Tree: 7adc000c6b

1.0.x

2.0.x

3.0.x

3.1.x

3.2.x

4.0.x

4.1.x

4.2.x

5.0.x

5.1.x

5.2.x

5.3.x

5.4.x

5.5.x

5.6.x

5.7.x

5.8.x

5.8.x_update-antora-ui-spring

6.0.x

6.1.x

6.2.x

6.2.x_update-antora-ui-spring

6.3.x

6.3.x_update-antora-ui-spring

6.4.x

6.5.x

7.0.x

dependabot/github_actions/6.5.x/spring-io/spring-gradle-build-action-2.0.6

dependabot/gradle/6.5.x/com.fasterxml.jackson-jackson-bom-2.18.7

dependabot/gradle/6.5.x/io.mockk-mockk-1.14.9

dependabot/gradle/docs-build/gradle-wrapper-9.5.0

dependabot/gradle/main/org.springframework.data-spring-data-bom-2025.1.0-SNAPSHOT

dependencies-typo-6.5.x

dependencies-typo-main

docs-build

finalize

gh-16886

gh-pages

kotlin22

main

main-using-releases-v1-workflows

revert-18260-gh-18259

wrapperbot/spring-security/gradle-wrapper-8.10

wrapperbot/spring-security/gradle-wrapper-8.10.1

wrapperbot/spring-security/gradle-wrapper-8.10.2

wrapperbot/spring-security/gradle-wrapper-8.11

wrapperbot/spring-security/gradle-wrapper-8.11.1

wrapperbot/spring-security/gradle-wrapper-8.12

wrapperbot/spring-security/gradle-wrapper-8.12.1

wrapperbot/spring-security/gradle-wrapper-8.13

wrapperbot/spring-security/gradle-wrapper-8.14

wrapperbot/spring-security/gradle-wrapper-8.9

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

2.0.0

2.0.0.M1

2.0.0.M2

2.0.0.RC1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5.RELEASE

2.0.6.RELEASE

2.0.7.RELEASE

2.0.8.RELEASE

2.5.0.M1

3.0.0.M1

3.0.0.M2

3.0.0.RC1

3.0.0.RC2

3.0.0.RELEASE

3.0.1.RELEASE

3.0.2.RELEASE

3.0.3.RELEASE

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.0.8.RELEASE

3.1.0.M1

3.1.0.M2

3.1.0.RC1

3.1.0.RC2

3.1.0.RC3

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.1.5.RELEASE

3.1.6.RELEASE

3.1.7.RELEASE

3.2.0.M1

3.2.0.M2

3.2.0.RC1

3.2.0.RC2

3.2.0.RELEASE

3.2.1.RELEASE

3.2.10.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

4.0.0.M1

4.0.0.M2

4.0.0.RC1

4.0.0.RC2

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.1.0.RC1

4.1.0.RC2

4.1.0.RELEASE

4.1.1.RELEASE

4.1.2.RELEASE

4.1.3.RELEASE

4.1.4.RELEASE

4.1.5.RELEASE

4.2.0.M1

4.2.0.RC1

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.12.RELEASE

4.2.13.RELEASE

4.2.14.RELEASE

4.2.15.RELEASE

4.2.16.RELEASE

4.2.17.RELEASE

4.2.18.RELEASE

4.2.19.RELEASE

4.2.2.RELEASE

4.2.20.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.8.RELEASE

4.2.9.RELEASE

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.RC1

5.0.0.RELEASE

5.0.1.RELEASE

5.0.10.RELEASE

5.0.11.RELEASE

5.0.12.RELEASE

5.0.13.RELEASE

5.0.14.RELEASE

5.0.15.RELEASE

5.0.16.RELEASE

5.0.17.RELEASE

5.0.18.RELEASE

5.0.19.RELEASE

5.0.2.RELEASE

5.0.3.RELEASE

5.0.4.RELEASE

5.0.5.RELEASE

5.0.6.RELEASE

5.0.7.RELEASE

5.0.8.RELEASE

5.0.9.RELEASE

5.1.0.M1

5.1.0.M2

5.1.0.RC1

5.1.0.RC2

5.1.0.RELEASE

5.1.1.RELEASE

5.1.10.RELEASE

5.1.11.RELEASE

5.1.12.RELEASE

5.1.13.RELEASE

5.1.2.RELEASE

5.1.3.RELEASE

5.1.4.RELEASE

5.1.5.RELEASE

5.1.6.RELEASE

5.1.7.RELEASE

5.1.8.RELEASE

5.1.9.RELEASE

5.2.0.M1

5.2.0.M2

5.2.0.M3

5.2.0.M4

5.2.0.RC1

5.2.0.RELEASE

5.2.1.RELEASE

5.2.10.RELEASE

5.2.11.RELEASE

5.2.12.RELEASE

5.2.13.RELEASE

5.2.14.RELEASE

5.2.15.RELEASE

5.2.2.RELEASE

5.2.3.RELEASE

5.2.4.RELEASE

5.2.5.RELEASE

5.2.6.RELEASE

5.2.7.RELEASE

5.2.8.RELEASE

5.2.9.RELEASE

5.3.0.M1

5.3.0.RC1

5.3.0.RELEASE

5.3.1.RELEASE

5.3.10.RELEASE

5.3.11.RELEASE

5.3.12.RELEASE

5.3.13.RELEASE

5.3.2.RELEASE

5.3.3.RELEASE

5.3.4.RELEASE

5.3.5.RELEASE

5.3.6.RELEASE

5.3.7.RELEASE

5.3.8.RELEASE

5.3.9.RELEASE

5.4.0

5.4.0-M1

5.4.0-M2

5.4.0-RC1

5.4.1

5.4.10

5.4.11

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.5.0

5.5.0-M1

5.5.0-M2

5.5.0-M3

5.5.0-RC1

5.5.0-RC2

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.6.0

5.6.0-M1

5.6.0-M2

5.6.0-M3

5.6.0-RC1

5.6.1

5.6.10

5.6.11

5.6.12

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.0-M1

5.7.0-M2

5.7.0-M3

5.7.0-RC1

5.7.1

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.0-M1

5.8.0-M2

5.8.0-M3

5.8.0-RC1

5.8.1

5.8.10

5.8.11

5.8.12

5.8.13

5.8.14

5.8.15

5.8.16

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

6.0.0

6.0.0-M1

6.0.0-M2

6.0.0-M3

6.0.0-M4

6.0.0-M5

6.0.0-M6

6.0.0-M7

6.0.0-RC1

6.0.0-RC2

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.0-M1

6.1.0-M2

6.1.0-RC1

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.0-M1

6.2.0-M2

6.2.0-M3

6.2.0-RC1

6.2.0-RC2

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0

6.3.0-M1

6.3.0-M2

6.3.0-M3

6.3.0-RC1

6.3.1

6.3.10

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.8

6.3.9

6.4.0

6.4.0-M1

6.4.0-M2

6.4.0-M3

6.4.0-M4

6.4.0-RC1

6.4.1

6.4.10

6.4.11

6.4.12

6.4.13

6.4.2

6.4.3

6.4.4

6.4.5

6.4.6

6.4.7

6.4.8

6.4.9

6.5.0

6.5.0-M1

6.5.0-M2

6.5.0-M3

6.5.0-RC1

6.5.1

6.5.10

6.5.2

6.5.3

6.5.4

6.5.5

6.5.6

6.5.7

6.5.8

6.5.9

7.0.0

7.0.0-M1

7.0.0-M2

7.0.0-M3

7.0.0-RC1

7.0.0-RC2

7.0.0-RC3

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.1.0-M1

7.1.0-M2

7.1.0-M3

7.1.0-RC1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '7adc000c6b'

${ noResults }

Commit Graph

1554 Commits (7adc000c6bb604b0e415bda0cffabb6cd6d8e5dd)

Author	SHA1	Message	Date
Rob Winch	9cb668aec2	SessionManagementConfigurer properly defaults SecurityContextRepository ... Previously the default was an HttpSessionSecurityContextRepository which meant that if a stateless authentication occurred the SecurityContext would be lost on ERROR dispatch. This commit ensures that the RequestAttributeSecurityContextRepository is also consulted by default. Closes gh-12070	4 years ago
Steve Riesenberg	33b492df54	Default to DelegatingSecurityContextRepository ... Closes gh-12023 Closes gh-12049	4 years ago
Steve Riesenberg	819529f5ea	Remove CsrfSpec.tokenFromMultipartDataEnabled ... Also removed ServerCsrfDsl.tokenFromMultipartDataEnabled Closes gh-12020	4 years ago
Joe Grandja	753e113a13	RequestMatcherDelegatingAuthorizationManager defaults to deny ... Closes gh-11958	4 years ago
Josh Cummings	2713075d08	Mark Observations with Firewall Failures ... Closes gh-11994	4 years ago
Josh Cummings	46ab84684b	Mark Observations with CSRF Failures ... Closes gh-11993	4 years ago
Josh Cummings	99a87179dd	Instrument Filter Chain ... Closes gh-11911	4 years ago
Josh Cummings	8c610684f3	Instrument Authentication and Authorization ... Closes gh-11989 Closes gh-11990	4 years ago
Daniel Garnier-Moiroux	27059ced87	Default X-Xss-Protection header value to "0" ... Closes gh-9631	4 years ago
Steve Riesenberg	37fa49b32d	Polish gh-11952	4 years ago
Steve Riesenberg	f4ca90e719	Add reactive interfaces for CSRF request handling ... Issue gh-11959	4 years ago
Marcus Da Coregio	398f5dee7f	Remove deprecated RequestMatcher methods from Java Configuration ... Closes gh-11939	4 years ago
Marcus Da Coregio	9fd195d419	Default to shouldFilterAllDispatcherTypes=true in XML ... Closes gh-11970	4 years ago
Marcus Da Coregio	f3321c256c	Add XML support for shouldFilterAllDispatcherTypes ... Closes gh-11492	4 years ago
Marcus Da Coregio	8a5aed2983	Add deprecation warning to CsrfDsl#ignoringAntMatchers ... Issue gh-11347	4 years ago
Marcus Da Coregio	bc4ad52feb	Add deprecation warning to mvcMatchers methods ... Issue gh-11347	4 years ago
Josh Cummings	12b9f2e196	use-authorization-manager defaults to true ... Closes gh-11929	4 years ago
Marcus Da Coregio	c4d23f2b49	Use MvcRequestMatcher by default if Spring MVC is present ... Closes gh-11899	4 years ago
Josh Cummings	2079309c5a	Add SecurityContextHolderStrategy XML Configuration for OAuth2 ... Issue gh-11061	4 years ago
Josh Cummings	7543effe89	Add SecurityContextHolderStrategy Java Configuration for OAuth2 ... Issue gh-11061	4 years ago
Josh Cummings	7e3841105b	Add SecurityContextHolderStrategy XML Configuration for Saml2 ... Issue gh-11061	4 years ago
Josh Cummings	19181a5afd	Add SecurityContextHolderStrategy Java Configuration for Saml2 ... Issue gh-11061	4 years ago
Josh Cummings	0c0e298aa7	Polish Saml2 XML Use of SecurityContextHolderStrategy ... Issue gh-11061	4 years ago
Josh Cummings	b4d13e7726	Polish use-authorization-manager ... - Use SecurityContextHolderStrategy - Allow empty role prefix - Disallow access-decision-manager-ref and authorization-manager-ref together Issue gh-11305	4 years ago
Steve Riesenberg	1d706ae13d	Add csrfTokenRequestResolver to CsrfDsl ... Closes gh-11952	4 years ago
Marcus Da Coregio	bf6e85ec15	Accept String varargs in securityMatcher ... Issue gh-9159	4 years ago
Marcus Da Coregio	35f7e46d05	Remove WebSecurityConfigurerAdapter ... Closes gh-10902	4 years ago
Steve Riesenberg	3bc76815c2	Update csrf.request-handler-ref in 6.0 ... Issue gh-11918	4 years ago
Steve Riesenberg	475b3bb6bb	Add deferred CsrfTokenRepository.loadDeferredToken ... * Move DeferredCsrfToken to top-level and implement Supplier<CsrfToken> * Move RepositoryDeferredCsrfToken to top-level and make package-private * Add CsrfTokenRepository.loadToken(HttpServletRequest, HttpServletResponse) * Update CsrfFilter * Rename CsrfTokenRepositoryRequestHandler to CsrfTokenRequestAttributeHandler Issue gh-11892 Closes gh-11918	4 years ago
Steve Riesenberg	c98de7af2f	Add xss-protection.header-value in 6.0 ... Issue gh-9631	4 years ago
Daniel Garnier-Moiroux	0e215a21ad	Add X-Xss-Protection headerValue to XML config ... Issue gh-9631	4 years ago
Marcus Da Coregio	039e0328e1	Simplify Java Configuration RequestMatcher Usage ... If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity Closes gh-11347 Closes gh-9159	4 years ago
Steve Riesenberg	d9a682a414	Polish gh-11896	4 years ago
Steve Riesenberg	7f9600ae08	Polish gh-11896	4 years ago
Marcus Da Coregio	64a19de4dc	Deprecate HPKP security header ... Closes gh-10144	4 years ago
Rob Winch	4479cefade	Default Require Explicit Session Management = true ... Closes gh-11763	4 years ago
Rob Winch	6d56af7b65	SessionManagementDsl.requireExplicitAuthenticationStrategy	4 years ago
Daniel Garnier-Moiroux	93250013e4	Make X-Xss-Protection configurable through ServerHttpSecurity ... OWASP recommends using "X-Xss-Protection: 0". The default is currently "X-Xss-Protection: 1; mode=block". In 6.0, the default will be "0". This commits adds the ability to configure the xssProtection header value in ServerHttpSecurity. This commit deprecates the use of "enabled" and "block" booleans to configure XSS protection, as the state "!enabled + block" is invalid. This impacts HttpSecurity. Issue gh-9631	4 years ago
Marcus Da Coregio	cf3349f31a	Configure ContentNegotiationStrategy in HttpSecurityConfiguration ... Closes gh-11916	4 years ago
Josh Cummings	506e50bfd0	Move Saml2 Authentication Filters ... Issue gh-8819	4 years ago
Josh Cummings	37a160245f	Adjust OAuth2 Resource Server packaging ... Closes gh-7349	4 years ago
Steve Riesenberg	21c0c73878	Remove request-resolver-ref in 6.0 ... Issue gh-11896	4 years ago
Steve Riesenberg	46696a9226	CsrfTokenRequestHandler extends CsrfTokenRequestResolver ... Closes gh-11896	4 years ago
Steve Riesenberg	3c66ef6305	Change default SecurityContextRepository ... Save SecurityContext in request attributes for stateless session management using RequestAttributeSecurityContextRepository. Closes gh-11026	4 years ago
Rob Winch	d94677f87e	CsrfTokenRequestAttributeHandler -> CsrfTokenRequestHandler ... This renames CsrfTokenRequestAttributeHandler to CsrfTokenRequestHandler and moves usage from CsrfFilter into CsrfTokenRequestHandler. Closes gh-11892	4 years ago
Josh Cummings	70460ca009	Adjust OAuth2 Resource Server packaging ... Closes gh-7349	4 years ago
Josh Cummings	61c80bcac5	Move Saml2 Authentication Filters ... Closes gh-8819	4 years ago
Rob Winch	48e31f87e4	Remove Deprecated OpenSAML 3 Support ... Closes gh-10556	4 years ago
Josh Cummings	3f8503f1b4	Deprecate AccessDecisionManager et al ... Closes gh-11302	4 years ago
slam	45bbd86f7e	HttpSecurityDsl should support apply method ... Closes gh-11754	4 years ago