Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 02:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,677 Commits 43 Branches 362 Tags
Commit Graph

2677 Commits

Author SHA1 Message Date
Sébastien Deleuze
65a14d6c6d Add Jackson 3 support 
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
 - jackson subpackage instead of jackson2
 - Jackson type prefix instead of Jackson2
 - JsonMapper instead of ObjectMapper
 - For configuration, JsonMapper.Builder instead of ObjectMapper
   since the latter is now immutable
 - Remove custom support for unmodifiable collections
 - Use safe default typing via a PolymorphicTypeValidator

Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md.

This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Josh Cummings
ba42b9c4cc Update Documentation for All-Factor Propagation 
Issue gh-18000
 2025-10-16 13:41:46 -06:00
Josh Cummings
2e7cdd7b14 Revert "Merge branch 'builder-enhancements'" 
This reverts commit 95644fb73cd405ef4fd683e12773289343547fec, reversing
changes made to fbf7bb3be1eb7bff50cf311e8df7a869e7d9d21b.

Reverting this commit will allow us more time to
consider the ideal way to add this support to the public API.
 2025-10-16 13:41:45 -06:00
Josh Cummings
e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Rob Winch
78701f94ee
Document RequiredFactor Valid Duration 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch
702878acae
Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Rob Winch
e290c98e97
Document Multi-Factor Simple to Complex 
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
 2025-10-10 16:23:38 -05:00
dependabot[bot]
d5c5bb234c Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:01:08 -05:00
Rob Winch
2473378fcd
Use RequiredFactorErrors 
Closes gh-18002
 2025-10-03 15:20:03 -05:00
Rohan Naik
8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja
681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Rob Winch
7f10897de3
SecurityMockMvcResultMatchers.withAuthorities(String...) 
Closes gh-17974
 2025-09-30 10:39:14 -05:00
Rob Winch
667cd4aa7c
Remove unnecessary throws Exception from spring-security-config 
Closes gh-17957
 2025-09-25 11:50:13 -05:00
Josh Cummings
ad6fe4fdc3
Polish MFA Samples 
This commit removes unneeded AuthorizationManagerFactory
implementations, simplifies the custom AuthorizationManagerFactory
example, and updates usage of hasAllAuthorities.

Issue gh-17934
 2025-09-24 17:54:59 -06:00
Rob Winch
f652920bb3
Add @EnableGlobalMultiFactorAuthentication 
Closes gh-17954
 2025-09-24 14:47:26 -05:00
Rob Winch
e33e4d80a9
Fix Antora Warnings in servlet/authentication/adaptive.adoc 
Issue gh-2603
 2025-09-24 13:05:50 -05:00
Rob Winch
b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings
bbba2930e9
Add Initial Documentation 
Issue gh-17934
 2025-09-23 18:16:36 -06:00
Rob Winch
4ef16b14d2
Update terminology to HTTP Service Clients 
Closes gh-17947
 2025-09-22 10:09:04 -05:00
Josh Cummings
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings
1e1cb0097a
Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Rob Winch
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
Rob Winch
675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
Rob Winch
bb6b8ae3f3
Add AllAuthoritiesReactiveAuthorizationManager 
Issue gh-17916
 2025-09-16 16:31:55 -05:00
Rob Winch
5ca18a3b9c
Add password4j implementation of PasswordEncoder 2025-09-15 11:28:39 -05:00
Rob Winch
d0372efadd
Use include-code for password4j docs 
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.

Issue gh-17706
 2025-09-15 11:03:44 -05:00
Rob Winch
9f839384e9
Use non-redundant ids in password4j docs 
Documentation ids no longer need to be globally unique, so they
do not need to include the path. This makes the ids less verbose and
integrates with include-code extension better.

Issue gh-17706
 2025-09-15 11:00:51 -05:00
Rob Winch
11bec09ffc
Escape attribute failures in Password4j docs 
Issue gh-17706
 2025-09-15 10:57:19 -05:00
Rob Winch
c18aff7f5f
Password4j docs 1 sentence per line 
The Antora documentation convention is to use a single sentence per line
as this helps with diffing and merging changes.

Issue gh-17706
 2025-09-15 09:22:08 -05:00
dependabot[bot]
1a99ab5bdf Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-15 08:58:06 -05:00
M.Bozorgmehr
b2d4c52c53 Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
Rob Winch
a0fe04c4aa Document @ClientRegistrationId on types 
Issue gh-17806
 2025-09-12 16:19:27 -05:00
Bernard Budano
02a948da81 Address reviewer requested changes 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Joe Grandja
7ef25cc101 Add HttpSecurity.oauth2AuthorizationServer() 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja
e99ea033c5 Integrate Spring Authorization Server ref docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Joe Grandja
93742a4db3 Manual move of spring-projects/spring-authorization-server docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Rob Winch
cf0ade86fe
Update Kerberos Sample Copyright 
Issue gh-17879
 2025-09-12 15:12:47 -05:00
Rob Winch
1b263cfafb
Fix Keberos Docs http:// 
Issue gh-17879
 2025-09-12 14:39:46 -05:00
Rob Winch
f5fb127c8c
Add Spring Security Kerberos 
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
 2025-09-12 14:25:20 -05:00
Josh Cummings
b87d63cb71
Document spring-security-access 
Closes gh-17847
 2025-09-12 10:32:39 -06:00
Yanming Zhou
5ec7ae6b74 Remove redundant code in document 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-09-10 18:14:37 -06:00
Josh Cummings
b09afb34cc Document Authentication.Builder 
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
 2025-09-09 14:59:14 -06:00
Steve Riesenberg
eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Josh Cummings
0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Rob Winch
d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch
9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch
0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00