spring-security

Commit Graph

Author	SHA1	Message	Date
Josh Cummings	9b724377ce	Rework Saml2 Authentication Statement CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Has been cancelled Details This commit separates the authentication principal, the assertion details, and the relying party tenant into separate components. This allows the principal to be completely decoupled from how Spring Security triggers and processes SLO. Specifically, it adds Saml2AssertionAuthentication, a new authentication implementation that allows an Object principal and a Saml2ResponseAssertionAccessor credential. It also moves the relying party registration id from Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication. As such, Saml2AuthenticatedPrincipal is now deprecated in favor of placing its assertion components in Saml2ResponseAssertionAccessor and the relying party registration id in Saml2AssertionAuthentication. Closes gh-10820	2025-06-10 17:21:03 -06:00
Josh Cummings	aa3135169d	Polish Documentation CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Closes gh-14635	2025-06-09 16:49:36 -06:00
Josh Cummings	eaab42a73c	Polish BearerTokenAuthenticationConverter Support CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details - Moved to BearerTokenAuthenticationFilter constructor to align with AuthenticationFilter - Undeprecated BearerTokenResolver to reduce number of migration scenarios - Updated to 7.0 schema - Added migration docs Issue gh-14750	2025-06-04 18:17:17 -06:00
Josh Cummings	492444c588	Update shouldConvertGetRequests Migration Steps CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Issue gh-17099	2025-06-03 13:12:38 -06:00
Josh Cummings	4ed131f6ab	Add shouldConvertGetRequests Migration Steps Issue gh-17099	2025-06-03 13:10:45 -06:00
Josh Cummings	6d3b54df21	Change Type Validation Default CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details NimbusJwtDecoder and NimbusReactiveJwtDecoder now use Spring Security's JwtTypeValidator by default instead of Nimbus's type validator. Closes gh-17181	2025-05-28 16:11:13 -06:00
Josh Cummings	37a814bc29	Add 7.0 -> 8.0 Migration Guide Closes gh-17182	2025-05-28 16:11:12 -06:00
Josh Cummings	f280593566	Move Preparation Steps Closes gh-16873	2025-04-03 11:08:24 -06:00
Josh Cummings	09b75719c2	Merge branch '6.4.x'	2025-04-03 11:08:11 -06:00
Josh Cummings	616b43f261	Restore 6.x Migration Steps Issue gh-16873	2025-04-03 11:05:53 -06:00
Tran Ngoc Nhan	3be8e92187	Fix typo Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-03-27 16:40:35 -06:00
Josh Cummings	99345537d6	Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter Issue gh-16417	2025-03-26 16:38:39 -06:00
Josh Cummings	91ee5e7f2b	Add RequestMatcher Migration Path for CAS Issue gh-16417	2025-03-26 16:38:38 -06:00
Josh Cummings	15d9c13984	Add RequestMatcher MigrationPath for SwitchUserFilter To simplify migration, the filter's setter methods still use AntPathRequestMatcher. Users can call the equivalent RequestMatcher setter methods to opt-in to the change early. Issue gh-16417	2025-03-26 16:38:38 -06:00
Josh Cummings	ff52e05b24	Favor PathPatternRequestMatcher in XML Configuration Update BeanDefinitionParsers to use PathPatternRequestMatcher conditionally on the presence of a PathPatternRequestMatcher.Builder bean Closes gh-16828	2025-03-26 13:40:04 -06:00
Josh Cummings	0091cf697c	Add RedirectToHttps Migration Doc CI / Build (17, ubuntu-latest) (push) Waiting to run Details CI / Build (17, windows-latest) (push) Waiting to run Details CI / Test Against Snapshots (17, 17) (push) Waiting to run Details CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details CI / Check Samples (push) Waiting to run Details CI / Deploy Artifacts (push) Blocked by required conditions Details CI / Deploy Docs (push) Blocked by required conditions Details CI / Deploy Schema (push) Blocked by required conditions Details CI / Perform Release (push) Blocked by required conditions Details CI / Send Notification (push) Blocked by required conditions Details Deploy Docs / build (push) Waiting to run Details Issue gh-16775 Issue gh-16678	2025-03-19 15:27:09 -06:00
Josh Cummings	ab43a660b9	Add RFC 9068 Support Closes gh-13185	2025-02-27 12:40:01 -07:00
Josh Cummings	7d301f87d6	Add Opt-in PathPattern Strategy Closes gh-16573	2025-02-21 13:40:24 -07:00
Josh Cummings	aea7f333f7	Document OpaqueTokenIntrospector Migration Issue gh-15988	2025-01-16 20:41:56 -07:00
Marcus Da Coregio	5ceea9e2aa	Include information about -parameters flag in 6.2 upgrade notes Closes gh-13552	2023-07-19 11:07:34 -03:00
Marcus Da Coregio	4c77a550ae	Change to Migrating to 6.2 Issue gh-13552	2023-07-19 10:30:23 -03:00
Rob Winch	8407c9ebee	Merge branch '6.0.x' Closes gh-13407	2023-06-18 21:41:16 -05:00
Rob Winch	f66a5bab99	Merge branch '5.8.x' into 6.0.x Closes gh-13406	2023-06-18 21:33:58 -05:00
Rob Winch	7da99acca7	Merge branch '5.7.x' into 5.8.x Closes gh-13405	2023-06-18 21:32:35 -05:00
Rob Winch	312b758b3a	Merge branch '5.7.x' into 5.8.x Closes gh-13292	2023-06-08 17:14:34 -05:00
Josh Cummings	9d19435eb0	Merge branch '6.0.x'	2023-06-05 13:08:47 -06:00
delver	2629fb2061	Fix Kotlin typo	2023-06-05 13:08:17 -06:00
delver	77c337bac4	Fix invalid link	2023-06-05 13:08:17 -06:00
Marcus Da Coregio	5c88b95af5	Mention that authorizeHttpRequests does not support GrantedAuthorityDefaults Closes gh-13227	2023-05-25 09:51:36 -03:00
Josh Cummings	68b052218a	Add @EnableTransactionManagement Details Closes gh-13152	2023-05-24 10:10:00 -06:00
daisuzz	734dc98e50	Fix typo in authorization.adoc	2023-05-18 09:59:23 -06:00
Steve Riesenberg	491041dc60	Merge branch '6.0.x'	2023-05-12 15:44:33 -05:00
Steve Riesenberg	e234f85b2f	Fix hard-coded link in remote build Issue gh-13156	2023-05-12 15:43:14 -05:00
Steve Riesenberg	0c3bafb505	Fix hard-coded link in remote build Issue gh-12675	2023-05-12 15:41:51 -05:00
Steve Riesenberg	e96a5e9bd1	Merge branch '6.0.x' Closes gh-13157	2023-05-12 13:54:56 -05:00
Steve Riesenberg	72d86f1cbc	Update links to 5.8 migration guide Closes gh-13156	2023-05-12 13:46:54 -05:00
Steve Riesenberg	6a42d5c17b	Update link to 6.0 migration guide Closes gh-12675	2023-05-12 13:43:02 -05:00
Josh Cummings	e5fcf1ebcf	Revisit Request and Method Security Docs Issue gh-13088	2023-05-01 14:09:22 -06:00
Josh Cummings	9244989b2e	Fix allOf/anyOf Abstain Logic Closes gh-13069	2023-04-24 15:36:17 -06:00
Brummolix	a513fc0f38	Fix SecurityWebApplicationInitializer.getSecurityDispatcherTypes example in doc #12939	2023-03-30 09:38:17 -03:00
Marcus Da Coregio	b4b4cd0ffa	Merge branch '5.8.x' into 6.0.x Closes gh-12941	2023-03-28 15:23:21 -03:00
Marcus Da Coregio	eb58655fa9	Improve Docs by mentioning that Empty SecurityContext should be saved Closes gh-12906	2023-03-28 15:21:30 -03:00
Josh Cummings	35cf52d3bd	Add DefaultMethodSecurityExpressionHandler Closes gh-12356	2023-02-21 16:58:08 -07:00
Josh Cummings	6bf11181ef	Adjust AfterInvocationManager Migration Docs The original documentation only addresses the post-authorize case. Some implementations want also to modify the return type. Issue gh-12620	2023-02-21 15:07:17 -07:00
Steve Riesenberg	2876605324	Polish migration doc Issue gh-12675	2023-02-15 17:18:09 -06:00
Steve Riesenberg	bf2951b5af	Add sections for migrating exploit protection in 6.0 Issue gh-12462	2023-02-15 17:18:09 -06:00
Steve Riesenberg	ca1961d35e	Link to the latest 6.0.x release Issue gh-12675	2023-02-15 17:01:28 -06:00
Steve Riesenberg	821db0a1ea	Polish migration doc Issue gh-12675	2023-02-15 17:00:49 -06:00
Tao Sun	6f5c633241	Fix typo in Authentication Migrations page	2023-02-15 15:14:09 -07:00
Steve Riesenberg	45b81b194b	Expand migration docs regarding CSRF Closes gh-12462	2023-02-15 14:53:28 -06:00

1 2

73 Commits