Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,403 Commits 54 Branches 379 Tags
b56a9666c831e4977c21930d0450a5eda663eb79
Commit Graph

2759 Commits

Author SHA1 Message Date
Robert Winch 0c394696ce Fix servlet/architecture.adoc disable Sample 
- Switch `include-java` (does not exist) to `include-code`
- Update kotlin to have the `disable` tag
- Update to suppress deprecation use for User builder (allowed for samples)

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 17:03:17 -06:00
Joe Kuhel 62d1bc86e3 Update servlet architecture docs to use include-code 
Also update antora.xml to include-xml in docs/src/test/resources

Signed-off-by: Joe Kuhel <4983938+jkuhel@users.noreply.github.com>
 2026-02-23 16:37:16 -06:00
Rob Winch 3106f2be7b Merge pull request #18757 from wonderfulrosemari/gh-4265-csrf-multipart-header 
Document multipart CSRF header option
 2026-02-23 11:51:54 -06:00
Robert Winch e1436c39f0 Merge Document Keberose Dependency Coordinates 2026-02-23 11:33:25 -06:00
Robert Winch fec988c82d Add Kerberos Migration Section 
This links to the updated dependency coordinates

Issue gh-18773

Signed-off-by: Robert Winch <362503+rwinch@users.noreply.github.com>
 2026-02-23 11:29:50 -06:00
busoco-sjb 17b434c1c1 Document the change in dependency coordinates with Spring Security 7 
Signed-off-by: busoco-sjb <169069865+busoco-sjb@users.noreply.github.com>
 2026-02-23 11:21:59 -06:00
Chen He d65625e399 Update BCryptPasswordEncoder example in password-storage.adoc 
Replaces the usage of BCryptPasswordEncoder with
BcryptPassword4jPasswordEncoder in documentation samples.

Signed-off-by: Chen He <nidhogg55555@gmail.com>
 2026-02-19 14:29:53 -06:00
Tran Ngoc Nhan a539f056f7 Add javadoc-warnings-error 
Closes gh-18452

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-19 13:48:28 -06:00
Robert Winch cc6a005aa5 Add InetAddressMatcher 
Co-authored-by: Gábor Vaspöri <gabor.vaspori@gmail.com>
Co-authored-by: Kian Jamali <kianjamali123@gmail.com>
Co-authored-by: Rossen Stoyanchev <rstoyanchev@users.noreply.github.com>
 2026-02-19 11:44:19 -06:00
wonderfulrosemari 8d76ae0844 Document multipart CSRF header option 
Closes gh-4265

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
 2026-02-19 02:07:25 +09:00
Josh Cummings 705fa60a01 Document Method Security hasScope Support 
Issue gh-18013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
 2026-02-10 15:23:32 -07:00
Josh Cummings 688b6ca733 Add Documentation for ExpressionJwtGrantedAuthoritiesConverter 
Closes gh-18300
 2026-02-10 09:11:26 -07:00
arianna 3386e077e6 Fix typos in SAML 2.0 Documentation 
- Fix wrong docs link in Servlet - SAML2 Log In Overview
- Fix examples in Servlet - SAML2 Authentication Responses
- Fix examples in Servlet - SAML2 Logout

Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna 10490a7b92 Fix typos in OAuth 2.0 Resource Server 
Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna f1e742dfc5 Fix typos in Authorization Documentation 
Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
arianna 8e9480545e Fix issue reports 
Closes gh-18376

Signed-off-by: arianna <arianna.comi03@gmail.com>
 2026-02-05 17:35:25 -07:00
Josh Cummings fc2fd63793 Merge branch '7.0.x' 2026-02-05 17:23:08 -07:00
Vincent Stradiot 075c48c0d8 Fix typo in documentation 
Signed-off-by: Vincent Stradiot <vincentstradiot@hotmail.com>
 2026-02-05 17:22:43 -07:00
Joe Grandja 517bc7cb65 Polish gh-18614 2026-02-05 15:32:47 -05:00
Elayne Bloom a2d407518c Document ClientSettings 
Added documentation to describe the possible client configuration options when setting up an Oauth2 Authorization Server.

Closes gh-18614

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-05 15:32:46 -05:00
Joe Grandja 8f22fd4407 Merge branch '7.0.x' 2026-02-02 16:38:29 -05:00
Elayne Bloom 2c97b3376b Document Client PKCE settings 
Updated the documentation to reflect recent changes to enable PKCE by default for `authorization_code` flows in the documentation for the client.

Closes gh-18304

Signed-off-by: Elayne Bloom <5840349+bloomsei@users.noreply.github.com>
 2026-02-02 16:30:27 -05:00
Vyacheslav e029b3ac6f Update authorize-http-requests.adoc 
Comma added for java configuration 

Signed-off-by: Vyacheslav <43342280+cmmttd@users.noreply.github.com>
 2026-02-02 11:48:07 -06:00
Tran Ngoc Nhan 8bafd94b1f Add compile-warnings-error 
Closes gh-18424

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-02-02 11:37:39 -06:00
Robert Winch 74b93a19f6 Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-26 22:06:36 -06:00
Robert Winch 35d103843b Externalize java-toolchain configuration 
We should not use subprojects to perform configuration becaause it
does not allow for lazy loading and it can cause ordering problems.
In this case, the toolchain was not being used but instead it was
using the JAVA_HOME.

By splitting the configuration into a plugin and applying it to each
project it fixes the toolchain configuration
 2026-01-16 16:54:00 -06:00
Josh Cummings 30d6b3a02b Merge branch '7.0.x' 2026-01-15 12:41:29 -07:00
Josh Cummings 1f39a3dd3e Merge branch '6.5.x' into 7.0.x 2026-01-15 12:41:22 -07:00
Josh Cummings 84b124d29d Merge branch '6.4.x' into 6.5.x 2026-01-15 12:41:16 -07:00
songhee fee6a9bb0e docs: add CurrentSecurityContext section and link references 
Signed-off-by: songhee <songhee9327@gmail.com>
 2026-01-15 12:31:58 -07:00
Tran Ngoc Nhan cfe13c7c76 Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-15 10:52:01 -07:00
Guillaume Husta 508b3f26e3 docs: Typo in page Preparing for 7.0 / Web (version 6.5) 
In section 'Include the Servlet Path Prefix in Authorization Rules', `PathPatternRequestParser` should be replaced by `PathPatternRequestMatcher`.

Signed-off-by: Guillaume Husta <guillaume.husta@gmail.com>
 2026-01-14 14:35:26 -07:00
박기현\qkrrl 91d8a04ec2 Fix duplicated use-authorization-manager in docs 
Signed-off-by: 박기현\qkrrl <qkrrlgus114@naver.com>
 2026-01-14 14:21:38 -07:00
Robert Winch 63c99b9438 Revert "Update to 7.1.0-SNAPSHOT" 
This reverts commit b77ea8d3a3.
 2026-01-12 14:31:57 -06:00
Robert Winch b77ea8d3a3 Update to 7.1.0-SNAPSHOT 2026-01-12 13:37:32 -06:00
Robert Winch 5a7d93ee3b Merge branch '7.0.x' 
Closes gh-18471
 2026-01-09 16:55:02 -06:00
Fr05ty-hub e9a92a8e9a Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but is referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
Fr05ty-hub ed774d3595 Replacing use of deprecated 'check' in authorization documentation 
check() was deprecated in Spring Security 7, but was referenced in documentation

Signed-off-by: Fr05ty-hub <frostylucas@gmail.com>
 2026-01-09 15:27:00 -06:00
github-actions[bot] e588a3528f Update Antora Spring UI to v0.4.25 2026-01-09 15:22:22 -06:00
github-actions[bot] 7ea5be4b98 Update Antora Spring UI to v0.4.25 2026-01-09 15:21:48 -06:00
Robert Winch 3833650d33 Update to 7.1.0-SNAPSHOT 2026-01-09 10:32:03 -06:00
Robert Winch 2344fe5ebb Use proper xref syntax 
Incldue the required resource id and required # of the fragment.

See

- https://docs.antora.org/antora/latest/page/xref/#xref-macro
- https://docs.antora.org/antora/latest/page/resource-id-coordinates/#id-resource
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan ba18f681e5 Use xref anchor id 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Tran Ngoc Nhan 3d9bc6a5cf Update mfa.adoc 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-09 09:21:02 -06:00
Martin Boulais 1d8ea63a9e Fix typo in HTTP Basic Auth Provider documentation 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
 2026-01-08 13:59:34 -06:00
Tran Ngoc Nhan 79815e044e Fix typos 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
 2026-01-08 13:35:43 -06:00
github-actions[bot] ac9c0a4313 Update Antora Spring UI to v0.4.25 2025-12-19 16:57:20 -06:00
Josh Cummings 765abe534e Add Missing Migration Pages to Side Navigation 
Closes gh-18313
 2025-12-15 09:05:06 -07:00
Josh Cummings afb0c59875 Add request-matcher XML Migration Steps 
Closes gh-18211
 2025-12-15 09:05:06 -07:00
kucoll 10edc14d7e Fix typo in AnnotationTemplateExpressionDefaults 
The AnnotationTemplateExpressionDeafults was wrong,and right is  AnnotationTemplateExpressionDefaults

Signed-off-by: kucoll <kucoll@163.com>
 2025-12-02 17:26:34 -06:00