547a1a11d1
Merge branch '6.0.x'
...
Closes gh-12342
2022-12-05 12:26:39 -08:00
42a00e2003
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12341
2022-12-05 12:26:00 -08:00
d2b33a2583
Fix docs
...
Closes gh-11396
2022-12-05 12:25:26 -08:00
eb57d9e5c1
Merge branch '6.0.x'
2022-11-29 16:26:13 -07:00
c60c10792c
Fix Observability Opt-out Documentation Typo
...
Issue gh-12268
2022-11-29 16:24:57 -07:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
3e0e532ed7
Merge branch '5.8.x' into 6.0.x
...
Closes gh-12287
2022-11-24 08:48:27 -03:00
5db7ac4ce3
Merge branch '5.7.x' into 5.8.x
...
Closes gh-12286
2022-11-24 08:48:05 -03:00
9b3f834bff
Merge branch '5.6.x' into 5.7.x
...
Closes gh-12285
2022-11-24 08:47:46 -03:00
70bfc39418
Fix AuthorizationFilter diagram in docs
...
Closes gh-12274
2022-11-24 08:46:16 -03:00
34102a6531
Document default SecurityContextRepository
...
Issue gh-12049
2022-11-18 16:14:22 -06:00
1a3be83084
Merge branch '5.8.x'
...
Closes gh-12185
2022-11-09 12:28:37 -06:00
9071f10759
Document DelegatingSecurityContextRepository
...
Closes gh-12069
2022-11-09 12:19:43 -06:00
8af3b5afe4
Fix documentation part of Multiple HttpSecurity Instances
...
`http.antMatcher()` is not longer available and was replaced with
`http.securityMatcher()`, so use this in the Java Config Multiple
HttpSecurity Instances example, too
2022-11-08 13:51:05 -03:00
c7b9b33cd1
Merge branch '5.8.x'
2022-11-03 08:23:50 -03:00
4d646a2978
Merge branch '5.7.x' into 5.8.x
2022-11-03 08:23:26 -03:00
067fc1678c
Merge branch '5.6.x' into 5.7.x
2022-11-03 08:22:09 -03:00
01a37dd678
Fix typo
...
(cherry picked from commit 20e89e3eca0823bfa329b5de80448bac1f5e0f30)
2022-11-03 08:21:48 -03:00
aad01447c3
docs: fix realm typo
2022-11-03 08:21:26 -03:00
cca999c57d
Merge remote-tracking branch 'origin/5.8.x'
2022-11-01 13:46:08 -06:00
d29ab8bcae
Merge branch '5.7.x' into 5.8.x
2022-11-01 13:43:40 -06:00
c94e33b6c8
Merge branch '5.6.x' into 5.7.x
2022-11-01 13:42:35 -06:00
8315545144
Update RP-Initiated Logout target URLs.
...
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.
Fixes: gh-12081
2022-11-01 12:35:39 -06:00
c5badbc631
Add AccessDecisionManager Preparation Steps
...
Issue gh-11337
2022-10-31 15:25:05 -06:00
3da0d1bf27
Merge branch '5.8.x'
2022-10-27 15:39:03 -05:00
aac1261f0c
Document Migration to SecurityContextHolderFilter
...
Closes gh-12098
2022-10-27 15:12:45 -05:00
d40ed58118
Merge branch '5.8.x'
...
Closes gh-12091
Closes gh-12092
2022-10-26 14:56:02 -05:00
c17e258a6f
Document Saved Requests
...
Closes gh-12088
2022-10-26 14:22:30 -05:00
7adc000c6b
Merge remote-tracking branch 'origin/5.8.x'
2022-10-25 14:42:32 -06:00
04fa5af794
Add Missing Doc Header
...
The EnableMethodSecurity section
2022-10-25 14:41:11 -06:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
c5e35bf32e
Merge branch '5.8.x'
...
Closes gh-11978
2022-10-10 09:24:50 -03:00
4b6fed0667
Add static factory method to AntPathRequestMather and RegexRequestMatcher
...
Closes gh-11938
2022-10-10 09:24:15 -03:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
398f5dee7f
Remove deprecated RequestMatcher methods from Java Configuration
...
Closes gh-11939
2022-10-07 15:26:46 -03:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
8b490de08d
Merge branch '5.8.x'
...
# Conflicts:
# docs/modules/ROOT/pages/servlet/exploits/csrf.adoc
2022-10-05 14:46:15 -05:00
dce1c30522
Add support for BREACH
...
Closes gh-4001
2022-10-05 14:21:13 -05:00
38a7bbd2eb
Merge branch '5.8.x'
2022-10-05 13:20:12 -03:00
ace8caa182
Remove mvcMatchers usage from docs
...
Issue gh-11347
2022-10-05 13:19:37 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
ad2abd39dc
Merge branch '5.8.x'
...
Closes gh-11347 in 6.0.x
Closes gh-11945
2022-10-03 16:02:18 -03:00
039e0328e1
Simplify Java Configuration RequestMatcher Usage
...
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity
Closes gh-11347
Closes gh-9159
2022-10-03 15:55:20 -03:00
Marcus Da Coregio
Josh Cummings
Steve Riesenberg
Johannes Graf
Rivaldi
Márk Kővári
Ger Roza
Rob Winch
Daniel Garnier-Moiroux