0ac554ee3e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13238
2023-05-26 14:25:20 -06:00
8ccc03fdb6
Update Resource Server Docs
...
Closes gh-13147
2023-05-26 14:24:31 -06:00
f03e045710
Add @EnableTransactionManagement Reference Details
...
Issue gh-13152
2023-05-24 10:26:59 -06:00
bf597bce4a
Merge branch '6.0.x'
...
Closes gh-13206
2023-05-22 14:45:49 -06:00
c3174179a3
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13205
2023-05-22 14:45:28 -06:00
6b19728c54
Fix legacy-websocket-configuration cross-reference
...
Closes gh-12969
2023-05-22 14:44:34 -06:00
0e3ee89902
Merge branch '6.0.x'
2023-05-18 11:08:11 -06:00
cdac708051
Merge branch '5.8.x' into 6.0.x
2023-05-18 11:08:00 -06:00
219faf29d4
Merge branch '5.7.x' into 5.8.x
2023-05-18 11:07:42 -06:00
b6f3cb71e6
Add Missing AuthorizationRequestRepository in Snippet
...
Closes PR-13099
2023-05-18 10:54:19 -06:00
f54c344989
Move imports to code section
...
Issue gh-13089
2023-05-15 09:22:57 -05:00
e7fa34008b
Revisit CSRF page
...
Closes gh-13089
2023-05-12 12:29:32 -05:00
97a42ba190
Update SpEL Documentation
...
Closes gh-12974
2023-05-12 08:37:26 -06:00
eea3b7734f
Address Antora Warnings
2023-05-10 15:57:25 -06:00
810e57686e
Merge branch '6.0.x'
2023-05-10 15:56:49 -06:00
1b4b91a35c
Merge branch '5.8.x' into 6.0.x
2023-05-10 15:56:18 -06:00
b969179b5c
Merge branch '5.7.x' into 5.8.x
2023-05-10 15:53:22 -06:00
3469bcb822
Address Antora Warnings
2023-05-10 15:51:49 -06:00
d194e2a725
Revisit Getting Started Page
...
Closes gh-12213
Closes gh-12551
2023-05-10 15:26:41 -06:00
1631cac150
Fix typo cas.adoc
2023-05-03 11:26:04 -03:00
9078730c5b
Merge branch '6.0.x'
2023-05-03 11:13:38 -03:00
dfbfa9199d
X-XSS-Protection is now disabled
2023-05-03 11:13:08 -03:00
b6dcb29a11
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13125
2023-05-02 16:08:48 -03:00
6d37ca1808
Fix code snippets in Authorize HttpServletRequest
...
Closes gh-11522
2023-05-02 16:06:27 -03:00
e5fcf1ebcf
Revisit Request and Method Security Docs
...
Issue gh-13088
2023-05-01 14:09:22 -06:00
42cd19fcee
Merge branch '6.0.x'
...
Closes gh-13103
2023-04-26 15:59:20 -03:00
8c5f13657e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13102
2023-04-26 15:58:25 -03:00
5632469a90
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13101
2023-04-26 15:57:32 -03:00
e61adcb0cd
Clarify that Kotlin DSL needs an import
...
Closes gh-13092
2023-04-26 15:56:47 -03:00
bb402a706f
Update acls.adoc
...
Fix the spring security samples link
2023-04-24 16:38:24 -06:00
9edbac7233
Update architecture.adoc
...
`RoleHierarchy` doesn't have the `setHierarchy` method, so the snippet doesn't work as is. The method is declared inside `RoleHierarchyImpl`
2023-04-24 16:37:47 -06:00
33b266e8fa
Add Boot Link
...
Issue gh-13062
2023-04-18 11:33:48 -06:00
3f6f01ce20
Add Spring MVC Links
...
Issue gh-13062
2023-04-18 11:23:57 -06:00
62fec2f969
Revisit Logout Docs
...
Closes gh-13062
2023-04-17 16:58:43 -06:00
04b3d07319
Merge branch '6.0.x'
2023-04-17 07:30:54 -03:00
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
76eba9bd0c
Add withIssuerLocation
...
Closes gh-10309
2023-04-12 16:36:15 -06:00
fb3ed7288c
Merge branch '6.0.x'
...
Closes gh-12981
2023-04-10 11:15:33 -05:00
54de5c9537
Fix documentation code block bug.
...
Closes gh-12980
2023-04-10 11:11:10 -05:00
ff4e926111
Merge branch '6.0.x'
...
Closes gh-12942
2023-03-28 15:23:51 -03:00
b4b4cd0ffa
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12941
2023-03-28 15:23:21 -03:00
eb58655fa9
Improve Docs by mentioning that Empty SecurityContext should be saved
...
Closes gh-12906
2023-03-28 15:21:30 -03:00
dfdadc90cf
Merge branch '6.0.x'
...
Closes gh-12933
2023-03-27 14:43:00 -06:00
834e361898
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12932
2023-03-27 14:41:07 -06:00
6bda1d2bf3
Document WebExpressionAuthorizationManager
...
Closes gh-12928
2023-03-27 14:38:09 -06:00
13f707a6d5
Merge branch '6.0.x'
2023-03-22 10:34:19 -03:00
9ec9e77c6b
Merge branch '5.8.x' into 6.0.x
2023-03-22 10:34:02 -03:00
a708007536
fix ID of WebSocket Authorization section
...
Throughout this document there are 3 references to `<<websocket-authorization>>` but the section ID was actually named `[[websocket-configuration]]`
2023-03-22 10:33:10 -03:00
57e134cc5f
Merge branch '6.0.x'
2023-03-22 10:12:28 -03:00
ed42dc4a09
chore: typo, removed extra "s" in word implementationss
2023-03-22 10:11:16 -03:00
2fa1bbc9d1
Fix typo architecture.adoc
2023-03-22 10:10:28 -03:00
1730efd130
Merge branch '6.0.x'
2023-03-22 09:22:12 -03:00
8a2b96795e
Merge branch '5.8.x' into 6.0.x
2023-03-22 09:21:50 -03:00
c75ee25a6d
Fix documentation code block bug
...
Fixes #12850
2023-03-22 09:21:09 -03:00
6f5172d388
Merge branch '6.0.x'
2023-03-20 16:18:45 -06:00
cfeb1ce303
Fix docs typo
2023-03-20 16:18:10 -06:00
2b6a2c22db
Merge branch '6.0.x'
2023-03-20 15:24:45 -06:00
b22dd9a3e9
Merge branch '5.8.x' into 6.0.x
2023-03-20 15:24:19 -06:00
4154ed543a
Fix .access(...) parameter
2023-03-20 15:23:40 -06:00
8ad91287d9
Fix Broken Link
...
Closes gh-12824
2023-03-20 15:13:10 -06:00
3ad6c6ce06
Use EntityId-lookup Components
...
Closes gh-12880
2023-03-17 18:00:02 -06:00
dbdf04f151
SAML Response Reads EntityId
...
Closes gh-10243
2023-03-17 18:00:02 -06:00
3f2816f745
Logout Request Reads EntityId
...
Closes gh-12843
Closes gh-12845
2023-03-17 18:00:02 -06:00
46452c0cae
Add saml2Metadata
...
Closes gh-11828
2023-03-17 18:00:02 -06:00
ac1d269e73
Merge branch '6.0.x'
...
Closes gh-12839
2023-03-07 11:53:01 -07:00
ffe029d5bd
Fix broken links in form login section
...
Closes gh-12822
2023-03-07 11:52:19 -07:00
3b447b938c
fix missing semi-colon java example in observability documentation
2023-03-03 15:04:16 -07:00
e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
7c89bd8c90
Merge branch '6.0.x'
...
Closes gh-12809
2023-02-28 17:28:37 -06:00
8b2ce79341
Correct deprecated description in docs
...
Remove deprecated SecurityContextPersistenceFilter from docs.
Closes gh-12690
2023-02-28 17:01:47 -06:00
41fadaecd3
Merge branch '6.0.x'
...
Closes gh-12800
2023-02-28 13:08:47 -07:00
e28ea6dbad
Preserve OpenSamlAssertingPartyDetails Instance
...
Closes gh-12667
2023-02-28 13:08:13 -07:00
aedabf5504
Merge branch '6.0.x'
2023-02-28 12:49:33 -07:00
ddad623abf
Merge branch '5.8.x' into 6.0.x
2023-02-28 12:49:04 -07:00
383e0c2cf0
Merge branch '5.7.x' into 5.8.x
2023-02-28 12:47:06 -07:00
0421e25cba
Document Common SAML URI Endpoints
...
Issue gh-12764
2023-02-28 12:45:48 -07:00
1c885cf3a3
Document Federation Usecase
...
Closes gh-12764
2023-02-28 12:35:04 -07:00
be2958ed13
Merge branch '6.0.x'
...
Closes gh-12784
2023-02-24 13:51:34 -07:00
109f6e7028
Add Note about RoleHierarchy
...
Closes gh-12766
2023-02-24 13:43:43 -07:00
eac1f846b3
Update RoleHierarchy Docs
...
Closes gh-12766
2023-02-24 12:00:35 -07:00
82642dc9ba
Merge branch '6.0.x'
...
Closes gh-12730
2023-02-17 15:52:43 -06:00
f2c4656abd
Fix typo in form.adoc
...
Closes gh-12678
2023-02-17 15:52:26 -06:00
a1b282ff03
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12693
2023-02-17 10:09:32 -07:00
2db4430dcd
Preserve OpenSamlAssertingPartyDetails Instance
...
Closes gh-12667
2023-02-17 10:02:17 -07:00
5286b78308
Merge branch '6.0.x'
...
Closes gh-12684
2023-02-16 13:27:17 -06:00
c4f68d83bf
Document default CsrfTokenRequestHandler in 6.0
...
Closes gh-12651
2023-02-16 13:26:23 -06:00
4bb944e7e5
Merge branch '6.0.x'
2023-02-16 10:58:02 -03:00
5ccf414f02
Merge branch '5.8.x' into 6.0.x
2023-02-16 10:57:33 -03:00
82c86b822f
Polish session-management.adoc
...
Remove unresolved anchor
Issue gh-12519
2023-02-16 10:57:02 -03:00
78c70d8c9b
Merge branch '6.0.x'
2023-02-16 10:53:27 -03:00
e59f71f036
Polish session-management.adoc
...
Remove default values from configuration
Issue gh-12519
2023-02-16 10:52:55 -03:00
5d8df25b10
Merge branch '6.0.x'
...
Closes gh-12681
2023-02-16 10:44:12 -03:00
ce222de7e6
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12680
2023-02-16 10:42:56 -03:00
4f3faa78f7
Revisit Session Management docs
...
Closes gh-12519
2023-02-16 10:39:59 -03:00
c4485a8909
Merge branch '6.0.x'
2023-02-07 14:15:26 -07:00
2b36499700
Update expression-based.adoc
...
Removed a duplicate paragraph that was phrased a bit differently.
2023-02-07 13:00:59 -07:00
c47fbf7cfd
move code comment to callout
2023-01-18 14:41:57 -06:00
5beabbe357
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12553
2023-01-17 15:03:14 -06:00
f5bc6ce665
fix unclosed block in docs
2023-01-17 15:02:30 -06:00
ce11015e53
Merge branch '6.0.x'
...
Closes gh-12518
2023-01-10 10:44:21 -07:00
21ceb333a8
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12517
2023-01-10 10:43:25 -07:00
6f43104eb3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12516
2023-01-10 10:42:45 -07:00
2028507bf8
Fix Typo in Sample
...
Closes gh-11095
2023-01-10 10:38:28 -07:00
cb18e34b76
Merge branch '6.0.x'
2023-01-05 10:33:38 -07:00
9535566f84
Update multitenancy.adoc
...
The Java example at line 421 should use the injected `jwtValidator` and not from the current class referenced by `this. jwtValidator`.
2023-01-05 10:32:57 -07:00
73c12f9aa8
Merge branch '6.0.x'
2022-12-19 16:53:35 -03:00
b9f9139f5e
Merge branch '5.8.x' into 6.0.x
2022-12-19 16:53:22 -03:00
5406fed5dc
Merge branch '5.7.x' into 5.8.x
2022-12-19 16:53:05 -03:00
fbfa13bd47
Fix OAuth 2.0 testing docs
2022-12-19 16:52:25 -03:00
00019c1fb9
Merge branch '6.0.x'
...
Closes gh-12406
2022-12-15 14:41:27 -06:00
ed657a8fac
Polish gh-12280
...
Apply editing changes from gh-9668
2022-12-15 14:18:24 -06:00
edd1915d1b
Corrected errors on the ACLS document
...
Closes gh-12270
2022-12-15 14:16:55 -06:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
626e53d121
Fix: Replace tenantRepository with tenants
2022-12-05 14:31:24 -08:00
547a1a11d1
Merge branch '6.0.x'
...
Closes gh-12342
2022-12-05 12:26:39 -08:00
42a00e2003
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12341
2022-12-05 12:26:00 -08:00
d2b33a2583
Fix docs
...
Closes gh-11396
2022-12-05 12:25:26 -08:00
eb57d9e5c1
Merge branch '6.0.x'
2022-11-29 16:26:13 -07:00
c60c10792c
Fix Observability Opt-out Documentation Typo
...
Issue gh-12268
2022-11-29 16:24:57 -07:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
3e0e532ed7
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12287
2022-11-24 08:48:27 -03:00
5db7ac4ce3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12286
2022-11-24 08:48:05 -03:00
9b3f834bff
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12285
2022-11-24 08:47:46 -03:00
70bfc39418
Fix AuthorizationFilter diagram in docs
...
Closes gh-12274
2022-11-24 08:46:16 -03:00
34102a6531
Document default SecurityContextRepository
...
Issue gh-12049
2022-11-18 16:14:22 -06:00
1a3be83084
Merge branch '5.8.x'
...
Closes gh-12185
2022-11-09 12:28:37 -06:00
9071f10759
Document DelegatingSecurityContextRepository
...
Closes gh-12069
2022-11-09 12:19:43 -06:00
8af3b5afe4
Fix documentation part of Multiple HttpSecurity Instances
...
`http.antMatcher()` is not longer available and was replaced with
`http.securityMatcher()`, so use this in the Java Config Multiple
HttpSecurity Instances example, too
2022-11-08 13:51:05 -03:00
c7b9b33cd1
Merge branch '5.8.x'
2022-11-03 08:23:50 -03:00
4d646a2978
Merge branch '5.7.x' into 5.8.x
2022-11-03 08:23:26 -03:00
067fc1678c
Merge branch '5.6.x' into 5.7.x
2022-11-03 08:22:09 -03:00
01a37dd678
Fix typo
...
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
2022-11-03 08:21:48 -03:00
aad01447c3
docs: fix realm typo
2022-11-03 08:21:26 -03:00
cca999c57d
Merge remote-tracking branch 'origin/5.8.x'
2022-11-01 13:46:08 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
3da0d1bf27
Merge branch '5.8.x'
2022-10-27 15:39:03 -05:00
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
d40ed58118
Merge branch '5.8.x'
...
Closes gh-12091
Closes gh-12092
2022-10-26 14:56:02 -05:00
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
7adc000c6b
Merge remote-tracking branch 'origin/5.8.x'
2022-10-25 14:42:32 -06:00
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
c5e35bf32e
Merge branch '5.8.x'
...
Closes gh-11978
2022-10-10 09:24:50 -03:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
48e31f87e4
Remove Deprecated OpenSAML 3 Support
...
Closes gh-10556
2022-09-20 16:57:38 -06:00
2431dd1103
Merge branch '5.8.x'
2022-09-13 17:38:10 -05:00
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
ed41a60aae
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
# config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
# web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
2022-09-06 11:51:55 -05:00
86fbb8db07
Add new interfaces for CSRF request processing
...
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
e17989d92d
Merge branch '5.8.x'
2022-09-01 09:39:33 -03:00
ff6fd78d64
Merge branch '5.7.x' into 5.8.x
2022-09-01 09:39:10 -03:00
0a08a23423
Merge branch '5.6.x' into 5.7.x
2022-09-01 09:38:33 -03:00
8b74bf9742
Updated reference to architecture page
...
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
8474acebf2
Merge branch '5.8.x'
2022-08-29 15:12:48 -05:00
568277f8bc
Mistake in Kotlin code representation is fixed
2022-08-29 15:11:10 -05:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
81d6b6df6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:38:03 -05:00
89f8310d6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:00:47 -05:00
8ad20b1768
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-16 13:47:31 -05:00
5b64526ba9
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-15 17:07:02 -05:00
425b3501b7
Remove `@Configuration` from `@Enable*` Annotations
...
This removes `@Configuration` from all `@Enable` Annotations and explicitly
adds `@Configuration` to wherever the `@Enable*` Annotations are used.
Closes gh-11653
2022-08-09 17:00:24 -05:00
a5069d7e35
Fix Add @Configuration to @Enable*Security Usage
...
Issue gh-6613
2022-08-09 17:00:16 -05:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
0c549ee147
Use SHA256 by default in Remember Me
...
Closes gh-11520
2022-07-25 10:33:12 -03:00
f45c4d4b8e
Add SHA256 as an algorithm option for Remember Me token hashing
...
Closes gh-8549
2022-07-15 10:41:03 -03:00
dda98f333c
Polish
...
Make encodingAlgorithm final and add it to the constructor
Add since tags
Add more tests
2022-07-15 10:34:36 -03:00
e17fe8ced9
Add SHA256 as an algorithm option for Remember Me token hashing
...
Closes gh-8549
2022-07-15 10:34:36 -03:00
35fc437559
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
2022-07-14 09:25:49 -06:00
9608eaa138
Clarify authorize-http-requests docs
...
Issue gh-11467
2022-07-14 10:19:31 -03:00
64ba31aebb
Improve docs on dispatcherTypeMatcher
...
Closes gh-11467
2022-07-14 10:08:19 -03:00
57d6ab7134
Improve docs on dispatcherTypeMatcher
...
Closes gh-11467
2022-07-14 09:13:46 -03:00
624fdfa731
Add AuthorizationManager for protect-pointcut
...
Closes gh-11323
2022-07-13 17:58:16 -06:00
6455e98745
FilterSecurityInterceptor applies to every request by default
...
Closes gh-11466
2022-07-12 10:53:03 -03:00
ce67fb08fd
Clearly end sentence in note before next sentence
2022-07-11 17:38:44 -06:00
6e63278ab9
Use Collection<ConfigAttribute> in examples
...
To match `org.springframework.security.access.ConfigAttribute`.
2022-07-11 17:38:44 -06:00
2c0a4337a8
Clearly end sentence in note before next sentence
2022-07-11 17:36:30 -06:00
9f4b0ca8b5
Use Collection<ConfigAttribute> in examples
...
To match `org.springframework.security.access.ConfigAttribute`.
2022-07-11 17:36:30 -06:00
148c926de0
Support AuthorizationManager for intercept-methods Element
...
Closes gh-11328
2022-07-06 13:01:57 -06:00
74a007dc91
Support AuthorizationManager for intercept-methods Element
...
Closes gh-11328
2022-07-06 12:54:05 -06:00
bffe08465a
Add SecurityContextHolderStrategy XML Configuration for Messaging
...
Issue gh-11061
2022-06-27 16:24:27 -06:00
74167d62b1
Add SecurityContextHolderStrategy XML Configuration for Messaging
...
Issue gh-11061
2022-06-27 15:55:28 -06:00
5e4e7abf15
Add SecurityContextHolderStrategy XML Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:40:55 -06:00
9cd7c7b046
Add SecurityContextHolderStrategy XML Configuration for Method Security
...
Issue gh-11061
2022-06-27 13:05:07 -06:00
11a74a2926
Fix method call example on documentation
2022-06-24 17:05:31 -06:00
150b81d008
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 12:21:10 -06:00
2a70707c35
Add SecurityContextHolderStrategy XML Configuration for Defaults
...
Issue gh-11061
2022-06-17 11:28:10 -06:00
a3e996a66b
Fix title render issue of Digest Authentication document
...
Closes gh-11272
2022-06-01 17:33:41 -05:00
953b54f63d
Fix title render issue of Digest Authentication document
...
Closes gh-11272
2022-06-01 15:15:03 -05:00
6b1d5ec6ae
Fix title render issue of Digest Authentication document
...
Closes gh-11272
2022-06-01 15:13:06 -05:00
aca3fc2412
Update opaque-token.adoc
...
Fixing yaml sample in Servlet and Reactive pages
2022-06-01 08:51:44 -03:00
0c31cb21dc
Update opaque-token.adoc
...
Fixing yaml sample in Servlet and Reactive pages
2022-06-01 08:50:56 -03:00
24701b547f
Update opaque-token.adoc
...
Fixing yaml sample in Servlet and Reactive pages
2022-06-01 08:49:47 -03:00
b9acdd5058
Update opaque-token.adoc
...
Fixing yaml sample in Servlet and Reactive pages
2022-06-01 13:43:42 +02:00
2afa9313eb
Use AuthorizationManager in <http>
...
Closes gh-11305
2022-05-31 16:01:41 -06:00
9dbd1f3e25
Use AuthorizationManager in <http>
...
Closes gh-11305
2022-05-31 15:10:00 -06:00
d7077b441a
Correct access(String) reference
...
Closes gh-11280
2022-05-27 15:00:15 -06:00
292585080a
Correct access(String) reference
...
Closes gh-11280
2022-05-27 14:59:06 -06:00
0abc54c7de
Correct access(String) reference
...
Closes gh-11280
2022-05-27 14:52:20 -06:00
ff0d85e2ac
Correct access(String) reference
...
Closes gh-11280
2022-05-27 14:51:45 -06:00
f4c0fcb5ef
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 13:35:19 -06:00
101f11ba94
Improve ContextConfiguration Docs
...
Point to updated Spring Reference
Issue gh-10934
2022-05-27 13:12:56 -06:00
18b903f6e3
Polish ExtendWith Docs
...
Use spring-framework-reference-url placeholder
Issue gh-10934
2022-05-27 13:12:56 -06:00
038266a94f
Update JUnit 5 annotations in documentation
...
- replace Before with BeforeEach
- replace RunWith with ExtendWith
Closes gh-10934
2022-05-27 13:12:55 -06:00
bbff945b95
Restore missing link text
...
Issue gh-10934
2022-05-27 13:00:20 -06:00
8690accd57
Improve ContextConfiguration Docs
...
Point to updated Spring Reference
Issue gh-10934
2022-05-27 12:57:57 -06:00
e3c15260e7
Polish ExtendWith Docs
...
Use spring-framework-reference-url placeholder
Issue gh-10934
2022-05-27 12:57:57 -06:00
9625382b22
Update JUnit 5 annotations in documentation
...
- replace Before with BeforeEach
- replace RunWith with ExtendWith
Closes gh-10934
2022-05-27 12:57:56 -06:00
dda026b5fc
Improve ContextConfiguration Docs
...
Point to updated Spring Reference
Issue gh-10934
2022-05-27 12:57:02 -06:00
2363dbb4e4
Polish ExtendWith Docs
...
Use spring-framework-reference-url placeholder
Issue gh-10934
2022-05-27 12:56:57 -06:00
23cc1eb32b
Update JUnit 5 annotations in documentation
...
- replace Before with BeforeEach
- replace RunWith with ExtendWith
Closes gh-10934
2022-05-27 12:56:51 -06:00
ff0b1712b6
Improve ContextConfiguration Docs
...
Point to updated Spring Reference
Issue gh-10934
2022-05-27 12:46:36 -06:00
0a64579b1e
Polish ExtendWith Docs
...
Use spring-framework-reference-url placeholder
Issue gh-10934
2022-05-27 12:46:27 -06:00
416f94f979
Update Junit5 annotations in documentation
...
- replace Before with BeforeEach
- replace RunWith with ExtendWith
Closes gh-10934
2022-05-27 12:46:04 -06:00
8a03d1fcec
Add AuthorizationManager to Messaging
...
Closes gh-11076
2022-05-27 12:20:48 -06:00
0e9228d10a
Prepare for Spring Security 5.8
2022-05-02 16:34:23 -06:00
a0232ed135
Add shouldFilterAllDispatcherTypes to Kotlin DSL
...
Closes gh-11153
2022-04-28 08:34:48 -03:00
e94adedb94
Add shouldFilterAllDispatcherTypes to Kotlin DSL
...
Closes gh-11153
2022-04-28 08:19:20 -03:00
9a9a43a0c0
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:18:25 -05:00
aaf78330b1
ForceEagerSessionCreationFilter
...
Closes gh-11109
2022-04-15 14:16:35 -05:00
5367524030
Change the default of shouldFilterAllDispatchTypes to true
...
Closes gh-11107
2022-04-14 16:30:42 -03:00
84b5c76a7b
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 16:10:36 -03:00
7fea639a43
Add Option to Filter All Dispatcher Types
...
Closes gh-11092
2022-04-14 15:58:00 -03:00
39b0620a84
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:44 -05:00
7be32872e9
Add DisableUrlRewritingFilter
...
Closes gh-11084
2022-04-08 16:13:24 -05:00
b71d9bfdc2
Fix typo
2022-04-06 11:09:41 +02:00
ed8887e0fc
Fix typo
2022-04-06 11:09:15 +02:00
4ee5800ec9
use okta as registration id
...
looks like `ping` is some registration id used in the past.
Closes gh-11034
2022-03-30 14:41:03 -06:00
d4931ecf2b
use okta as registration id
...
looks like `ping` is some registration id used in the past.
2022-03-30 14:40:25 -06:00
51a99701ad
use okta as registration id
...
looks like `ping` is some registration id used in the past.
2022-03-30 14:39:39 -06:00
ce720ad38e
Document Authorization Events
...
Issue gh-9288
2022-03-29 16:37:22 -06:00
04c483387e
Document Authorization Events
...
Issue gh-9288
2022-03-29 16:03:20 -06:00
759d983d62
Fix formatting in reference docs
2022-03-24 15:15:20 +01:00
d4d6ddbaae
Fix formatting in reference docs
2022-03-24 15:13:50 +01:00
f0168c6c27
Add support for customizing claims in JWT Client Assertion
...
Closes gh-9855
2022-03-17 09:53:16 -05:00
428216b322
Add support for customizing claims in JWT Client Assertion
...
Closes gh-9855
2022-03-17 09:50:25 -05:00
54b033078b
Allow configuring PKCE for confidential clients
...
Closes gh-6548
2022-03-16 13:36:10 -04:00
a2ffc88294
Allow configuring PKCE for confidential clients
...
Closes gh-6548
2022-03-16 13:33:12 -04:00
972039e65c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-12 13:31:04 -06:00
87ed31a99c
Add SecurityContextHolderFilter
...
Closes gh-9635
2022-03-11 17:22:23 -06:00
ae7d56d65b
Add Persistence to documentation
...
Closes gh-10962
2022-03-11 13:43:11 -06:00
6e45a376cd
Remove "Hi ... there" From Docs
...
Close gh-10963
2022-03-11 13:42:38 -06:00
e4f1826622
Remove "Hi ... there" From Docs
...
Close gh-10963
2022-03-11 13:41:19 -06:00
b71b2f81e1
Add Persistence to documentation
...
Closes gh-10962
2022-03-11 13:41:19 -06:00
abd33389be
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:49:29 -07:00
ac9c29b2a0
Add UsernamePasswordAuthenticationToken factory methods
...
- unauthenticated factory method
- authenticated factory method
- test for unauthenticated factory method
- test for authenticated factory method
- make existing constructor protected
- use newly factory methods in rest of the project
- update copyright dates
Closes gh-10790
2022-03-09 15:23:35 -07:00
1762a4ce70
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 10:48:34 -03:00
1cbe7a75d3
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 10:40:26 -03:00
93d4fd3559
Add SAML 2.0 Single Logout XML Support
...
Closes gh-10842
2022-03-09 09:18:01 -03:00
73f839312d
Add SAML 2.0 Login XML Support
...
Closes gh-9012
2022-03-09 09:18:01 -03:00
386e8a86a1
add Kotlin examples for Spring Data Integration of servlet application
2022-02-18 08:54:04 -03:00
45a88fc391
add Kotlin examples for Spring Data Integration of servlet application
2022-02-18 08:49:27 -03:00
8a56e4f35e
add Kotlin examples for Spring Data Integration of servlet application
2022-02-18 08:46:20 -03:00
a2d1965c25
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:30:45 +01:00
c6b185465d
Add DEFAULT_USER_SCHEMA_DDL_LOCATION constant
...
Closes gh-10837
2022-02-15 11:24:23 +01:00
f64181ab41
Update docs to use multi-tenancy
...
Closes gh-10572
2022-02-14 17:18:48 +01:00
77ba94e1db
Update docs to use multi-tenancy
...
Closes gh-10572
2022-02-14 11:07:42 +01:00
4142f06259
Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs
...
Closes gh-10003
2022-02-08 18:10:58 +01:00
4492e5b667
Replace WebSecurityConfigurerAdapter with SecurityFilterChain in docs
...
Closes gh-10003
2022-02-08 16:12:10 +01:00
85e531ec74
Fix typo in role hierarchy docs
...
Closes gh-10804
2022-02-04 16:32:47 +01:00
27ecae2545
Fix typo in role hierarchy docs
...
Closes gh-10804
2022-02-04 16:31:19 +01:00
28b363551e
Use lambda DSL in logout header docs
2022-02-04 16:26:51 +01:00
7c9de7d0ff
Use lambda DSL in logout header docs
2022-02-04 16:26:18 +01:00
55cccbf727
Fix broken link to SAML2 login example
2022-02-03 10:20:45 -06:00
e5def290a1
Fix broken link to SAML2 login example
2022-02-03 10:10:04 -06:00
13d8b69ee4
Fix broken link to SAML2 login example
2022-02-03 09:42:21 -06:00
Josh Cummings
Jan Marten
moli
Steve Riesenberg
1993heqiang
Marcus Da Coregio
Glenn Adams
Nikita Eshkeev
Rob Winch
slauth
Jesper Rønn-Jensen
Gabriel Maciel
Bishakh Ghosh
zks
el-hopaness-romtic
Logan Kulinski
rai-sandeep
Wyfrel
hdeadman
Qie
Byeonggon Lee
Dmitriy Grushin
Dan Allen
Olivier Délèze
Eleftheria Stein-Kousathana
Wilson-Emmanuel
Sellami
Johannes Graf
Rivaldi
Márk Kővári
Ger Roza
Daniel Garnier-Moiroux
ch4mpy
Underground Hill
he1ex-tG
Igor Bolic
Joshua Sattler
Tim te Beek
Vinícius Hashimoto
sKai.fun
André Luis Gomes
nor-ek
Pascal Verdage
Joe Grandja
Talerngpong Virojwutikul
Yuriy Savchenko
giger85
Ken Dombeck