Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Add Security Vulnerabilities Mar 21, 2018
acl Made AclClassIdUtils genuinely package level by injecting the convers… Oct 31, 2018
aspects Use diamond type Dec 21, 2017
bom Use spring-build-conventions Bom plugin Jan 9, 2018
buildSrc Make MIN_SPRING_VERSION Dynamic Mar 16, 2018
cas Replace isEqualTo(null) with isNull() Aug 10, 2018
config Register NullRequestCache When Disabled Nov 20, 2018
core InMemoryUserDetailsManager.updatePassword case-insenstive Nov 9, 2018
crypto AesBytesEncryptorTests Check Key Strength Nov 20, 2018
data Remove Deprecated EvaluationContextExtensionSupport Usage Sep 19, 2018
docs Fix Typo in Reference Docs Nov 14, 2018
etc Upgrade spring-build-conventions to 0.0.18.RELEASE Aug 27, 2018
gradle Update to oauth2-oidc-sdk:6.2 Nov 20, 2018
itest Fix WhitespaceAfterCheck Checkstyle check Aug 27, 2018
ldap Password Modify Extended Operation Support Oct 15, 2018
messaging Use diamond type Dec 21, 2017
oauth2 Remove PowerMock from oauth2-core and oauth2-jose Nov 20, 2018
openid Replace isEqualTo(null) with isNull() Aug 10, 2018
remoting Use diamond type Dec 21, 2017
samples Update webflux-form sample to use Built in CSRF Support Nov 14, 2018
scripts Add scripts/ Jul 15, 2018
taglibs Migrated unit test TldTests.groovy to Oct 22, 2018
test Populate test security context with authentication Oct 3, 2018
web Write Security Headers Before Servlet Include Oct 31, 2018
.editorconfig Improve EditorConfig file Mar 16, 2018
.gitignore ignore s101 metadata Oct 27, 2017
.travis.yml .travis continue on failure Dec 20, 2017
CODE_OF_CONDUCT.adoc SEC-3209: Add Code of Conduct Feb 1, 2016 Add missing space to heading for it to render properly Oct 19, 2018
Jenkinsfile Add JDK 11 to Jenkins Oct 25, 2018
README.adoc Fix Travis build URL in README Dec 20, 2017
build.gradle Update to spring-build-conventions:0.0.22.RELEASE Nov 9, 2018
class_mapping_from_2.0.x.txt SEC-1148: Simple classname mapping from 2.0 to 3.0 Dec 2, 2009 Updated Spring Boot version from 2.1.0.M4 to 2.1.0.RELEASE Nov 14, 2018
gradlew Update to Gradle 4.2 Sep 22, 2017
gradlew.bat Update to Gradle 3.5 Apr 21, 2017
license.txt Change to Apache License version 2.0. Mar 23, 2004
notice.txt Broaden list of names used and correct URL. Dec 3, 2007
settings.gradle Fix settings.gradle on Windows Aug 22, 2018



Build Status

Spring Security

Spring Security provides security services for the Spring IO Platform. Spring Security 5.0 requires Spring 5.0 as a minimum and also requires Java 8.

For a detailed list of features and access to the latest release, please visit Spring projects.

Code of Conduct

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to

Downloading Artifacts

See downloading Spring artifacts for Maven repository information.


Be sure to read the Spring Security Reference. Extensive JavaDoc for the Spring Security code is also available in the Spring Security API Documentation.

Quick Start

We recommend you visit Spring Security Reference and read the "Getting Started" page.

Building from Source

Spring Security uses a Gradle-based build system. In the instructions below, ./gradlew is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build.


Git and the JDK8 build.

Be sure that your JAVA_HOME environment variable points to the jdk1.8.0 folder extracted from the JDK download.

Check out sources

git clone

Install all spring-\* jars into your local Maven cache

./gradlew install

Compile and test; build all jars, distribution zips, and docs

./gradlew build

Discover more commands with ./gradlew tasks. See also the Gradle build and release FAQ.

Getting Support


Pull requests are welcome; see the contributor guidelines for details.


Spring Security is Open Source software released under the Apache 2.0 license.