root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
17,375 Commits 38 Branches 345 Tags 114 MiB
Commit Graph

1083 Commits

Author SHA1 Message Date
Steve Riesenberg ea5bc28773
Polish OAuth2 docs 2024-10-28 16:06:50 -05:00
Steve Riesenberg d5cb41156c
Update reactive OAuth2 docs 
Issue gh-15938
 2024-10-28 16:06:48 -05:00
Josh Cummings a36756929b
Polish Filter Chain Documentation 
Closes gh-15893
 2024-10-24 17:09:21 -06:00
ImHyuk 4ac092c803 Update logout.adoc: Fix Customizing Logout Success Example 2024-10-23 10:16:09 -07:00
Rob Winch fc5719d8d6 Merge branch '6.3.x' 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 12:11:42 -05:00
Rob Winch 1528c421bd Merge branch '6.2.x' into 6.3.x 
Add Firewall for WebFlux

Closes gh-15967
 2024-10-21 09:43:48 -05:00
Rob Winch 0e257b56ce Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 09:42:24 -05:00
Rob Winch 542071b1f8 Merge Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:56:42 -05:00
Rob Winch 4ce7cde155 Add Firewall for WebFlux 
Closes gh-15967
 2024-10-21 08:46:13 -05:00
Rob Winch ae606d51f4 Add Passkeys to What's New 2024-10-20 23:01:13 -05:00
Rob Winch b0e8730d70 Add Passkeys Support 
Closes gh-13305
 2024-10-20 22:54:53 -05:00
Steve Riesenberg 8982851355
Document RestClient-based implementations 
Closes gh-15938
 2024-10-18 12:24:17 -05:00
Steve Riesenberg d0fc4fe4dc
Document RestClient integration 
Closes gh-15894
 2024-10-18 12:24:17 -05:00
Steve Riesenberg 9b89fc2f1f
Add example for setting up client credentials 
Closes gh-15304
 2024-10-18 12:24:16 -05:00
Max Batischev d37d41c130 Polish One-Time Token API Names and Doc 
The names of variables and methods have been adjusted in accordance with the names of the one-time token login API components.

Issue gh-15114
 2024-10-15 14:04:56 -07:00
Josh Cummings c40334317d
Polish One-Time Token Component Names 
Aligning parts of speech so that names are using nouns/verbs
where comparable components are using nouns/verbs.

Issue gh-15114
 2024-10-14 14:07:47 -06:00
Tran Ngoc Nhan 35cc794e80 Add whitespace to improve readability 2024-10-14 11:39:04 -07:00
Max Batischev 2ca2e56383 Add Reactive One-Time Token Login support 
Closes gh-15699
 2024-10-07 16:39:54 -07:00
Rob Winch 1dd79c379b Add JdbcOneTimeTokenService 
Closes gh-15735
 2024-10-02 14:42:13 -05:00
Rob Winch f002fedb73 Document JdbcOneTimeTokenService 
Issue gh-15735
 2024-10-02 14:41:06 -05:00
nima 8a5a603c1d Fix SecurityContextPersistenceRepository Typo 2024-09-30 16:56:17 -07:00
nima cb4a85a74c Clarify UsernamePasswordAuthenticationFilter Workflow 2024-09-30 16:56:17 -07:00
Josh Cummings b49051a1e6
Merge branch '6.2.x' into 6.3.x 2024-09-26 13:08:34 -06:00
Tran Ngoc Nhan f7b85ed314
Fix Broken Resource Server Doc Links 2024-09-26 13:08:12 -06:00
Tran Ngoc Nhan 4e2cb8bc25 Fix Broken Resource Server Doc Links 2024-09-26 12:07:40 -07:00
Josh Cummings d6b620b9f7
Make Observations Selectable 
Closes gh-15678
 2024-09-26 11:30:40 -06:00
jinia91 b205436948 fix minor error in docs 2024-09-23 16:12:21 -07:00
Steve Riesenberg 5d8cf6a8bc
Polish gh-13588 2024-09-19 12:08:48 -05:00
ReGius-igmt 4a9a350ed0 Update websocket integration docs 2024-09-18 11:50:57 -07:00
Josh Cummings e27e8dfcd5
Merge branch '6.3.x' 2024-09-17 18:25:42 -06:00
Josh Cummings dfce3a280d
Merge branch '6.2.x' into 6.3.x 
Closes gh-15822
 2024-09-17 18:25:29 -06:00
Josh Cummings 1a0203ecf6
Fix AuthorizationManager API Documentation Typo 
Closes gh-15704
 2024-09-17 18:25:08 -06:00
Josh Cummings 8bb5875595 Expose OidcBackChannelLogoutHandler 
This component already uses by default a URI that doesn't require
a CSRF token and aalready allows for configuring a cookie name.

So, by making it public and configurable in the DSL, both
of these tickets quite naturally close.

Closes gh-13841
Closes gh-14904
 2024-09-15 21:30:55 -07:00
Steve Riesenberg a939c100fc
Merge branch '6.2.x' into 6.3.x 
Closes gh-15808
 2024-09-13 16:08:33 -05:00
Steve Riesenberg 1782f17e7f
Merge branch '5.8.x' into 6.2.x 
Closes gh-15807
 2024-09-13 16:08:04 -05:00
Steve Riesenberg 0a4eb0f09a
Update credential erasure examples 
Closes gh-15683
 2024-09-13 16:07:47 -05:00
Steve Riesenberg 243f0f87cd
Update credential erasure examples 
Closes gh-15683
 2024-09-13 16:06:01 -05:00
Steve Riesenberg f8a78f1864
Update What's New 2024-09-13 15:55:47 -05:00
Steve Riesenberg 8bab9bcce8
Polish whats-new.adoc 2024-09-13 11:28:39 -05:00
Marcus Hert Da Coregio 0618d4e03f Provide Runtime Hints for Beans used in Pre/PostAuthorize Expressions 
Closes gh-14652
 2024-09-13 08:42:14 -03:00
Josh Cummings fc3de5e41a Rework Method Security Reactive Docs 2024-09-10 12:01:29 -07:00
Josh Cummings 784e074a48 Document Programmatic Authorization in Reactive 2024-09-10 12:01:29 -07:00
DingHao ef8b0addbb Support custom MethodSecurityExpressionHandler 
Closes gh-15715
 2024-09-10 12:01:29 -07:00
Josh Cummings fd5d03d384 Add AuthorizeReturnObject Hints 
Closes gh-15709
 2024-09-10 11:57:31 -07:00
Josh Cummings 9b6ac637c9
Merge branch '6.3.x' 2024-09-10 12:51:08 -06:00
Josh Cummings 01eb41cac4
Merge branch '6.2.x' into 6.3.x 2024-09-10 12:50:48 -06:00
Tran Ngoc Nhan b9f051d15b docs: update 2024-09-10 11:50:11 -07:00
Xi Minghui 64920c12de Correct Title in logout.adoc 2024-09-06 11:29:43 -07:00
Marcus Hert Da Coregio 6417eb7159 Document how to customize OneTimeTokenService 
Closes gh-15743
 2024-09-06 09:39:25 -03:00
Max Batischev 81e4c7273a Add One-Time Token Login support to Kotlin DSL 
Closes gh-15698
 2024-09-04 09:13:38 -03:00
Xi Minghui 0b98eb4139 Correct ObservationRegistry Type Reference 2024-09-03 14:28:00 -07:00
Tran Ngoc Nhan febe5e6ddf docs: update 2024-09-03 13:51:47 -07:00
Xi Minghui d23f283598 Corrected AuthenticationEventPublisher Type 2024-09-03 13:24:09 -07:00
Marcus Hert Da Coregio 00e4a8fb54 Add support for One-Time Token Login 
Closes gh-15114
 2024-09-03 10:07:56 -03:00
Josh Cummings add5c56136
Update AuthorizeReturnObject Jackson Docs 
Now instructs to use MethodAuthorizationDeniedHandler

Issue gh-14601
 2024-08-30 11:43:47 -06:00
DingHao fd05c5ad76 Remove Advised Methods from Authorization Proxy Objects 
Closes gh-15561
 2024-08-30 10:40:25 -07:00
Xi Minghui e39b39dada Corrected Reference to HttpServletRequest#authenticate 2024-08-26 15:35:13 -07:00
Josh Cummings d2e8c19789
Merge branch '6.3.x' 2024-08-26 16:33:04 -06:00
Josh Cummings 279cb89eac
Merge branch '6.2.x' into 6.3.x 2024-08-26 16:32:58 -06:00
Hero Wanders 2ba9b6821a Fix OIDC Logout Code Snippets 2024-08-26 15:32:35 -07:00
Hero Wanders f372f5cf52 Replace OidcSessionStrategy References with OidcSessionRegistry 2024-08-26 15:32:35 -07:00
Josh Cummings f0f04e490e
Merge branch '6.3.x' 2024-08-26 16:25:27 -06:00
Josh Cummings 6ea33ceaea
Merge branch '6.2.x' into 6.3.x 2024-08-26 16:25:12 -06:00
Junhyunny 47723f6d39 Fix code format in OIDC Logout docs 2024-08-26 15:14:02 -07:00
Steve Riesenberg 8318a42959
Update What's New for 6.4 
Issue gh-15437
 2024-08-22 13:12:33 -05:00
Josh Cummings 06febf7857
Update What's New 2024-08-21 18:19:18 -06:00
Steve Riesenberg e3c19ba86c Add RestClient interceptor 
Closes gh-13588
 2024-08-16 17:15:18 -05:00
Robert Danczak 12a9f9240c Fix: Adjusted code formatting to remaining code examples. 2024-08-12 12:59:36 -03:00
Josh Cummings e40c98e6d7 Deprecate PrePostTemplateDefaults 
Since there is nothing specific to configuring pre/post
annotations, there is no need for the extra class.

If a need like this does arise in the future,
either AnnotationTemplateExpressionDefaults can be sub-
classed, or it can have introduced a Map field holding
custom properties.

Issue gh-15286
 2024-08-10 11:46:51 -06:00
Josh Cummings f4d9d0d54f Document @AuthenticationPrincipal meta-annotations 
Issue gh-15286
 2024-08-10 11:46:51 -06:00
Josh Cummings 96682a1d5c
Document OpenSAML 4 vs OpenSAML 5 Support 
Closes gh-11658
 2024-08-06 18:14:12 -06:00
Josh Cummings 1da383b360
Add OpenSAML 5 Support 
Issue gh-11658
 2024-08-06 18:14:11 -06:00
Josh Cummings 1be596bb2f
Use OpenSAML API for registration 
Issue gh-11658
 2024-08-06 18:14:11 -06:00
Josh Cummings 51fc05630d
Use OpenSAML API for web.authentication.logout 
Issue gh-11658
 2024-08-06 18:14:10 -06:00
Josh Cummings ef35c4a64a
Merge branch '6.3.x' 2024-07-29 15:10:50 -06:00
Josh Cummings 97a49e18b9
Merge branch '6.2.x' into 6.3.x 2024-07-29 15:10:32 -06:00
Josh Cummings e51507e32d Polish Inline Code Formatting 2024-07-29 14:08:01 -07:00
Junhyunny bfee6927c2 Correct Explanation for HttpSessionCsrfTokenRepository 2024-07-29 14:08:01 -07:00
Josh Cummings e0be46ea84
Merge branch '6.3.x' 2024-07-29 13:40:27 -06:00
Taha Körkem da65830569
Use Correct Meta-Annotation in Kotlin Sample 2024-07-29 13:39:34 -06:00
Marcus Hert Da Coregio 8231b8a03b Merge branch '6.3.x' 2024-07-29 14:56:16 -03:00
Marcus Hert Da Coregio c1b3b329af Merge branch '6.2.x' into 6.3.x 2024-07-29 14:56:09 -03:00
baezzys 3d4bcf1b44 fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource 
- Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present.
- Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.
 2024-07-29 14:55:55 -03:00
Josh Cummings 9d8888c5f0 Use AssertingPartyMetadata 
Issue gh-15394
 2024-07-19 18:48:23 -07:00
Josh Cummings e6dfb63bdf Add OpenSamlAssertingPartyMetadataRepository 
Closes gh-12116
Closes gh-15395
 2024-07-19 18:48:23 -07:00
Josh Cummings 796e4d6b6c
Add query parameter support for authn requests 
Closes gh-15017
 2024-07-13 23:57:57 -06:00
Rob Winch 5bd4db1a13 Use javadoc macro 
Closes gh-15386
 2024-07-09 22:35:01 -05:00
Antoine Rey f184d13096 Update the OAuth2 jwt and opaque resource server documentation with the Lambda DSL 
The OAuth2ResourceServerConfigurer::opaqueToken() and ::jwt() methods are deprecated since Spring Security 6.1
 2024-07-09 07:25:13 -07:00
Josh Cummings 290cee238d
Merge branch '6.2.x' into 6.3.x 
Closes gh-15380
 2024-07-08 20:52:46 -06:00
Seungrae f4cbaaa2dd
Fix typos and formatting in documentation 
Closes gh-15353
 2024-07-08 20:52:06 -06:00
Seungrae 148e7843bf Fix typos and formatting in documentation 2024-07-08 19:51:06 -07:00
Josh Cummings 7b39800606
Add CachingRelyingPartyRegistrationRepository 
Closes gh-15341
 2024-07-01 19:43:09 -06:00
Josh Cummings f532807836
Merge branch '6.3.x' 2024-07-01 17:20:52 -06:00
Josh Cummings 4975254124
Merge branch '6.2.x' into 6.3.x 
Closes gh-15340
 2024-07-01 17:19:51 -06:00
Antoine Rey 99cda31579 Update prerequisites documentation 
Raises the minimum version of the Java runtime for Spring
Security from 8 to 17

Closes gh-15323
 2024-07-01 17:19:22 -06:00
Dumitru Boldureanu 48826201b1 Update architecture.adoc 
The list of filters is printed at DEBUG level on the application startup and not INFO level, see DefaultSecurityFilterChain
 2024-07-01 15:19:50 -06:00
Stefan Ganzer ceb278c908 Update events.adoc 
Changes GenericAuthenticationFailureEvent to AbstractAuthenticationFailureEvent

The class GenericAuthenticationFailureEvent does not exist.
 2024-07-01 15:19:00 -06:00
Stefan Ganzer e7212b37f7 Update events.adoc 
Changes type to DefaultAuthenticationEventPublisher

Only DefaultAuthenticationEventPublisher has the method
setDefaultAuthenticationFailureEvent, but not the interface
AuthenticationEventPublisher.
 2024-07-01 15:19:00 -06:00
Marcono1234 a9aefafb76 Fix malformed list in "Using Method Parameters" documentation 2024-07-01 15:18:17 -06:00
Marcus Hert Da Coregio 8572764583 Merge branch '6.3.x' 
Closes gh-15322
 2024-06-28 15:34:28 -03:00