3ebcbd4375
Merge branch '6.4.x'
...
Closes gh-16788
Closes gh-16789
Closes gh-16790
Closes gh-16791
Closes gh-16792
2025-03-20 14:47:07 -05:00
96cfbd1e6c
Merge branch '6.3.x' into 6.4.x
...
CI / Build (17, ubuntu-latest) (push) Waiting to run
Details
CI / Build (17, windows-latest) (push) Waiting to run
Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run
Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run
Details
CI / Check Samples (push) Waiting to run
Details
CI / Deploy Artifacts (push) Blocked by required conditions
Details
CI / Deploy Docs (push) Blocked by required conditions
Details
CI / Deploy Schema (push) Blocked by required conditions
Details
CI / Perform Release (push) Blocked by required conditions
Details
CI / Send Notification (push) Blocked by required conditions
Details
Deploy Docs / build (push) Waiting to run
Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run
Details
Closes gh-16782
Closes gh-16783
Closes gh-16784
Closes gh-16785
Closes gh-16786
2025-03-20 14:46:18 -05:00
af40d7e35a
Fix typo
...
Closes gh-16776
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-03-20 14:38:09 -05:00
bb438578cb
Deprecate SecurityMetadataSource
...
- Updated FAQ to replace SecurityMetadataSource recommendation with
AuthorizationManager
Issue gh-16772
2025-03-19 17:41:00 -06:00
a884c3c906
Address XsdDocumentedTests Errors
...
Issue gh-16775
2025-03-19 16:39:27 -06:00
e6008b6067
Add RedirectToHttps to XML
...
Closes gh-16775
2025-03-19 15:26:05 -06:00
55b83a0346
Merge branch '6.4.x'
2025-02-24 12:50:11 -07:00
d607364b50
Merge branch '6.3.x' into 6.4.x
2025-02-24 12:49:42 -07:00
a0cfb2777c
Fix typo
...
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-02-24 12:49:18 -07:00
1864577e98
Address SessionLimitStrategy
...
Closes gh-16206
2024-12-18 18:32:12 -07:00
2fcd305509
Increment to 6.5.0-SNAPSHOT
...
Closes gh-16221
2024-12-12 21:47:11 -06:00
40f8ac642a
Fix Documentation Typos
2024-12-09 17:56:00 -07:00
f6ea99d8a3
Prepare for Spring Security 6.4
...
Closes gh-15155
2024-05-24 11:41:28 -03:00
a4dbf458ab
Add relying-party-registrations#id
...
Closes gh-14487
2024-04-18 12:56:56 -06:00
d50698a269
Prepare for Spring Security 6.3
...
Closes gh-14210
2023-12-05 15:49:42 -07:00
fbad708347
Polish Grammar
...
Co-Authored-By: grad.ofthe.es@gmail.com
2023-11-14 10:49:13 -07:00
a29f90b29e
Merge branch '6.1.x'
...
Closes gh-13634
2023-08-08 17:46:46 -06:00
3edbdc6e87
Merge branch '6.0.x' into 6.1.x
...
Closes gh-13632
2023-08-08 17:46:04 -06:00
90936537dc
Update links in adocs
...
Spring Security 6.0 requires Spring 6.0 as a minimum and Spring 6.0 requires a minimum of Tomcat 10/Jetty 11
Closes gh-13565
2023-08-08 17:45:07 -06:00
fb910e2997
Prepare for Spring Security 6.2
...
Closes gh-14316
2023-06-22 11:03:28 -06:00
8407c9ebee
Merge branch '6.0.x'
...
Closes gh-13407
2023-06-18 21:41:16 -05:00
f66a5bab99
Merge branch '5.8.x' into 6.0.x
...
Closes gh-13406
2023-06-18 21:33:58 -05:00
7da99acca7
Merge branch '5.7.x' into 5.8.x
...
Closes gh-13405
2023-06-18 21:32:35 -05:00
0cf95dbf61
Merge branch '5.6.x' into 5.7.x
...
Closes gh-13404
2023-06-18 21:31:35 -05:00
39c43159f4
Convert to Asciidoctor Tabs
...
Closes gh-13403
2023-06-18 21:30:41 -05:00
97a42ba190
Update SpEL Documentation
...
Closes gh-12974
2023-05-12 08:37:26 -06:00
e6173f9e5b
Prepare for Spring Security 6.1
2022-11-28 15:47:10 -03:00
fe96a62dfc
Document Observability Support
...
Issue gh-10964
2022-10-12 20:32:25 -06:00
27059ced87
Default X-Xss-Protection header value to "0"
...
Closes gh-9631
2022-10-07 17:42:55 -05:00
9fd195d419
Default to shouldFilterAllDispatcherTypes=true in XML
...
Closes gh-11970
2022-10-07 11:46:20 -03:00
146d3269bc
Merge branch '5.8.x'
...
Closes gh-11971
2022-10-07 10:28:14 -03:00
f3321c256c
Add XML support for shouldFilterAllDispatcherTypes
...
Closes gh-11492
2022-10-07 10:20:32 -03:00
12b9f2e196
use-authorization-manager defaults to true
...
Closes gh-11929
2022-10-06 08:12:46 -06:00
c4d23f2b49
Use MvcRequestMatcher by default if Spring MVC is present
...
Closes gh-11899
2022-10-06 09:12:04 -03:00
5de6da890b
Merge branch '5.8.x'
...
Closes gh-dry-run
2022-10-04 11:18:00 -05:00
475b3bb6bb
Add deferred CsrfTokenRepository.loadDeferredToken
...
* Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken>
* Move RepositoryDeferredCsrfToken to top-level and make package-private
* Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse)
* Update CsrfFilter
* Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler
Issue gh-11892
Closes gh-11918
2022-10-03 17:10:54 -05:00
7c3cc1e386
Merge branch '5.8.x'
2022-10-03 14:29:51 -05:00
0e215a21ad
Add X-Xss-Protection headerValue to XML config
...
Issue gh-9631
2022-10-03 14:29:34 -05:00
bcb21c9384
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
2022-09-23 15:39:43 -05:00
46696a9226
CsrfTokenRequestHandler extends CsrfTokenRequestResolver
...
Closes gh-11896
2022-09-23 15:09:00 -05:00
0efe26c1fd
Merge branch '5.8.x'
...
Closes gh-11894
2022-09-22 13:47:04 -05:00
d94677f87e
CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler
...
This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and
moves usage from CsrfFilter into CsrfTokenRequestHandler.
Closes gh-11892
2022-09-22 11:09:44 -05:00
2431dd1103
Merge branch '5.8.x'
2022-09-13 17:38:10 -05:00
1efb63387f
Add authentication converter for introspected tokens
...
Adds configurable authentication converter for resource-servers with
token introspection (something very similar to what
JwtAuthenticationConverter does for resource-servers with JWT decoder).
The new (Reactive)OpaqueTokenAuthenticationConverter is given
responsibility for converting successful token introspection result
into an Authentication instance (which is currently done by a private
methods of OpaqueTokenAuthenticationProvider and
OpaqueTokenReactiveAuthenticationManager).
The default (Reactive)OpaqueTokenAuthenticationConverter, behave the
same as current private convert(OAuth2AuthenticatedPrincipal principal,
String token) methods: map authorities from scope attribute and build a
BearerTokenAuthentication.
Closes gh-11661
2022-09-13 16:45:36 -05:00
ed41a60aae
Merge branch '5.8.x'
...
# Conflicts:
# config/src/test/java/org/springframework/security/config/annotation/web/configuration/DeferHttpSessionJavaConfigTests.java
# config/src/test/resources/org/springframework/security/config/http/DeferHttpSessionTests-Explicit.xml
# web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java
2022-09-06 11:51:55 -05:00
86fbb8db07
Add new interfaces for CSRF request processing
...
Issue gh-4001
Issue gh-11456
2022-09-06 11:43:33 -05:00
b1fd9af723
Merge remote-tracking branch 'origin/5.8.x' into main
2022-08-26 16:01:40 -06:00
0f58620643
Add AspectJ AuthorizationManager Support
...
Closes gh-11326
2022-08-26 15:59:08 -06:00
81d6b6df6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:38:03 -05:00
89f8310d6c
Add Explicit SessionAuthenticationStrategy Option
...
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.
This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.
Closes gh-11455
2022-08-18 17:00:47 -05:00
Steve Riesenberg
Tran Ngoc Nhan
Josh Cummings
Claudenir Machado
Rob Winch
Marcus Hert Da Coregio
Josh Cummings
Seongguk Jeong
Rob Winch
Daniel Garnier-Moiroux
Steve Riesenberg
ch4mpy