root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
19,525 Commits 38 Branches 359 Tags 130 MiB
Commit Graph

2655 Commits

Author SHA1 Message Date
Rob Winch 9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
Rob Winch 675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
Rob Winch bb6b8ae3f3
Add AllAuthoritiesReactiveAuthorizationManager 
Issue gh-17916
 2025-09-16 16:31:55 -05:00
Rob Winch 5ca18a3b9c
Add password4j implementation of PasswordEncoder 2025-09-15 11:28:39 -05:00
Rob Winch d0372efadd
Use include-code for password4j docs 
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.

Issue gh-17706
 2025-09-15 11:03:44 -05:00
Rob Winch 9f839384e9
Use non-redundant ids in password4j docs 
Documentation ids no longer need to be globally unique, so they
do not need to include the path. This makes the ids less verbose and
integrates with include-code extension better.

Issue gh-17706
 2025-09-15 11:00:51 -05:00
Rob Winch 11bec09ffc
Escape attribute failures in Password4j docs 
Issue gh-17706
 2025-09-15 10:57:19 -05:00
Rob Winch c18aff7f5f
Password4j docs 1 sentence per line 
The Antora documentation convention is to use a single sentence per line
as this helps with diffing and merging changes.

Issue gh-17706
 2025-09-15 09:22:08 -05:00
dependabot[bot] 1a99ab5bdf Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-15 08:58:06 -05:00
M.Bozorgmehr b2d4c52c53 Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
Rob Winch a0fe04c4aa Document @ClientRegistrationId on types 
Issue gh-17806
 2025-09-12 16:19:27 -05:00
Bernard Budano 02a948da81 Address reviewer requested changes 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Joe Grandja 7ef25cc101 Add HttpSecurity.oauth2AuthorizationServer() 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja e99ea033c5 Integrate Spring Authorization Server ref docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Joe Grandja 93742a4db3 Manual move of spring-projects/spring-authorization-server docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Rob Winch cf0ade86fe
Update Kerberos Sample Copyright 
Issue gh-17879
 2025-09-12 15:12:47 -05:00
Rob Winch 1b263cfafb
Fix Keberos Docs http:// 
Issue gh-17879
 2025-09-12 14:39:46 -05:00
Rob Winch f5fb127c8c
Add Spring Security Kerberos 
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
 2025-09-12 14:25:20 -05:00
Josh Cummings b87d63cb71
Document spring-security-access 
Closes gh-17847
 2025-09-12 10:32:39 -06:00
Yanming Zhou 5ec7ae6b74 Remove redundant code in document 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-09-10 18:14:37 -06:00
Josh Cummings b09afb34cc Document Authentication.Builder 
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
 2025-09-09 14:59:14 -06:00
Steve Riesenberg eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Josh Cummings 0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings 9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings 8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Rob Winch d9210c6596
Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch 9bbf837c7c
Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch 0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch 0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00
Joe Kuhel d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Rob Winch f82fe9c8c6
Remove stray modular from the documentation 
Issue gh-16258
 2025-08-20 12:24:33 -05:00
Rob Winch a8f045eb50
Add Modular Spring Security Configuration 
Closes gh-16258
 2025-08-20 12:16:08 -05:00
Tran Ngoc Nhan ef5c703010 Remove unused import 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-19 22:05:25 -05:00
Josh Cummings 4da98dde2b
Update What's New 
Issue gh-17707
 2025-08-18 15:31:03 -06:00
dependabot[bot] 39301574fa Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.9.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.9)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 13:33:47 -05:00
dependabot[bot] 4ae782cdd6 Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 13:33:26 -05:00
Josh Cummings d3b143dab6
Move SAML 2.0 Migration Step 
Issue gh-17099
 2025-08-14 18:03:44 -06:00
Josh Cummings 60c42e3f24
Update SAML 2.0 Documentation to use OpenSAML 5 
Closes gh-17707
 2025-08-14 18:01:34 -06:00
Josh Cummings 5506c487de
Remove OpenSaml4 Components 
Issue gh-17707
 2025-08-14 18:01:02 -06:00
Tran Ngoc Nhan dfc8be0d48 Fix typo 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-04 09:40:20 -06:00
Tran Ngoc Nhan 371bee685f Polish `User#withDefaultPasswordEncoder` 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-04 09:40:20 -06:00
Marcin Lewandowski f61a8deccc Update index.adoc 
Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>
 2025-07-31 11:09:06 -06:00
Josh Cummings 1af665d6c8 Merge branch '6.5.x' 2025-07-31 10:21:50 -06:00
Josh Cummings c966139338 Merge branch '6.4.x' into 6.5.x
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-07-31 10:21:36 -06:00
Josh Cummings a411fb7b8d Merge remote-tracking branch 'origin/6.3.x' into 6.4.x
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details
2025-07-31 10:21:26 -06:00
Michał Sobkiewicz c963f4250e Update Angular documentation links in csrf.adoc
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled Details
CI / Build (17, windows-latest) (push) Has been cancelled Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled Details
CI / Check Samples (push) Has been cancelled Details
Deploy Docs / build (push) Has been cancelled Details
CI / Deploy Artifacts (push) Has been cancelled Details
CI / Deploy Docs (push) Has been cancelled Details
CI / Deploy Schema (push) Has been cancelled Details
CI / Perform Release (push) Has been cancelled Details
CI / Send Notification (push) Has been cancelled Details 
Replaced `angular.io` links with their corresponding `angular.dev` URLs.
This change ensures that users referencing CSRF documentation are
directed to the most current Angular resources.

Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>
 2025-07-31 10:21:06 -06:00
dependabot[bot] 99f689eb52 Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.6 to 1.14.7.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-30 11:50:42 -06:00
dependabot[bot] de14fb8f77 Bump @springio/antora-extensions from 1.14.6 to 1.14.7 in /docs
CodeQL Advanced / codeql-analysis-call (push) Waiting to run Details
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details 
Bumps [@springio/antora-extensions](https://github.com/spring-io/antora-extensions) from 1.14.6 to 1.14.7.
- [Changelog](https://github.com/spring-io/antora-extensions/blob/main/CHANGELOG.adoc)
- [Commits](https://github.com/spring-io/antora-extensions/compare/v1.14.6...v1.14.7)

---
updated-dependencies:
- dependency-name: "@springio/antora-extensions"
  dependency-version: 1.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-30 11:50:19 -06:00
Rob Winch f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00