Rob Winch
d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority
...
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.
This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.
Closes gh-18030
2025-10-10 16:24:46 -05:00
Rob Winch
e290c98e97
Document Multi-Factor Simple to Complex
...
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.
Closes gh-18029
2025-10-10 16:23:38 -05:00
Rohan Naik
8c65dc93f2
Enable PKCE by default
...
Closes gh-17507
Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
2025-10-03 13:08:04 -04:00
Joe Grandja
681e166be8
Remove default HttpSecurity.securityMatcher() for authorization server
...
Closes gh-17965
2025-10-01 11:45:21 -04:00
Rob Winch
f652920bb3
Add @EnableGlobalMultiFactorAuthentication
...
Closes gh-17954
2025-09-24 14:47:26 -05:00
Josh Cummings
bbba2930e9
Add Initial Documentation
...
Issue gh-17934
2025-09-23 18:16:36 -06:00
Rob Winch
4ef16b14d2
Update terminology to HTTP Service Clients
...
Closes gh-17947
2025-09-22 10:09:04 -05:00
Josh Cummings
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager
...
Closes gh-17936
2025-09-19 12:07:59 -06:00
Josh Cummings
1e1cb0097a
Document Authentication Factors
...
Issue gh-17933
2025-09-19 11:32:28 -06:00
Rob Winch
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot
...
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.
Issue gh-17932
2025-09-19 09:33:50 -05:00
Rob Winch
675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles)
...
Closes gh-17932
2025-09-18 14:19:22 -05:00
Joe Grandja
7ef25cc101
Add HttpSecurity.oauth2AuthorizationServer()
...
Issue gh-17880
2025-09-12 16:20:44 -04:00
Joe Grandja
e99ea033c5
Integrate Spring Authorization Server ref docs
...
Issue gh-17880
2025-09-12 16:20:40 -04:00
Joe Grandja
93742a4db3
Manual move of spring-projects/spring-authorization-server docs
...
Issue gh-17880
2025-09-12 16:20:40 -04:00
Rob Winch
1b263cfafb
Fix Keberos Docs http://
...
Issue gh-17879
2025-09-12 14:39:46 -05:00
Rob Winch
f5fb127c8c
Add Spring Security Kerberos
...
Move the Spring Security Kerberos Extension into Spring Security
Closes gh-17879
2025-09-12 14:25:20 -05:00
Josh Cummings
b87d63cb71
Document spring-security-access
...
Closes gh-17847
2025-09-12 10:32:39 -06:00
Yanming Zhou
5ec7ae6b74
Remove redundant code in document
...
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-09-10 18:14:37 -06:00
Josh Cummings
b09afb34cc
Document Authentication.Builder
...
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.
Closes gh-17861
Closes gh-17862
2025-09-09 14:59:14 -06:00
Steve Riesenberg
eeb4574bb3
Add AuthorizationManagerFactory
...
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
2025-09-09 15:36:49 -05:00
Josh Cummings
0e39685b9c
Merge branch '6.5.x'
2025-08-22 12:40:41 -06:00
Josh Cummings
9d64880ea9
Merge branch '6.4.x' into 6.5.x
2025-08-22 12:40:12 -06:00
Josh Cummings
8b2a453301
Advise Favoring PostAuthorize on Reads
...
Closes gh-17797
2025-08-22 12:39:51 -06:00
Rob Winch
9bbf837c7c
Merge branch '6.5.x'
2025-08-21 12:44:42 -05:00
Joe Kuhel
d002e68231
Update servlet test method docs to use include-code
...
References gh-16226
Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
2025-08-21 12:35:13 -05:00
Rob Winch
a8f045eb50
Add Modular Spring Security Configuration
...
Closes gh-16258
2025-08-20 12:16:08 -05:00
Josh Cummings
60c42e3f24
Update SAML 2.0 Documentation to use OpenSAML 5
...
Closes gh-17707
2025-08-14 18:01:34 -06:00
Josh Cummings
5506c487de
Remove OpenSaml4 Components
...
Issue gh-17707
2025-08-14 18:01:02 -06:00
Tran Ngoc Nhan
371bee685f
Polish User#withDefaultPasswordEncoder
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-08-04 09:40:20 -06:00
Marcin Lewandowski
f61a8deccc
Update index.adoc
...
Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>
2025-07-31 11:09:06 -06:00
Josh Cummings
1af665d6c8
Merge branch '6.5.x'
2025-07-31 10:21:50 -06:00
Josh Cummings
c966139338
Merge branch '6.4.x' into 6.5.x
2025-07-31 10:21:36 -06:00
Josh Cummings
a411fb7b8d
Merge remote-tracking branch 'origin/6.3.x' into 6.4.x
2025-07-31 10:21:26 -06:00
Michał Sobkiewicz
c963f4250e
Update Angular documentation links in csrf.adoc
...
Replaced `angular.io` links with their corresponding `angular.dev` URLs.
This change ensures that users referencing CSRF documentation are
directed to the most current Angular resources.
Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>
2025-07-31 10:21:06 -06:00
Josh Cummings
4775fe41db
Merge branch '6.5.x'
2025-07-29 09:28:20 -06:00
Josh Cummings
a9fcec8b46
Merge branch '6.4.x' into 6.5.x
2025-07-29 09:27:47 -06:00
Josh Cummings
452d311a9b
Merge remote-tracking branch 'origin/6.3.x' into 6.4.x
2025-07-29 09:27:23 -06:00
Bernie Schelberg
edcb3b024e
Update Shibboleth repository URL
...
Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>
2025-07-29 09:26:42 -06:00
Josh Cummings
0c42b61cc1
Restore legacy-websocket-configuration Link
...
In this way, links to this section will still arrive at something
helpful.
Issue gh-17295
2025-07-10 15:03:10 -06:00
Josh Cummings
2c87270dbc
Use authorizeHttpRequests
...
Issue gh-15174
2025-07-09 17:33:11 -06:00
Josh Cummings
dadf10899c
Add WebExpressionAuthorizationManager.Builder
...
Closes gh-17504
2025-07-09 17:33:10 -06:00
Josh Cummings
c312d18191
Add Publishing Predicate
...
Closes gh-17503
2025-07-09 17:33:10 -06:00
Josh Cummings
901b386ca6
Merge branch '6.5.x'
2025-07-09 14:11:14 -06:00
Josh Cummings
9209a33678
Remove References to Deprecated OpenSaml Components
...
Issue gh-11658
2025-07-09 14:10:33 -06:00
Josh Cummings
02d69ec864
Keep EnableWebMvcSecurity Link
...
So that links across the Internet that are pointed at
#mvc-enablewebmvcsecurity still arrive at a relevant place,
this commit re-adds the mvc-enablewebmvcsecurity link, even
though @EnableWebMvcSecurity itself is now removed.
Issue gh-17294
2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
a439bc65d6
Remove EnableWebMvcSecurity
...
Closes gh-17294
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan
242956a63c
Remove deprecated elements from DaoAuthenticationProvider
...
Closes gh-17298
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan
9312fb7004
Remove Deprecated AuthorizationDecision Elements
...
Closes gh-17299
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-07-03 14:32:49 -06:00
Josh Cummings
ce107795d8
Fix Broken JavaDoc Link
...
Issue gh-16886
2025-07-03 14:14:00 -06:00
Josh Cummings
b71a66bdaa
Use PathPatternRequestMatcher in docs
...
Issue gh-16886
Issue gh-16887
2025-07-03 13:37:50 -06:00