Josh Cummings
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
Josh Cummings
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
Ger Roza
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
Marcus Da Coregio
7cbb9e82f9
Document how to opt-in for SHA256 in RememberMe
...
Closes gh-12097
2022-11-01 15:33:45 -03:00
Josh Cummings
39f4fcd5f2
Add AuthenticationEntryPointFailureHandler Preparation Steps
...
Issue gh-9429
2022-10-31 16:33:25 -06:00
Josh Cummings
ac7f726a24
Add RunAsManager Preparation Steps
...
Closes gh-11337
2022-10-31 15:46:19 -06:00
Josh Cummings
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
Josh Cummings
86c9d5cfbe
Remove Stray Horizontal Rules
...
Issue gh-11337
2022-10-31 15:24:59 -06:00
Rob Winch
4112adf6a0
Document Configure Default CsrfTOken BREACH Protection
...
Closes gh-12107
2022-10-28 15:57:25 -05:00
Rob Winch
96d7c78b67
Polish Document Defer load CsrfToken
...
Issue gh-12105
2022-10-28 15:51:28 -05:00
Rob Winch
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
Josh Cummings
4938c394e4
Move Opt-out Steps
...
Closes gh-12104
2022-10-28 13:52:02 -06:00
Josh Cummings
8da916fa1c
Add Request Security Preparation Steps
...
Issue gh-11337
2022-10-28 11:48:21 -06:00
Josh Cummings
e900ca3a86
Polish Method Security Preparation Steps
...
- Add instruction to declare 5.8 defaults
Issue gh-11337
2022-10-28 09:46:48 -06:00
Josh Cummings
b4974bbce9
Polish Message Security Preparation Steps
...
- Added step to declare the 5.8 default in case later preparation steps
cannot be taken yet
Issue gh-11337
2022-10-28 09:26:04 -06:00
Josh Cummings
31a1486b88
Add Message Security Preparation Steps
...
Issue gh-11337
2022-10-27 20:08:13 -06:00
Rob Winch
5721b0351e
Polish RequestCache continue Kolin Configuration
...
Issue gh-12089
2022-10-27 15:13:50 -05:00
Rob Winch
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
Josh Cummings
1dd13e69a4
Standardize Preparation Guide Layout
...
Closes gh-12096
2022-10-27 10:34:20 -06:00
Josh Cummings
2a95a24390
Add Link to 6.0 Migration Guide
...
Issue gh-12093
2022-10-26 16:15:36 -06:00
Rob Winch
24cc7ff178
Document Saved Requests Migration
...
Closes gh-12089
2022-10-26 14:24:00 -05:00
Rob Winch
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
Josh Cummings
f6731e89db
Polish Method Security Preparation Steps
2022-10-26 12:37:54 -06:00
Josh Cummings
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
Josh Cummings
e505bc3af4
Add Method Security Preparation Steps
2022-10-25 14:41:10 -06:00
Steve Riesenberg
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
Josh Cummings
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
Joe Grandja
ffbcaca24a
Update reference for PasswordEncoders
...
Issue gh-10506
2022-10-12 07:32:30 -04:00
Marcus Da Coregio
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
Steve Riesenberg
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
Marcus Da Coregio
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
Steve Riesenberg
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
Steve Riesenberg
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
Marcus Da Coregio
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
Steve Riesenberg
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Daniel Garnier-Moiroux
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
Marcus Da Coregio
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
Steve Riesenberg
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
Rob Winch
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
Marcus Da Coregio
983ca6ea27
Update What's New for 5.8
2022-09-20 08:33:38 -03:00
Steve Riesenberg
8f44f74d44
Update What's New for 5.8
2022-09-14 15:13:41 -05:00
Steve Riesenberg
70eea8dc67
Update What's New for 5.8
2022-09-14 14:58:48 -05:00
Steve Riesenberg
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
ch4mpy
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
Rob Winch
5ae492b1c1
Add What's New @WithMockUser Supported as Merged Annotation
2022-09-08 09:49:00 -05:00
Steve Riesenberg
86fbb8db07
Add new interfaces for CSRF request processing
...
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
Marcus Da Coregio
ff6fd78d64
Merge branch '5.7.x' into 5.8.x
2022-09-01 09:39:10 -03:00
Marcus Da Coregio
0a08a23423
Merge branch '5.6.x' into 5.7.x
2022-09-01 09:38:33 -03:00
Underground Hill
8b74bf9742
Updated reference to architecture page
...
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00