Spring Authorization Server is released under the Apache 2.0 license. If you would like to contribute something, or simply want to hack on the code this document should help you get started.
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to [email protected].
We use GitHub issues to track bugs and enhancements.
If you have a general usage question please ask on Stack Overflow.
The Spring Security team and the broader community monitor the spring-security
tag.
If you are reporting a bug, please help to speed up problem diagnosis by providing as much information as possible. Ideally, that would include a complete & minimal sample project that reproduces the problem.
This project uses pull requests for the community to suggest changes to the project. There are a few imporant things to keep in mind when submitting a pull request:
-
Expect feedback and to make changes to your contributions.
-
Unless it is a minor change:
-
It is best to discuss pull requests on an issue before doing work
-
We expect the pull request to start with a draft pull request.
-
The pull request should be as small as possible and focus on a single unit of change. This ensures that we are collaborating together as soon as possible.
-
Generally, this means do not introduce any new interfaces and as few classes as possible. That may mean using an external library directly in a
Filter
. -
We will discuss with you how to iterate once you have submitted the initial draft pull request.
-
-
If you think you have found a security vulnerability please DO NOT disclose it publicly until we’ve had a chance to fix it. Please don’t report security vulnerabilities using GitHub issues, instead head over to https://spring.io/security-policy and learn how to disclose them responsibly.
Before we accept a non-trivial patch or pull request we will need you to sign the Contributor License Agreement. Signing the contributor’s agreement does not grant anyone commit rights to the main repository, but it does mean that we can accept your contributions, and you will get an author credit if we do. Active contributors might be asked to join the core team, and given the ability to merge pull requests.
Please add the Apache License header to all new classes, for example:
/*
* Copyright 2020-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Use git rebase –interactive, git add –patch and other tools to "squash" multiple commits into atomic changes.
-
Keep the subject line to 50 characters or less if possible.
-
Do not end the subject line with a period.
-
In the body of the commit message, explain how things worked before this commit, what has changed, and how things work now.
-
Include Fixes gh-<issue-number> at the end if this fixes a GitHub issue.
-
Avoid markdown, including back-ticks identifying code.