Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-01 08:34:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,123 Commits 51 Branches 373 Tags
Commit Graph

2740 Commits

Author SHA1 Message Date
Josh Cummings
73ee893d98 Merge remote-tracking branch 'origin/6.5.x' into 7.0.x 2026-02-24 17:10:14 -07:00
Josh Cummings
4d43edfb20 Polish Documentation 
- Combined explanation of method attribute with usage recommendations
- Used one sentence per line format

Issue gh-16530

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-24 14:24:11 -07:00
onhann
9f9699f8a5 Clarify need for method attribute in JSP authorize tag 
Closes gh-16530

This aligns the JSP documentation with the changes made in gh-16529.
Added a NOTE to clarify that the method attribute is required when the underlying RequestMatcher is method-specific.

Signed-off-by: onhann <gusgus1467@naver.com>
 2026-02-24 14:24:11 -07:00
Robert Winch
fec988c82d
Add Kerberos Migration Section 
This links to the updated dependency coordinates

Issue gh-18773

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 11:29:50 -06:00
busoco-sjb
17b434c1c1
Document the change in dependency coordinates with Spring Security 7 
Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>
 2026-02-23 11:21:59 -06:00
Robert Winch
50fad46df6
Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:12:48 -06:00
dependabot[bot]
e28eea208b
Bump @springio/antora-extensions from 1.14.4 to 1.14.7 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.4 to 1.14.7.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.4...v1.14.7)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:11:58 -06:00
dependabot[bot]
f646392542
Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 12:11:57 -06:00
dependabot[bot]
52ca16fa4b
Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.11 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.11.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.11)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-06 17:52:25 +00:00
Vincent Stradiot
075c48c0d8 Fix typo in documentation 
Signed-off-by: Vincent Stradiot <vincentstradiot@hotmail.com>
 2026-02-05 17:22:43 -07:00
Elayne Bloom
2c97b3376b Document Client PKCE settings 
Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client.

Closes gh-18304

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-02 16:30:27 -05:00
Robert Winch
74b93a19f6
Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Josh Cummings
1f39a3dd3e Merge branch '6.5.x' into 7.0.x 2026-01-15 12:41:22 -07:00
Josh Cummings
84b124d29d Merge branch '6.4.x' into 6.5.x 2026-01-15 12:41:16 -07:00
songhee
fee6a9bb0e docs: add CurrentSecurityContext section and link references 
Signed-off-by: songhee <songhee9327@gmail.com>
 2026-01-15 12:31:58 -07:00
Guillaume Husta
508b3f26e3 docs: Typo in page Preparing for 7.0 / Web (version 6.5) 
In section 'Include the Servlet Path Prefix in Authorization Rules', `PathPatternRequestParser` should be replaced by `PathPatternRequestMatcher`.

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:35:26 -07:00
Robert Winch
63c99b9438
Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3009940229239b4b442fe902acf4fba.
 2026-01-12 14:31:57 -06:00
Robert Winch
b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Fr05ty-hub
e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub
ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
github-actions[bot]
e588a3528f Update Antora Spring UI to v0.4.25 2026-01-09 15:22:22 -06:00
github-actions[bot]
7ea5be4b98 Update Antora Spring UI to v0.4.25 2026-01-09 15:21:48 -06:00
Robert Winch
2344fe5ebb Use proper xref syntax 
Incldue the required resource id and required # of the fragment.

See

- https://docs.antora.org/antora/latest/page/xref/#xref-macro
- https://docs.antora.org/antora/latest/page/resource-id-coordinates/#id-resource
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan
ba18f681e5 Use xref anchor id 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan
3d9bc6a5cf Update mfa.adoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Martin Boulais
1d8ea63a9e Fix typo in HTTP Basic Auth Provider documentation 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
 2026-01-08 13:59:34 -06:00
Tran Ngoc Nhan
79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
github-actions[bot]
ac9c0a4313 Update Antora Spring UI to v0.4.25 2025-12-19 16:57:20 -06:00
Josh Cummings
765abe534e Add Missing Migration Pages to Side Navigation 
Closes gh-18313
 2025-12-15 09:05:06 -07:00
Josh Cummings
afb0c59875 Add request-matcher XML Migration Steps 
Closes gh-18211
 2025-12-15 09:05:06 -07:00
kucoll
10edc14d7e Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:26:34 -06:00
kucoll
7503d8018d Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:22:12 -06:00
Guillaume Husta
1ce73dd45a docs: Fix example in Custom DSLs for http.csrf() 
It should use lambda dsl to compile

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 18:02:41 -06:00
Guillaume Husta
bb7fcb27ef docs: Fix example in MyCustomDsl to remove throws Exception 
In `init` and `configure`, throws Exception has been removed in the super interface `SecurityConfigurer`, since Spring Security 7.0.
This change is the consequence of https://github.com/spring-projects/spring-security/issues/17957

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 17:59:07 -06:00
sach429
19cbd9c570 Update OAuth2 Client to OAuth2 Resource Server 
Fix section title to match the corresponding example

Signed-off-by: sach429 <satrajit.acharya@gmail.com>
 2025-12-01 17:42:28 -06:00
L33gn21
b37c5584f9 Fix broken link to Spring Boot docs 
Signed-off-by: L33gn21 <l33gn21@gmail.com>
 2025-12-01 16:52:43 -06:00
dependabot[bot]
09e80aafe8 Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.10 to 3.2.0-alpha.11.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.10...v3.2.0-alpha.11)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 14:55:39 -06:00
Peter Potrowl
d84d0ca22e Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Peter Potrowl
f1793f5047 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Peter Potrowl
4b227649f0 Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:28:47 -06:00
Peter Potrowl
cfc27f8cc3 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:28:47 -06:00
Peter Potrowl
5baff27ffb
Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:12:20 -06:00
Peter Potrowl
39aaf25b60
Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:12:20 -06:00
Joe Grandja
b130e728b7 Polish gh-18153 
Issue gh-18144
 2025-11-11 14:27:50 -05:00
Andrey Litvitski
e6db56ab4f Add a minimal authorization server configuration 
Closes gh-18144

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-11-11 14:27:36 -05:00
Joe Grandja
571bd60d82 Document OAuth 2.0 Protected Resource Metadata support 
Issue gh-17244
 2025-11-04 14:37:19 -05:00
Rob Winch
6471a32d66
Merge branch '6.5.x' 
Closes gh-18132
 2025-11-04 11:37:11 -06:00
Rob Winch
c1e9e10bf0
Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux
fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00
Rob Winch
5213cc44fc
Merge branch '6.5.x' 2025-11-04 10:24:32 -06:00