Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,889 Commits 32 Branches 333 Tags 111 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
Josh Cummings cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Josh Cummings fe96a62dfc
Document Observability Support 
Issue gh-10964
 2022-10-12 20:32:25 -06:00
Daniel Garnier-Moiroux 27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg 6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Josh Cummings 84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 14:46:48 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements 
Issue gh-9401
 2022-08-25 14:36:03 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support 
Closes gh-10920
 2022-08-25 14:36:02 -06:00
Joshua Sattler 040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
Steve Riesenberg a72c5a55db
Revert "Remove @Configuration from webflux config examples" 
This reverts commit aec9effb88.
 2022-07-26 16:46:01 -05:00
Joshua Sattler aec9effb88 Remove @Configuration from webflux config examples 2022-07-26 16:34:10 -05:00
Yuriy Savchenko 0f64d4c091 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 14:04:16 -03:00
Yuriy Savchenko 7c7751635d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:56:41 -03:00
Yuriy Savchenko 5322352427 Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:49:21 -03:00
Yuriy Savchenko db9d60e82d Add Kotlin example for WebTestClient setup docs 
Closes gh-9998
 2022-07-22 13:47:07 -03:00
André Luis Gomes aca3fc2412 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:51:44 -03:00
André Luis Gomes 0c31cb21dc Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:50:56 -03:00
André Luis Gomes 24701b547f Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 08:49:47 -03:00
André Luis Gomes b9acdd5058 Update opaque-token.adoc 
Fixing yaml sample in Servlet and Reactive pages
 2022-06-01 13:43:42 +02:00
nor-ek 038266a94f
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 13:12:55 -06:00
nor-ek 9625382b22
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:57:56 -06:00
nor-ek 23cc1eb32b
Update JUnit 5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:56:51 -06:00
nor-ek 416f94f979 Update Junit5 annotations in documentation 
- replace Before with BeforeEach
- replace RunWith with ExtendWith

Closes gh-10934
 2022-05-27 12:46:04 -06:00
Marcus Da Coregio 806e05855c Replace removed context-related operators 
Closes gh-11194
 2022-05-10 14:58:02 -03:00
Steve Riesenberg f0168c6c27
Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:53:16 -05:00
Steve Riesenberg 428216b322 Add support for customizing claims in JWT Client Assertion 
Closes gh-9855
 2022-03-17 09:50:25 -05:00
Joe Grandja 54b033078b Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:36:10 -04:00
Joe Grandja a2ffc88294 Allow configuring PKCE for confidential clients 
Closes gh-6548
 2022-03-16 13:33:12 -04:00
Lijamaija 660da6f4a0 Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket 
Closes gh-10932
 2022-03-09 17:49:43 +01:00
Lijamaija bc2bb8cb96 Add Kotlin example for SecuritySocketAcceptorInterceptor of RSocket 
Closes gh-10932
 2022-03-09 16:18:09 +01:00
Yuriy Savchenko f64181ab41 Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 17:18:48 +01:00
Yuriy Savchenko 77ba94e1db Update docs to use multi-tenancy 
Closes gh-10572
 2022-02-14 11:07:42 +01:00
Talerngpong Virojwutikul 015036741b Add Kotlin example for logout configuration of reactive authentication 
Closes gh-10819
 2022-02-11 13:16:47 +01:00
Talerngpong Virojwutikul d0faff62df Add Kotlin example for logout configuration of reactive authentication 
Closes gh-10819
 2022-02-11 13:01:43 +01:00
Rob Winch ac990afa5d Document Authorize HTTP Requests for Reactive Security 
Closes gh-10801
 2022-02-03 13:47:35 -06:00
Rob Winch c1dfe407bc Document Authorize HTTP Requests for Reactive Security 
Closes gh-10801
 2022-02-03 13:46:27 -06:00
Rob Winch 51fc4a4ca3 Document Authorize HTTP Requests for Reactive Security 
Closes gh-10801
 2022-02-03 13:46:05 -06:00
Joe Grandja 525f40490c Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:59:14 -05:00
Joe Grandja 214cfe807e Allow Jwt assertion to be resolved 
Closes gh-9812
 2022-01-10 10:42:10 -05:00
Rob Winch 2fb056b5c1 Merge Clean up Reference Documentation 
Closes gh-9668
 2021-12-13 16:57:36 -06:00
Marcus Da Coregio 0beb725259 Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-08 11:07:09 +01:00
Marcus Da Coregio 65426a40ec Add Cross Origin Policies headers 
Add DSL support for Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy and Cross-Origin-Resource-Policy headers

Closes gh-9385, gh-10118
 2021-12-07 17:23:06 +01:00
Steve Riesenberg 32ec8c3ae4 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-07 13:58:24 +01:00
Steve Riesenberg 7ec3b55ab3 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-07 13:48:11 +01:00
Steve Riesenberg 1896a5e669 Fix Reactive OAuth2 Kotlin DSL examples 
Closes gh-10580
 2021-12-06 13:05:50 +01:00
Joe Grandja 4f185724a3 Polish gh-10479 2021-11-12 15:09:50 -05:00