Spring Security
Go to file
naveen f957e3c051
Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this
way, even if the attackers will succeed in compromising your workflow,
they won’t be able to do much.

- Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Closes gh-11367
2022-07-28 15:13:51 -05:00
.github Set permissions for GitHub actions 2022-07-28 15:13:51 -05:00
.idea Fix checkstyle rules could not be parsed 2020-11-23 14:33:18 -05:00
acl Fix typo in BasicLookupStrategy Javadoc 2022-06-06 14:16:28 -05:00
aspects Restore ManagementConfigurationPlugin 2021-10-05 11:23:29 -03:00
bom fix bom 2021-05-17 22:29:45 -05:00
buildSrc Fix Snapshot Sources/Javadoc 2022-07-26 16:26:31 -05:00
cas Exclude javax from cas-client-core 2022-01-19 15:32:12 -06:00
config Add Deprecated annotation to WebSecurity#securityInterceptor 2022-07-27 14:32:44 -03:00
core jsr250-api -> jakarta.annotation-api 2022-01-19 15:32:12 -06:00
crypto Correct input validation for 31 rounds 2022-07-11 14:51:51 -06:00
data Some Security Expressions cause NPE when used within Query annotation 2022-05-26 17:44:28 -05:00
dependencies Update spring-ldap-core to 2.3.8.RELEASE 2022-06-20 14:41:13 -04:00
docs "Well-Know" should be "Well-Known" 2022-07-26 15:45:27 -05:00
etc Move Saml2AuthnRequestRepository to web package 2021-09-29 14:10:39 -03:00
gradle/wrapper Update to Gradle 7.3 2021-11-10 11:35:49 -03:00
itest javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 2022-01-19 15:32:12 -06:00
ldap Remove jcl-over-slf4j 2022-01-19 15:32:01 -06:00
messaging javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 2022-01-19 15:32:12 -06:00
oauth2 Encode postLogoutRedirectUri query params 2022-06-16 16:13:42 -06:00
openid javax.servlet:javax.servlet-api -> jakarta.servlet:jakarta.servlet-api 2022-01-19 15:32:12 -06:00
remoting Deprecate remoting technologies support 2021-10-12 14:59:37 -03:00
rsocket Fixed various broken links in Javadocs 2021-10-21 11:47:04 +02:00
saml2/saml2-service-provider Merge Same-named Attribute Elements 2022-07-20 18:43:25 -06:00
scripts Exclude duplicate issues from changelog 2022-04-20 09:07:16 -03:00
taglibs javax.servlet.jsp-api -> jakarta.servlet.jsp-api 2022-01-19 15:32:12 -06:00
test Replace StringUtils class completely 2022-02-10 17:50:07 +01:00
web Reverse content type check 2022-06-06 15:47:35 -05:00
.editorconfig Fixed link in .editorconfig 2021-10-13 15:36:10 -06:00
.gitattributes Install Structure101 Plugin 2021-09-27 14:56:03 -06:00
.gitignore Ignore Lock Files 2020-02-07 13:59:05 -06:00
.sdkmanrc Add .sdkmanrc 2022-02-18 13:48:26 -06:00
CONTRIBUTING.adoc master->main 2021-04-26 16:55:43 -05:00
LICENSE.txt Add LICENSE.txt 2020-04-15 16:44:13 -05:00
README.adoc Fix README local Maven install command 2021-07-07 12:01:57 +02:00
RELEASE.adoc Document sagan Release tasks require read:org scope 2022-06-21 14:49:38 -05:00
build.gradle Backport release automation and github actions 2022-07-13 15:51:25 -05:00
class_mapping_from_2.0.x.txt
gradle.properties Next Development Version 2022-06-20 15:05:30 -04:00
gradlew Update to Gradle 7.3 2021-11-10 11:35:49 -03:00
gradlew.bat Update to Gradle 6.6.1 2020-10-12 17:41:16 -06:00
local-antora-playbook.yml Add spring-security-docs-generated to local-antora-playbook.yml 2021-09-23 15:50:14 -05:00
notice.txt URL Cleanup 2019-03-19 23:53:23 -05:00
settings.gradle Fix Gradle Deprecation Warnings 2021-11-22 09:38:44 -03:00

README.adoc

image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]

image:https://github.com/spring-projects/spring-security/workflows/CI/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-security/actions?query=workflow%3ACI"]

image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Gradle Enterprise", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"]

= Spring Security

Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as
a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects].

== Code of Conduct
Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct]

== Downloading Artifacts
See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting[Getting Spring Security] for how to obtain Spring Security.

== Documentation
Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference].
Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation].

== Quick Start
See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-hello[Hello Spring Security] to get started with a "Hello, World" application.

== Building from Source
Spring Security uses a https://gradle.org[Gradle]-based build system.
In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.

=== Prerequisites
https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK11 build].

Be sure that your `JAVA_HOME` environment variable points to the `jdk-11` folder extracted from the JDK download.

=== Check out sources
[indent=0]
----
git clone git@github.com:spring-projects/spring-security.git
----

=== Install all spring-\* jars into your local Maven cache
[indent=0]
----
./gradlew publishToMavenLocal
----

=== Compile and test; build all jars, distribution zips, and docs
[indent=0]
----
./gradlew build
----

Discover more commands with `./gradlew tasks`.
See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ].

== Getting Support
Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow].
https://spring.io/services[Commercial support] is available too.

== Contributing
https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[contributor guidelines] for details.

== License
Spring Security is Open Source software released under the
https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].