spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-22 10:18:53 +00:00

Author	SHA1	Message	Date
Josh Cummings	e535e61c8b	Move toBuilder to BuildableAuthentication Closes gh-18052	2025-10-15 12:01:11 -06:00
Rob Winch	78701f94ee	Document RequiredFactor Valid Duration Issue gh-17997	2025-10-10 16:24:47 -05:00
Rob Winch	702878acae	Create AuthorizationManagerFactories.multiFactor Closes gh-18032	2025-10-10 16:24:47 -05:00
Rob Winch	d18431a78d	Move FACTOR_ constants to FactorGrantedAuthority Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030	2025-10-10 16:24:46 -05:00
Rob Winch	e290c98e97	Document Multi-Factor Simple to Complex This reworks the Multi-Factor documentation to start with the simplest scenario and work to progressively more complex requirements. Closes gh-18029	2025-10-10 16:23:38 -05:00
dependabot[bot]	d5c5bb234c	Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-06 14:01:08 -05:00
Rob Winch	2473378fcd	Use RequiredFactorErrors Closes gh-18002	2025-10-03 15:20:03 -05:00
Rohan Naik	8c65dc93f2	Enable PKCE by default Closes gh-17507 Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>	2025-10-03 13:08:04 -04:00
Joe Grandja	681e166be8	Remove default HttpSecurity.securityMatcher() for authorization server Closes gh-17965	2025-10-01 11:45:21 -04:00
Rob Winch	7f10897de3	SecurityMockMvcResultMatchers.withAuthorities(String...) Closes gh-17974	2025-09-30 10:39:14 -05:00
Rob Winch	667cd4aa7c	Remove unnecessary throws Exception from spring-security-config Closes gh-17957	2025-09-25 11:50:13 -05:00
Josh Cummings	ad6fe4fdc3	Polish MFA Samples This commit removes unneeded AuthorizationManagerFactory implementations, simplifies the custom AuthorizationManagerFactory example, and updates usage of hasAllAuthorities. Issue gh-17934	2025-09-24 17:54:59 -06:00
Rob Winch	f652920bb3	Add @EnableGlobalMultiFactorAuthentication Closes gh-17954	2025-09-24 14:47:26 -05:00
Rob Winch	e33e4d80a9	Fix Antora Warnings in servlet/authentication/adaptive.adoc Issue gh-2603	2025-09-24 13:05:50 -05:00
Rob Winch	b2d76dfe66	Add GrantedAuthorities.FACTOR_*_AUTHORITY Closes gh-17952	2025-09-24 09:53:56 -05:00
Josh Cummings	bbba2930e9	Add Initial Documentation Issue gh-17934	2025-09-23 18:16:36 -06:00
Rob Winch	4ef16b14d2	Update terminology to HTTP Service Clients Closes gh-17947	2025-09-22 10:09:04 -05:00
Josh Cummings	765bdf1ed0	SpEL Expressions Support Returning AuthorizationManager Closes gh-17936	2025-09-19 12:07:59 -06:00
Josh Cummings	1e1cb0097a	Document Authentication Factors Issue gh-17933	2025-09-19 11:32:28 -06:00
Rob Winch	9eaadcc70d	Add hasAll(Roles\|Authorities) to SecurityExpressionRoot This adds support for hasAllRoles and hasAllAuthorities to method security expressions. Issue gh-17932	2025-09-19 09:33:50 -05:00
Rob Winch	675835e525	Add AuthorizationManagerFactory.hasAll(Authorities\|Roles) Closes gh-17932	2025-09-18 14:19:22 -05:00
Rob Winch	bb6b8ae3f3	Add AllAuthoritiesReactiveAuthorizationManager Issue gh-17916	2025-09-16 16:31:55 -05:00
Rob Winch	5ca18a3b9c	Add password4j implementation of PasswordEncoder	2025-09-15 11:28:39 -05:00
Rob Winch	d0372efadd	Use include-code for password4j docs This follows the new convention of using include-code going forward to ensure that the documentation compiles and is tested. This also corrected a few errors in custom params for Ballooning and PBKDF2 examples. Issue gh-17706	2025-09-15 11:03:44 -05:00
Rob Winch	9f839384e9	Use non-redundant ids in password4j docs Documentation ids no longer need to be globally unique, so they do not need to include the path. This makes the ids less verbose and integrates with include-code extension better. Issue gh-17706	2025-09-15 11:00:51 -05:00
Rob Winch	11bec09ffc	Escape attribute failures in Password4j docs Issue gh-17706	2025-09-15 10:57:19 -05:00
Rob Winch	c18aff7f5f	Password4j docs 1 sentence per line The Antora documentation convention is to use a single sentence per line as this helps with diffing and merging changes. Issue gh-17706	2025-09-15 09:22:08 -05:00
dependabot[bot]	1a99ab5bdf	Bump @antora/atlas-extension in /docs --- updated-dependencies: - dependency-name: "@antora/atlas-extension" dependency-version: 1.0.0-alpha.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-15 08:58:06 -05:00
M.Bozorgmehr	b2d4c52c53	Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	2025-09-13 09:27:41 +03:30
Rob Winch	a0fe04c4aa	Document @ClientRegistrationId on types Issue gh-17806	2025-09-12 16:19:27 -05:00
Bernard Budano	02a948da81	Address reviewer requested changes Closes gh-17806 Signed-off-by: Bernard Budano <bbudano@gmail.com>	2025-09-12 16:19:27 -05:00
Joe Grandja	7ef25cc101	Add HttpSecurity.oauth2AuthorizationServer() Issue gh-17880	2025-09-12 16:20:44 -04:00
Joe Grandja	e99ea033c5	Integrate Spring Authorization Server ref docs Issue gh-17880	2025-09-12 16:20:40 -04:00
Joe Grandja	93742a4db3	Manual move of spring-projects/spring-authorization-server docs Issue gh-17880	2025-09-12 16:20:40 -04:00
Rob Winch	cf0ade86fe	Update Kerberos Sample Copyright Issue gh-17879	2025-09-12 15:12:47 -05:00
Rob Winch	1b263cfafb	Fix Keberos Docs http:// Issue gh-17879	2025-09-12 14:39:46 -05:00
Rob Winch	f5fb127c8c	Add Spring Security Kerberos Move the Spring Security Kerberos Extension into Spring Security Closes gh-17879	2025-09-12 14:25:20 -05:00
Josh Cummings	b87d63cb71	Document spring-security-access Closes gh-17847	2025-09-12 10:32:39 -06:00
Yanming Zhou	5ec7ae6b74	Remove redundant code in document Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	2025-09-10 18:14:37 -06:00
Josh Cummings	b09afb34cc	Document Authentication.Builder The commit documents the new Authentication Builder interface and its usage in the security filter chain. Closes gh-17861 Closes gh-17862	2025-09-09 14:59:14 -06:00
Steve Riesenberg	eeb4574bb3	Add AuthorizationManagerFactory Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>	2025-09-09 15:36:49 -05:00
Josh Cummings	0e39685b9c	Merge branch '6.5.x'	2025-08-22 12:40:41 -06:00
Josh Cummings	9d64880ea9	Merge branch '6.4.x' into 6.5.x	2025-08-22 12:40:12 -06:00
Josh Cummings	8b2a453301	Advise Favoring PostAuthorize on Reads Closes gh-17797	2025-08-22 12:39:51 -06:00
Rob Winch	d9210c6596	Fix Nullability	2025-08-21 13:41:02 -05:00
Rob Winch	9bbf837c7c	Merge branch '6.5.x'	2025-08-21 12:44:42 -05:00
Rob Winch	0404996f87	import Assertions.assertThat This adds a static import for assertThat in the Kotlin docs code	2025-08-21 12:35:13 -05:00
Rob Winch	0f63d98c84	Use @EnableMethodSecurity in docs tests Previously parameters were passed in unnecessarily. This removes the unnecessary paramaters.	2025-08-21 12:35:13 -05:00
Rob Winch	fbfbb1e571	Use 2004-present for Copyright Spring Security migrated the copyright to use -present to simplify the headers. This commit aligns the header.	2025-08-21 12:35:13 -05:00
Joe Kuhel	d002e68231	Update servlet test method docs to use include-code References gh-16226 Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>	2025-08-21 12:35:13 -05:00

1 2 3 4 5 ...

2674 Commits