Commit Graph

1508 Commits

Author SHA1 Message Date
Josh Cummings f2ddeaface
Merge remote-tracking branch 'origin/5.8.x' 2022-10-17 15:01:30 -06:00
Josh Cummings cfb7c87dfd
Merge remote-tracking branch 'origin/5.7.x' into 5.8.x 2022-10-17 15:00:40 -06:00
Josh Cummings 6b25307339
Merge remote-tracking branch 'origin/5.6.x' into 5.7.x 2022-10-17 14:57:39 -06:00
Josh Cummings 89c815032c
Fix Index Out of Bounds 2022-10-17 14:52:03 -06:00
Josh Cummings 4ba8f8bfe0
Update What's New
Closes gh-12024
2022-10-13 20:08:31 -06:00
Josh Cummings f4cc27c375
Change Default for (Server)AuthenticationEntryPointFailureHandler
Closes gh-9429
2022-10-13 20:03:03 -06:00
Steve Riesenberg d6356415f9
Polish whats-new.adoc 2022-10-13 13:42:04 -05:00
Steve Riesenberg 74e0616451
Update What's New for 6.0 2022-10-13 13:42:04 -05:00
Steve Riesenberg 5a55987d6e
Add links to reference in What's New for 5.8
Issue gh-4001
Issue gh-11959
2022-10-13 12:52:01 -05:00
Josh Cummings 59c4538798
Update What's New
Closes gh-12021
2022-10-13 10:13:20 -06:00
Josh Cummings fe96a62dfc
Document Observability Support
Issue gh-10964
2022-10-12 20:32:25 -06:00
Joe Grandja bf1e622751 Update What's New in 6.0 for PasswordEncoders
Issue gh-11985
2022-10-12 08:27:46 -04:00
Joe Grandja 716aa6df5c Merge branch '5.8.x' 2022-10-12 07:43:26 -04:00
Joe Grandja ffbcaca24a Update reference for PasswordEncoders
Issue gh-10506
2022-10-12 07:32:30 -04:00
Marcus Da Coregio c5e35bf32e Merge branch '5.8.x'
Closes gh-11978
2022-10-10 09:24:50 -03:00
Marcus Da Coregio 4b6fed0667 Add static factory method to AntPathRequestMather and RegexRequestMatcher
Closes gh-11938
2022-10-10 09:24:15 -03:00
Daniel Garnier-Moiroux 27059ced87
Default X-Xss-Protection header value to "0"
Closes gh-9631
2022-10-07 17:42:55 -05:00
Steve Riesenberg 6753f9745e
Merge branch '5.8.x'
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
2022-10-07 17:29:07 -05:00
Steve Riesenberg f462134e87
Add reactive support for BREACH
Closes gh-11959
2022-10-07 16:34:17 -05:00
Marcus Da Coregio 398f5dee7f Remove deprecated RequestMatcher methods from Java Configuration
Closes gh-11939
2022-10-07 15:26:46 -03:00
Marcus Da Coregio 9fd195d419 Default to shouldFilterAllDispatcherTypes=true in XML
Closes gh-11970
2022-10-07 11:46:20 -03:00
Marcus Da Coregio 146d3269bc Merge branch '5.8.x'
Closes gh-11971
2022-10-07 10:28:14 -03:00
Marcus Da Coregio f3321c256c Add XML support for shouldFilterAllDispatcherTypes
Closes gh-11492
2022-10-07 10:20:32 -03:00
Josh Cummings 12b9f2e196
use-authorization-manager defaults to true
Closes gh-11929
2022-10-06 08:12:46 -06:00
Marcus Da Coregio c4d23f2b49 Use MvcRequestMatcher by default if Spring MVC is present
Closes gh-11899
2022-10-06 09:12:04 -03:00
Steve Riesenberg 8b490de08d
Merge branch '5.8.x'
# Conflicts:
#	docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
Steve Riesenberg dce1c30522
Add support for BREACH
Closes gh-4001
2022-10-05 14:21:13 -05:00
Rob Winch 22cbd2c42e Merge branch '5.8.x'
Closes gh-11957
2022-10-05 14:00:13 -05:00
Rob Winch a5cc1f0b60 Merge branch '5.7.x' into 5.8.x
Closes gh-11956
2022-10-05 13:58:44 -05:00
Rob Winch 37dd896d4b Merge branch '5.6.x' into 5.7.x
Closes gh-11955
2022-10-05 13:57:25 -05:00
Dan Allen e0843aabb1 automatically manage docs version (with collector) 2022-10-05 13:56:22 -05:00
Steve Riesenberg c1fcf275d9
Update What's New for 5.8
Issue gh-11952
2022-10-05 13:48:18 -05:00
Marcus Da Coregio 38a7bbd2eb Merge branch '5.8.x' 2022-10-05 13:20:12 -03:00
Marcus Da Coregio ace8caa182 Remove mvcMatchers usage from docs
Issue gh-11347
2022-10-05 13:19:37 -03:00
Marcus Da Coregio 35f7e46d05 Remove WebSecurityConfigurerAdapter
Closes gh-10902
2022-10-04 15:13:04 -03:00
Steve Riesenberg 5de6da890b
Merge branch '5.8.x'
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
Steve Riesenberg 475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler

Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
Steve Riesenberg 7c3cc1e386
Merge branch '5.8.x' 2022-10-03 14:29:51 -05:00
Daniel Garnier-Moiroux 0e215a21ad
Add X-Xss-Protection headerValue to XML config
Issue gh-9631
2022-10-03 14:29:34 -05:00
Marcus Da Coregio ad2abd39dc Merge branch '5.8.x'
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
Marcus Da Coregio 039e0328e1 Simplify Java Configuration RequestMatcher Usage
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
Daniel Garnier-Moiroux bf59d7c374
Update What's New for 5.8 2022-10-03 10:05:25 -05:00
Steve Riesenberg 43a1f8249c
Update What's New for 6.0 2022-09-29 15:57:48 -05:00
Steve Riesenberg 4d62621094
Merge branch '5.8.x' 2022-09-29 14:09:21 -05:00
Steve Riesenberg 7b1158ddb7
Merge branch '5.7.x' into 5.8.x 2022-09-29 14:09:10 -05:00
Steve Riesenberg 70c61dc1dd
Merge branch '5.6.x' into 5.7.x 2022-09-29 14:08:17 -05:00
Dan Allen c44230ba24
switch to offical Antora plugin for Gradle
- lock version to latest release of Antora 3.1
- rename properties on extension block
- use Node.js version provided by plugin
- remove package.json file
- assign environment variables using environments property on extension block
- use single quotes where possible in build script
- use default setting for log format
2022-09-29 14:05:09 -05:00
Steve Riesenberg 6c6aedf772
Update What's New for 6.0 2022-09-26 10:07:50 -05:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login()
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
2022-09-26 10:06:31 -05:00
Steve Riesenberg c0e784b16d
Update What's New for 6.0 2022-09-26 09:48:52 -05:00