Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,976 Commits 54 Branches 379 Tags
641d8a362b551bd595e434b87effb858096fa9ed
Commit Graph

2714 Commits

Author SHA1 Message Date
Robert Winch b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Fr05ty-hub e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Robert Winch 2344fe5ebb Use proper xref syntax 
Incldue the required resource id and required # of the fragment.

See

- https://docs.antora.org/antora/latest/page/xref/#xref-macro
- https://docs.antora.org/antora/latest/page/resource-id-coordinates/#id-resource
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan ba18f681e5 Use xref anchor id 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan 3d9bc6a5cf Update mfa.adoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Martin Boulais 1d8ea63a9e Fix typo in HTTP Basic Auth Provider documentation 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
 2026-01-08 13:59:34 -06:00
Tran Ngoc Nhan 79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
github-actions[bot] ac9c0a4313 Update Antora Spring UI to v0.4.25 2025-12-19 16:57:20 -06:00
kucoll 7503d8018d Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:22:12 -06:00
Guillaume Husta 1ce73dd45a docs: Fix example in Custom DSLs for http.csrf() 
It should use lambda dsl to compile

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 18:02:41 -06:00
Guillaume Husta bb7fcb27ef docs: Fix example in MyCustomDsl to remove throws Exception 
In `init` and `configure`, throws Exception has been removed in the super interface `SecurityConfigurer`, since Spring Security 7.0.
This change is the consequence of https://github.com/spring-projects/spring-security/issues/17957

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2025-12-01 17:59:07 -06:00
sach429 19cbd9c570 Update OAuth2 Client to OAuth2 Resource Server 
Fix section title to match the corresponding example

Signed-off-by: sach429 <satrajit.acharya@gmail.com>
 2025-12-01 17:42:28 -06:00
L33gn21 b37c5584f9 Fix broken link to Spring Boot docs 
Signed-off-by: L33gn21 <l33gn21@gmail.com>
 2025-12-01 16:52:43 -06:00
dependabot[bot] 09e80aafe8 Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.10 to 3.2.0-alpha.11.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.10...v3.2.0-alpha.11)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 14:55:39 -06:00
Peter Potrowl d84d0ca22e Fix typo in ldap.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Peter Potrowl f1793f5047 Fix typo in passkeys.adoc 
Signed-off-by: Peter Potrowl <peter.potrowl@gmail.com>
 2025-11-21 10:33:48 -06:00
Joe Grandja b130e728b7 Polish gh-18153 
Issue gh-18144
 2025-11-11 14:27:50 -05:00
Andrey Litvitski e6db56ab4f Add a minimal authorization server configuration 
Closes gh-18144

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-11-11 14:27:36 -05:00
Joe Grandja 571bd60d82 Document OAuth 2.0 Protected Resource Metadata support 
Issue gh-17244
 2025-11-04 14:37:19 -05:00
Rob Winch 6471a32d66 Merge branch '6.5.x' 
Closes gh-18132
 2025-11-04 11:37:11 -06:00
Rob Winch c1e9e10bf0 Merge branch '6.4.x' into 6.5.x 
Closes gh-18131
 2025-11-04 11:28:40 -06:00
Daniel Garnier-Moiroux fed6df5167 Default WebAuthnConfigurer#rpName to rpId 
In WebAuthn L3 spec, PublicKeyCredentialEntity.name is deprecated:

> This member is deprecated because many clients do not display it,
> but it remains a required dictionary member for backwards compatibility.
> Relying Parties MAY, as a safe default, set this equal to the RP ID.

Source: https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialentity

Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 11:16:22 -06:00
Rob Winch 5213cc44fc Merge branch '6.5.x' 2025-11-04 10:24:32 -06:00
Rob Winch 8fa2fc0e1e Merge branch '6.4.x' into 6.5.x 2025-11-04 10:24:15 -06:00
Daniel Garnier-Moiroux 4feeb0f843 Docs: document effects of disabling CORS configurer 
Signed-off-by: Daniel Garnier-Moiroux <git@garnier.wf>
 2025-11-04 10:23:46 -06:00
Rob Winch 884cf0d62e EnableGlobalMultiFactorAuthentication->EnableMultiFactorAuthentication 
Closes gh-18127
 2025-11-03 22:42:28 -06:00
Joe Grandja b6ed037c39 Document device_code grant disabled by default 
Issue gh-17998
 2025-10-31 06:38:09 -04:00
Joe Grandja 5da0cbea4b Document OAuth 2.0 Dynamic Client Registration support 
Issue gh-17964
 2025-10-30 16:01:51 -04:00
Joe Grandja e6b4d461e7 Fix OAuth2AuthorizationServerJacksonModule type validator configuration 
Closes gh-18102
 2025-10-30 07:19:45 -04:00
Josh Cummings da46ba2619 Update Password Samples for Nullability 
Issue gh-16226
 2025-10-20 17:04:22 -06:00
Josh Cummings a406f5fe2d Merge remote-tracking branch 'origin/6.5.x' 2025-10-20 16:46:49 -06:00
Himanshu Pareek dcb4e47cd5 Add Include-Code to the Password Storage page 
References gh-16226

Signed-off-by: Himanshu Pareek <himanshupareekiit01@gmail.com>
 2025-10-20 16:35:23 -06:00
Josh Cummings 9c7b34a48b Favor Relative Redirects by Default 
Closes gh-16300
 2025-10-20 10:25:17 -06:00
Josh Cummings d5d7fd414d Update What's New 2025-10-20 10:25:17 -06:00
Rob Winch 95abf61c88 Refine Jackson 3 format description 2025-10-20 09:11:22 -05:00
Sébastien Deleuze 8f8a25533a Refine documentation for Jackson 3 
This commit refines the documentation by:
 - Updating Jackson documentation for Jackson 3
 - Removing the outdated documentation in servlet
 - Adding migration guidelines

Closes gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Sébastien Deleuze 65a14d6c6d Add Jackson 3 support 
This commit adds support for Jackson 3 which has the following
major differences with the Jackson 2 one:
 - jackson subpackage instead of jackson2
 - Jackson type prefix instead of Jackson2
 - JsonMapper instead of ObjectMapper
 - For configuration, JsonMapper.Builder instead of ObjectMapper
   since the latter is now immutable
 - Remove custom support for unmodifiable collections
 - Use safe default typing via a PolymorphicTypeValidator

Jackson 3 changes compared to Jackson 2 are documented in
https://cowtowncoder.medium.com/jackson-3-0-0-ga-released-1f669cda529a
and
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md.

This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
 2025-10-19 17:03:19 -05:00
Josh Cummings ba42b9c4cc Update Documentation for All-Factor Propagation 
Issue gh-18000
 2025-10-16 13:41:46 -06:00
Josh Cummings 2e7cdd7b14 Revert "Merge branch 'builder-enhancements'" 
This reverts commit 95644fb73c, reversing
changes made to fbf7bb3be1.

Reverting this commit will allow us more time to
consider the ideal way to add this support to the public API.
 2025-10-16 13:41:45 -06:00
Josh Cummings e535e61c8b Move toBuilder to BuildableAuthentication 
Closes gh-18052
 2025-10-15 12:01:11 -06:00
Rob Winch 78701f94ee Document RequiredFactor Valid Duration 
Issue gh-17997
 2025-10-10 16:24:47 -05:00
Rob Winch 702878acae Create AuthorizationManagerFactories.multiFactor 
Closes gh-18032
 2025-10-10 16:24:47 -05:00
Rob Winch d18431a78d Move FACTOR_ constants to FactorGrantedAuthority 
Previously GrantedAuthorities had an implicit package tangle because it
was located in ~.core and FactorGrantedAuthority is in ~.core.authority
and FactorGrantedAuthority's authority property was implicitly expected
to be constants found in `GrantedAuthorities`.

This commit moves the constants to the FactorGrantedAuthority which
resolves this tangle. It wasn't initially done because
FactorGrantedAuthority did not exist at that time.

Closes gh-18030
 2025-10-10 16:24:46 -05:00
Rob Winch e290c98e97 Document Multi-Factor Simple to Complex 
This reworks the Multi-Factor documentation to start with the
simplest scenario and work to progressively more complex requirements.

Closes gh-18029
 2025-10-10 16:23:38 -05:00
dependabot[bot] d5c5bb234c Bump antora from 3.2.0-alpha.9 to 3.2.0-alpha.10 in /docs 
Bumps [antora](https://gitlab.com/antora/antora) from 3.2.0-alpha.9 to 3.2.0-alpha.10.
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v3.2.0-alpha.9...v3.2.0-alpha.10)

---
updated-dependencies:
- dependency-name: antora
  dependency-version: 3.2.0-alpha.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 14:01:08 -05:00
Rob Winch 2473378fcd Use RequiredFactorErrors 
Closes gh-18002
 2025-10-03 15:20:03 -05:00
Rohan Naik 8c65dc93f2 Enable PKCE by default 
Closes gh-17507

Signed-off-by: Rohan Naik <rohan.nn1203@gmail.com>
 2025-10-03 13:08:04 -04:00
Joe Grandja 681e166be8 Remove default HttpSecurity.securityMatcher() for authorization server 
Closes gh-17965
 2025-10-01 11:45:21 -04:00
Rob Winch 7f10897de3 SecurityMockMvcResultMatchers.withAuthorities(String...) 
Closes gh-17974
 2025-09-30 10:39:14 -05:00