spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-22 18:28:51 +00:00

Author	SHA1	Message	Date
Sébastien Deleuze	65a14d6c6d	Add Jackson 3 support This commit adds support for Jackson 3 which has the following major differences with the Jackson 2 one: - jackson subpackage instead of jackson2 - Jackson type prefix instead of Jackson2 - JsonMapper instead of ObjectMapper - For configuration, JsonMapper.Builder instead of ObjectMapper since the latter is now immutable - Remove custom support for unmodifiable collections - Use safe default typing via a PolymorphicTypeValidator Jackson 3 changes compared to Jackson 2 are documented in https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a and https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md. This commit does not cover webauthn which is a special case (uses jackson sub-package for Jackson 2 support) which will be handled in a distinct commit. See gh-17832 Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>	2025-10-19 17:03:19 -05:00
Rob Winch	78701f94ee	Document RequiredFactor Valid Duration Issue gh-17997	2025-10-10 16:24:47 -05:00
Rob Winch	702878acae	Create AuthorizationManagerFactories.multiFactor Closes gh-18032	2025-10-10 16:24:47 -05:00
Rob Winch	d18431a78d	Move FACTOR_ constants to FactorGrantedAuthority Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030	2025-10-10 16:24:46 -05:00
Rob Winch	e290c98e97	Document Multi-Factor Simple to Complex This reworks the Multi-Factor documentation to start with the simplest scenario and work to progressively more complex requirements. Closes gh-18029	2025-10-10 16:23:38 -05:00
Rohan Naik	8c65dc93f2	Enable PKCE by default Closes gh-17507 Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>	2025-10-03 13:08:04 -04:00
Joe Grandja	681e166be8	Remove default HttpSecurity.securityMatcher() for authorization server Closes gh-17965	2025-10-01 11:45:21 -04:00
Rob Winch	f652920bb3	Add @EnableGlobalMultiFactorAuthentication Closes gh-17954	2025-09-24 14:47:26 -05:00
Josh Cummings	bbba2930e9	Add Initial Documentation Issue gh-17934	2025-09-23 18:16:36 -06:00
Rob Winch	4ef16b14d2	Update terminology to HTTP Service Clients Closes gh-17947	2025-09-22 10:09:04 -05:00
Josh Cummings	765bdf1ed0	SpEL Expressions Support Returning AuthorizationManager Closes gh-17936	2025-09-19 12:07:59 -06:00
Josh Cummings	1e1cb0097a	Document Authentication Factors Issue gh-17933	2025-09-19 11:32:28 -06:00
Rob Winch	9eaadcc70d	Add hasAll(Roles\|Authorities) to SecurityExpressionRoot This adds support for hasAllRoles and hasAllAuthorities to method security expressions. Issue gh-17932	2025-09-19 09:33:50 -05:00
Rob Winch	675835e525	Add AuthorizationManagerFactory.hasAll(Authorities\|Roles) Closes gh-17932	2025-09-18 14:19:22 -05:00
Joe Grandja	7ef25cc101	Add HttpSecurity.oauth2AuthorizationServer() Issue gh-17880	2025-09-12 16:20:44 -04:00
Joe Grandja	e99ea033c5	Integrate Spring Authorization Server ref docs Issue gh-17880	2025-09-12 16:20:40 -04:00
Joe Grandja	93742a4db3	Manual move of spring-projects/spring-authorization-server docs Issue gh-17880	2025-09-12 16:20:40 -04:00
Rob Winch	1b263cfafb	Fix Keberos Docs http:// Issue gh-17879	2025-09-12 14:39:46 -05:00
Rob Winch	f5fb127c8c	Add Spring Security Kerberos Move the Spring Security Kerberos Extension into Spring Security Closes gh-17879	2025-09-12 14:25:20 -05:00
Josh Cummings	b87d63cb71	Document spring-security-access Closes gh-17847	2025-09-12 10:32:39 -06:00
Yanming Zhou	5ec7ae6b74	Remove redundant code in document Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	2025-09-10 18:14:37 -06:00
Josh Cummings	b09afb34cc	Document Authentication.Builder The commit documents the new Authentication Builder interface and its usage in the security filter chain. Closes gh-17861 Closes gh-17862	2025-09-09 14:59:14 -06:00
Steve Riesenberg	eeb4574bb3	Add AuthorizationManagerFactory Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>	2025-09-09 15:36:49 -05:00
Josh Cummings	0e39685b9c	Merge branch '6.5.x'	2025-08-22 12:40:41 -06:00
Josh Cummings	9d64880ea9	Merge branch '6.4.x' into 6.5.x	2025-08-22 12:40:12 -06:00
Josh Cummings	8b2a453301	Advise Favoring PostAuthorize on Reads Closes gh-17797	2025-08-22 12:39:51 -06:00
Rob Winch	9bbf837c7c	Merge branch '6.5.x'	2025-08-21 12:44:42 -05:00
Joe Kuhel	d002e68231	Update servlet test method docs to use include-code References gh-16226 Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>	2025-08-21 12:35:13 -05:00
Rob Winch	a8f045eb50	Add Modular Spring Security Configuration Closes gh-16258	2025-08-20 12:16:08 -05:00
Josh Cummings	60c42e3f24	Update SAML 2.0 Documentation to use OpenSAML 5 Closes gh-17707	2025-08-14 18:01:34 -06:00
Josh Cummings	5506c487de	Remove OpenSaml4 Components Issue gh-17707	2025-08-14 18:01:02 -06:00
Tran Ngoc Nhan	371bee685f	Polish `User#withDefaultPasswordEncoder` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-04 09:40:20 -06:00
Marcin Lewandowski	f61a8deccc	Update index.adoc Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>	2025-07-31 11:09:06 -06:00
Josh Cummings	1af665d6c8	Merge branch '6.5.x'	2025-07-31 10:21:50 -06:00
Josh Cummings	c966139338	Merge branch '6.4.x' into 6.5.x	2025-07-31 10:21:36 -06:00
Josh Cummings	a411fb7b8d	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-31 10:21:26 -06:00
Michał Sobkiewicz	c963f4250e	Update Angular documentation links in csrf.adoc Replaced `angular.io` links with their corresponding `angular.dev` URLs. This change ensures that users referencing CSRF documentation are directed to the most current Angular resources. Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>	2025-07-31 10:21:06 -06:00
Josh Cummings	4775fe41db	Merge branch '6.5.x'	2025-07-29 09:28:20 -06:00
Josh Cummings	a9fcec8b46	Merge branch '6.4.x' into 6.5.x	2025-07-29 09:27:47 -06:00
Josh Cummings	452d311a9b	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-29 09:27:23 -06:00
Bernie Schelberg	edcb3b024e	Update Shibboleth repository URL Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>	2025-07-29 09:26:42 -06:00
Josh Cummings	0c42b61cc1	Restore legacy-websocket-configuration Link In this way, links to this section will still arrive at something helpful. Issue gh-17295	2025-07-10 15:03:10 -06:00
Josh Cummings	2c87270dbc	Use authorizeHttpRequests Issue gh-15174	2025-07-09 17:33:11 -06:00
Josh Cummings	dadf10899c	Add WebExpressionAuthorizationManager.Builder Closes gh-17504	2025-07-09 17:33:10 -06:00
Josh Cummings	c312d18191	Add Publishing Predicate Closes gh-17503	2025-07-09 17:33:10 -06:00
Josh Cummings	901b386ca6	Merge branch '6.5.x'	2025-07-09 14:11:14 -06:00
Josh Cummings	9209a33678	Remove References to Deprecated OpenSaml Components Issue gh-11658	2025-07-09 14:10:33 -06:00
Josh Cummings	02d69ec864	Keep EnableWebMvcSecurity Link So that links across the Internet that are pointed at #mvc-enablewebmvcsecurity still arrive at a relevant place, this commit re-adds the mvc-enablewebmvcsecurity link, even though @EnableWebMvcSecurity itself is now removed. Issue gh-17294	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	a439bc65d6	Remove EnableWebMvcSecurity Closes gh-17294 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	242956a63c	Remove deprecated elements from DaoAuthenticationProvider Closes gh-17298 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:38:34 -06:00

1 2 3 4 5 ...

893 Commits