Commit Graph

2558 Commits

Author SHA1 Message Date
Josh Cummings
6d3b54df21 Change Type Validation Default
NimbusJwtDecoder and NimbusReactiveJwtDecoder now use
Spring Security's JwtTypeValidator by default instead
of Nimbus's type validator.

Closes gh-17181
2025-05-28 16:11:13 -06:00
Josh Cummings
37a814bc29 Add 7.0 -> 8.0 Migration Guide
Closes gh-17182
2025-05-28 16:11:12 -06:00
Felix Hagemans
1a4de49977 Create CsrfCustomizer for SPA configuration
Closes gh-14149

Signed-off-by: Felix Hagemans <felixhagemans@gmail.com>
2025-05-27 11:44:33 -06:00
Rob Winch
cd27290260 Merge branch '6.5.x'
Closes gh-17163
2025-05-22 15:01:27 -05:00
Rob Winch
e686621e92 Merge branch '6.5.x'
Closes gh-17162
2025-05-22 15:01:13 -05:00
Rob Winch
6eee256e12 Demonstrate include-code usage
Closes gh-17161
2025-05-22 14:59:35 -05:00
Rob Winch
0fecaf4924 Add include-code extension setup for docs
Closes gh-17160
2025-05-22 14:59:35 -05:00
Josh Cummings
45e81c2d0a Merge branch '6.5.x' 2025-05-21 14:44:23 -06:00
Josh Cummings
7d49c41e03 Merge branch '6.4.x' into 6.5.x 2025-05-21 14:44:03 -06:00
Josh Cummings
fbfb28456a Merge branch '6.3.x' into 6.4.x 2025-05-21 14:43:44 -06:00
Gurunathan
a4cd6f4278 Advise Overriding equals() and hashCode() in UserDetails Implementations
This commit adds a documentation note explaining the importance of
overriding equals() and hashCode() in custom UserDetails implementations.

The default SessionRegistryImpl in Spring Security uses an in-memory
ConcurrentMap<Object, Set<String>>, Map<String,SessionInformation> to
associate principals with sessions. If a custom UserDetails class does
not properly override equals() and hashCode(), user sessions may not
be tracked or matched correctly.

I believe this helps developers avoid subtle session management issues
when implementing custom authentication logic.

Signed-off-by: Gurunathan <129361658+Gurunathan16@users.noreply.github.com>
2025-05-21 12:41:44 -06:00
Josh Cummings
07a50b460a Merge branch '6.5.x' 2025-05-15 18:17:05 -06:00
Josh Cummings
02a516d7f2 Merge branch '6.4.x' into 6.5.x 2025-05-15 18:16:53 -06:00
Josh Cummings
70c940fd4f Merge branch '6.3.x' into 6.4.x 2025-05-15 18:16:44 -06:00
Josh Cummings
eb30fd7f59 Add Missing Header
Issue gh-11161
2025-05-15 18:16:36 -06:00
Josh Cummings
b5db32994f Merge branch '6.5.x' 2025-05-15 17:20:23 -06:00
Josh Cummings
8548d8e18a Merge branch '6.4.x' into 6.5.x 2025-05-15 17:20:08 -06:00
Josh Cummings
fbdf4a88a0 Merge branch '6.3.x' into 6.4.x 2025-05-15 17:19:55 -06:00
snowykte0426
260d298cc5 Add Migration Guide from Spring Security SAML Extension
This adds a dedicated migration guide for users moving from the Spring Security SAML Extension to the built-in SAML 2.0 support.

Includes:
- Content migrated from the project wiki
- xref links for `saml2Login`, `saml2Logout`, and `saml2Metadata`
- Metadata example moved to Examples Matrix
- Cleanup and naming per review feedback

Closes gh-11161

Signed-off-by: snowykte0426 <snowykte0426@naver.com>
2025-05-15 17:17:43 -06:00
Josh Cummings
0698d3527d Merge branch '6.5.x' 2025-05-13 11:18:43 -06:00
Josh Cummings
26f359a4db Merge branch '6.4.x' into 6.5.x 2025-05-13 11:18:31 -06:00
Josh Cummings
5ba4ab5e11 Merge branch '6.3.x' into 6.4.x 2025-05-13 11:18:02 -06:00
Danilo Piazzalunga
27319e3f9b Add missing registration property in YAML listing
Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
Danilo Piazzalunga
ec462e8bc5 Update assertingparty property usage in YAML snippets
Spring Boot 2.7 renamed spring.security.saml2.relyingparty.registration.*.identityprovider.*
to spring.security.saml2.relyingparty.registration.*.assertingparty.*.

Closes gh-12810.

Signed-off-by: Danilo Piazzalunga <danilopiazza@gmail.com>
2025-05-13 11:17:35 -06:00
Joe Grandja
ba7be9c8b9 Merge branch '6.5.x' 2025-05-09 16:14:34 -04:00
Joe Grandja
e3c39f02bc Add documentation for DPoP support
Closes gh-17072
2025-05-09 16:02:14 -04:00
Rob Winch
f13836c9c8 Add X to CommonOAuth2Provider Reference
Issue gh-16510

Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2025-05-07 11:31:28 -05:00
Josh Cummings
211b1b7285 Update Method Security Migration Steps 2025-05-06 16:44:20 -06:00
Josh Cummings
84db5bb312 Add Cookie Customizer Migration Steps 2025-05-06 16:43:04 -06:00
Josh Cummings
74a25c3fc1 Add shouldFilterAllDispatcherTypes Migration Steps 2025-05-06 16:40:10 -06:00
Josh Cummings
084990736e Move Opaque Token Migration Steps 2025-05-06 16:39:16 -06:00
Josh Cummings
c6bba38458 Update SAML 2.0 Migration Steps 2025-05-06 16:38:32 -06:00
Josh Cummings
45b453f59b Add ACL Migration Steps 2025-05-06 16:38:19 -06:00
Rob Winch
5abbcecccc Update to 7.0.0-SNAPSHOT
Signed-off-by: Rob Winch <362503+rwinch@users.noreply.github.com>
2025-05-06 13:26:14 -05:00
Rob Winch
9b79b99150 Merge branch '6.4.x'
- Correct method name in logout.adoc

Closes gh-17049
2025-05-06 10:24:14 -05:00
Rob Winch
63d79a97db Merge branch '6.3.x' into 6.4.x
- Correct method name in logout.adoc

Closes gh-17048
2025-05-06 10:23:58 -05:00
Tran Ngoc Nhan
505fe3abed Correct method name
Closes gh-17031

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
2025-05-06 10:17:29 -05:00
Josh Cummings
df640f22dc Merge branch '6.4.x' 2025-05-02 15:59:13 -06:00
Josh Cummings
92160fa26f Merge branch '6.3.x' into 6.4.x
Closes gh-17034
2025-05-02 15:58:58 -06:00
Josh Cummings
51239359ed Fix ClearSiteData Code Snippet
Closes gh-16948
2025-05-02 15:57:31 -06:00
Josh Cummings
28091c8563 Merge branch '6.4.x' 2025-05-01 12:03:19 -06:00
Josh Cummings
c4a0dfe838 Merge remote-tracking branch 'origin/6.3.x' into 6.4.x 2025-05-01 12:03:05 -06:00
Soumik Sarker
bcef6ed74f Reformatted lines in x509 overview documentation
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
2025-05-01 12:02:45 -06:00
Josh Cummings
d0a97917ad Merge branch '6.4.x' 2025-04-29 13:39:00 -06:00
Josh Cummings
d76ccc6856 Merge branch '6.3.x' into 6.4.x 2025-04-29 13:38:41 -06:00
Yanming Zhou
9c76ab69f0 Use proper configuration key
the getter method is `getOpaquetoken()` not `getOpaqueToken()`

See c6045c3111/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerProperties.java (L51)

Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-29 13:37:51 -06:00
Yanming Zhou
ce5a12b2f7 Revise document to replace outdated NimbusOpaqueTokenIntrospector with SpringOpaqueTokenIntrospector
Signed-off-by: Yanming Zhou <zhouyanming@gmail.com>
2025-04-23 14:10:02 -06:00
Josh Cummings
61d6fbc2a9 Update Documentation for PathPatternRequestMatcher
Issue gh-16765
2025-04-23 12:11:09 -06:00
Steve Riesenberg
15c2b156f1 Update Client Authentication examples
Closes gh-16925

987d9c9788ba0343f543083c87613fb5
2025-04-11 15:10:05 -05:00
Josh Cummings
6438603cb6 Pick Up TargetVisitor Beans
Closes gh-16923
2025-04-10 15:48:09 -06:00