root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity
19,632 Commits 40 Branches 359 Tags 131 MiB
Commit Graph

2673 Commits

Author SHA1 Message Date
Rob Winch 78701f94ee
Document RequiredFactor Valid Duration
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Has been cancelled Details 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch 702878acae
Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch d18431a78d
Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Rob Winch e290c98e97
Document Multi-Factor Simple to Complex 
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
 2025-10-10 16:23:38 -05:00
dependabot[bot] d5c5bb234c Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:01:08 -05:00
Rob Winch 2473378fcd
Use RequiredFactorErrors 
Closes gh-18002
 2025-10-03 15:20:03 -05:00
Rohan Naik 8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja 681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Rob Winch 7f10897de3
SecurityMockMvcResultMatchers.withAuthorities(String...)
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Closes gh-17974
 2025-09-30 10:39:14 -05:00
Rob Winch 667cd4aa7c
Remove unnecessary throws Exception from spring-security-config 
Closes gh-17957
 2025-09-25 11:50:13 -05:00
Josh Cummings ad6fe4fdc3
Polish MFA Samples 
This commit removes unneeded AuthorizationManagerFactory
implementations, simplifies the custom AuthorizationManagerFactory
example, and updates usage of hasAllAuthorities.

Issue gh-17934
 2025-09-24 17:54:59 -06:00
Rob Winch f652920bb3
Add @EnableGlobalMultiFactorAuthentication 
Closes gh-17954
 2025-09-24 14:47:26 -05:00
Rob Winch e33e4d80a9
Fix Antora Warnings in servlet/authentication/adaptive.adoc 
Issue gh-2603
 2025-09-24 13:05:50 -05:00
Rob Winch b2d76dfe66
Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings bbba2930e9
Add Initial Documentation 
Issue gh-17934
 2025-09-23 18:16:36 -06:00
Rob Winch 4ef16b14d2
Update terminology to HTTP Service Clients 
Closes gh-17947
 2025-09-22 10:09:04 -05:00
Josh Cummings 765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings 1e1cb0097a
Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Rob Winch 9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
Rob Winch 675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
Rob Winch bb6b8ae3f3
Add AllAuthoritiesReactiveAuthorizationManager 
Issue gh-17916
 2025-09-16 16:31:55 -05:00
Rob Winch 5ca18a3b9c
Add password4j implementation of PasswordEncoder 2025-09-15 11:28:39 -05:00
Rob Winch d0372efadd
Use include-code for password4j docs 
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.

Issue gh-17706
 2025-09-15 11:03:44 -05:00
Rob Winch 9f839384e9
Use non-redundant ids in password4j docs 
Documentation ids no longer need to be globally unique, so they
do not need to include the path. This makes the ids less verbose and
integrates with include-code extension better.

Issue gh-17706
 2025-09-15 11:00:51 -05:00
Rob Winch 11bec09ffc
Escape attribute failures in Password4j docs 
Issue gh-17706
 2025-09-15 10:57:19 -05:00
Rob Winch c18aff7f5f
Password4j docs 1 sentence per line 
The Antora documentation convention is to use a single sentence per line
as this helps with diffing and merging changes.

Issue gh-17706
 2025-09-15 09:22:08 -05:00
dependabot[bot] 1a99ab5bdf Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-15 08:58:06 -05:00
M.Bozorgmehr b2d4c52c53 Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
Rob Winch a0fe04c4aa Document @ClientRegistrationId on types 
Issue gh-17806
 2025-09-12 16:19:27 -05:00
Bernard Budano 02a948da81 Address reviewer requested changes 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Joe Grandja 7ef25cc101 Add HttpSecurity.oauth2AuthorizationServer() 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja e99ea033c5 Integrate Spring Authorization Server ref docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Joe Grandja 93742a4db3 Manual move of spring-projects/spring-authorization-server docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Rob Winch cf0ade86fe
Update Kerberos Sample Copyright 
Issue gh-17879
 2025-09-12 15:12:47 -05:00
Rob Winch 1b263cfafb
Fix Keberos Docs http:// 
Issue gh-17879
 2025-09-12 14:39:46 -05:00
Rob Winch f5fb127c8c
Add Spring Security Kerberos 
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
 2025-09-12 14:25:20 -05:00
Josh Cummings b87d63cb71
Document spring-security-access 
Closes gh-17847
 2025-09-12 10:32:39 -06:00
Yanming Zhou 5ec7ae6b74 Remove redundant code in document 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-09-10 18:14:37 -06:00
Josh Cummings b09afb34cc Document Authentication.Builder 
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
 2025-09-09 14:59:14 -06:00
Steve Riesenberg eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Josh Cummings 0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings 9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings 8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Rob Winch d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch 9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch 0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch 0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00
Joe Kuhel d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Rob Winch f82fe9c8c6
Remove stray modular from the documentation 
Issue gh-16258
 2025-08-20 12:24:33 -05:00