The reference documentation still referred to Java 5.0 as minimum
runtime version which is wrong.
This commit changes this to the correct
Java 8 runtime version as required minimum version.
In addition it corrects a fuzzy wording regarding stripping down the
`spring-security-core` jar.
Fixes gh-7440
Currently, spring-security provides apacheds integration by default. This
commit introduces a new `mode` in the `ldap-server` tag which allows to choose
beetween `apacheds` and `unboundid`. In order to keep backward compatibility
if `mode` is not set and apacheds jars are in the classpath apacheds is used
as a embedded ldap.
Fixes gh-6011
Currently, unboundid was added as a support for embbeded LDAP and it
is used on the Java Config. This commit introduces support from XML side.
Also, give the chance to users to move from apacheds to unboundid using
a new attribute `mode`.
Fixes gh-6011
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.
Fixes gh-5354
These four items, not three items, constitute the auth process:
. A user is prompted to log in with a username and password.
. The system (successfully) verifies that the password is correct for the username.
. The context information for that user is obtained (their list of roles and so on).
. A security context is established for the user
Ivo Smid
Joe Grandja
Stephen Doxsee
Josh Cummings
Andreas Falk
Angel Aguilera
Hideaki Matsunami
Eleftheria Stein
Eddú Meléndez
Lars Grefer
kostya05983
Simeon Macke
George Sofianos
Behrang
Luca Graf
David Lozano Jarque
Kirill Gavrilov
Alexey Nesterov