231 Commits

Author SHA1 Message Date
Rob Winch
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
2025-10-10 16:24:46 -05:00
Rob Winch
e290c98e97
Document Multi-Factor Simple to Complex
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
2025-10-10 16:23:38 -05:00
Rob Winch
f652920bb3
Add @EnableGlobalMultiFactorAuthentication
Closes gh-17954
2025-09-24 14:47:26 -05:00
Josh Cummings
bbba2930e9
Add Initial Documentation
Issue gh-17934
2025-09-23 18:16:36 -06:00
Josh Cummings
1e1cb0097a
Document Authentication Factors
Issue gh-17933
2025-09-19 11:32:28 -06:00
Rob Winch
1b263cfafb
Fix Keberos Docs http://
Issue gh-17879
2025-09-12 14:39:46 -05:00
Rob Winch
f5fb127c8c
Add Spring Security Kerberos
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
2025-09-12 14:25:20 -05:00
Josh Cummings
b09afb34cc Document Authentication.Builder
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
2025-09-09 14:59:14 -06:00
Tran Ngoc Nhan
371bee685f Polish User#withDefaultPasswordEncoder
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-08-04 09:40:20 -06:00
Marcin Lewandowski
f61a8deccc Update index.adoc
Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>
2025-07-31 11:09:06 -06:00
Tran Ngoc Nhan
242956a63c Remove deprecated elements from DaoAuthenticationProvider
Closes gh-17298

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-07 13:38:34 -06:00
Josh Cummings
c43afbf5e1
Format Lambda Expressions
This commit updats lambda expressions so that
their variable is surrounded in parentheses.

Issue gh-13067
2025-06-20 10:41:29 -06:00
Josh Cummings
6ddb964c61
Remove ApacheDS Support
Closes gh-13852
2025-06-19 11:55:34 -06:00
Rob Winch
e3add59550 Update x509 Reference
- Use include-code
- Demo how to customize SubjectX500PrincipalExtractor
2025-06-12 12:09:20 -05:00
Josh Cummings
7d49c41e03
Merge branch '6.4.x' into 6.5.x 2025-05-21 14:44:03 -06:00
Josh Cummings
fbfb28456a
Merge branch '6.3.x' into 6.4.x 2025-05-21 14:43:44 -06:00
Gurunathan
a4cd6f4278
Advise Overriding equals() and hashCode() in UserDetails Implementations
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.

The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.

I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.

Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
2025-05-21 12:41:44 -06:00
Rob Winch
9b79b99150
Merge branch '6.4.x'
- Correct method name in logout.adoc

Closes gh-17049
2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db
Merge branch '6.3.x' into 6.4.x
- Correct method name in logout.adoc

Closes gh-17048
2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed
Correct method name
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-06 10:17:29 -05:00
Josh Cummings
df640f22dc
Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f
Merge branch '6.3.x' into 6.4.x
Closes gh-17034
2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed
Fix ClearSiteData Code Snippet
Closes gh-16948
2025-05-02 15:57:31 -06:00
Josh Cummings
28091c8563 Merge branch '6.4.x' 2025-05-01 12:03:19 -06:00
Josh Cummings
c4a0dfe838 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-01 12:03:05 -06:00
Soumik Sarker
bcef6ed74f Reformatted lines in x509 overview documentation
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
2025-05-01 12:02:45 -06:00
Tran Ngoc Nhan
ee84d37435 Use SpringCacheBasedTicketCache
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-03-31 13:54:48 -06:00
Steve Riesenberg
6745576186 Polish basic.adoc
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
2025-03-21 15:05:22 -05:00
Steve Riesenberg
eb510ab59d Polish gh-16280 2025-03-21 15:05:22 -05:00
Martin Emrich
21fb5f92cf Explain behaviour with XMLHttpRequest on 401 response
Relates to / Closes gh-16103
2025-03-21 15:05:22 -05:00
nobletrout
555fe1f147 Update anonymous.adoc
make the example code return the same thing for the do and don't do.

Signed-off-by: nobletrout <nobletrout@gmail.com>
2025-03-20 15:17:35 -05:00
Daniel Garnier-Moiroux
238f47ce5e One Time Token login registers the default login page
closes gh-16414

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
2025-02-10 09:55:51 -06:00
Max Batischev
474b5e151a Add Support GenerateOneTimeTokenRequestResolver
Closes gh-16291

Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-01-22 17:09:55 -06:00
Rob Winch
d3332e1956
Document JDBC Persistence for WebAuthn
Issue gh-16282
2025-01-17 21:37:27 -06:00
Rob Winch
1f9845485c
Document custom HttpMessageConverter support for WebAuthn
Issue gh-16397
2025-01-17 21:08:16 -06:00
Rob Winch
718c90d7ad
Document PublicKeyCredentialCreationOptionsRepository
Issue gh-16396
2025-01-17 20:51:43 -06:00
Muhammad N. Fadhil
b7b915d7c9 Improved sentence phrasing in the docs. 2025-01-12 22:25:22 -06:00
Muhammad N. Fadhil
a78e888ce0 Fixed grammatical mistakes in the docs. 2025-01-12 22:25:22 -06:00
Muhammad N. Fadhil
fdd50ca3bf Fixed a grammatical mistake in the docs. 2025-01-12 22:25:22 -06:00
mskim
0e3cfd1efb Fix logout code snippet for Kotlin: Corrected deleteCookies syntax 2025-01-07 15:36:52 -06:00
Josh Cummings
1104b45832
Polish SessionLimit
- Move to the web.authentication.session package since it is only needed
by web.authentication.session elements and does not access any other web
element itself.
- Add Kotlin support
- Add documentation

Issue gh-16206
2024-12-18 18:32:28 -07:00
Josh Cummings
b9f3a28678 Add UserDetailsService Constructor
Closes gh-15973
2024-12-16 17:59:16 -07:00
Yoshikazu Nojima
ee1ede8b2d Update document regarding PublicKeyCredentialCreationOptions.attestation value
Follow up for #16252
2024-12-12 09:02:42 -06:00
Tran Ngoc Nhan
40f8ac642a Fix Documentation Typos 2024-12-09 17:56:00 -07:00
Josh Cummings
5c7237be79
Merge branch '6.3.x' 2024-11-18 12:13:20 -07:00
Josh Cummings
1414b88ef3
Merge branch '6.2.x' into 6.3.x 2024-11-18 12:13:05 -07:00
Josh Cummings
ba520db7f7
Merge branch '5.8.x' into 6.2.x 2024-11-18 12:12:46 -07:00
Josh Cummings
85248083c0
Add Dark Mode CSS Style
Closes gh-14834
2024-11-18 12:10:48 -07:00
Rob Winch
cd609acafc Document passkeys dependencies
Closes gh-16107
2024-11-15 17:44:42 -06:00
Steve Riesenberg
f1159842f4 Polish gh-15554
Closes gh-15398
2024-11-13 15:18:53 -06:00