Spring Security provides security services for the Spring IO Platform. Spring Security 6.0 requires Spring 6.0 as a minimum and also requires Java 17.
For a detailed list of features and access to the latest release, please visit Spring projects.
Please see our code of conduct
See Getting Spring Security for how to obtain Spring Security.
Be sure to read the Spring Security Reference. Extensive JavaDoc for the Spring Security code is also available in the Spring Security API Documentation.
You may also want to check out what’s new in the latest release.
See Hello Spring Security to get started with a "Hello, World" application.
Spring Security uses a Gradle-based build system.
In the instructions below, ./gradlew is invoked from the root of the source tree and serves as
a cross-platform, self-contained bootstrap mechanism for the build.
Git and the JDK17 build.
Be sure that your JAVA_HOME environment variable points to the jdk-17 folder extracted from the JDK download.
git clone [email protected]:spring-projects/spring-security.git
./gradlew build
The reference docs are not currently included in the distribution zip. You can build the reference docs for this branch by running the following command:
./gradlew :spring-security-docs:antora
That command publishes the docs site to the docs/build/site directory.
The playbook branch describes how to build the reference docs in detail.
Discover more commands with ./gradlew tasks.
To work in Eclipse or VS Code, first generate Eclipse metadata so you can import the project into Eclipse or VS Code:
./gradlew cleanEclipse eclipse
If you have not built the project yet, run ./gradlew publishToMavenLocal first so dependencies are resolved.
VS Code: Open the repository root as a folder. The repository includes .vscode/settings.json which disables automatic Gradle import so that the generated Eclipse metadata (.classpath, .project) is used. Do not use the Gradle for Java extension to import the project.
Eclipse: File → Import → General → Existing Projects into Workspace, then select the repository root.
The build uses a custom Eclipse plugin to work around Gradle dependency cycles that confuse IDE metadata generation. You may see Eclipse warnings about xml-apis from some test dependencies; those are excluded in the build and can be ignored.
Check out the Spring Security tags on Stack Overflow. Commercial support is available too.
Pull requests are welcome; see the contributor guidelines for details.
Spring Security is Open Source software released under the Apache 2.0 license.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
