OpenSAML 5 
Closes gh-17707
 2025-08-14 18:01:34 -06:00
Josh Cummings
5506c487de
Remove OpenSaml4 Components 
Issue gh-17707
 2025-08-14 18:01:02 -06:00
Tran Ngoc Nhan
371bee685f Polish User#withDefaultPasswordEncoder 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-04 09:40:20 -06:00
Marcin Lewandowski
f61a8deccc Update index.adoc 
Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>
 2025-07-31 11:09:06 -06:00
Josh Cummings
1af665d6c8 Merge branch '6.5.x' 2025-07-31 10:21:50 -06:00
Josh Cummings
c966139338 Merge branch '6.4.x' into 6.5.x 2025-07-31 10:21:36 -06:00
Josh Cummings
a411fb7b8d Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-07-31 10:21:26 -06:00
Michał Sobkiewicz
c963f4250e Update Angular documentation links in csrf.adoc 
Replaced `angular.io` links with their corresponding `angular.dev` URLs.
This change ensures that users referencing CSRF documentation are
directed to the most current Angular resources.

Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>
 2025-07-31 10:21:06 -06:00
Josh Cummings
4775fe41db Merge branch '6.5.x' 2025-07-29 09:28:20 -06:00
Josh Cummings
a9fcec8b46 Merge branch '6.4.x' into 6.5.x 2025-07-29 09:27:47 -06:00
Josh Cummings
452d311a9b Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-07-29 09:27:23 -06:00
Bernie Schelberg
edcb3b024e Update Shibboleth repository URL 
Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>
 2025-07-29 09:26:42 -06:00
Josh Cummings
0c42b61cc1
Restore legacy-websocket-configuration Link 
In this way, links to this section will still arrive at something
helpful.

Issue gh-17295
 2025-07-10 15:03:10 -06:00
Josh Cummings
2c87270dbc
Use authorizeHttpRequests 
Issue gh-15174
 2025-07-09 17:33:11 -06:00
Josh Cummings
dadf10899c
Add WebExpressionAuthorizationManager.Builder 
Closes gh-17504
 2025-07-09 17:33:10 -06:00
Josh Cummings
c312d18191
Add Publishing Predicate 
Closes gh-17503
 2025-07-09 17:33:10 -06:00
Josh Cummings
901b386ca6
Merge branch '6.5.x' 2025-07-09 14:11:14 -06:00
Josh Cummings
9209a33678
Remove References to Deprecated OpenSaml Components 
Issue gh-11658
 2025-07-09 14:10:33 -06:00
Josh Cummings
02d69ec864 Keep EnableWebMvcSecurity Link 
So that links across the Internet that are pointed at
#mvc-enablewebmvcsecurity still arrive at a relevant place,
this commit re-adds the mvc-enablewebmvcsecurity link, even
though @EnableWebMvcSecurity itself is now removed.

Issue gh-17294
 2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
a439bc65d6 Remove EnableWebMvcSecurity 
Closes gh-17294

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
242956a63c Remove deprecated elements from DaoAuthenticationProvider 
Closes gh-17298

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan
9312fb7004 Remove Deprecated AuthorizationDecision Elements 
Closes gh-17299

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-07-03 14:32:49 -06:00
Josh Cummings
ce107795d8
Fix Broken JavaDoc Link 
Issue gh-16886
 2025-07-03 14:14:00 -06:00
Josh Cummings
b71a66bdaa
Use PathPatternRequestMatcher in docs 
Issue gh-16886
Issue gh-16887
 2025-07-03 13:37:50 -06:00
Joe Grandja
e869bcdfa3 Remove deprecated implementations of OAuth2AccessTokenResponseClient 
Closes gh-16909
 2025-07-03 14:23:23 -04:00
Joe Grandja
cfe38957d7 Remove Resource Owner Password Credentials grant 
Closes gh-17446
 2025-07-03 14:23:23 -04:00
Tran Ngoc Nhan
e686ac6b11 Remove AbstractSecurityWebSocketMessageBrokerConfigurer 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-06-24 12:56:05 -06:00
Josh Cummings
777447e1d9
Format authorizeHttpRequests Blocks 
This commit formats authorizeHttpRequests blocks
to use the same parameter name and places the
reference on the same line as the parameter.

Issue gh-13067
 2025-06-20 10:46:51 -06:00
Josh Cummings
c43afbf5e1
Format Lambda Expressions 
This commit updats lambda expressions so that
their variable is surrounded in parentheses.

Issue gh-13067
 2025-06-20 10:41:29 -06:00
Josh Cummings
6ddb964c61
Remove ApacheDS Support 
Closes gh-13852
 2025-06-19 11:55:34 -06:00
Rob Winch
b2325e4176
Add OAuth Support for HTTP Interface Client 
Closes gh-16858
 2025-06-17 09:53:51 -05:00
Rob Winch
e3add59550 Update x509 Reference 
- Use include-code
- Demo how to customize SubjectX500PrincipalExtractor
 2025-06-12 12:09:20 -05:00
Rob Winch
7bf2730a53 Add x509@principal-extractor-ref 
Enables customizing the X500PrincipalExtractor
 2025-06-12 12:09:20 -05:00
Rob Winch
88ed4a5ccf Use principalExtractor reference instead of properties 2025-06-12 12:09:20 -05:00
Max Batischev
aba437d469 Add Support SubjectX500PrincipalExtractor 
Closes gh-16980

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-12 12:09:20 -05:00
Josh Cummings
9b724377ce Rework Saml2 Authentication Statement 
This commit separates the authentication principal, the assertion details,
and the relying party tenant into separate components. This allows the
principal to be completely decoupled from how Spring Security triggers and
processes SLO.

Specifically, it adds Saml2AssertionAuthentication, a new authentication
implementation that allows an Object principal and a Saml2ResponseAssertionAccessor
credential. It also moves the relying party registration id from
Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication.

As such, Saml2AuthenticatedPrincipal is now deprecated in favor of
placing its assertion components in Saml2ResponseAssertionAccessor and
the relying party registration id in Saml2AssertionAuthentication.

Closes gh-10820
 2025-06-10 17:21:03 -06:00
Lidoca
d0db5e3ea3 Update database-schema.adoc 
docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc

Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>
 2025-06-09 22:17:57 -05:00
Josh Cummings
eaab42a73c Polish BearerTokenAuthenticationConverter Support 
- Moved to BearerTokenAuthenticationFilter constructor to align with
AuthenticationFilter
- Undeprecated BearerTokenResolver to reduce number of migration scenarios
- Updated to 7.0 schema
- Added migration docs

Issue gh-14750
 2025-06-04 18:17:17 -06:00
Max Batischev
4967f3feee Add Support BearerTokenAuthenticationConverter 
Closes gh-14750

Signed-off-by: Max Batischev <mblancer@mail.ru>
 2025-06-04 18:17:17 -06:00
Felix Hagemans
1a4de49977 Create CsrfCustomizer for SPA configuration 
Closes gh-14149

Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
 2025-05-27 11:44:33 -06:00
Rob Winch
cd27290260
Merge branch '6.5.x' 
Closes gh-17163
 2025-05-22 15:01:27 -05:00
Rob Winch
6eee256e12
Demonstrate include-code usage 
Closes gh-17161
 2025-05-22 14:59:35 -05:00
Josh Cummings
45e81c2d0a
Merge branch '6.5.x' 2025-05-21 14:44:23 -06:00
Josh Cummings
7d49c41e03
Merge branch '6.4.x' into 6.5.x 2025-05-21 14:44:03 -06:00