root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 14 Packages Projects Releases Wiki Activity
14,620 Commits 36 Branches 345 Tags 113 MiB
Commit Graph

113 Commits

Author SHA1 Message Date
Josh Cummings 22000b42e9
Merge remote-tracking branch 'origin/6.1.x' 2023-11-07 16:34:15 -07:00
Josh Cummings 42225371d7
Merge branch '6.0.x' into 6.1.x 
Closes gh-14114
 2023-11-07 16:33:45 -07:00
Josh Cummings 18c5f4354e
Merge branch '5.8.x' into 6.0.x 
Closes gh-14113
 2023-11-07 16:31:46 -07:00
Josh Cummings b919ece045
Change Idempotent to Read-Only 
Closes gh-13644
 2023-11-07 16:25:28 -07:00
Steve Riesenberg 447f40949c
Revert unnecessary merges on 6.1.x 
This commit removes unnecessary main-branch merges starting from
9f8db22b77 and adds the following
needed commit(s) that were made afterward:

- 4d6ff49b9d
- ed6ff670d1
- c823b00794
- 44fad21363
 2023-10-31 15:22:15 -05:00
Steve Riesenberg 9db33f33c7
Revert unnecessary merges on 6.0.x 
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:

- 5dce82c48b
 2023-10-31 15:11:45 -05:00
Josh Cummings a3227f041c
Polish OAuth2AuthorizationManagers 
- Add OAuth2ReactiveAuthorizationManagers
- Code to interfaces
- Align error message with the same in
AuthorityAuthorizationManager
- Adjust expectations in tests to confirm an
appropriately constructed authorizaion manager
- Add JavaDoc and reference documentation

Issue gh-13654
 2023-10-02 17:26:06 -06:00
Josh Cummings 6b0d82236d
Fix Documentation Errors 
Issue gh-12570
 2023-09-18 16:21:37 -06:00
Josh Cummings cb33fd7850
Add OIDC Back-Channel Logout Support 
Closes gh-12570
 2023-09-16 15:12:21 -06:00
Josh Cummings 3b7e7f63d8
Update Jwt Multi-tenancy Documentation 
Issue gh-13427
 2023-08-08 10:03:11 -06:00
Marcus Da Coregio 1416b0649e Merge branch '6.0.x' into 6.1.x 
Closes gh-13590
 2023-07-27 11:25:19 -03:00
Marcus Da Coregio 461d6edd85 Merge branch '5.8.x' into 6.0.x 
Closes gh-13589
 2023-07-27 11:23:58 -03:00
Marcus Da Coregio 13ca7ac4d4 Referrer-Policy is added by default in Reactive applications 
Closes gh-13561
 2023-07-27 11:22:21 -03:00
Rob Winch 8407c9ebee Merge branch '6.0.x' 
Closes gh-13407
 2023-06-18 21:41:16 -05:00
Rob Winch f66a5bab99 Merge branch '5.8.x' into 6.0.x 
Closes gh-13406
 2023-06-18 21:33:58 -05:00
Rob Winch 7da99acca7 Merge branch '5.7.x' into 5.8.x 
Closes gh-13405
 2023-06-18 21:32:35 -05:00
Rob Winch 0cf95dbf61 Merge branch '5.6.x' into 5.7.x 
Closes gh-13404
 2023-06-18 21:31:35 -05:00
Rob Winch 39c43159f4 Convert to Asciidoctor Tabs 
Closes gh-13403
 2023-06-18 21:30:41 -05:00
Rob Winch 04692d9ee8 Fix Antora Warnings 
Closes gh-13210
 2023-06-08 17:02:19 -05:00
Josh Cummings b969179b5c
Merge branch '5.7.x' into 5.8.x 2023-05-10 15:53:22 -06:00
Josh Cummings 3469bcb822
Address Antora Warnings 2023-05-10 15:51:49 -06:00
Marcus Da Coregio 42cd19fcee Merge branch '6.0.x' 
Closes gh-13103
 2023-04-26 15:59:20 -03:00
Marcus Da Coregio 8c5f13657e Merge branch '5.8.x' into 6.0.x 
Closes gh-13102
 2023-04-26 15:58:25 -03:00
Marcus Da Coregio 5632469a90 Merge branch '5.7.x' into 5.8.x 
Closes gh-13101
 2023-04-26 15:57:32 -03:00
Marcus Da Coregio e61adcb0cd Clarify that Kotlin DSL needs an import 
Closes gh-13092
 2023-04-26 15:56:47 -03:00
Josh Cummings 76eba9bd0c
Add withIssuerLocation 
Closes gh-10309
 2023-04-12 16:36:15 -06:00
Marcus Da Coregio 5db3e54647 Merge branch '6.0.x' 
Closes gh-12993
 2023-04-11 09:58:20 -03:00
Marcus Da Coregio 34015944f2 Merge branch '5.8.x' into 6.0.x 
Closes gh-12992
 2023-04-11 09:57:52 -03:00
Marcus Da Coregio 68fd755abc Merge branch '5.7.x' into 5.8.x 
Closes gh-12991
 2023-04-11 09:57:15 -03:00
Marcus Da Coregio e25117856e Add static imports to code snippets 
Closes gh-6597
 2023-04-11 09:56:19 -03:00
Wyfrel 3b447b938c fix missing semi-colon java example in observability documentation 2023-03-03 15:04:16 -07:00
Steve Riesenberg 5286b78308
Merge branch '6.0.x' 
Closes gh-12684
 2023-02-16 13:27:17 -06:00
Steve Riesenberg c4f68d83bf
Document default CsrfTokenRequestHandler in 6.0 
Closes gh-12651
 2023-02-16 13:26:23 -06:00
Joe Grandja e139f1c2ba Polish gh-12438 2022-12-22 11:16:19 -05:00
Josh Cummings c60c10792c
Fix Observability Opt-out Documentation Typo 
Issue gh-12268
 2022-11-29 16:24:57 -07:00
Josh Cummings cca999c57d
Merge remote-tracking branch 'origin/5.8.x' 2022-11-01 13:46:08 -06:00
Josh Cummings d29ab8bcae
Merge branch '5.7.x' into 5.8.x 2022-11-01 13:43:40 -06:00
Josh Cummings c94e33b6c8
Merge branch '5.6.x' into 5.7.x 2022-11-01 13:42:35 -06:00
Ger Roza 8315545144 Update RP-Initiated Logout target URLs. 
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs.

Fixes: gh-12081
 2022-11-01 12:35:39 -06:00
Josh Cummings fe96a62dfc
Document Observability Support 
Issue gh-10964
 2022-10-12 20:32:25 -06:00
Daniel Garnier-Moiroux 27059ced87
Default X-Xss-Protection header value to "0" 
Closes gh-9631
 2022-10-07 17:42:55 -05:00
Steve Riesenberg 6753f9745e
Merge branch '5.8.x' 
# Conflicts:
#	config/src/test/kotlin/org/springframework/security/config/web/server/ServerCsrfDslTests.kt
#	docs/modules/ROOT/pages/reactive/exploits/csrf.adoc
 2022-10-07 17:29:07 -05:00
Steve Riesenberg f462134e87
Add reactive support for BREACH 
Closes gh-11959
 2022-10-07 16:34:17 -05:00
Steve Riesenberg 181ee7410b
Change default authority for oauth2Login() 
Previously, the default authority was ROLE_USER when using
oauth2Login() for both OAuth2 and OIDC providers.

* Default authority for OAuth2UserAuthority is now OAUTH2_USER
* Default authority for OidcUserAuthority is now OIDC_USER

Documentation has been updated to include this implementation detail.

Closes gh-7856
 2022-09-26 10:06:31 -05:00
Josh Cummings 84f765a89c
Merge remote-tracking branch 'origin/5.8.x' into main 2022-08-25 14:46:48 -06:00
Josh Cummings 070dce1baf
Document ReactiveMethodSecurity improvements 
Issue gh-9401
 2022-08-25 14:36:03 -06:00
Josh Cummings 27ce5936cf
Add Caveat about Spring Security's co-routine support 
Closes gh-10920
 2022-08-25 14:36:02 -06:00
Joshua Sattler 040111ae9e Remove Configuration meta-annotation from Enable* annotations 
Before, Spring Security's @Enable* annotations were meta-annotated with @Configuration.
While convenient, this is not consistent with the rest of the Spring projects and most notably
Spring Framework's @Enable annotations. Additionally, the introduction of support for
@Configuration(proxyBeanMethods=false) in Spring Framework provides a compelling reason to
remove @Configuration meta-annotation from Spring Security's @Enable annotations and allow
users to opt into their preferred configuration mode.

Closes gh-6613

Signed-off-by: Joshua Sattler <joshua.sattler@mailbox.org>
 2022-07-30 03:48:42 +02:00
Steve Riesenberg a72c5a55db
Revert "Remove @Configuration from webflux config examples" 
This reverts commit aec9effb88.
 2022-07-26 16:46:01 -05:00
Joshua Sattler aec9effb88 Remove @Configuration from webflux config examples 2022-07-26 16:34:10 -05:00