2697 Commits

Author	SHA1	Message	Date
dependabot[bot]	1a99ab5bdf	Bump @antora/atlas-extension in /docs ... --- updated-dependencies: - dependency-name: "@antora/atlas-extension" dependency-version: 1.0.0-alpha.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-15 08:58:06 -05:00
M.Bozorgmehr	b2d4c52c53	Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing ... Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	2025-09-13 09:27:41 +03:30
Rob Winch	a0fe04c4aa	Document @ClientRegistrationId on types ... Issue gh-17806	2025-09-12 16:19:27 -05:00
Bernard Budano	02a948da81	Address reviewer requested changes ... Closes gh-17806 Signed-off-by: Bernard Budano <bbudano@gmail.com>	2025-09-12 16:19:27 -05:00
Joe Grandja	7ef25cc101	Add HttpSecurity.oauth2AuthorizationServer() ... Issue gh-17880	2025-09-12 16:20:44 -04:00
Joe Grandja	e99ea033c5	Integrate Spring Authorization Server ref docs ... Issue gh-17880	2025-09-12 16:20:40 -04:00
Joe Grandja	93742a4db3	Manual move of spring-projects/spring-authorization-server docs ... Issue gh-17880	2025-09-12 16:20:40 -04:00
Rob Winch	cf0ade86fe	Update Kerberos Sample Copyright ... Issue gh-17879	2025-09-12 15:12:47 -05:00
Rob Winch	1b263cfafb	Fix Keberos Docs http:// ... Issue gh-17879	2025-09-12 14:39:46 -05:00
Rob Winch	f5fb127c8c	Add Spring Security Kerberos ... Move the Spring Security Kerberos Extension into Spring Security Closes gh-17879	2025-09-12 14:25:20 -05:00
Josh Cummings	b87d63cb71	Document spring-security-access ... Closes gh-17847	2025-09-12 10:32:39 -06:00
Yanming Zhou	5ec7ae6b74	Remove redundant code in document ... Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	2025-09-10 18:14:37 -06:00
Josh Cummings	b09afb34cc	Document Authentication.Builder ... The commit documents the new Authentication Builder interface and its usage in the security filter chain. Closes gh-17861 Closes gh-17862	2025-09-09 14:59:14 -06:00
Steve Riesenberg	eeb4574bb3	Add AuthorizationManagerFactory ... Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>	2025-09-09 15:36:49 -05:00
Josh Cummings	0e39685b9c	Merge branch '6.5.x'	2025-08-22 12:40:41 -06:00
Josh Cummings	9d64880ea9	Merge branch '6.4.x' into 6.5.x	2025-08-22 12:40:12 -06:00
Josh Cummings	8b2a453301	Advise Favoring PostAuthorize on Reads ... Closes gh-17797	2025-08-22 12:39:51 -06:00
Rob Winch	d9210c6596	Fix Nullability	2025-08-21 13:41:02 -05:00
Rob Winch	9bbf837c7c	Merge branch '6.5.x'	2025-08-21 12:44:42 -05:00
Rob Winch	0404996f87	import Assertions.assertThat ... This adds a static import for assertThat in the Kotlin docs code	2025-08-21 12:35:13 -05:00
Rob Winch	0f63d98c84	Use @EnableMethodSecurity in docs tests ... Previously parameters were passed in unnecessarily. This removes the unnecessary paramaters.	2025-08-21 12:35:13 -05:00
Rob Winch	fbfbb1e571	Use 2004-present for Copyright ... Spring Security migrated the copyright to use -present to simplify the headers. This commit aligns the header.	2025-08-21 12:35:13 -05:00
Joe Kuhel	d002e68231	Update servlet test method docs to use include-code ... References gh-16226 Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>	2025-08-21 12:35:13 -05:00
Rob Winch	f82fe9c8c6	Remove stray modular from the documentation ... Issue gh-16258	2025-08-20 12:24:33 -05:00
Rob Winch	a8f045eb50	Add Modular Spring Security Configuration ... Closes gh-16258	2025-08-20 12:16:08 -05:00
Tran Ngoc Nhan	ef5c703010	Remove unused import ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-19 22:05:25 -05:00
Josh Cummings	4da98dde2b	Update What's New ... Issue gh-17707	2025-08-18 15:31:03 -06:00
dependabot[bot]	39301574fa	Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs ... Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.9. - [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc) - [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.9) --- updated-dependencies: - dependency-name: antora dependency-version: 3.2.0-alpha.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-15 13:33:47 -05:00
dependabot[bot]	4ae782cdd6	Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs ... --- updated-dependencies: - dependency-name: "@antora/collector-extension" dependency-version: 1.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-15 13:33:26 -05:00
Josh Cummings	d3b143dab6	Move SAML 2.0 Migration Step ... Issue gh-17099	2025-08-14 18:03:44 -06:00
Josh Cummings	60c42e3f24	Update SAML 2.0 Documentation to use OpenSAML 5 ... Closes gh-17707	2025-08-14 18:01:34 -06:00
Josh Cummings	5506c487de	Remove OpenSaml4 Components ... Issue gh-17707	2025-08-14 18:01:02 -06:00
Tran Ngoc Nhan	dfc8be0d48	Fix typo ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-04 09:40:20 -06:00
Tran Ngoc Nhan	371bee685f	Polish `User#withDefaultPasswordEncoder` ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-04 09:40:20 -06:00
Marcin Lewandowski	f61a8deccc	Update index.adoc ... Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>	2025-07-31 11:09:06 -06:00
Josh Cummings	1af665d6c8	Merge branch '6.5.x'	2025-07-31 10:21:50 -06:00
Josh Cummings	c966139338	Merge branch '6.4.x' into 6.5.x	2025-07-31 10:21:36 -06:00
Josh Cummings	a411fb7b8d	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-31 10:21:26 -06:00
Michał Sobkiewicz	c963f4250e	Update Angular documentation links in csrf.adoc ... Replaced `angular.io` links with their corresponding `angular.dev` URLs. This change ensures that users referencing CSRF documentation are directed to the most current Angular resources. Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>	2025-07-31 10:21:06 -06:00
dependabot[bot]	99f689eb52	Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs ... Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.6 to 1.14.7. - [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc) - [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-30 11:50:42 -06:00
dependabot[bot]	de14fb8f77	Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs ... Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.6 to 1.14.7. - [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc) - [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-30 11:50:19 -06:00
Rob Winch	f6cb0bd610	Merge Use 2004-present Copyright Header ... The original merge into main did not apply the changes. This fixes it. Closes gh-17635	2025-07-29 10:52:42 -05:00
Josh Cummings	4775fe41db	Merge branch '6.5.x'	2025-07-29 09:28:20 -06:00
Josh Cummings	a9fcec8b46	Merge branch '6.4.x' into 6.5.x	2025-07-29 09:27:47 -06:00
Josh Cummings	452d311a9b	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-29 09:27:23 -06:00
Bernie Schelberg	edcb3b024e	Update Shibboleth repository URL ... Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>	2025-07-29 09:26:42 -06:00
Rob Winch	2fdca16c1a	Merge branch '6.4.x' into 6.5.x ... Closes gh-17634	2025-07-29 09:47:52 -05:00
Josh Cummings	fca30e3d25	Update What's New in Spring Security 7 ... Closes gh-17582	2025-07-21 15:00:47 -06:00
dependabot[bot]	66ddfb43a0	Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs ... --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-18 09:15:29 -05:00
dependabot[bot]	759736672d	Bump @springio/antora-extensions from 1.14.4 to 1.14.6 in /docs ... Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.4 to 1.14.6. - [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc) - [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.4...v1.14.6) --- updated-dependencies: - dependency-name: "@springio/antora-extensions" dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-14 01:05:46 +00:00
Josh Cummings	0c42b61cc1	Restore legacy-websocket-configuration Link ... In this way, links to this section will still arrive at something helpful. Issue gh-17295	2025-07-10 15:03:10 -06:00
Josh Cummings	7960d2803d	Add Migration Steps for PathMatcher Usage ... Issue gh-17509	2025-07-10 14:53:39 -06:00
Josh Cummings	4b15b2b94e	Add Migration Steps for Messaging ... Closes gh-17509	2025-07-10 13:19:42 -06:00
Josh Cummings	2c87270dbc	Use authorizeHttpRequests ... Issue gh-15174	2025-07-09 17:33:11 -06:00
Josh Cummings	dadf10899c	Add WebExpressionAuthorizationManager.Builder ... Closes gh-17504	2025-07-09 17:33:10 -06:00
Josh Cummings	c312d18191	Add Publishing Predicate ... Closes gh-17503	2025-07-09 17:33:10 -06:00
Josh Cummings	901b386ca6	Merge branch '6.5.x'	2025-07-09 14:11:14 -06:00
Josh Cummings	9209a33678	Remove References to Deprecated OpenSaml Components ... Issue gh-11658	2025-07-09 14:10:33 -06:00
Rob Winch	e48fdd5ed4	Use UserWebTestClientConfigurer ... Closes gh-17496	2025-07-07 15:15:51 -05:00
Rob Winch	dbb3b7e1f5	Remove Unused import	2025-07-07 15:15:51 -05:00
Rob Winch	bfa2a3613c	Fix frameworkVersion ... Should not strip -SNAPSHOT	2025-07-07 15:15:51 -05:00
Josh Cummings	02d69ec864	Keep EnableWebMvcSecurity Link ... So that links across the Internet that are pointed at #mvc-enablewebmvcsecurity still arrive at a relevant place, this commit re-adds the mvc-enablewebmvcsecurity link, even though @EnableWebMvcSecurity itself is now removed. Issue gh-17294	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	a439bc65d6	Remove EnableWebMvcSecurity ... Closes gh-17294 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	242956a63c	Remove deprecated elements from DaoAuthenticationProvider ... Closes gh-17298 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan	9312fb7004	Remove Deprecated AuthorizationDecision Elements ... Closes gh-17299 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 14:32:49 -06:00
Josh Cummings	ce107795d8	Fix Broken JavaDoc Link ... Issue gh-16886	2025-07-03 14:14:00 -06:00
Josh Cummings	b71a66bdaa	Use PathPatternRequestMatcher in docs ... Issue gh-16886 Issue gh-16887	2025-07-03 13:37:50 -06:00
Joe Grandja	e869bcdfa3	Remove deprecated implementations of OAuth2AccessTokenResponseClient ... Closes gh-16909	2025-07-03 14:23:23 -04:00
Joe Grandja	cfe38957d7	Remove Resource Owner Password Credentials grant ... Closes gh-17446	2025-07-03 14:23:23 -04:00
Konstantin Filtschew	e4a2ac27d6	Fixed link to CSRF checks	2025-06-27 14:18:01 -05:00
Rob Winch	00ead7f24d	Update to Kotlin 2.2	2025-06-26 17:29:12 -05:00
Tran Ngoc Nhan	e686ac6b11	Remove AbstractSecurityWebSocketMessageBrokerConfigurer ... Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-24 12:56:05 -06:00
Josh Cummings	a4c338f8a5	Format authorizeExchange Blocks ... This commit formats authorizeExchange blocks to use a common variable name and ensure the variable and reference are on the same line. Issue gh-13067	2025-06-20 10:46:52 -06:00
Josh Cummings	777447e1d9	Format authorizeHttpRequests Blocks ... This commit formats authorizeHttpRequests blocks to use the same parameter name and places the reference on the same line as the parameter. Issue gh-13067	2025-06-20 10:46:51 -06:00
Josh Cummings	c43afbf5e1	Format Lambda Expressions ... This commit updats lambda expressions so that their variable is surrounded in parentheses. Issue gh-13067	2025-06-20 10:41:29 -06:00
Josh Cummings	6ddb964c61	Remove ApacheDS Support ... Closes gh-13852	2025-06-19 11:55:34 -06:00
Rob Winch	b2325e4176	Add OAuth Support for HTTP Interface Client ... Closes gh-16858	2025-06-17 09:53:51 -05:00
Rob Winch	040ffe17e5	Add SubjectX500PrincipalExtractor to Whats New ... Issue gh-16984	2025-06-12 12:19:37 -05:00
Rob Winch	e3add59550	Update x509 Reference ... - Use include-code - Demo how to customize SubjectX500PrincipalExtractor	2025-06-12 12:09:20 -05:00
Rob Winch	7bf2730a53	Add x509@principal-extractor-ref ... Enables customizing the X500PrincipalExtractor	2025-06-12 12:09:20 -05:00
Rob Winch	88ed4a5ccf	Use principalExtractor reference instead of properties	2025-06-12 12:09:20 -05:00
Max Batischev	aba437d469	Add Support SubjectX500PrincipalExtractor ... Closes gh-16980 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-12 12:09:20 -05:00
Josh Cummings	9b724377ce	Rework Saml2 Authentication Statement ... This commit separates the authentication principal, the assertion details, and the relying party tenant into separate components. This allows the principal to be completely decoupled from how Spring Security triggers and processes SLO. Specifically, it adds Saml2AssertionAuthentication, a new authentication implementation that allows an Object principal and a Saml2ResponseAssertionAccessor credential. It also moves the relying party registration id from Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication. As such, Saml2AuthenticatedPrincipal is now deprecated in favor of placing its assertion components in Saml2ResponseAssertionAccessor and the relying party registration id in Saml2AssertionAuthentication. Closes gh-10820	2025-06-10 17:21:03 -06:00
Lidoca	d0db5e3ea3	Update database-schema.adoc ... docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>	2025-06-09 22:17:57 -05:00
Josh Cummings	aa3135169d	Polish Documentation ... Closes gh-14635	2025-06-09 16:49:36 -06:00
Josh Cummings	eaab42a73c	Polish BearerTokenAuthenticationConverter Support ... - Moved to BearerTokenAuthenticationFilter constructor to align with AuthenticationFilter - Undeprecated BearerTokenResolver to reduce number of migration scenarios - Updated to 7.0 schema - Added migration docs Issue gh-14750	2025-06-04 18:17:17 -06:00
Max Batischev	4967f3feee	Add Support BearerTokenAuthenticationConverter ... Closes gh-14750 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-04 18:17:17 -06:00
Josh Cummings	492444c588	Update shouldConvertGetRequests Migration Steps ... Issue gh-17099	2025-06-03 13:12:38 -06:00
Josh Cummings	4ed131f6ab	Add shouldConvertGetRequests Migration Steps ... Issue gh-17099	2025-06-03 13:10:45 -06:00
Josh Cummings	6d3b54df21	Change Type Validation Default ... NimbusJwtDecoder and NimbusReactiveJwtDecoder now use Spring Security's JwtTypeValidator by default instead of Nimbus's type validator. Closes gh-17181	2025-05-28 16:11:13 -06:00
Josh Cummings	37a814bc29	Add 7.0 -> 8.0 Migration Guide ... Closes gh-17182	2025-05-28 16:11:12 -06:00
Felix Hagemans	1a4de49977	Create CsrfCustomizer for SPA configuration ... Closes gh-14149 Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>	2025-05-27 11:44:33 -06:00
Rob Winch	cd27290260	Merge branch '6.5.x' ... Closes gh-17163	2025-05-22 15:01:27 -05:00
Rob Winch	e686621e92	Merge branch '6.5.x' ... Closes gh-17162	2025-05-22 15:01:13 -05:00
Rob Winch	6eee256e12	Demonstrate include-code usage ... Closes gh-17161	2025-05-22 14:59:35 -05:00
Rob Winch	0fecaf4924	Add include-code extension setup for docs ... Closes gh-17160	2025-05-22 14:59:35 -05:00
Josh Cummings	45e81c2d0a	Merge branch '6.5.x'	2025-05-21 14:44:23 -06:00
Josh Cummings	7d49c41e03	Merge branch '6.4.x' into 6.5.x	2025-05-21 14:44:03 -06:00
Josh Cummings	fbfb28456a	Merge branch '6.3.x' into 6.4.x	2025-05-21 14:43:44 -06:00
Gurunathan	a4cd6f4278	Advise Overriding equals() and hashCode() in UserDetails Implementations ... This commit adds a documentation note explaining the importance of overriding equals() and hashCode() in custom UserDetails implementations. The default SessionRegistryImpl in Spring Security uses an in-memory ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to associate principals with sessions. If a custom UserDetails class does not properly override equals() and hashCode(), user sessions may not be tracked or matched correctly. I believe this helps developers avoid subtle session management issues when implementing custom authentication logic. Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>	2025-05-21 12:41:44 -06:00