Branch: 6.0.x

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

dependabot/gradle/6.4.x/io.micrometer-micrometer-observation-1.14.14

dependabot/gradle/6.4.x/org-aspectj-1.9.25.1

dependabot/gradle/6.4.x/org.hibernate.orm-hibernate-core-6.6.39.Final

dependabot/gradle/6.4.x/org.springframework.data-spring-data-bom-2024.1.13

dependabot/gradle/6.4.x/org.springframework.ldap-spring-ldap-core-3.2.16

dependabot/gradle/6.5.x/ch.qos.logback-logback-classic-1.5.22

dependabot/gradle/6.5.x/org-aspectj-1.9.25.1

dependabot/gradle/6.5.x/org.springframework-spring-framework-bom-6.2.15

dependabot/gradle/6.5.x/org.springframework.data-spring-data-bom-2024.1.13

dependabot/gradle/6.5.x/org.springframework.ldap-spring-ldap-core-3.2.16

dependabot/gradle/main/io.spring.nullability-io.spring.nullability.gradle.plugin-0.0.8

dependabot/gradle/main/org-apache-maven-resolver-1.9.25

dependabot/gradle/main/org-aspectj-1.9.25.1

dependabot/gradle/main/org.apache.maven-maven-resolver-provider-3.9.12

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependabot/gradle/main/org.springframework.ldap-spring-ldap-core-4.0.1

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

main_update-antora-ui-spring

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '6.0.x'

${ noResults }

Commit Graph

2468 Commits (6.0.x)

Author	SHA1	Message	Date
Josh Cummings	12b9f2e196	use-authorization-manager defaults to true ... Closes gh-11929	3 years ago
Marcus Da Coregio	52ab2303da	Fix failing test ... Issue gh-11061	3 years ago
Marcus Da Coregio	c4d23f2b49	Use MvcRequestMatcher by default if Spring MVC is present ... Closes gh-11899	3 years ago
Josh Cummings	2079309c5a	Add SecurityContextHolderStrategy XML Configuration for OAuth2 ... Issue gh-11061	3 years ago
Josh Cummings	7543effe89	Add SecurityContextHolderStrategy Java Configuration for OAuth2 ... Issue gh-11061	3 years ago
Josh Cummings	7e3841105b	Add SecurityContextHolderStrategy XML Configuration for Saml2 ... Issue gh-11061	3 years ago
Josh Cummings	19181a5afd	Add SecurityContextHolderStrategy Java Configuration for Saml2 ... Issue gh-11061	3 years ago
Josh Cummings	0c0e298aa7	Polish Saml2 XML Use of SecurityContextHolderStrategy ... Issue gh-11061	3 years ago
Josh Cummings	b4d13e7726	Polish use-authorization-manager ... - Use SecurityContextHolderStrategy - Allow empty role prefix - Disallow access-decision-manager-ref and authorization-manager-ref together Issue gh-11305	3 years ago
Josh Cummings	7043ef6ccb	Polish OpaqueTokenAuthenticationConverterTests ... Issue gh-11665	3 years ago
Steve Riesenberg	dce1c30522	Add support for BREACH ... Closes gh-4001	3 years ago
Steve Riesenberg	6bbf20be93	Fix failing tests ... Issue gh-11952	3 years ago
Steve Riesenberg	1d706ae13d	Add csrfTokenRequestResolver to CsrfDsl ... Closes gh-11952	3 years ago
Marcus Da Coregio	c2ed65c67a	Fix failing tests ... Issue gh-9159	3 years ago
Marcus Da Coregio	bf6e85ec15	Accept String varargs in securityMatcher ... Issue gh-9159	3 years ago
Marcus Da Coregio	76d7a85bc0	Use modified classpath test support for tests that depend on the classpath ... Issue gh-11347	3 years ago
Marcus Da Coregio	77dcc691b3	Add modified classpath test support ... Closes gh-11951	3 years ago
Marcus Da Coregio	5002199be3	Revert "Disable tests that need Spring MVC mocked in classpath" ... This reverts commit c6978fba7c.	3 years ago
Marcus Da Coregio	35f7e46d05	Remove WebSecurityConfigurerAdapter ... Closes gh-10902	3 years ago
Steve Riesenberg	3bc76815c2	Update csrf.request-handler-ref in 6.0 ... Issue gh-11918	3 years ago
Marcus Da Coregio	c6978fba7c	Disable tests that need Spring MVC mocked in classpath ... Issue gh-11347	3 years ago
Steve Riesenberg	475b3bb6bb	Add deferred CsrfTokenRepository.loadDeferredToken ... * Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken> * Move RepositoryDeferredCsrfToken to top-level and make package-private * Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse) * Update CsrfFilter * Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler Issue gh-11892 Closes gh-11918	3 years ago
Steve Riesenberg	c847efd3fd	Fix servlet import ... Issue gh-11347 Issue gh-9159	3 years ago
Steve Riesenberg	c98de7af2f	Add xss-protection.header-value in 6.0 ... Issue gh-9631	3 years ago
Daniel Garnier-Moiroux	0e215a21ad	Add X-Xss-Protection headerValue to XML config ... Issue gh-9631	3 years ago
Marcus Da Coregio	039e0328e1	Simplify Java Configuration RequestMatcher Usage ... If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity Closes gh-11347 Closes gh-9159	3 years ago
Steve Riesenberg	d9a682a414	Polish gh-11896	3 years ago
Steve Riesenberg	7f9600ae08	Polish gh-11896	3 years ago
Marcus Da Coregio	64a19de4dc	Deprecate HPKP security header ... Closes gh-10144	3 years ago
Rob Winch	4479cefade	Default Require Explicit Session Management = true ... Closes gh-11763	3 years ago
Rob Winch	0d58c5180e	Remove Explicit RequestCache Config from DeferHttpSession Tests ... Issue gh-11757	3 years ago
Rob Winch	12a0ccf6de	Remove Explicit CSRF Config from DeferHttpSessionTests ... Issue gh-11764	3 years ago
Rob Winch	6d56af7b65	SessionManagementDsl.requireExplicitAuthenticationStrategy	3 years ago
Daniel Garnier-Moiroux	93250013e4	Make X-Xss-Protection configurable through ServerHttpSecurity ... OWASP recommends using "X-Xss-Protection: 0". The default is currently "X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0". This commits adds the ability to configure the xssProtection header value in ServerHttpSecurity. This commit deprecates the use of "enabled" and "block" booleans to configure XSS protection, as the state "!enabled + block" is invalid. This impacts HttpSecurity. Issue gh-9631	3 years ago
Marcus Da Coregio	cf3349f31a	Configure ContentNegotiationStrategy in HttpSecurityConfiguration ... Closes gh-11916	3 years ago
Josh Cummings	506e50bfd0	Move Saml2 Authentication Filters ... Issue gh-8819	3 years ago
Steve Riesenberg	181ee7410b	Change default authority for oauth2Login() ... Previously, the default authority was ROLE_USER when using oauth2Login() for both OAuth2 and OIDC providers. * Default authority for OAuth2UserAuthority is now OAUTH2_USER * Default authority for OidcUserAuthority is now OIDC_USER Documentation has been updated to include this implementation detail. Closes gh-7856	3 years ago
Josh Cummings	37a160245f	Adjust OAuth2 Resource Server packaging ... Closes gh-7349	3 years ago
Steve Riesenberg	21c0c73878	Remove request-resolver-ref in 6.0 ... Issue gh-11896	3 years ago
Steve Riesenberg	46696a9226	CsrfTokenRequestHandler extends CsrfTokenRequestResolver ... Closes gh-11896	3 years ago
Steve Riesenberg	3c66ef6305	Change default SecurityContextRepository ... Save SecurityContext in request attributes for stateless session management using RequestAttributeSecurityContextRepository. Closes gh-11026	3 years ago
Rob Winch	d94677f87e	CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler ... This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and moves usage from CsrfFilter into CsrfTokenRequestHandler. Closes gh-11892	3 years ago
Josh Cummings	44b7847258	Fix Import Order ... Issue gh-8819	3 years ago
Josh Cummings	70460ca009	Adjust OAuth2 Resource Server packaging ... Closes gh-7349	3 years ago
Josh Cummings	61c80bcac5	Move Saml2 Authentication Filters ... Closes gh-8819	3 years ago
Rob Winch	48e31f87e4	Remove Deprecated OpenSAML 3 Support ... Closes gh-10556	3 years ago
Josh Cummings	3f8503f1b4	Deprecate AccessDecisionManager et al ... Closes gh-11302	3 years ago
Marcus Da Coregio	bd18c05a27	Use mock class instead of interface on mock's return ... Issue gh-11860	3 years ago
slam	45bbd86f7e	HttpSecurityDsl should support apply method ... Closes gh-11754	3 years ago
Steve Riesenberg	1aee40dcca	Polish gh-11665 ... * Add authentication-converter-ref to 6.0 * Add @Configuration to test configs	3 years ago