Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,590 Commits 54 Branches 379 Tags
3f74991ce95a5eb47e81108d83b3ea6347ea80aa
Commit Graph

2667 Commits

Author SHA1 Message Date
Rohan Naik 8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja 681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Rob Winch 7f10897de3 SecurityMockMvcResultMatchers.withAuthorities(String...) 
Closes gh-17974
 2025-09-30 10:39:14 -05:00
Rob Winch 667cd4aa7c Remove unnecessary throws Exception from spring-security-config 
Closes gh-17957
 2025-09-25 11:50:13 -05:00
Josh Cummings ad6fe4fdc3 Polish MFA Samples 
This commit removes unneeded AuthorizationManagerFactory
implementations, simplifies the custom AuthorizationManagerFactory
example, and updates usage of hasAllAuthorities.

Issue gh-17934
 2025-09-24 17:54:59 -06:00
Rob Winch f652920bb3 Add @EnableGlobalMultiFactorAuthentication 
Closes gh-17954
 2025-09-24 14:47:26 -05:00
Rob Winch e33e4d80a9 Fix Antora Warnings in servlet/authentication/adaptive.adoc 
Issue gh-2603
 2025-09-24 13:05:50 -05:00
Rob Winch b2d76dfe66 Add GrantedAuthorities.FACTOR_*_AUTHORITY 
Closes gh-17952
 2025-09-24 09:53:56 -05:00
Josh Cummings bbba2930e9 Add Initial Documentation 
Issue gh-17934
 2025-09-23 18:16:36 -06:00
Rob Winch 4ef16b14d2 Update terminology to HTTP Service Clients 
Closes gh-17947
 2025-09-22 10:09:04 -05:00
Josh Cummings 765bdf1ed0 SpEL Expressions Support Returning AuthorizationManager 
Closes gh-17936
 2025-09-19 12:07:59 -06:00
Josh Cummings 1e1cb0097a Document Authentication Factors 
Issue gh-17933
 2025-09-19 11:32:28 -06:00
Rob Winch 9eaadcc70d Add hasAll(Roles|Authorities) to SecurityExpressionRoot 
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.

Issue gh-17932
 2025-09-19 09:33:50 -05:00
Rob Winch 675835e525 Add AuthorizationManagerFactory.hasAll(Authorities|Roles) 
Closes gh-17932
 2025-09-18 14:19:22 -05:00
Rob Winch bb6b8ae3f3 Add AllAuthoritiesReactiveAuthorizationManager 
Issue gh-17916
 2025-09-16 16:31:55 -05:00
Rob Winch 5ca18a3b9c Add password4j implementation of PasswordEncoder 2025-09-15 11:28:39 -05:00
Rob Winch d0372efadd Use include-code for password4j docs 
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.

Issue gh-17706
 2025-09-15 11:03:44 -05:00
Rob Winch 9f839384e9 Use non-redundant ids in password4j docs 
Documentation ids no longer need to be globally unique, so they
do not need to include the path. This makes the ids less verbose and
integrates with include-code extension better.

Issue gh-17706
 2025-09-15 11:00:51 -05:00
Rob Winch 11bec09ffc Escape attribute failures in Password4j docs 
Issue gh-17706
 2025-09-15 10:57:19 -05:00
Rob Winch c18aff7f5f Password4j docs 1 sentence per line 
The Antora documentation convention is to use a single sentence per line
as this helps with diffing and merging changes.

Issue gh-17706
 2025-09-15 09:22:08 -05:00
dependabot[bot] 1a99ab5bdf Bump @antora/atlas-extension in /docs 
---
updated-dependencies:
- dependency-name: "@antora/atlas-extension"
  dependency-version: 1.0.0-alpha.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-15 08:58:06 -05:00
M.Bozorgmehr b2d4c52c53 Add documentation for Password4j-based password encoders for Argon2, BCrypt, Scrypt, PBKDF2, and Balloon hashing 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
Rob Winch a0fe04c4aa Document @ClientRegistrationId on types 
Issue gh-17806
 2025-09-12 16:19:27 -05:00
Bernard Budano 02a948da81 Address reviewer requested changes 
Closes gh-17806

Signed-off-by: Bernard Budano <bbudano@gmail.com>
 2025-09-12 16:19:27 -05:00
Joe Grandja 7ef25cc101 Add HttpSecurity.oauth2AuthorizationServer() 
Issue gh-17880
 2025-09-12 16:20:44 -04:00
Joe Grandja e99ea033c5 Integrate Spring Authorization Server ref docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Joe Grandja 93742a4db3 Manual move of spring-projects/spring-authorization-server docs 
Issue gh-17880
 2025-09-12 16:20:40 -04:00
Rob Winch cf0ade86fe Update Kerberos Sample Copyright 
Issue gh-17879
 2025-09-12 15:12:47 -05:00
Rob Winch 1b263cfafb Fix Keberos Docs http:// 
Issue gh-17879
 2025-09-12 14:39:46 -05:00
Rob Winch f5fb127c8c Add Spring Security Kerberos 
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
 2025-09-12 14:25:20 -05:00
Josh Cummings b87d63cb71 Document spring-security-access 
Closes gh-17847
 2025-09-12 10:32:39 -06:00
Yanming Zhou 5ec7ae6b74 Remove redundant code in document 
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
 2025-09-10 18:14:37 -06:00
Josh Cummings b09afb34cc Document Authentication.Builder 
The commit documents the new Authentication Builder interface
and its usage in the security filter chain.

Closes gh-17861
Closes gh-17862
 2025-09-09 14:59:14 -06:00
Steve Riesenberg eeb4574bb3 Add AuthorizationManagerFactory 
Signed-off-by: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
 2025-09-09 15:36:49 -05:00
Josh Cummings 0e39685b9c Merge branch '6.5.x' 2025-08-22 12:40:41 -06:00
Josh Cummings 9d64880ea9 Merge branch '6.4.x' into 6.5.x 2025-08-22 12:40:12 -06:00
Josh Cummings 8b2a453301 Advise Favoring PostAuthorize on Reads 
Closes gh-17797
 2025-08-22 12:39:51 -06:00
Rob Winch d9210c6596 Fix Nullability 2025-08-21 13:41:02 -05:00
Rob Winch 9bbf837c7c Merge branch '6.5.x' 2025-08-21 12:44:42 -05:00
Rob Winch 0404996f87 import Assertions.assertThat 
This adds a static import for assertThat in the Kotlin docs code
 2025-08-21 12:35:13 -05:00
Rob Winch 0f63d98c84 Use @EnableMethodSecurity in docs tests 
Previously parameters were passed in unnecessarily. This removes
the unnecessary paramaters.
 2025-08-21 12:35:13 -05:00
Rob Winch fbfbb1e571 Use 2004-present for Copyright 
Spring Security migrated the copyright to use -present to simplify
the headers. This commit aligns the header.
 2025-08-21 12:35:13 -05:00
Joe Kuhel d002e68231 Update servlet test method docs to use include-code 
References gh-16226

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2025-08-21 12:35:13 -05:00
Rob Winch f82fe9c8c6 Remove stray modular from the documentation 
Issue gh-16258
 2025-08-20 12:24:33 -05:00
Rob Winch a8f045eb50 Add Modular Spring Security Configuration 
Closes gh-16258
 2025-08-20 12:16:08 -05:00
Tran Ngoc Nhan ef5c703010 Remove unused import 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2025-08-19 22:05:25 -05:00
Josh Cummings 4da98dde2b Update What's New 
Issue gh-17707
 2025-08-18 15:31:03 -06:00
dependabot[bot] 39301574fa Bump antora from 3.2.0-alpha.8 to 3.2.0-alpha.9 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.8 to 3.2.0-alpha.9.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.8...v3.2.0-alpha.9)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 13:33:47 -05:00
dependabot[bot] 4ae782cdd6 Bump @antora/collector-extension from 1.0.1 to 1.0.2 in /docs 
---
updated-dependencies:
- dependency-name: "@antora/collector-extension"
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 13:33:26 -05:00
Josh Cummings d3b143dab6 Move SAML 2.0 Migration Step 
Issue gh-17099
 2025-08-14 18:03:44 -06:00