Spring Security
Go to file
Rob Winch 89f8310d6c Add Explicit SessionAuthenticationStrategy Option
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
2022-08-18 17:00:47 -05:00
.github Skip workflows on forks of spring-security 2022-07-28 15:07:02 -05:00
.idea Fix checkstyle rules could not be parsed 2020-11-23 14:33:18 -05:00
acl Use SecurityContextHolderStrategy for ACL 2022-06-28 08:05:15 -06:00
aspects Update aspectj-plugin to 6.3.0 2021-11-16 12:52:42 -06:00
bom fix bom 2021-05-17 22:29:45 -05:00
buildSrc GitHubMilestoneApiTests due_on Uses LocalDate 2022-08-15 13:01:58 -05:00
cas Add UsernamePasswordAuthenticationToken factory methods 2022-03-09 15:23:35 -07:00
config Add Explicit SessionAuthenticationStrategy Option 2022-08-18 17:00:47 -05:00
core Add remaining methods from ExpressionUrlAuthorizationConfigurer to AuthorizeHttpRequestsConfigurer 2022-07-14 12:48:39 -06:00
crypto Correct input validation for 31 rounds 2022-07-11 14:06:15 -06:00
data Use SecurityContextHolderStrategy for Data 2022-06-27 16:35:02 -06:00
dependencies Update spring-ldap-core to 2.4.1 2022-07-15 12:42:57 -05:00
docs Add Explicit SessionAuthenticationStrategy Option 2022-08-18 17:00:47 -05:00
etc Exclude JavadocPackageCheck from Spring Checks 2022-07-15 13:03:45 -05:00
gradle/wrapper Update to Gradle 7.3 2021-11-10 11:35:49 -03:00
itest Add UsernamePasswordAuthenticationToken factory methods 2022-03-09 15:23:35 -07:00
ldap Use SecurityContextHolderStrategy for Ldap 2022-06-27 15:55:27 -06:00
messaging Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager 2022-08-16 15:14:08 -06:00
oauth2 Refresh remote JWK when unknown KID error occurs 2022-08-18 16:48:42 -05:00
openid Add UsernamePasswordAuthenticationToken factory methods 2022-03-09 15:23:35 -07:00
remoting Add UsernamePasswordAuthenticationToken factory methods 2022-03-09 15:23:35 -07:00
rsocket Add UsernamePasswordAuthenticationToken factory methods 2022-03-09 15:23:35 -07:00
saml2/saml2-service-provider Move SAML Post inline javascript to script tag 2022-08-16 15:06:10 -06:00
scripts Exclude duplicate issues from changelog 2022-04-20 09:02:55 -03:00
taglibs Use SecurityContextHolderStrategy for Taglibs 2022-06-27 17:45:01 -06:00
test Add SecurityContextHolderStrategy Test Support 2022-06-27 13:02:11 -06:00
web Add CsrfFilter.csrfRequestAttributeName 2022-08-15 17:07:02 -05:00
.editorconfig Fixed link in .editorconfig 2021-10-13 15:36:10 -06:00
.gitattributes Install Structure101 Plugin 2021-09-27 14:56:03 -06:00
.gitignore Ignore Lock Files 2020-02-07 13:59:05 -06:00
.sdkmanrc Add .sdkmanrc 2022-02-18 13:48:05 -06:00
CONTRIBUTING.adoc master->main 2021-04-26 16:55:43 -05:00
LICENSE.txt Add LICENSE.txt 2020-04-15 16:44:13 -05:00
README.adoc Fix README local Maven install command 2021-07-07 12:01:57 +02:00
RELEASE.adoc Document sagan Release tasks require read:org scope 2022-06-21 14:47:46 -05:00
build.gradle Update aspectj-plugin to 6.5.0.3 2022-07-15 12:40:07 -05:00
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 2009-12-02 22:44:30 +00:00
gradle.properties Next development version 2022-08-15 16:14:19 +00:00
gradlew Update to Gradle 7.3 2021-11-10 11:35:49 -03:00
gradlew.bat Update to Gradle 6.6.1 2020-10-12 17:41:16 -06:00
local-antora-playbook.yml Add spring-security-docs-generated to local-antora-playbook.yml 2021-09-23 15:50:14 -05:00
notice.txt URL Cleanup 2019-03-19 23:53:23 -05:00
settings.gradle Bump up Gradle plugin dependencies 2022-01-18 13:40:58 +01:00

README.adoc

image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]

image:https://github.com/spring-projects/spring-security/workflows/CI/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-security/actions?query=workflow%3ACI"]

image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Gradle Enterprise", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"]

= Spring Security

Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].

== Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct]

== Downloading Artifacts
See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting[Getting Spring Security] for how to obtain Spring Security.

== Documentation
Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].

== Quick Start
See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-hello[Hello Spring Security] to get started with a "Hello, World" application.

== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK11 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk-11` folder extracted from the JDK download.

=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----

=== Install all spring-\* jars into your local Maven cache
[indent=0]
----
./gradlew publishToMavenLocal
----

=== Compile and test; build all jars, distribution zips, and docs
[indent=0]
----
./gradlew build
----

Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].

== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/services[Commercial support] is available too.

== Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[contributor guidelines] for details.

== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].