0421e25cba
Document Common SAML URI Endpoints
...
Issue gh-12764
2023-02-28 12:45:48 -07:00
1c885cf3a3
Document Federation Usecase
...
Closes gh-12764
2023-02-28 12:35:04 -07:00
35cf52d3bd
Add DefaultMethodSecurityExpressionHandler
...
Closes gh-12356
2023-02-21 16:58:08 -07:00
6bf11181ef
Adjust AfterInvocationManager Migration Docs
...
The original documentation only addresses the post-authorize case.
Some implementations want also to modify the return type.
Issue gh-12620
2023-02-21 15:07:17 -07:00
a1b282ff03
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12693
2023-02-17 10:09:32 -07:00
2db4430dcd
Preserve OpenSamlAssertingPartyDetails Instance
...
Closes gh-12667
2023-02-17 10:02:17 -07:00
82c86b822f
Polish session-management.adoc
...
Remove unresolved anchor
Issue gh-12519
2023-02-16 10:57:02 -03:00
4f3faa78f7
Revisit Session Management docs
...
Closes gh-12519
2023-02-16 10:39:59 -03:00
ca1961d35e
Link to the latest 6.0.x release
...
Issue gh-12675
2023-02-15 17:01:28 -06:00
821db0a1ea
Polish migration doc
...
Issue gh-12675
2023-02-15 17:00:49 -06:00
45b81b194b
Expand migration docs regarding CSRF
...
Closes gh-12462
2023-02-15 14:53:28 -06:00
eaa9692c0c
Merge branch '5.7.x' into 5.8.x
2023-01-30 16:05:56 -06:00
51d5fb9c03
upgrade the Gradle Antora Plugin to 1.0.0
2023-01-30 16:04:40 -06:00
33e72b35f9
Add section for migrating WebSocket support
...
Issue gh-12378
2023-01-23 16:00:36 -06:00
d42405de42
Merge branch '5.7.x' into 5.8.x
2023-01-17 17:06:03 -06:00
7db357d36a
Use io.spring.antora.generate-antora-yml
2023-01-17 17:05:55 -06:00
5beabbe357
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12553
2023-01-17 15:03:14 -06:00
f5bc6ce665
fix unclosed block in docs
2023-01-17 15:02:30 -06:00
108b03da3a
Merge branch '5.7.x' into 5.8.x
2023-01-17 14:43:17 -03:00
4cbb057b97
enable fetch option in Antora unless Gradle is running in offline mode
2023-01-17 14:42:54 -03:00
8758a00e90
Merge branch '5.7.x' into 5.8.x
2023-01-17 09:46:56 -03:00
c0f7cecc6d
Merge branch '5.6.x' into 5.7.x
2023-01-17 09:46:41 -03:00
22ffa833ca
upgrade Antora plugin and configure playbook provider to support local build
2023-01-17 09:46:24 -03:00
090c5f96ce
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12526
2023-01-11 12:47:55 -07:00
f41b77a4db
Fix Diagram to Say SecurityContextHolderFilter
...
Closes gh-11800
2023-01-11 12:47:07 -07:00
6f43104eb3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12516
2023-01-10 10:42:45 -07:00
2028507bf8
Fix Typo in Sample
...
Closes gh-11095
2023-01-10 10:38:28 -07:00
88a8ef647b
Add Details about @Configuration
...
Closes gh-12486
2023-01-06 13:56:56 -07:00
892bbcfe0f
Add EnableWebFluxSecurity migration step
...
Closes gh-12434
2022-12-21 10:24:25 -03:00
5406fed5dc
Merge branch '5.7.x' into 5.8.x
2022-12-19 16:53:05 -03:00
fbfa13bd47
Fix OAuth 2.0 testing docs
2022-12-19 16:52:25 -03:00
88d50a531b
Add EnableWebSecurity migration steps to 5.8 guide
...
Closes gh-12334
2022-12-07 10:22:54 -08:00
7aaa25b88e
Merge branch '5.7.x' into 5.8.x
2022-12-05 14:40:54 -08:00
fc25b87967
Merge branch '5.6.x' into 5.7.x
2022-12-05 14:40:38 -08:00
626e53d121
Fix: Replace tenantRepository with tenants
2022-12-05 14:31:24 -08:00
7439d5d2de
Revert "Fix typo"
...
This reverts commit 707f8286f8
2022-12-05 14:13:14 -08:00
707f8286f8
Fix typo
2022-12-05 14:09:41 -08:00
d2b33a2583
Fix docs
...
Closes gh-11396
2022-12-05 12:25:26 -08:00
74e8fa10a2
Fix password encoder migration guide
2022-12-02 14:12:47 -07:00
50da5b6498
Fix securityMatchers code sample
...
Closes gh-12296
2022-11-25 10:18:40 -03:00
5db7ac4ce3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12286
2022-11-24 08:48:05 -03:00
9b3f834bff
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12285
2022-11-24 08:47:46 -03:00
70bfc39418
Fix AuthorizationFilter diagram in docs
...
Closes gh-12274
2022-11-24 08:46:16 -03:00
87c074fc26
Merge branch '5.7.x' into 5.8.x
2022-11-23 17:14:56 -06:00
621889fa18
Merge branch '5.6.x' into 5.7.x
2022-11-23 17:12:30 -06:00
fe252f5057
sync docs build; upgrade Antora and Antora Collector to latest alpha
2022-11-21 17:26:51 -07:00
01117b11fe
Polish Kotlin snippet
...
- to match the comments in the related Java snippet
Issue gh-11959
2022-11-20 12:28:45 -07:00
7804e3283b
Fix Migration 6.0 Link
...
Issue gh-12242
2022-11-20 12:26:42 -07:00
e60eb87441
Fix additional typos
...
Issue gh-11959
2022-11-19 23:22:29 -06:00
3d2be56249
Fix reference to CookieServerCsrfTokenRepository
...
Issue gh-11959
2022-11-19 23:12:59 -06:00
4442a618ea
Add reactive opt out steps for CSRF BREACH
...
Issue gh-11959
2022-11-19 23:00:38 -06:00
4994e67eda
Add servlet opt out steps for CSRF BREACH
...
Issue gh-12107
2022-11-19 22:11:18 -06:00
1919b4e38b
Migration guide for CAS support removal
...
Issue gh-12163
2022-11-18 15:35:39 -03:00
f6fb138363
Change to Preparation Guide
2022-11-18 10:04:20 -07:00
a61fffc209
Document reactive support for CSRF BREACH
...
Issue gh-11959
2022-11-17 09:33:13 -06:00
3cb2b0606e
Document deprecation of tokenFromMultipartDataEnabled
...
Issue gh-12020
2022-11-17 09:33:13 -06:00
17123a3b0f
Polish JwtAuthenticationConverter Preparation Steps
...
Issue gh-12022
2022-11-16 12:00:10 -07:00
63aec87c61
Use Imperative in Headers
...
Issue gh-12224
2022-11-16 11:58:25 -07:00
7675874137
Restructure Migration Steps
...
CLoses gh-12224
2022-11-16 11:35:47 -07:00
754fe7f457
Document deprecations in oauth2 modules
...
* oauth2-client
* oauth2-resource-server
Issue gh-12022
2022-11-15 14:06:34 -06:00
9bc38ed318
Register FilterChainProxy for All Dispatcher Types Migration Steps
...
Closes gh-12186
2022-11-15 11:55:03 -07:00
f3d704a27d
Add PasswordEncoder Preparation Steps
...
Issue gh-10506
2022-11-14 15:25:49 -07:00
60e573de26
Add WebSecurityConfigurerAdapter Preparation Steps
...
Issue gh-10902
2022-11-14 10:53:13 -07:00
03b407a49a
Polish migration doc
...
Issue gh-12023
2022-11-14 10:27:19 -06:00
2a6123a456
Document new oauth2Login() authority defaults
...
Issue gh-11887
2022-11-14 09:39:37 -06:00
1a6a295a07
Document Update to 5.8 in Migration
...
Closes gh-12196
2022-11-10 21:45:41 -06:00
ef8c4d85bc
Document Configure Default SessionAuthenticationStrategy
...
Closes gh-12192
2022-11-10 14:11:10 -06:00
aefc157953
Add important note for SecurityContextRepository
...
Issue gh-12049
2022-11-09 14:47:50 -06:00
ea8fb1f159
Document SecurityContextRepository default
...
Issue gh-12049
2022-11-09 12:19:44 -06:00
2e41e1cbac
Document deprecation in SecurityContextRepository
...
Issue gh-12023
2022-11-09 12:19:44 -06:00
9071f10759
Document DelegatingSecurityContextRepository
...
Closes gh-12069
2022-11-09 12:19:43 -06:00
079bb45d94
Add Encryptors Preparation Steps
...
Issue gh-8980
2022-11-08 14:13:44 -07:00
1103e68fc9
Polish Use new requestMatchers method migration
...
Issue gh-12100
2022-11-08 10:31:49 -03:00
693bfb66b2
Document how to use the new requestMatchers and securityMatchers
...
Closes gh-12100
2022-11-08 08:27:31 -03:00
6043cee699
Add OpenSaml4AuthenticationProvider Preparation Steps
...
Issue gh-11077
2022-11-07 17:40:19 -07:00
095faffd70
Add RelyingPartyRegistration Preparation Steps
...
Issue gh-11077
2022-11-07 13:37:44 -07:00
33ce3b59b8
Add Saml2AuthenticationToken Preparation Steps
...
Issue gh-11077
2022-11-03 13:57:54 -06:00
4d646a2978
Merge branch '5.7.x' into 5.8.x
2022-11-03 08:23:26 -03:00
067fc1678c
Merge branch '5.6.x' into 5.7.x
2022-11-03 08:22:09 -03:00
01a37dd678
Fix typo
...
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
2022-11-03 08:21:48 -03:00
aad01447c3
docs: fix realm typo
2022-11-03 08:21:26 -03:00
953c9294d0
Initial SAML Deprecation Preparation Steps
...
- Stop using Converter constructors
- Replace Saml2AuthenticationRequestContextResolver and
Saml2AuthenticationRequestFactory with
Saml2AuthenticationRequestResolver
Issue gh-11077
2022-11-02 18:01:03 -06:00
ba8f344ccb
Add AuthenticationServiceException Reactive Preparation Steps
...
Issue gh-9429
Issue gh-12132
2022-11-02 15:48:04 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
7cbb9e82f9
Document how to opt-in for SHA256 in RememberMe
...
Closes gh-12097
2022-11-01 15:33:45 -03:00
6a4b279145
Merge branch '5.7.x' into 5.8.x
2022-11-01 08:17:50 -03:00
752e943492
Merge branch '5.6.x' into 5.7.x
2022-11-01 08:17:03 -03:00
e9db852d6e
update generateAntora task to keep prerelease segment other than -SNAPSHOT in docs version
2022-11-01 08:13:43 -03:00
39f4fcd5f2
Add AuthenticationEntryPointFailureHandler Preparation Steps
...
Issue gh-9429
2022-10-31 16:33:25 -06:00
ac7f726a24
Add RunAsManager Preparation Steps
...
Closes gh-11337
2022-10-31 15:46:19 -06:00
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
86c9d5cfbe
Remove Stray Horizontal Rules
...
Issue gh-11337
2022-10-31 15:24:59 -06:00
4112adf6a0
Document Configure Default CsrfTOken BREACH Protection
...
Closes gh-12107
2022-10-28 15:57:25 -05:00
96d7c78b67
Polish Document Defer load CsrfToken
...
Issue gh-12105
2022-10-28 15:51:28 -05:00
d860775b45
Document Defer load CsrfToken
...
Closes gh-12105
2022-10-28 15:41:25 -05:00
4938c394e4
Move Opt-out Steps
...
Closes gh-12104
2022-10-28 13:52:02 -06:00
8da916fa1c
Add Request Security Preparation Steps
...
Issue gh-11337
2022-10-28 11:48:21 -06:00
e900ca3a86
Polish Method Security Preparation Steps
...
- Add instruction to declare 5.8 defaults
Issue gh-11337
2022-10-28 09:46:48 -06:00
b4974bbce9
Polish Message Security Preparation Steps
...
- Added step to declare the 5.8 default in case later preparation steps
cannot be taken yet
Issue gh-11337
2022-10-28 09:26:04 -06:00
31a1486b88
Add Message Security Preparation Steps
...
Issue gh-11337
2022-10-27 20:08:13 -06:00
5721b0351e
Polish RequestCache continue Kolin Configuration
...
Issue gh-12089
2022-10-27 15:13:50 -05:00
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
1dd13e69a4
Standardize Preparation Guide Layout
...
Closes gh-12096
2022-10-27 10:34:20 -06:00
2a95a24390
Add Link to 6.0 Migration Guide
...
Issue gh-12093
2022-10-26 16:15:36 -06:00
24cc7ff178
Document Saved Requests Migration
...
Closes gh-12089
2022-10-26 14:24:00 -05:00
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
f6731e89db
Polish Method Security Preparation Steps
2022-10-26 12:37:54 -06:00
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
e505bc3af4
Add Method Security Preparation Steps
2022-10-25 14:41:10 -06:00
cfb7c87dfd
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x
2022-10-17 15:00:40 -06:00
6b25307339
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x
2022-10-17 14:57:39 -06:00
89c815032c
Fix Index Out of Bounds
2022-10-17 14:52:03 -06:00
5a55987d6e
Add links to reference in What's New for 5.8
...
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
59c4538798
Update What's New
...
Closes gh-12021
2022-10-13 10:13:20 -06:00
ffbcaca24a
Update reference for PasswordEncoders
...
Issue gh-10506
2022-10-12 07:32:30 -04:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
f462134e87
Add reactive support for BREACH
...
Closes gh-11959
2022-10-07 16:34:17 -05:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
a5cc1f0b60
Merge branch '5.7.x' into 5.8.x
...
Closes gh-11956
2022-10-05 13:58:44 -05:00
37dd896d4b
Merge branch '5.6.x' into 5.7.x
...
Closes gh-11955
2022-10-05 13:57:25 -05:00
e0843aabb1
automatically manage docs version (with collector)
2022-10-05 13:56:22 -05:00
c1fcf275d9
Update What's New for 5.8
...
Issue gh-11952
2022-10-05 13:48:18 -05:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
bf59d7c374
Update What's New for 5.8
2022-10-03 10:05:25 -05:00
7b1158ddb7
Merge branch '5.7.x' into 5.8.x
2022-09-29 14:09:10 -05:00
70c61dc1dd
Merge branch '5.6.x' into 5.7.x
2022-09-29 14:08:17 -05:00
c44230ba24
switch to offical Antora plugin for Gradle
...
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
983ca6ea27
Update What's New for 5.8
2022-09-20 08:33:38 -03:00
9564f1b5e4
Next development version
2022-09-19 16:55:17 +00:00
dcbe900ff8
Release 5.8.0-M3
2022-09-19 15:24:11 +00:00
8f44f74d44
Update What's New for 5.8
2022-09-14 15:13:41 -05:00
70eea8dc67
Update What's New for 5.8
2022-09-14 14:58:48 -05:00
355ef21117
Polish gh-11665
2022-09-13 16:45:39 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
3387149a0f
repurpose 5.6.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:41:12 -05:00
3e42119f84
repurpose 5.7.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 15:37:13 -05:00
ab9ed26ad2
repurpose 5.8.x branch to provide local docs build
...
* remove unused workflows, scripts, and configuration (now handled by docs-build branch)
* upgrade Antora to 3.1 (and Node.js to 16)
* tune playbook settings
* reconfigure docs build for local build only
* add patch to support using linked worktree as Antora content source
* remove Antora extensions not needed for local builds
2022-09-12 14:40:56 -05:00
5ae492b1c1
Add What's New @WithMockUser Supported as Merged Annotation
2022-09-08 09:49:00 -05:00
86fbb8db07
Add new interfaces for CSRF request processing
...
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
ff6fd78d64
Merge branch '5.7.x' into 5.8.x
2022-09-01 09:39:10 -03:00
0a08a23423
Merge branch '5.6.x' into 5.7.x
2022-09-01 09:38:33 -03:00
8b74bf9742
Updated reference to architecture page
...
In the context of Servlet Authentication page, "Architecture" should probably link to "Servlet Authentication Architecture" page
2022-09-01 09:38:10 -03:00
Josh Cummings
Marcus Da Coregio
Steve Riesenberg
Rob Winch
Dan Allen
Eleftheria Stein-Kousathana
Sellami
heowc
Michael Schneider
Marc Becker
Rivaldi
Márk Kővári
Ger Roza
Joe Grandja
Daniel Garnier-Moiroux
github-actions[bot]
ch4mpy
Underground Hill