Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,866 Commits 54 Branches 379 Tags
3c8887285da4edb2bcfea09be2f92fac01634a02
Commit Graph

2837 Commits

Author SHA1 Message Date
Vyacheslav e029b3ac6f Update authorize-http-requests.adoc 
Comma added for java configuration 

Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>
 2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan 8bafd94b1f Add compile-warnings-error 
Closes gh-18424

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:37:39 -06:00
Robert Winch 74b93a19f6 Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Robert Winch 35d103843b Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-16 16:54:00 -06:00
Josh Cummings 30d6b3a02b Merge branch '7.0.x' 2026-01-15 12:41:29 -07:00
Josh Cummings 1f39a3dd3e Merge branch '6.5.x' into 7.0.x 2026-01-15 12:41:22 -07:00
Josh Cummings 84b124d29d Merge branch '6.4.x' into 6.5.x 2026-01-15 12:41:16 -07:00
songhee fee6a9bb0e docs: add CurrentSecurityContext section and link references 
Signed-off-by: songhee <songhee9327@gmail.com>
 2026-01-15 12:31:58 -07:00
Tran Ngoc Nhan cfe13c7c76 Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-15 10:52:01 -07:00
Guillaume Husta 508b3f26e3 docs: Typo in page Preparing for 7.0 / Web (version 6.5) 
In section 'Include the Servlet Path Prefix in Authorization Rules', `PathPatternRequestParser` should be replaced by `PathPatternRequestMatcher`.

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:35:26 -07:00
박기현\qkrrl 91d8a04ec2 Fix duplicated use-authorization-manager in docs 
Signed-off-by: 박기현\qkrrl <qkrrlgus114@naver.com>
 2026-01-14 14:21:38 -07:00
Robert Winch 63c99b9438 Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3.
 2026-01-12 14:31:57 -06:00
Robert Winch b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Robert Winch 5a7d93ee3b Merge branch '7.0.x' 
Closes gh-18471
 2026-01-09 16:55:02 -06:00
Fr05ty-hub e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
github-actions[bot] e588a3528f Update Antora Spring UI to v0.4.25 2026-01-09 15:22:22 -06:00
github-actions[bot] 7ea5be4b98 Update Antora Spring UI to v0.4.25 2026-01-09 15:21:48 -06:00
Robert Winch 3833650d33 Update to 7.1.0-SNAPSHOT 2026-01-09 10:32:03 -06:00
Robert Winch 2344fe5ebb Use proper xref syntax 
Incldue the required resource id and required # of the fragment.

See

- https://docs.antora.org/antora/latest/page/xref/#xref-macro
- https://docs.antora.org/antora/latest/page/resource-id-coordinates/#id-resource
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan ba18f681e5 Use xref anchor id 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan 3d9bc6a5cf Update mfa.adoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Martin Boulais 1d8ea63a9e Fix typo in HTTP Basic Auth Provider documentation 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
 2026-01-08 13:59:34 -06:00
Tran Ngoc Nhan 79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
github-actions[bot] ac9c0a4313 Update Antora Spring UI to v0.4.25 2025-12-19 16:57:20 -06:00
Josh Cummings 765abe534e Add Missing Migration Pages to Side Navigation 
Closes gh-18313
 2025-12-15 09:05:06 -07:00
Josh Cummings afb0c59875 Add request-matcher XML Migration Steps 
Closes gh-18211
 2025-12-15 09:05:06 -07:00
kucoll 10edc14d7e Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:26:34 -06:00
kucoll 7503d8018d Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:22:12 -06:00
Guillaume Husta 1ce73dd45a docs: Fix example in Custom DSLs for http.csrf() 
It should use lambda dsl to compile

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 18:02:41 -06:00
Guillaume Husta bb7fcb27ef docs: Fix example in MyCustomDsl to remove throws Exception 
In `init` and `configure`, throws Exception has been removed in the super interface `SecurityConfigurer`, since Spring Security 7.0.
This change is the consequence of https://github.com/spring-projects/spring-security/issues/17957

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 17:59:07 -06:00
sach429 19cbd9c570 Update OAuth2 Client to OAuth2 Resource Server 
Fix section title to match the corresponding example

Signed-off-by: sach429 <satrajit.acharya@gmail.com>
 2025-12-01 17:42:28 -06:00
L33gn21 b37c5584f9 Fix broken link to Spring Boot docs 
Signed-off-by: L33gn21 <l33gn21@gmail.com>
 2025-12-01 16:52:43 -06:00
dependabot[bot] 09e80aafe8 Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.10 to 3.2.0-alpha.11.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.10...v3.2.0-alpha.11)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 14:55:39 -06:00
Peter Potrowl d84d0ca22e Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Peter Potrowl f1793f5047 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Peter Potrowl 4b227649f0 Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:28:47 -06:00
Peter Potrowl cfc27f8cc3 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:28:47 -06:00
Peter Potrowl 5baff27ffb Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:12:20 -06:00
Peter Potrowl 39aaf25b60 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:12:20 -06:00
Joe Grandja b130e728b7 Polish gh-18153 
Issue gh-18144
 2025-11-11 14:27:50 -05:00
Andrey Litvitski e6db56ab4f Add a minimal authorization server configuration 
Closes gh-18144

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-11-11 14:27:36 -05:00
Joe Grandja 571bd60d82 Document OAuth 2.0 Protected Resource Metadata support 
Issue gh-17244
 2025-11-04 14:37:19 -05:00
Rob Winch 6471a32d66 Merge branch '6.5.x' 
Closes gh-18132
 2025-11-04 11:37:11 -06:00
Rob Winch c1e9e10bf0 Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00
Rob Winch 5213cc44fc Merge branch '6.5.x' 2025-11-04 10:24:32 -06:00
Rob Winch 8fa2fc0e1e Merge branch '6.4.x' into 6.5.x 2025-11-04 10:24:15 -06:00
Daniel Garnier-Moiroux 4feeb0f843 Docs: document effects of disabling CORS configurer 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 10:23:46 -06:00
Rob Winch 884cf0d62e EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication 
Closes gh-18127
 2025-11-03 22:42:28 -06:00