78c70d8c9b
Merge branch '6.0.x'
2023-02-16 10:53:27 -03:00
e59f71f036
Polish session-management.adoc
...
Remove default values from configuration
Issue gh-12519
2023-02-16 10:52:55 -03:00
5d8df25b10
Merge branch '6.0.x'
...
Closes gh-12681
2023-02-16 10:44:12 -03:00
ce222de7e6
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12680
2023-02-16 10:42:56 -03:00
4f3faa78f7
Revisit Session Management docs
...
Closes gh-12519
2023-02-16 10:39:59 -03:00
b0fcc1f0fa
Merge branch '6.0.x'
2023-02-15 17:20:48 -06:00
2876605324
Polish migration doc
...
Issue gh-12675
2023-02-15 17:18:09 -06:00
bf2951b5af
Add sections for migrating exploit protection in 6.0
...
Issue gh-12462
2023-02-15 17:18:09 -06:00
ca1961d35e
Link to the latest 6.0.x release
...
Issue gh-12675
2023-02-15 17:01:28 -06:00
821db0a1ea
Polish migration doc
...
Issue gh-12675
2023-02-15 17:00:49 -06:00
6f5c633241
Fix typo in Authentication Migrations page
2023-02-15 15:14:09 -07:00
26fc15a8b3
Fix typo in Authentication Migrations page
2023-02-15 15:13:41 -07:00
45b81b194b
Expand migration docs regarding CSRF
...
Closes gh-12462
2023-02-15 14:53:28 -06:00
c4485a8909
Merge branch '6.0.x'
2023-02-07 14:15:26 -07:00
2b36499700
Update expression-based.adoc
...
Removed a duplicate paragraph that was phrased a bit differently.
2023-02-07 13:00:59 -07:00
53a273ed54
Fix image in servlet architecture docs section
2023-02-07 12:57:36 -07:00
19c55372a3
Merge branch '6.0.x'
2023-01-30 16:06:53 -06:00
4264258c31
Merge branch '5.8.x' into 6.0.x
2023-01-30 16:06:23 -06:00
eaa9692c0c
Merge branch '5.7.x' into 5.8.x
2023-01-30 16:05:56 -06:00
51d5fb9c03
upgrade the Gradle Antora Plugin to 1.0.0
2023-01-30 16:04:40 -06:00
6abbdd3654
Merge branch '6.0.x'
2023-01-26 15:55:41 -06:00
179428f7da
Add section for migrating WebSocket support
...
Issue gh-12378
2023-01-26 15:45:09 -06:00
33e72b35f9
Add section for migrating WebSocket support
...
Issue gh-12378
2023-01-23 16:00:36 -06:00
c47fbf7cfd
move code comment to callout
2023-01-18 14:41:57 -06:00
eb448de954
Merge branch '6.0.x'
2023-01-17 17:07:37 -06:00
9603a68e8f
Merge branch '5.8.x' into 6.0.x
2023-01-17 17:07:20 -06:00
d42405de42
Merge branch '5.7.x' into 5.8.x
2023-01-17 17:06:03 -06:00
7db357d36a
Use io.spring.antora.generate-antora-yml
2023-01-17 17:05:55 -06:00
5beabbe357
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12553
2023-01-17 15:03:14 -06:00
f5bc6ce665
fix unclosed block in docs
2023-01-17 15:02:30 -06:00
0255319b52
Merge branch '6.0.x'
2023-01-17 14:44:06 -03:00
6f72c07747
Merge branch '5.8.x' into 6.0.x
2023-01-17 14:43:35 -03:00
108b03da3a
Merge branch '5.7.x' into 5.8.x
2023-01-17 14:43:17 -03:00
4cbb057b97
enable fetch option in Antora unless Gradle is running in offline mode
2023-01-17 14:42:54 -03:00
4130690b4e
Merge branch '6.0.x'
2023-01-17 09:47:22 -03:00
20b745e0b7
Merge branch '5.8.x' into 6.0.x
2023-01-17 09:47:08 -03:00
8758a00e90
Merge branch '5.7.x' into 5.8.x
2023-01-17 09:46:56 -03:00
c0f7cecc6d
Merge branch '5.6.x' into 5.7.x
2023-01-17 09:46:41 -03:00
22ffa833ca
upgrade Antora plugin and configure playbook provider to support local build
2023-01-17 09:46:24 -03:00
7456c47568
Merge branch '6.0.x'
...
Closes gh-12528
2023-01-11 12:48:48 -07:00
e0697de7b2
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12527
2023-01-11 12:48:27 -07:00
090c5f96ce
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12526
2023-01-11 12:47:55 -07:00
f41b77a4db
Fix Diagram to Say SecurityContextHolderFilter
...
Closes gh-11800
2023-01-11 12:47:07 -07:00
ce11015e53
Merge branch '6.0.x'
...
Closes gh-12518
2023-01-10 10:44:21 -07:00
21ceb333a8
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12517
2023-01-10 10:43:25 -07:00
6f43104eb3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12516
2023-01-10 10:42:45 -07:00
2028507bf8
Fix Typo in Sample
...
Closes gh-11095
2023-01-10 10:38:28 -07:00
88a8ef647b
Add Details about @Configuration
...
Closes gh-12486
2023-01-06 13:56:56 -07:00
930cc68768
Duplicate words.
2023-01-05 10:36:17 -07:00
393365232b
Duplicate words.
2023-01-05 10:35:28 -07:00
cb18e34b76
Merge branch '6.0.x'
2023-01-05 10:33:38 -07:00
9535566f84
Update multitenancy.adoc
...
The Java example at line 421 should use the injected `jwtValidator` and not from the current class referenced by `this. jwtValidator`.
2023-01-05 10:32:57 -07:00
e139f1c2ba
Polish gh-12438
2022-12-22 11:16:19 -05:00
892bbcfe0f
Add EnableWebFluxSecurity migration step
...
Closes gh-12434
2022-12-21 10:24:25 -03:00
73c12f9aa8
Merge branch '6.0.x'
2022-12-19 16:53:35 -03:00
b9f9139f5e
Merge branch '5.8.x' into 6.0.x
2022-12-19 16:53:22 -03:00
5406fed5dc
Merge branch '5.7.x' into 5.8.x
2022-12-19 16:53:05 -03:00
fbfa13bd47
Fix OAuth 2.0 testing docs
2022-12-19 16:52:25 -03:00
00019c1fb9
Merge branch '6.0.x'
...
Closes gh-12406
2022-12-15 14:41:27 -06:00
ed657a8fac
Polish gh-12280
...
Apply editing changes from gh-9668
2022-12-15 14:18:24 -06:00
edd1915d1b
Corrected errors on the ACLS document
...
Closes gh-12270
2022-12-15 14:16:55 -06:00
88d50a531b
Add EnableWebSecurity migration steps to 5.8 guide
...
Closes gh-12334
2022-12-07 10:22:54 -08:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
626e53d121
Fix: Replace tenantRepository with tenants
2022-12-05 14:31:24 -08:00
7439d5d2de
Revert "Fix typo"
...
This reverts commit 707f8286f8
2022-12-05 14:13:14 -08:00
707f8286f8
Fix typo
2022-12-05 14:09:41 -08:00
547a1a11d1
Merge branch '6.0.x'
...
Closes gh-12342
2022-12-05 12:26:39 -08:00
42a00e2003
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12341
2022-12-05 12:26:00 -08:00
d2b33a2583
Fix docs
...
Closes gh-11396
2022-12-05 12:25:26 -08:00
74e8fa10a2
Fix password encoder migration guide
2022-12-02 14:12:47 -07:00
eb57d9e5c1
Merge branch '6.0.x'
2022-11-29 16:26:13 -07:00
c60c10792c
Fix Observability Opt-out Documentation Typo
...
Issue gh-12268
2022-11-29 16:24:57 -07:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
50da5b6498
Fix securityMatchers code sample
...
Closes gh-12296
2022-11-25 10:18:40 -03:00
3e0e532ed7
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12287
2022-11-24 08:48:27 -03:00
5db7ac4ce3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12286
2022-11-24 08:48:05 -03:00
9b3f834bff
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12285
2022-11-24 08:47:46 -03:00
70bfc39418
Fix AuthorizationFilter diagram in docs
...
Closes gh-12274
2022-11-24 08:46:16 -03:00
2d567cdb09
Merge branch '5.8.x' into 6.0.x
2022-11-23 17:18:52 -06:00
87c074fc26
Merge branch '5.7.x' into 5.8.x
2022-11-23 17:14:56 -06:00
621889fa18
Merge branch '5.6.x' into 5.7.x
2022-11-23 17:12:30 -06:00
fe252f5057
sync docs build; upgrade Antora and Antora Collector to latest alpha
2022-11-21 17:26:51 -07:00
01117b11fe
Polish Kotlin snippet
...
- to match the comments in the related Java snippet
Issue gh-11959
2022-11-20 12:28:45 -07:00
7804e3283b
Fix Migration 6.0 Link
...
Issue gh-12242
2022-11-20 12:26:42 -07:00
e60eb87441
Fix additional typos
...
Issue gh-11959
2022-11-19 23:22:29 -06:00
3d2be56249
Fix reference to CookieServerCsrfTokenRepository
...
Issue gh-11959
2022-11-19 23:12:59 -06:00
4442a618ea
Add reactive opt out steps for CSRF BREACH
...
Issue gh-11959
2022-11-19 23:00:38 -06:00
4994e67eda
Add servlet opt out steps for CSRF BREACH
...
Issue gh-12107
2022-11-19 22:11:18 -06:00
3f5d8b39ce
Restructure Migration Guide
...
Closes gh-12242
2022-11-18 16:57:32 -07:00
34102a6531
Document default SecurityContextRepository
...
Issue gh-12049
2022-11-18 16:14:22 -06:00
1919b4e38b
Migration guide for CAS support removal
...
Issue gh-12163
2022-11-18 15:35:39 -03:00
f17f9f98bd
Fix Broken Link
...
Issue gh-12224
2022-11-18 10:06:16 -07:00
f6fb138363
Change to Preparation Guide
2022-11-18 10:04:20 -07:00
a61fffc209
Document reactive support for CSRF BREACH
...
Issue gh-11959
2022-11-17 09:33:13 -06:00
3cb2b0606e
Document deprecation of tokenFromMultipartDataEnabled
...
Issue gh-12020
2022-11-17 09:33:13 -06:00
17123a3b0f
Polish JwtAuthenticationConverter Preparation Steps
...
Issue gh-12022
2022-11-16 12:00:10 -07:00
63aec87c61
Use Imperative in Headers
...
Issue gh-12224
2022-11-16 11:58:25 -07:00
7675874137
Restructure Migration Steps
...
CLoses gh-12224
2022-11-16 11:35:47 -07:00
063f06e7bf
Register FilterChainProxy for all dispatcher types
...
Closes gh-12180
2022-11-16 09:55:21 -03:00
754fe7f457
Document deprecations in oauth2 modules
...
* oauth2-client
* oauth2-resource-server
Issue gh-12022
2022-11-15 14:06:34 -06:00
9bc38ed318
Register FilterChainProxy for All Dispatcher Types Migration Steps
...
Closes gh-12186
2022-11-15 11:55:03 -07:00
f3d704a27d
Add PasswordEncoder Preparation Steps
...
Issue gh-10506
2022-11-14 15:25:49 -07:00
60e573de26
Add WebSecurityConfigurerAdapter Preparation Steps
...
Issue gh-10902
2022-11-14 10:53:13 -07:00
4ec10a2bca
Document new oauth2Login() authority defaults
...
Issue gh-11887
2022-11-14 10:37:02 -06:00
03b407a49a
Polish migration doc
...
Issue gh-12023
2022-11-14 10:27:19 -06:00
2a6123a456
Document new oauth2Login() authority defaults
...
Issue gh-11887
2022-11-14 09:39:37 -06:00
001452d249
Document CAS support removal
...
Closes gh-12163
2022-11-11 13:29:52 -03:00
1a6a295a07
Document Update to 5.8 in Migration
...
Closes gh-12196
2022-11-10 21:45:41 -06:00
ef8c4d85bc
Document Configure Default SessionAuthenticationStrategy
...
Closes gh-12192
2022-11-10 14:11:10 -06:00
7b28df8ebe
Document deprecation in SecurityContextRepository
...
Issue gh-12023
2022-11-09 14:49:45 -06:00
63cf954e07
Document SecurityContextRepository default
...
Closes gh-12049
2022-11-09 14:49:15 -06:00
aefc157953
Add important note for SecurityContextRepository
...
Issue gh-12049
2022-11-09 14:47:50 -06:00
1a3be83084
Merge branch '5.8.x'
...
Closes gh-12185
2022-11-09 12:28:37 -06:00
ea8fb1f159
Document SecurityContextRepository default
...
Issue gh-12049
2022-11-09 12:19:44 -06:00
2e41e1cbac
Document deprecation in SecurityContextRepository
...
Issue gh-12023
2022-11-09 12:19:44 -06:00
9071f10759
Document DelegatingSecurityContextRepository
...
Closes gh-12069
2022-11-09 12:19:43 -06:00
3366792d3b
Adjust SAML What's New
...
Issue gh-11077
2022-11-08 14:15:38 -07:00
079bb45d94
Add Encryptors Preparation Steps
...
Issue gh-8980
2022-11-08 14:13:44 -07:00
8af3b5afe4
Fix documentation part of Multiple HttpSecurity Instances
...
`http.antMatcher()` is not longer available and was replaced with
`http.securityMatcher()`, so use this in the Java Config Multiple
HttpSecurity Instances example, too
2022-11-08 13:51:05 -03:00
1103e68fc9
Polish Use new requestMatchers method migration
...
Issue gh-12100
2022-11-08 10:31:49 -03:00
89423b38b6
Add requestMatchers and securityMatchers migration steps
...
Issue gh-12100
2022-11-08 08:31:03 -03:00
693bfb66b2
Document how to use the new requestMatchers and securityMatchers
...
Closes gh-12100
2022-11-08 08:27:31 -03:00
6043cee699
Add OpenSaml4AuthenticationProvider Preparation Steps
...
Issue gh-11077
2022-11-07 17:40:19 -07:00
095faffd70
Add RelyingPartyRegistration Preparation Steps
...
Issue gh-11077
2022-11-07 13:37:44 -07:00
33ce3b59b8
Add Saml2AuthenticationToken Preparation Steps
...
Issue gh-11077
2022-11-03 13:57:54 -06:00
2f87309cda
Fix Typo
...
Closes gh-11077
2022-11-03 13:37:13 -06:00
c7b9b33cd1
Merge branch '5.8.x'
2022-11-03 08:23:50 -03:00
4d646a2978
Merge branch '5.7.x' into 5.8.x
2022-11-03 08:23:26 -03:00
067fc1678c
Merge branch '5.6.x' into 5.7.x
2022-11-03 08:22:09 -03:00
01a37dd678
Fix typo
...
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
2022-11-03 08:21:48 -03:00
aad01447c3
docs: fix realm typo
2022-11-03 08:21:26 -03:00
bb43293469
Expand SAML Deprecations What's New
...
Issue gh-11077
2022-11-02 18:03:13 -06:00
5760b6dedf
Add AuthenticationServiceException Reactive Migration Steps
...
Issue gh-9429
Issue gh-12132
2022-11-02 18:02:53 -06:00
953c9294d0
Initial SAML Deprecation Preparation Steps
...
- Stop using Converter constructors
- Replace Saml2AuthenticationRequestContextResolver and
Saml2AuthenticationRequestFactory with
Saml2AuthenticationRequestResolver
Issue gh-11077
2022-11-02 18:01:03 -06:00
ba8f344ccb
Add AuthenticationServiceException Reactive Preparation Steps
...
Issue gh-9429
Issue gh-12132
2022-11-02 15:48:04 -06:00
cca999c57d
Merge remote-tracking branch 'origin/5.8.x'
2022-11-01 13:46:08 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
63fb14f8c8
Add Remember Me SHA-256 migration steps
...
Issue gh-12097
2022-11-01 15:42:21 -03:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
990ee8b8a5
Merge branch '5.8.x'
...
Closes gh-12119
2022-11-01 15:35:12 -03:00
7cbb9e82f9
Document how to opt-in for SHA256 in RememberMe
...
Closes gh-12097
2022-11-01 15:33:45 -03:00
d701946089
Merge branch '5.8.x'
2022-11-01 08:18:30 -03:00
6a4b279145
Merge branch '5.7.x' into 5.8.x
2022-11-01 08:17:50 -03:00
752e943492
Merge branch '5.6.x' into 5.7.x
2022-11-01 08:17:03 -03:00
e9db852d6e
update generateAntora task to keep prerelease segment other than -SNAPSHOT in docs version
2022-11-01 08:13:43 -03:00
2a2f7a197c
Add AuthenticationEntryPointFailureHandler Migration Steps
...
Issue gh-9429
2022-10-31 16:40:21 -06:00
39f4fcd5f2
Add AuthenticationEntryPointFailureHandler Preparation Steps
...
Issue gh-9429
2022-10-31 16:33:25 -06:00
ac7f726a24
Add RunAsManager Preparation Steps
...
Closes gh-11337
2022-10-31 15:46:19 -06:00
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
86c9d5cfbe
Remove Stray Horizontal Rules
...
Issue gh-11337
2022-10-31 15:24:59 -06:00
4112adf6a0
Document Configure Default CsrfTOken BREACH Protection
...
Closes gh-12107
2022-10-28 15:57:25 -05:00
96d7c78b67
Polish Document Defer load CsrfToken
...
Issue gh-12105
2022-10-28 15:51:28 -05:00
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
4938c394e4
Move Opt-out Steps
...
Closes gh-12104
2022-10-28 13:52:02 -06:00
4f5372a3a7
Add Request Security Migration Steps
...
Issue gh-11337
2022-10-28 12:25:44 -06:00
8da916fa1c
Add Request Security Preparation Steps
...
Issue gh-11337
2022-10-28 11:48:21 -06:00
56482e25de
Polish Method Security Migration Steps
...
- Revert steps removed since implicitly included in preparation guide
Issue gh-11337
2022-10-28 09:51:02 -06:00
e900ca3a86
Polish Method Security Preparation Steps
...
- Add instruction to declare 5.8 defaults
Issue gh-11337
2022-10-28 09:46:48 -06:00
b4974bbce9
Polish Message Security Preparation Steps
...
- Added step to declare the 5.8 default in case later preparation steps
cannot be taken yet
Issue gh-11337
2022-10-28 09:26:04 -06:00
f2fc2f9a2b
Add Message Security Cleanup Steps
...
Issue gh-11337
2022-10-28 09:17:58 -06:00
31a1486b88
Add Message Security Preparation Steps
...
Issue gh-11337
2022-10-27 20:08:13 -06:00
855d6b6326
Merge branch '5.8.x'
2022-10-27 15:39:23 -05:00
3da0d1bf27
Merge branch '5.8.x'
2022-10-27 15:39:03 -05:00
5721b0351e
Polish RequestCache continue Kolin Configuration
...
Issue gh-12089
2022-10-27 15:13:50 -05:00
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
1dd13e69a4
Standardize Preparation Guide Layout
...
Closes gh-12096
2022-10-27 10:34:20 -06:00
cc8a93e5ec
Restore Missing Links to Migration Guide
2022-10-26 16:19:44 -06:00
f29d1da0a5
Add Link to 5.8 Preparation Guide
...
Closes gh-12093
2022-10-26 16:19:31 -06:00
2a95a24390
Add Link to 6.0 Migration Guide
...
Issue gh-12093
2022-10-26 16:15:36 -06:00
d40ed58118
Merge branch '5.8.x'
...
Closes gh-12091
Closes gh-12092
2022-10-26 14:56:02 -05:00
2b50aa3ae0
Polish Method Security Migration Steps
...
Removed checkboxes when there is only one step
2022-10-26 13:47:16 -06:00
24cc7ff178
Document Saved Requests Migration
...
Closes gh-12089
2022-10-26 14:24:00 -05:00
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
d076ddb26c
Polish Method Security Migration Steps
2022-10-26 13:18:07 -06:00
f6731e89db
Polish Method Security Preparation Steps
2022-10-26 12:37:54 -06:00
4528561326
Add Method Security Migration Steps
2022-10-25 15:04:59 -06:00
7adc000c6b
Merge remote-tracking branch 'origin/5.8.x'
2022-10-25 14:42:32 -06:00
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
e505bc3af4
Add Method Security Preparation Steps
2022-10-25 14:41:10 -06:00
f2ddeaface
Merge remote-tracking branch 'origin/5.8.x'
2022-10-17 15:01:30 -06:00
cfb7c87dfd
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
2022-10-17 15:00:40 -06:00
6b25307339
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x
2022-10-17 14:57:39 -06:00
89c815032c
Fix Index Out of Bounds
2022-10-17 14:52:03 -06:00
4ba8f8bfe0
Update What's New
...
Closes gh-12024
2022-10-13 20:08:31 -06:00
f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
...
Closes gh-9429
2022-10-13 20:03:03 -06:00
d6356415f9
Polish whats-new.adoc
2022-10-13 13:42:04 -05:00
74e0616451
Update What's New for 6.0
2022-10-13 13:42:04 -05:00
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
bf1e622751
Update What's New in 6.0 for PasswordEncoders
...
Issue gh-11985
2022-10-12 08:27:46 -04:00
716aa6df5c
Merge branch '5.8.x'
2022-10-12 07:43:26 -04:00
ffbcaca24a
Update reference for PasswordEncoders
...
Issue gh-10506
2022-10-12 07:32:30 -04:00
c5e35bf32e
Merge branch '5.8.x'
...
Closes gh-11978
2022-10-10 09:24:50 -03:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
6753f9745e
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
# docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
2022-10-07 17:29:07 -05:00
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
22cbd2c42e
Merge branch '5.8.x'
...
Closes gh-11957
2022-10-05 14:00:13 -05:00
a5cc1f0b60
Merge branch '5.7.x' into 5.8.x
...
Closes gh-11956
2022-10-05 13:58:44 -05:00
37dd896d4b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-11955
2022-10-05 13:57:25 -05:00
e0843aabb1
automatically manage docs version (with collector)
2022-10-05 13:56:22 -05:00
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
35f7e46d05
Remove WebSecurityConfigurerAdapter
...
Closes gh-10902
2022-10-04 15:13:04 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
43a1f8249c
Update What's New for 6.0
2022-09-29 15:57:48 -05:00
4d62621094
Merge branch '5.8.x'
2022-09-29 14:09:21 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
6c6aedf772
Update What's New for 6.0
2022-09-26 10:07:50 -05:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
c0e784b16d
Update What's New for 6.0
2022-09-26 09:48:52 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
70460ca009
Adjust OAuth2 Resource Server packaging
...
Closes gh-7349
2022-09-20 17:44:05 -06:00
61c80bcac5
Move Saml2 Authentication Filters
...
Closes gh-8819
2022-09-20 17:18:05 -06:00
48e31f87e4
Remove Deprecated OpenSAML 3 Support
...
Closes gh-10556
2022-09-20 16:57:38 -06:00
983ca6ea27
Update What's New for 5.8
2022-09-20 08:33:38 -03:00
2b4a3a85f9
Update What's New for 6.0
2022-09-20 08:33:11 -03:00
9564f1b5e4
Next development version
2022-09-19 16:55:17 +00:00
009032e03c
Next development version
2022-09-19 15:47:44 +00:00
dcbe900ff8
Release 5.8.0-M3
2022-09-19 15:24:11 +00:00
a0a92b81f7
Release 6.0.0-M7
2022-09-19 15:23:23 +00:00
8f44f74d44
Update What's New for 5.8
2022-09-14 15:13:41 -05:00
70eea8dc67
Update What's New for 5.8
2022-09-14 14:58:48 -05:00
2431dd1103
Merge branch '5.8.x'
2022-09-13 17:38:10 -05:00
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
3387149a0f
repurpose 5.6.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:41:12 -05:00
3e42119f84
repurpose 5.7.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:37:13 -05:00
ab9ed26ad2
repurpose 5.8.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 14:40:56 -05:00
d22ee32c7d
reconfigure branch for local builds and as scheduler for docs workflows
...
- set up placeholder and trigger for Deploy Docs workflow in docs-build branch
- set up placeholder and trigger for Rebuild Search Index workflow in docs-build branch
- remove obsolete Deploy Reference workflow
- upgrade Antora to 3.1
- reconfigure docs build for local build only
- add patch to support using linked worktree as Antora content source
- remove Antora extensions only needed for the production docs build
2022-09-09 12:57:00 -05:00
5ae492b1c1
Add What's New @WithMockUser Supported as Merged Annotation
2022-09-08 09:49:00 -05:00
d996c2a2c6
Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`
...
This method is insecure. Users should instead encrypt with their database.
Closes gh-8980
2022-09-07 13:51:58 -05:00
ed41a60aae
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
# config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
# web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
2022-09-06 11:51:55 -05:00
86fbb8db07
Add new interfaces for CSRF request processing
...
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
e17989d92d
Merge branch '5.8.x'
2022-09-01 09:39:33 -03:00
ff6fd78d64
Merge branch '5.7.x' into 5.8.x
2022-09-01 09:39:10 -03:00
0a08a23423
Merge branch '5.6.x' into 5.7.x
2022-09-01 09:38:33 -03:00
8b74bf9742
Updated reference to architecture page
...
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
8474acebf2
Merge branch '5.8.x'
2022-08-29 15:12:48 -05:00
568277f8bc
Mistake in Kotlin code representation is fixed
2022-08-29 15:11:10 -05:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-25 14:46:48 -06:00
070dce1baf
Document ReactiveMethodSecurity improvements
...
Issue gh-9401
2022-08-25 14:36:03 -06:00
27ce5936cf
Add Caveat about Spring Security's co-routine support
...
Closes gh-10920
2022-08-25 14:36:02 -06:00
81d6b6df6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:38:03 -05:00
89f8310d6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:00:47 -05:00
13feb87171
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:36 -06:00
d93bde7465
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:51:06 -06:00
e3d85881e9
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:48:14 -06:00
9f6d9c2b84
Modify words
...
- <dependencyManagement> to dependencyManagement
- pom.xml to build.gradle
2022-08-16 14:44:34 -06:00
8ad20b1768
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-16 13:47:31 -05:00
5b64526ba9
Add CsrfFilter.csrfRequestAttributeName
...
Previously the CsrfToken was set on the request attribute with the name
equal to CsrfToken.getParameterName(). This didn't really make a lot of
sense because the CsrfToken.getParameterName() is intended to be used as
the HTTP parameter that the CSRF token was provided. What's more is it
meant that the CsrfToken needed to be read for every request to place it
as an HttpServletRequestAttribute. This causes unnecessary HttpSession
access which can decrease performance for applications.
This commit allows setting CsrfFilter.csrfReqeustAttributeName to
remove the dual purposing of CsrfToken.parameterName and to allow deferal
of reading the CsrfToken to prevent unnecessary HttpSession access.
Issue gh-11699
2022-08-15 17:07:02 -05:00
1510460a1a
Next development version
2022-08-15 16:14:19 +00:00
db74e9d128
Next development version
2022-08-15 16:07:33 +00:00
c188b70c88
Next development version
2022-08-15 16:06:45 +00:00
4559d269e0
Release 5.6.7
2022-08-15 15:25:05 +00:00
173d74d693
Release 5.7.3
2022-08-15 15:24:54 +00:00
063e56ce8b
Release 5.8.0-M2
2022-08-15 15:24:27 +00:00
425b3501b7
Remove `@Configuration` from `@Enable*` Annotations
...
This removes `@Configuration` from all `@Enable` Annotations and explicitly
adds `@Configuration` to wherever the `@Enable*` Annotations are used.
Closes gh-11653
2022-08-09 17:00:24 -05:00
a5069d7e35
Fix Add @Configuration to @Enable*Security Usage
...
Issue gh-6613
2022-08-09 17:00:16 -05:00
2e66b9f6cc
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:44:01 -05:00
efaee4e56b
Allow customization of redirect strategy
...
The default redirect strategy will provide authorization redirect
URI within HTTP 302 response Location header.
Allowing the configuration of custom redirect strategy will provide
an option for the clients to obtain the authorization URI from e.g.
HTTP response body as JSON payload, without a need to handle
automatic redirection initiated by the HTTP Location header.
Closes gh-11373
2022-08-08 15:35:49 -05:00
040111ae9e
Remove Configuration meta-annotation from Enable* annotations
...
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.
Closes gh-6613
Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
2022-07-30 03:48:42 +02:00
a72c5a55db
Revert "Remove @Configuration from webflux config examples"
...
This reverts commit aec9effb88
2022-07-26 16:46:01 -05:00
aec9effb88
Remove @Configuration from webflux config examples
2022-07-26 16:34:10 -05:00
0d3c3c676d
"Well-Know" should be "Well-Known"
2022-07-26 15:45:27 -05:00
06aa3362dd
"Well-Know" should be "Well-Known"
2022-07-26 15:44:41 -05:00
3b9f5ac77b
"Well-Know" should be "Well-Known"
2022-07-26 15:41:38 -05:00
2a336d4f49
"Well-Know" should be "Well-Known"
2022-07-26 15:41:05 -05:00
0c549ee147
Use SHA256 by default in Remember Me
...
Closes gh-11520
2022-07-25 10:33:12 -03:00
0f64d4c091
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 14:04:16 -03:00
7c7751635d
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 13:56:41 -03:00
5322352427
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 13:49:21 -03:00
db9d60e82d
Add Kotlin example for WebTestClient setup docs
...
Closes gh-9998
2022-07-22 13:47:07 -03:00
Marcus Da Coregio
Steve Riesenberg
Tao Sun
Josh Cummings
Dmitriy Grushin
Pavel Anisimov
Rob Winch
Dan Allen
Junichi Sakaeda
Olivier Délèze
Joe Grandja
Eleftheria Stein-Kousathana
Wilson-Emmanuel
Sellami
heowc
Michael Schneider
Marc Becker
Johannes Graf
Rivaldi
Márk Kővári
Ger Roza
Daniel Garnier-Moiroux
github-actions[bot]
ch4mpy
Underground Hill
he1ex-tG
jujunChen
Igor Bolic
Joshua Sattler
Desmond Silveira
Yuriy Savchenko