spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2026-05-02 19:30:50 +01:00

Author	SHA1	Message	Date
Tran Ngoc Nhan	dfc8be0d48	Fix typo Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-04 09:40:20 -06:00
Tran Ngoc Nhan	371bee685f	Polish `User#withDefaultPasswordEncoder` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-08-04 09:40:20 -06:00
Marcin Lewandowski	f61a8deccc	Update index.adoc Signed-off-by: Marcin Lewandowski <marcin@ravendb.net>	2025-07-31 11:09:06 -06:00
Josh Cummings	1af665d6c8	Merge branch '6.5.x'	2025-07-31 10:21:50 -06:00
Josh Cummings	c966139338	Merge branch '6.4.x' into 6.5.x	2025-07-31 10:21:36 -06:00
Josh Cummings	a411fb7b8d	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-31 10:21:26 -06:00
Michał Sobkiewicz	c963f4250e	Update Angular documentation links in csrf.adoc Replaced `angular.io` links with their corresponding `angular.dev` URLs. This change ensures that users referencing CSRF documentation are directed to the most current Angular resources. Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>	2025-07-31 10:21:06 -06:00
Josh Cummings	4775fe41db	Merge branch '6.5.x'	2025-07-29 09:28:20 -06:00
Josh Cummings	a9fcec8b46	Merge branch '6.4.x' into 6.5.x	2025-07-29 09:27:47 -06:00
Josh Cummings	452d311a9b	Merge remote-tracking branch 'origin/6.3.x' into 6.4.x	2025-07-29 09:27:23 -06:00
Bernie Schelberg	edcb3b024e	Update Shibboleth repository URL Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>	2025-07-29 09:26:42 -06:00
Josh Cummings	fca30e3d25	Update What's New in Spring Security 7 Closes gh-17582	2025-07-21 15:00:47 -06:00
Josh Cummings	0c42b61cc1	Restore legacy-websocket-configuration Link In this way, links to this section will still arrive at something helpful. Issue gh-17295	2025-07-10 15:03:10 -06:00
Josh Cummings	7960d2803d	Add Migration Steps for PathMatcher Usage Issue gh-17509	2025-07-10 14:53:39 -06:00
Josh Cummings	4b15b2b94e	Add Migration Steps for Messaging Closes gh-17509	2025-07-10 13:19:42 -06:00
Josh Cummings	2c87270dbc	Use authorizeHttpRequests Issue gh-15174	2025-07-09 17:33:11 -06:00
Josh Cummings	dadf10899c	Add WebExpressionAuthorizationManager.Builder Closes gh-17504	2025-07-09 17:33:10 -06:00
Josh Cummings	c312d18191	Add Publishing Predicate Closes gh-17503	2025-07-09 17:33:10 -06:00
Josh Cummings	901b386ca6	Merge branch '6.5.x'	2025-07-09 14:11:14 -06:00
Josh Cummings	9209a33678	Remove References to Deprecated OpenSaml Components Issue gh-11658	2025-07-09 14:10:33 -06:00
Rob Winch	e48fdd5ed4	Use UserWebTestClientConfigurer Closes gh-17496	2025-07-07 15:15:51 -05:00
Josh Cummings	02d69ec864	Keep EnableWebMvcSecurity Link So that links across the Internet that are pointed at #mvc-enablewebmvcsecurity still arrive at a relevant place, this commit re-adds the mvc-enablewebmvcsecurity link, even though @EnableWebMvcSecurity itself is now removed. Issue gh-17294	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	a439bc65d6	Remove EnableWebMvcSecurity Closes gh-17294 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:46:03 -06:00
Tran Ngoc Nhan	242956a63c	Remove deprecated elements from DaoAuthenticationProvider Closes gh-17298 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-07 13:38:34 -06:00
Tran Ngoc Nhan	9312fb7004	Remove Deprecated AuthorizationDecision Elements Closes gh-17299 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-07-03 14:32:49 -06:00
Josh Cummings	ce107795d8	Fix Broken JavaDoc Link Issue gh-16886	2025-07-03 14:14:00 -06:00
Josh Cummings	b71a66bdaa	Use PathPatternRequestMatcher in docs Issue gh-16886 Issue gh-16887	2025-07-03 13:37:50 -06:00
Joe Grandja	e869bcdfa3	Remove deprecated implementations of OAuth2AccessTokenResponseClient Closes gh-16909	2025-07-03 14:23:23 -04:00
Joe Grandja	cfe38957d7	Remove Resource Owner Password Credentials grant Closes gh-17446	2025-07-03 14:23:23 -04:00
Konstantin Filtschew	e4a2ac27d6	Fixed link to CSRF checks	2025-06-27 14:18:01 -05:00
Tran Ngoc Nhan	e686ac6b11	Remove AbstractSecurityWebSocketMessageBrokerConfigurer Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2025-06-24 12:56:05 -06:00
Josh Cummings	a4c338f8a5	Format authorizeExchange Blocks This commit formats authorizeExchange blocks to use a common variable name and ensure the variable and reference are on the same line. Issue gh-13067	2025-06-20 10:46:52 -06:00
Josh Cummings	777447e1d9	Format authorizeHttpRequests Blocks This commit formats authorizeHttpRequests blocks to use the same parameter name and places the reference on the same line as the parameter. Issue gh-13067	2025-06-20 10:46:51 -06:00
Josh Cummings	c43afbf5e1	Format Lambda Expressions This commit updats lambda expressions so that their variable is surrounded in parentheses. Issue gh-13067	2025-06-20 10:41:29 -06:00
Josh Cummings	6ddb964c61	Remove ApacheDS Support Closes gh-13852	2025-06-19 11:55:34 -06:00
Rob Winch	b2325e4176	Add OAuth Support for HTTP Interface Client Closes gh-16858	2025-06-17 09:53:51 -05:00
Rob Winch	040ffe17e5	Add SubjectX500PrincipalExtractor to Whats New Issue gh-16984	2025-06-12 12:19:37 -05:00
Rob Winch	e3add59550	Update x509 Reference - Use include-code - Demo how to customize SubjectX500PrincipalExtractor	2025-06-12 12:09:20 -05:00
Rob Winch	7bf2730a53	Add x509@principal-extractor-ref Enables customizing the X500PrincipalExtractor	2025-06-12 12:09:20 -05:00
Rob Winch	88ed4a5ccf	Use principalExtractor reference instead of properties	2025-06-12 12:09:20 -05:00
Max Batischev	aba437d469	Add Support SubjectX500PrincipalExtractor Closes gh-16980 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-12 12:09:20 -05:00
Josh Cummings	9b724377ce	Rework Saml2 Authentication Statement This commit separates the authentication principal, the assertion details, and the relying party tenant into separate components. This allows the principal to be completely decoupled from how Spring Security triggers and processes SLO. Specifically, it adds Saml2AssertionAuthentication, a new authentication implementation that allows an Object principal and a Saml2ResponseAssertionAccessor credential. It also moves the relying party registration id from Saml2AuthenticatedPrincipal to Saml2AssertionAuthentication. As such, Saml2AuthenticatedPrincipal is now deprecated in favor of placing its assertion components in Saml2ResponseAssertionAccessor and the relying party registration id in Saml2AssertionAuthentication. Closes gh-10820	2025-06-10 17:21:03 -06:00
Lidoca	d0db5e3ea3	Update database-schema.adoc docs: match the database schema with https://github.com/spring-projects/spring-security/blob/6.5.0/docs/modules/ROOT/pages/servlet/authentication/passwords/jdbc.adoc Signed-off-by: Lidoca <32785562+Lidoca@users.noreply.github.com>	2025-06-09 22:17:57 -05:00
Josh Cummings	aa3135169d	Polish Documentation Closes gh-14635	2025-06-09 16:49:36 -06:00
Josh Cummings	eaab42a73c	Polish BearerTokenAuthenticationConverter Support - Moved to BearerTokenAuthenticationFilter constructor to align with AuthenticationFilter - Undeprecated BearerTokenResolver to reduce number of migration scenarios - Updated to 7.0 schema - Added migration docs Issue gh-14750	2025-06-04 18:17:17 -06:00
Max Batischev	4967f3feee	Add Support BearerTokenAuthenticationConverter Closes gh-14750 Signed-off-by: Max Batischev <mblancer@mail.ru>	2025-06-04 18:17:17 -06:00
Josh Cummings	492444c588	Update shouldConvertGetRequests Migration Steps Issue gh-17099	2025-06-03 13:12:38 -06:00
Josh Cummings	4ed131f6ab	Add shouldConvertGetRequests Migration Steps Issue gh-17099	2025-06-03 13:10:45 -06:00
Josh Cummings	6d3b54df21	Change Type Validation Default NimbusJwtDecoder and NimbusReactiveJwtDecoder now use Spring Security's JwtTypeValidator by default instead of Nimbus's type validator. Closes gh-17181	2025-05-28 16:11:13 -06:00
Josh Cummings	37a814bc29	Add 7.0 -> 8.0 Migration Guide Closes gh-17182	2025-05-28 16:11:12 -06:00

1 2 3 4 5 ...

1263 Commits