b6dcb29a11
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13125
2023-05-02 16:08:48 -03:00
6d37ca1808
Fix code snippets in Authorize HttpServletRequest
...
Closes gh-11522
2023-05-02 16:06:27 -03:00
e5fcf1ebcf
Revisit Request and Method Security Docs
...
Issue gh-13088
2023-05-01 14:09:22 -06:00
42cd19fcee
Merge branch '6.0.x'
...
Closes gh-13103
2023-04-26 15:59:20 -03:00
8c5f13657e
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13102
2023-04-26 15:58:25 -03:00
5632469a90
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13101
2023-04-26 15:57:32 -03:00
e61adcb0cd
Clarify that Kotlin DSL needs an import
...
Closes gh-13092
2023-04-26 15:56:47 -03:00
bb402a706f
Update acls.adoc
...
Fix the spring security samples link
2023-04-24 16:38:24 -06:00
9edbac7233
Update architecture.adoc
...
`RoleHierarchy` doesn't have the `setHierarchy` method, so the snippet doesn't work as is. The method is declared inside `RoleHierarchyImpl`
2023-04-24 16:37:47 -06:00
33b266e8fa
Add Boot Link
...
Issue gh-13062
2023-04-18 11:33:48 -06:00
3f6f01ce20
Add Spring MVC Links
...
Issue gh-13062
2023-04-18 11:23:57 -06:00
62fec2f969
Revisit Logout Docs
...
Closes gh-13062
2023-04-17 16:58:43 -06:00
04b3d07319
Merge branch '6.0.x'
2023-04-17 07:30:54 -03:00
a484044591
Merge branch '5.8.x' into 6.0.x
2023-04-17 07:29:42 -03:00
6cf8c53aaa
Merge branch '5.7.x' into 5.8.x
2023-04-17 07:16:47 -03:00
2d52fb8e4b
Clear Repository on Logout
2023-04-17 06:47:57 -03:00
76eba9bd0c
Add withIssuerLocation
...
Closes gh-10309
2023-04-12 16:36:15 -06:00
fb3ed7288c
Merge branch '6.0.x'
...
Closes gh-12981
2023-04-10 11:15:33 -05:00
54de5c9537
Fix documentation code block bug.
...
Closes gh-12980
2023-04-10 11:11:10 -05:00
ff4e926111
Merge branch '6.0.x'
...
Closes gh-12942
2023-03-28 15:23:51 -03:00
b4b4cd0ffa
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12941
2023-03-28 15:23:21 -03:00
eb58655fa9
Improve Docs by mentioning that Empty SecurityContext should be saved
...
Closes gh-12906
2023-03-28 15:21:30 -03:00
dfdadc90cf
Merge branch '6.0.x'
...
Closes gh-12933
2023-03-27 14:43:00 -06:00
834e361898
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12932
2023-03-27 14:41:07 -06:00
6bda1d2bf3
Document WebExpressionAuthorizationManager
...
Closes gh-12928
2023-03-27 14:38:09 -06:00
13f707a6d5
Merge branch '6.0.x'
2023-03-22 10:34:19 -03:00
9ec9e77c6b
Merge branch '5.8.x' into 6.0.x
2023-03-22 10:34:02 -03:00
a708007536
fix ID of WebSocket Authorization section
...
Throughout this document there are 3 references to `<<websocket-authorization>>` but the section ID was actually named `[[websocket-configuration]]`
2023-03-22 10:33:10 -03:00
57e134cc5f
Merge branch '6.0.x'
2023-03-22 10:12:28 -03:00
ed42dc4a09
chore: typo, removed extra "s" in word implementationss
2023-03-22 10:11:16 -03:00
2fa1bbc9d1
Fix typo architecture.adoc
2023-03-22 10:10:28 -03:00
1730efd130
Merge branch '6.0.x'
2023-03-22 09:22:12 -03:00
8a2b96795e
Merge branch '5.8.x' into 6.0.x
2023-03-22 09:21:50 -03:00
c75ee25a6d
Fix documentation code block bug
...
Fixes #12850
2023-03-22 09:21:09 -03:00
6f5172d388
Merge branch '6.0.x'
2023-03-20 16:18:45 -06:00
cfeb1ce303
Fix docs typo
2023-03-20 16:18:10 -06:00
2b6a2c22db
Merge branch '6.0.x'
2023-03-20 15:24:45 -06:00
b22dd9a3e9
Merge branch '5.8.x' into 6.0.x
2023-03-20 15:24:19 -06:00
4154ed543a
Fix .access(...) parameter
2023-03-20 15:23:40 -06:00
8ad91287d9
Fix Broken Link
...
Closes gh-12824
2023-03-20 15:13:10 -06:00
3ad6c6ce06
Use EntityId-lookup Components
...
Closes gh-12880
2023-03-17 18:00:02 -06:00
dbdf04f151
SAML Response Reads EntityId
...
Closes gh-10243
2023-03-17 18:00:02 -06:00
3f2816f745
Logout Request Reads EntityId
...
Closes gh-12843
Closes gh-12845
2023-03-17 18:00:02 -06:00
46452c0cae
Add saml2Metadata
...
Closes gh-11828
2023-03-17 18:00:02 -06:00
ac1d269e73
Merge branch '6.0.x'
...
Closes gh-12839
2023-03-07 11:53:01 -07:00
ffe029d5bd
Fix broken links in form login section
...
Closes gh-12822
2023-03-07 11:52:19 -07:00
3b447b938c
fix missing semi-colon java example in observability documentation
2023-03-03 15:04:16 -07:00
e0284a4503
Fix CAS packages for 4.0.1 and Jasig references
...
Issue gh-11674
2023-03-01 17:21:24 -03:00
b4d3ac6665
Revert "Remove CAS module"
...
This reverts commit caf4c471
2023-03-01 17:21:23 -03:00
7c89bd8c90
Merge branch '6.0.x'
...
Closes gh-12809
2023-02-28 17:28:37 -06:00
8b2ce79341
Correct deprecated description in docs
...
Remove deprecated SecurityContextPersistenceFilter from docs.
Closes gh-12690
2023-02-28 17:01:47 -06:00
41fadaecd3
Merge branch '6.0.x'
...
Closes gh-12800
2023-02-28 13:08:47 -07:00
e28ea6dbad
Preserve OpenSamlAssertingPartyDetails Instance
...
Closes gh-12667
2023-02-28 13:08:13 -07:00
aedabf5504
Merge branch '6.0.x'
2023-02-28 12:49:33 -07:00
ddad623abf
Merge branch '5.8.x' into 6.0.x
2023-02-28 12:49:04 -07:00
383e0c2cf0
Merge branch '5.7.x' into 5.8.x
2023-02-28 12:47:06 -07:00
0421e25cba
Document Common SAML URI Endpoints
...
Issue gh-12764
2023-02-28 12:45:48 -07:00
1c885cf3a3
Document Federation Usecase
...
Closes gh-12764
2023-02-28 12:35:04 -07:00
be2958ed13
Merge branch '6.0.x'
...
Closes gh-12784
2023-02-24 13:51:34 -07:00
109f6e7028
Add Note about RoleHierarchy
...
Closes gh-12766
2023-02-24 13:43:43 -07:00
eac1f846b3
Update RoleHierarchy Docs
...
Closes gh-12766
2023-02-24 12:00:35 -07:00
82642dc9ba
Merge branch '6.0.x'
...
Closes gh-12730
2023-02-17 15:52:43 -06:00
f2c4656abd
Fix typo in form.adoc
...
Closes gh-12678
2023-02-17 15:52:26 -06:00
a1b282ff03
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12693
2023-02-17 10:09:32 -07:00
2db4430dcd
Preserve OpenSamlAssertingPartyDetails Instance
...
Closes gh-12667
2023-02-17 10:02:17 -07:00
5286b78308
Merge branch '6.0.x'
...
Closes gh-12684
2023-02-16 13:27:17 -06:00
c4f68d83bf
Document default CsrfTokenRequestHandler in 6.0
...
Closes gh-12651
2023-02-16 13:26:23 -06:00
4bb944e7e5
Merge branch '6.0.x'
2023-02-16 10:58:02 -03:00
5ccf414f02
Merge branch '5.8.x' into 6.0.x
2023-02-16 10:57:33 -03:00
82c86b822f
Polish session-management.adoc
...
Remove unresolved anchor
Issue gh-12519
2023-02-16 10:57:02 -03:00
78c70d8c9b
Merge branch '6.0.x'
2023-02-16 10:53:27 -03:00
e59f71f036
Polish session-management.adoc
...
Remove default values from configuration
Issue gh-12519
2023-02-16 10:52:55 -03:00
5d8df25b10
Merge branch '6.0.x'
...
Closes gh-12681
2023-02-16 10:44:12 -03:00
ce222de7e6
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12680
2023-02-16 10:42:56 -03:00
4f3faa78f7
Revisit Session Management docs
...
Closes gh-12519
2023-02-16 10:39:59 -03:00
c4485a8909
Merge branch '6.0.x'
2023-02-07 14:15:26 -07:00
2b36499700
Update expression-based.adoc
...
Removed a duplicate paragraph that was phrased a bit differently.
2023-02-07 13:00:59 -07:00
c47fbf7cfd
move code comment to callout
2023-01-18 14:41:57 -06:00
5beabbe357
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12553
2023-01-17 15:03:14 -06:00
f5bc6ce665
fix unclosed block in docs
2023-01-17 15:02:30 -06:00
ce11015e53
Merge branch '6.0.x'
...
Closes gh-12518
2023-01-10 10:44:21 -07:00
21ceb333a8
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12517
2023-01-10 10:43:25 -07:00
6f43104eb3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12516
2023-01-10 10:42:45 -07:00
2028507bf8
Fix Typo in Sample
...
Closes gh-11095
2023-01-10 10:38:28 -07:00
cb18e34b76
Merge branch '6.0.x'
2023-01-05 10:33:38 -07:00
9535566f84
Update multitenancy.adoc
...
The Java example at line 421 should use the injected `jwtValidator` and not from the current class referenced by `this. jwtValidator`.
2023-01-05 10:32:57 -07:00
73c12f9aa8
Merge branch '6.0.x'
2022-12-19 16:53:35 -03:00
b9f9139f5e
Merge branch '5.8.x' into 6.0.x
2022-12-19 16:53:22 -03:00
5406fed5dc
Merge branch '5.7.x' into 5.8.x
2022-12-19 16:53:05 -03:00
fbfa13bd47
Fix OAuth 2.0 testing docs
2022-12-19 16:52:25 -03:00
00019c1fb9
Merge branch '6.0.x'
...
Closes gh-12406
2022-12-15 14:41:27 -06:00
ed657a8fac
Polish gh-12280
...
Apply editing changes from gh-9668
2022-12-15 14:18:24 -06:00
edd1915d1b
Corrected errors on the ACLS document
...
Closes gh-12270
2022-12-15 14:16:55 -06:00
0fdcde2d6f
Merge branch '6.0.x'
2022-12-05 14:42:42 -08:00
2fdf762726
Merge branch '5.8.x' into 6.0.x
2022-12-05 14:41:59 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
626e53d121
Fix: Replace tenantRepository with tenants
2022-12-05 14:31:24 -08:00
547a1a11d1
Merge branch '6.0.x'
...
Closes gh-12342
2022-12-05 12:26:39 -08:00
42a00e2003
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12341
2022-12-05 12:26:00 -08:00
d2b33a2583
Fix docs
...
Closes gh-11396
2022-12-05 12:25:26 -08:00
eb57d9e5c1
Merge branch '6.0.x'
2022-11-29 16:26:13 -07:00
c60c10792c
Fix Observability Opt-out Documentation Typo
...
Issue gh-12268
2022-11-29 16:24:57 -07:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
3e0e532ed7
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12287
2022-11-24 08:48:27 -03:00
5db7ac4ce3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12286
2022-11-24 08:48:05 -03:00
9b3f834bff
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12285
2022-11-24 08:47:46 -03:00
70bfc39418
Fix AuthorizationFilter diagram in docs
...
Closes gh-12274
2022-11-24 08:46:16 -03:00
34102a6531
Document default SecurityContextRepository
...
Issue gh-12049
2022-11-18 16:14:22 -06:00
1a3be83084
Merge branch '5.8.x'
...
Closes gh-12185
2022-11-09 12:28:37 -06:00
9071f10759
Document DelegatingSecurityContextRepository
...
Closes gh-12069
2022-11-09 12:19:43 -06:00
8af3b5afe4
Fix documentation part of Multiple HttpSecurity Instances
...
`http.antMatcher()` is not longer available and was replaced with
`http.securityMatcher()`, so use this in the Java Config Multiple
HttpSecurity Instances example, too
2022-11-08 13:51:05 -03:00
c7b9b33cd1
Merge branch '5.8.x'
2022-11-03 08:23:50 -03:00
4d646a2978
Merge branch '5.7.x' into 5.8.x
2022-11-03 08:23:26 -03:00
067fc1678c
Merge branch '5.6.x' into 5.7.x
2022-11-03 08:22:09 -03:00
01a37dd678
Fix typo
...
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
2022-11-03 08:21:48 -03:00
aad01447c3
docs: fix realm typo
2022-11-03 08:21:26 -03:00
cca999c57d
Merge remote-tracking branch 'origin/5.8.x'
2022-11-01 13:46:08 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
3da0d1bf27
Merge branch '5.8.x'
2022-10-27 15:39:03 -05:00
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
d40ed58118
Merge branch '5.8.x'
...
Closes gh-12091
Closes gh-12092
2022-10-26 14:56:02 -05:00
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
7adc000c6b
Merge remote-tracking branch 'origin/5.8.x'
2022-10-25 14:42:32 -06:00
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
c5e35bf32e
Merge branch '5.8.x'
...
Closes gh-11978
2022-10-10 09:24:50 -03:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
181ee7410b
Change default authority for oauth2Login()
...
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.
* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER
Documentation has been updated to include this implementation detail.
Closes gh-7856
2022-09-26 10:06:31 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
Marcus Da Coregio
Josh Cummings
Nikita Eshkeev
Rob Winch
1993heqiang
slauth
Jesper Rønn-Jensen
Gabriel Maciel
Bishakh Ghosh
zks
el-hopaness-romtic
Logan Kulinski
rai-sandeep
Wyfrel
hdeadman
Steve Riesenberg
Qie
Byeonggon Lee
Dmitriy Grushin
Dan Allen
Olivier Délèze
Eleftheria Stein-Kousathana
Wilson-Emmanuel
Sellami
Johannes Graf
Rivaldi
Márk Kővári
Ger Roza
Daniel Garnier-Moiroux