Skip to content

xdev-software/spring-security-extras

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

819 Commits
.config
.config
 
 
.github
.github
 
 
.idea
.idea
 
 
.mvn/wrapper
.mvn/wrapper
 
 
.run
.run
 
 
bom
bom
 
 
client-storage
client-storage
 
 
codec-sha256
codec-sha256
 
 
crypto-symmetric-managed
crypto-symmetric-managed
 
 
crypto-symmetric
crypto-symmetric
 
 
csp
csp
 
 
demo
demo
 
 
metrics
metrics
 
 
oauth2-oidc-remember-me
oauth2-oidc-remember-me
 
 
oauth2-oidc
oauth2-oidc
 
 
vaadin
vaadin
 
 
web-sidecar-actuator
web-sidecar-actuator
 
 
web-sidecar-common
web-sidecar-common
 
 
web
web
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 
renovate.json5
renovate.json5
 
 

Repository files navigation

Latest version Build Quality Gate Status

Extras for Spring Security / XDEV SSE

This framework provides various modules which make it easier and safer to create or manage various security solution in Spring apps, especially in distributed systems.
It adds features like remembering the user’s last identity provider, automatic logout checks, improved OAuth2/OIDC management, smoother frontend integration and remembering the login after a server restart.
It also secures system endpoints, avoids unnecessary sessions and comes with built-in metrics.

Nearly everything can be overridden with a custom implementation or disabled if required.

Modules

Please note that more detailed descriptions are available in the individual modules.

  • bom
    • Bill of Materials for easier version management
  • oauth2-oidc
    • Revalidates the login periodically
    • Communicates logouts to the frontend
    • Makes it possible to automatically reselect the last login provider
  • oauth2-oidc-remember-me
    • Stores, manages and encrypts OIDC login information safely in a distributed system
  • vaadin
    • Full Spring Security control before Vaadin handles requests
    • Creates Vaadin sessions only when needed
    • CSRF request whitelisting
    • Built-in Content Security Policy
  • web
    • Stores the used login url
    • Determines if Cookies should be secured
  • web-sidecar-actuator
    • Secures Spring Boot's Actuator
    • Multi-User support
    • Allows securing different endpoint per user
    • Only password hashes are stored on the server side
  • web-sidecar-common
    • Host static resources without creating sessions
    • Prevent unwanted requests from reaching the underlying app/servlet
    • Ensures that error pages are accessible

Usage

Some example use-cases (with integration tests) are available in the demo.

Otherwise please have a look at the corresponding modules and their (Java) docs.

Installation

Installation guide for the latest release

Support

If you need support as soon as possible and you can't wait for any pull request, feel free to use our support.

Contributing

See the contributing guide for detailed instructions on how to get started with our project.

Dependencies and Licenses

View the license of the current project or the summary including all dependencies

About

Extras for Spring Security

Topics

security spring spring-boot sse spring-security extras xdev-sse

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 15

v1.2.0 Latest
May 23, 2025
+ 14 releases

Packages

 
 
 

Contributors 7

Languages