Branch: 6.3.x

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/gradle/6.4.x/ch.qos.logback-logback-classic-1.5.26

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/main/io.spring.nullability-io.spring.nullability.gradle.plugin-0.0.11

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.1.0-M1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '6.3.x'

${ noResults }

Commit Graph

2677 Commits (6.3.x)

Author	SHA1	Message	Date
Josh Cummings	4f5b17334e	Pick Up csrfChannelInterceptor in XML ... Closes gh-17493	7 months ago
Andrey Litvitski	4048b2bd7d	Use `HttpStatus` in BackChannel Logout Filters ... Closes gh-17125 Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	8 months ago
Steve Riesenberg	3c0fef59b5	Polish gh-16039 ... Closes gh-16038	10 months ago
Jonah Klöckner	da94fbe431	Evaluate URI query parameter only if enabled ... Issue gh-16038	10 months ago
Steve Riesenberg	b7df86197c	Apply request-handler-ref to CsrfAuthenticationStrategy ... Closes gh-16801	10 months ago
Steve Riesenberg	c84c438075	Apply request-handler-ref to CsrfAuthenticationStrategy ... Closes gh-16801	10 months ago
Josh Cummings	15b9a50060	Add Test ... Issue gh-16819	10 months ago
Rob Winch	adb303e152	Add testRuntimeOnly junit-platform-launcher ... Closes gh-16755	11 months ago
Steve Riesenberg	211fa52649	Favor provided instances over shared objects ... Prior to this commit, providing oauth2Login() and oauth2Client() with clientRegistrationRepository() and authorizedClientRepository() caused objects to be shared across both configurers. These configurers will now prefer explicitly provided instances of those objects when they are available. Closes gh-16105	1 year ago
Josh Cummings	643a3f1206	Test Setting logoutRequestRepository ... Issue gh-16093	1 year ago
Steven Williams	7aafe2ed5a	Set Saml2RelyingPartyInitiatedLogoutSuccessHandler#logoutRequestRepository ... Closes gh-16093	1 year ago
Josh Cummings	87de6cea1b	Use Reactive JSON Encoder ... Closes gh-16177	1 year ago
Josh Cummings	3d1e4b5f18	Polish Tests ... Confirm that responses are a valid JSON map Issue gh-16177	1 year ago
DingHao	ef7b11ac01	Delay initialization UserDetailsService in Global Authentication	1 year ago
DingHao	e8ba039a61	Delay initialization AuthenticationProvider in Global Authentication	1 year ago
Joe Grandja	a8c4d6cead	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	a7bf8f7cc6	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	0eaffb37e7	Require Locale argument for toLower/toUpperCase usage	1 year ago
Rob Winch	81e74e65d4	Support ServerExchangeRejectedHandler @Bean ... Closes gh-16061	1 year ago
Rob Winch	c24b5ebe98	Support ServerExchangeRejectedHandler @Bean ... Closes gh-15975	1 year ago
Rob Winch	e86d88d0cf	Support ServerExchangeRejectedHandler @Bean ... Closes gh-15975	1 year ago
Cedric Montfort	d9d77bed82	Allow logout+jwt JWT type for reactive ... The OIDC back-channel spec recommends using a logout token typ `logout+jwt` (see [here](https://openid.net/specs/openid-connect-backchannel-1_0-final.html#LogoutToken). Support of this type was recently added [on the servlet side]([on the Servlet side](9101bf1f7d)), so back porting the same on the reactive side to close the gap. Closes gh-15702	1 year ago
Rob Winch	5c2106b22e	Format	1 year ago
Rob Winch	1ba6301afa	Support ServerWebExchangeFirewall @Bean ... Closes gh-15987	1 year ago
Rob Winch	3ba1263d64	Support ServerWebExchangeFirewall @Bean ... Closes gh-15987	1 year ago
Scott Murphy Heiberg	18dba34bde	Make RequestMatcherDelegatingAuthorizationManager Post-Processable ... Closes gh-15948	1 year ago
Rob Winch	e48d6b039b	Support ServerWebExchangeFirewall @Bean ... Closes gh-15974	1 year ago
Josh Cummings	c1857c0308	Fix Formatting ... Issue gh-15771	1 year ago
chao.wang	690e012fb1	Improve OidcBackChannelLogoutTokenValidator error when provider issuer is missing ... Closes gh-15771	1 year ago
Daniel Garnier-Moiroux	51d0a8b57d	Fix getBeansWithName in global authentication configurers	1 year ago
DingHao	5c20505b0e	Support Class Attributes in Annotation Template Processing ... Closes gh-15721	1 year ago
Josh Cummings	97cefa6830	Update Formatting ... Issue gh-15714	1 year ago
tugjg	f836efb912	Address unnecessary method invocation ... Closes gh-15714	1 year ago
Hero Wanders	f372f5cf52	Replace OidcSessionStrategy References with OidcSessionRegistry	1 year ago
Josh Cummings	5c604b95fb	Correct PostFilterAuthorizationMethodInterceptor Target Type ... Previously, `postFilterAuthorizationMethodInterceptor` mistakenly was published as an `Advisor`. Because `MethodSecurityAdvisorRegistrar` re-publishes each pre/post annotation interceptor also as an `Advisor`, this resulted in a duplicate advisor for `@PostFilter`. Closes gh-15651	1 year ago
Josh Cummings	ae8e4d148e	Produce Exactly One AuthorizationAdvisor Per Annotation ... Closes gh-15592	1 year ago
Josh Cummings	27af1df87d	Simplify Method Interceptor Configuration ... Simplifies to use only one ObjectProvider for easier future maintenance Issue gh-15592	1 year ago
Daniel Garnier-Moiroux	b731623b3a	Fix checkstyle errors with @Deprecated	1 year ago
Daniel Garnier-Moiroux	b92ed92548	Fix checkstyle errors with @Deprecated	1 year ago
Daniel Garnier-Moiroux	79fb0113c8	Bump io-spring-javaformat from 0.0.42 to 0.0.43 ... Bumps `io-spring-javaformat` from 0.0.42 to 0.0.43. Updates `io.spring.javaformat:spring-javaformat-checkstyle` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) Updates `io.spring.javaformat:spring-javaformat-gradle-plugin` from 0.0.42 to 0.0.43 - [Release notes](https://github.com/spring-io/spring-javaformat/releases) - [Commits](spring-io/spring-javaformat@v0.0.42...v0.0.43) --- updated-dependencies: - dependency-name: io.spring.javaformat:spring-javaformat-checkstyle dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.spring.javaformat:spring-javaformat-gradle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... --- Manual updates: - Adhere to rule where `@Deprecated` annotations and `@deprecated` javadoc comments MUST be used together Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Daniel Garnier-Moiroux	3b8cdc323f	Remove unused method	1 year ago
Daniel Garnier-Moiroux	109da2719f	Use explicit types everywhere instead of var	1 year ago
Josh Cummings	f20ae1a71c	Revert gh-13783 ... This feature unfortunately regresses pre-existing behavior like that found in gh-15352. As such, this functionality has been removed. Closes gh-15352	2 years ago
baezzys	3d4bcf1b44	fix: Restrict automatic CORS configuration to UrlBasedCorsConfigurationSource ... - Update CORS configuration logic to automatically enable .cors() only if a UrlBasedCorsConfigurationSource bean is present. - Modify applyCorsIfAvailable method to check for UrlBasedCorsConfigurationSource instances.	2 years ago
Josh Cummings	dab48d25b0	Improve Error Message When Registration Missing ... Closes gh-15363	2 years ago
Josh Cummings	7422a1134a	Allow logout+jwt JWT type ... Closes gh-15003	2 years ago
Josh Cummings	6aabd768a8	Pick MvcRequestMatcher for MockMvc requests ... Closes gh-13849	2 years ago
Josh Cummings	cdd626644e	Use Request-Level Servlet Context ... Spring Security cannot use the ServletContext attached to the ApplicationContext since there may be child ApplicationContext's with their own ServletContext. Because of that, it is necessary to always use the ServletContext attached to the request. Closes gh-14418	2 years ago
Josh Cummings	5a798e93f1	Polish MVC Tests ... Issue gh-14418	2 years ago
Marcus Hert Da Coregio	ddcaeb5c20	Serialize objects from 6.3.x ... Issue gh-3737	2 years ago