Rivaldi 
							
						 
					 
					
						
						
						
						
							
						
						
							01a37dd678 
							
						 
					 
					
						
						
							
							Fix typo  
						
						... 
						
						
						
						(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30) 
						
						
					 
					
						2022-11-03 08:21:48 -03:00 
						 
				 
			
				
					
						
							
							
								Márk Kővári 
							
						 
					 
					
						
						
						
						
							
						
						
							aad01447c3 
							
						 
					 
					
						
						
							
							docs: fix realm typo  
						
						
						
						
					 
					
						2022-11-03 08:21:26 -03:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							cca999c57d 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'origin/5.8.x'  
						
						
						
						
					 
					
						2022-11-01 13:46:08 -06:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d29ab8bcae 
							
						 
					 
					
						
						
							
							Merge branch '5.7.x' into 5.8.x  
						
						
						
						
					 
					
						2022-11-01 13:43:40 -06:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c94e33b6c8 
							
						 
					 
					
						
						
							
							Merge branch '5.6.x' into 5.7.x  
						
						
						
						
					 
					
						2022-11-01 13:42:35 -06:00 
						 
				 
			
				
					
						
							
							
								Ger Roza 
							
						 
					 
					
						
						
						
						
							
						
						
							8315545144 
							
						 
					 
					
						
						
							
							Update RP-Initiated Logout target URLs.  
						
						... 
						
						
						
						The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081 
						
						
					 
					
						2022-11-01 12:35:39 -06:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c5badbc631 
							
						 
					 
					
						
						
							
							Add AccessDecisionManager Preparation Steps  
						
						... 
						
						
						
						Issue gh-11337 
						
						
					 
					
						2022-10-31 15:25:05 -06:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							3da0d1bf27 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-10-27 15:39:03 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							aac1261f0c 
							
						 
					 
					
						
						
							
							Document Migration to SecurityContextHolderFilter  
						
						... 
						
						
						
						Closes gh-12098 
						
						
					 
					
						2022-10-27 15:12:45 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							d40ed58118 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-12091
Closes gh-12092 
						
						
					 
					
						2022-10-26 14:56:02 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							c17e258a6f 
							
						 
					 
					
						
						
							
							Document Saved Requests  
						
						... 
						
						
						
						Closes gh-12088 
						
						
					 
					
						2022-10-26 14:22:30 -05:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7adc000c6b 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'origin/5.8.x'  
						
						
						
						
					 
					
						2022-10-25 14:42:32 -06:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							04fa5af794 
							
						 
					 
					
						
						
							
							Add Missing Doc Header  
						
						... 
						
						
						
						The EnableMethodSecurity section 
						
						
					 
					
						2022-10-25 14:41:11 -06:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fe96a62dfc 
							
						 
					 
					
						
						
							
							Document Observability Support  
						
						... 
						
						
						
						Issue gh-10964 
						
						
					 
					
						2022-10-12 20:32:25 -06:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							c5e35bf32e 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-11978 
						
						
					 
					
						2022-10-10 09:24:50 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							4b6fed0667 
							
						 
					 
					
						
						
							
							Add static factory method to AntPathRequestMather and RegexRequestMatcher  
						
						... 
						
						
						
						Closes gh-11938 
						
						
					 
					
						2022-10-10 09:24:15 -03:00 
						 
				 
			
				
					
						
							
							
								Daniel Garnier-Moiroux 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							27059ced87 
							
						 
					 
					
						
						
							
							Default X-Xss-Protection header value to "0"  
						
						... 
						
						
						
						Closes gh-9631 
						
						
					 
					
						2022-10-07 17:42:55 -05:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							398f5dee7f 
							
						 
					 
					
						
						
							
							Remove deprecated RequestMatcher methods from Java Configuration  
						
						... 
						
						
						
						Closes gh-11939 
						
						
					 
					
						2022-10-07 15:26:46 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							9fd195d419 
							
						 
					 
					
						
						
							
							Default to shouldFilterAllDispatcherTypes=true in XML  
						
						... 
						
						
						
						Closes gh-11970 
						
						
					 
					
						2022-10-07 11:46:20 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							146d3269bc 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-11971 
						
						
					 
					
						2022-10-07 10:28:14 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							f3321c256c 
							
						 
					 
					
						
						
							
							Add XML support for shouldFilterAllDispatcherTypes  
						
						... 
						
						
						
						Closes gh-11492 
						
						
					 
					
						2022-10-07 10:20:32 -03:00 
						 
				 
			
				
					
						
							
							
								Josh Cummings 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							12b9f2e196 
							
						 
					 
					
						
						
							
							use-authorization-manager defaults to true  
						
						... 
						
						
						
						Closes gh-11929 
						
						
					 
					
						2022-10-06 08:12:46 -06:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							c4d23f2b49 
							
						 
					 
					
						
						
							
							Use MvcRequestMatcher by default if Spring MVC is present  
						
						... 
						
						
						
						Closes gh-11899 
						
						
					 
					
						2022-10-06 09:12:04 -03:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8b490de08d 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc 
						
						
					 
					
						2022-10-05 14:46:15 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							dce1c30522 
							
						 
					 
					
						
						
							
							Add support for BREACH  
						
						... 
						
						
						
						Closes gh-4001 
						
						
					 
					
						2022-10-05 14:21:13 -05:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							38a7bbd2eb 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-10-05 13:20:12 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							ace8caa182 
							
						 
					 
					
						
						
							
							Remove mvcMatchers usage from docs  
						
						... 
						
						
						
						Issue gh-11347 
						
						
					 
					
						2022-10-05 13:19:37 -03:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5de6da890b 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-dry-run 
						
						
					 
					
						2022-10-04 11:18:00 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							475b3bb6bb 
							
						 
					 
					
						
						
							
							Add deferred CsrfTokenRepository.loadDeferredToken  
						
						... 
						
						
						
						* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918 
						
						
					 
					
						2022-10-03 17:10:54 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7c3cc1e386 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-10-03 14:29:51 -05:00 
						 
				 
			
				
					
						
							
							
								Daniel Garnier-Moiroux 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0e215a21ad 
							
						 
					 
					
						
						
							
							Add X-Xss-Protection headerValue to XML config  
						
						... 
						
						
						
						Issue gh-9631 
						
						
					 
					
						2022-10-03 14:29:34 -05:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							ad2abd39dc 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-11347 in 6.0.x
Closes gh-11945 
						
						
					 
					
						2022-10-03 16:02:18 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							039e0328e1 
							
						 
					 
					
						
						
							
							Simplify Java Configuration RequestMatcher Usage  
						
						... 
						
						
						
						If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159 
						
						
					 
					
						2022-10-03 15:55:20 -03:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							181ee7410b 
							
						 
					 
					
						
						
							
							Change default authority for oauth2Login()  
						
						... 
						
						
						
						Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856 
						
						
					 
					
						2022-09-26 10:06:31 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bcb21c9384 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java 
						
						
					 
					
						2022-09-23 15:39:43 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							46696a9226 
							
						 
					 
					
						
						
							
							CsrfTokenRequestHandler extends CsrfTokenRequestResolver  
						
						... 
						
						
						
						Closes gh-11896 
						
						
					 
					
						2022-09-23 15:09:00 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							0efe26c1fd 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						Closes gh-11894 
						
						
					 
					
						2022-09-22 13:47:04 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							d94677f87e 
							
						 
					 
					
						
						
							
							CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler  
						
						... 
						
						
						
						This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892 
						
						
					 
					
						2022-09-22 11:09:44 -05:00 
						 
				 
			
				
					
						
							
							
								Rob Winch 
							
						 
					 
					
						
						
						
						
							
						
						
							48e31f87e4 
							
						 
					 
					
						
						
							
							Remove Deprecated OpenSAML 3 Support  
						
						... 
						
						
						
						Closes gh-10556 
						
						
					 
					
						2022-09-20 16:57:38 -06:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2431dd1103 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-09-13 17:38:10 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							355ef21117 
							
						 
					 
					
						
						
							
							Polish gh-11665  
						
						
						
						
					 
					
						2022-09-13 16:45:39 -05:00 
						 
				 
			
				
					
						
							
							
								ch4mpy 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1efb63387f 
							
						 
					 
					
						
						
							
							Add authentication converter for introspected tokens  
						
						... 
						
						
						
						Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661 
						
						
					 
					
						2022-09-13 16:45:36 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ed41a60aae 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						... 
						
						
						
						# Conflicts:
#	config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
#	config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
#	web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java 
						
						
					 
					
						2022-09-06 11:51:55 -05:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
						
						
							
						
						
							86fbb8db07 
							
						 
					 
					
						
						
							
							Add new interfaces for CSRF request processing  
						
						... 
						
						
						
						Issue gh-4001
Issue gh-11456 
						
						
					 
					
						2022-09-06 11:43:33 -05:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							e17989d92d 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-09-01 09:39:33 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							ff6fd78d64 
							
						 
					 
					
						
						
							
							Merge branch '5.7.x' into 5.8.x  
						
						
						
						
					 
					
						2022-09-01 09:39:10 -03:00 
						 
				 
			
				
					
						
							
							
								Marcus Da Coregio 
							
						 
					 
					
						
						
						
						
							
						
						
							0a08a23423 
							
						 
					 
					
						
						
							
							Merge branch '5.6.x' into 5.7.x  
						
						
						
						
					 
					
						2022-09-01 09:38:33 -03:00 
						 
				 
			
				
					
						
							
							
								Underground Hill 
							
						 
					 
					
						
						
						
						
							
						
						
							8b74bf9742 
							
						 
					 
					
						
						
							
							Updated reference to architecture page  
						
						... 
						
						
						
						In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page 
						
						
					 
					
						2022-09-01 09:38:10 -03:00 
						 
				 
			
				
					
						
							
							
								Steve Riesenberg 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8474acebf2 
							
						 
					 
					
						
						
							
							Merge branch '5.8.x'  
						
						
						
						
					 
					
						2022-08-29 15:12:48 -05:00 
						 
				 
			
				
					
						
							
							
								he1ex-tG 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							568277f8bc 
							
						 
					 
					
						
						
							
							Mistake in Kotlin code representation is fixed  
						
						
						
						
					 
					
						2022-08-29 15:11:10 -05:00