spring-security

Author	SHA1	Message	Date
Daniel Garnier-Moiroux	fed6df5167	Default WebAuthnConfigurer#rpName to rpId In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated: > This member is deprecated because many clients do not display it, > but it remains a required dictionary member for backwards compatibility. > Relying Parties MAY, as a safe default, set this equal to the RP ID. Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	2 months ago
Daniel Garnier-Moiroux	4feeb0f843	Docs: document effects of disabling CORS configurer Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>	2 months ago
Himanshu Pareek	dcb4e47cd5	Add Include-Code to the Password Storage page References gh-16226 Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>	2 months ago
Josh Cummings	8b2a453301	Advise Favoring PostAuthorize on Reads Closes gh-17797	4 months ago
Joe Kuhel	d002e68231	Update servlet test method docs to use include-code References gh-16226 Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>	4 months ago
Joe Kuhel	0179a811c7	Update servlet test method docs to use include-code References gh-16226 Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>	4 months ago
Michał Sobkiewicz	c963f4250e	Update Angular documentation links in csrf.adoc Replaced `angular.io` links with their corresponding `angular.dev` URLs. This change ensures that users referencing CSRF documentation are directed to the most current Angular resources. Signed-off-by: Michał Sobkiewicz <perceptron8@users.noreply.github.com>	5 months ago
Bernie Schelberg	edcb3b024e	Update Shibboleth repository URL Signed-off-by: Bernie Schelberg <bernard.schelberg@invicara.com>	5 months ago
Josh Cummings	7960d2803d	Add Migration Steps for PathMatcher Usage Issue gh-17509	6 months ago
Josh Cummings	4b15b2b94e	Add Migration Steps for Messaging Closes gh-17509	6 months ago
Josh Cummings	9209a33678	Remove References to Deprecated OpenSaml Components Issue gh-11658	6 months ago
Rob Winch	6eee256e12	Demonstrate include-code usage Closes gh-17161	7 months ago
Rob Winch	0fecaf4924	Add include-code extension setup for docs Closes gh-17160	7 months ago
Gurunathan	a4cd6f4278	Advise Overriding equals() and hashCode() in UserDetails Implementations This commit adds a documentation note explaining the importance of overriding equals() and hashCode() in custom UserDetails implementations. The default SessionRegistryImpl in Spring Security uses an in-memory ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to associate principals with sessions. If a custom UserDetails class does not properly override equals() and hashCode(), user sessions may not be tracked or matched correctly. I believe this helps developers avoid subtle session management issues when implementing custom authentication logic. Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>	7 months ago
Josh Cummings	eb30fd7f59	Add Missing Header Issue gh-11161	8 months ago
snowykte0426	260d298cc5	Add Migration Guide from Spring Security SAML Extension This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support. Includes: - Content migrated from the project wiki - xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata` - Metadata example moved to Examples Matrix - Cleanup and naming per review feedback Closes gh-11161 Signed-off-by: snowykte0426 <snowykte0426@naver.com>	8 months ago
Danilo Piazzalunga	27319e3f9b	Add missing registration property in YAML listing Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	8 months ago
Danilo Piazzalunga	ec462e8bc5	Update assertingparty property usage in YAML snippets Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration..identityprovider. to spring.security.saml2.relyingparty.registration..assertingparty.. Closes gh-12810. Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>	8 months ago
Joe Grandja	e3c39f02bc	Add documentation for DPoP support Closes gh-17072	8 months ago
Josh Cummings	211b1b7285	Update Method Security Migration Steps	8 months ago
Josh Cummings	84db5bb312	Add Cookie Customizer Migration Steps	8 months ago
Josh Cummings	74a25c3fc1	Add shouldFilterAllDispatcherTypes Migration Steps	8 months ago
Josh Cummings	084990736e	Move Opaque Token Migration Steps	8 months ago
Josh Cummings	c6bba38458	Update SAML 2.0 Migration Steps	8 months ago
Josh Cummings	45b453f59b	Add ACL Migration Steps	8 months ago
Tran Ngoc Nhan	505fe3abed	Correct method name Closes gh-17031 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	8 months ago
Josh Cummings	51239359ed	Fix ClearSiteData Code Snippet Closes gh-16948	8 months ago
Soumik Sarker	bcef6ed74f	Reformatted lines in x509 overview documentation Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	8 months ago
Yanming Zhou	9c76ab69f0	Use proper configuration key the getter method is `getOpaquetoken()` not `getOpaqueToken()` See `c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)` Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	8 months ago
Yanming Zhou	ce5a12b2f7	Revise document to replace outdated NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>	8 months ago
Josh Cummings	61d6fbc2a9	Update Documentation for PathPatternRequestMatcher Issue gh-16765	8 months ago
Steve Riesenberg	15c2b156f1	Update Client Authentication examples Closes gh-16925 987d9c9788ba0343f543083c87613fb5	9 months ago
Josh Cummings	6438603cb6	Pick Up TargetVisitor Beans Closes gh-16923	9 months ago
Josh Cummings	3869b13e68	Add ResponseAuthenticationConverter Aside from simplifying configuration, this commit also makes it possible to provide a response authentication converter that doesn't need the NameID element to be present. Closes gh-12136	9 months ago
Josh Cummings	3e686abf50	Add ResponseValidator Issue gh-14264 Closes gh-16915	9 months ago
Steve Riesenberg	43ef4262da	Update whats-new.adoc Issue gh-16913	9 months ago
Michael Samborski	bfb4878e29	Update kotlin.adoc to add required spread operator(*) Signed-off-by: Michael Samborski <msamborski@orbiscommunications.com>	9 months ago
Josh Cummings	f93a7a2f85	Deprecate HandlerMappingIntrospectorRequestTransformer Closes gh-16536	9 months ago
Josh Cummings	a283700ef8	Add CacheSaml2AuthenticationRequestRepository Closes gh-14793	9 months ago
Josh Cummings	67c21de1cf	Support Continue Filter Chain When No Relying Party Closes gh-16000	9 months ago
Josh Cummings	f280593566	Move Preparation Steps Closes gh-16873	9 months ago
Josh Cummings	616b43f261	Restore 6.x Migration Steps Issue gh-16873	9 months ago
Josh Cummings	91b0936189	Add AssertionValidator - Ships with support for customizing the OpenSAML validators to use - Or, you can supply your own instance of SAML20AssertionValidator Closes gh-15578	9 months ago
Tran Ngoc Nhan	ee84d37435	Use SpringCacheBasedTicketCache Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	9 months ago
Tran Ngoc Nhan	3be8e92187	Fix typo Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	9 months ago
Hao	6159e089d4	Fix inline code formatting in documentation Signed-off-by: Hao <kyrieeeee2@gmail.com>	9 months ago
Hao	8c7d2e8922	Fix typo in multitenancy documentation Signed-off-by: Hao <kyrieeeee2@gmail.com>	9 months ago
Josh Cummings	99345537d6	Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter Issue gh-16417	9 months ago
Josh Cummings	91ee5e7f2b	Add RequestMatcher Migration Path for CAS Issue gh-16417	9 months ago
Josh Cummings	15d9c13984	Add RequestMatcher MigrationPath for SwitchUserFilter To simplify migration, the filter's setter methods still use AntPathRequestMatcher. Users can call the equivalent RequestMatcher setter methods to opt-in to the change early. Issue gh-16417	9 months ago

1 2 3 4 5 ...

1220 Commits (6.5.7)