I have an application where the SP metadata is generated as XML and put in the database. We pull the XML and generate th...

Expected BehaviorI want to track the execution of Spring Security filters and send the trace data to Jaeger using OpenTe...

In the AP initiated LogoutRequest LogoutResponse is not reaching the IDP. Currently I have this configuration @Beanpubli...

Expected BehaviorCurrent availabled version of this library is runtimeOnly("com.nimbusds:oauth2-oidc-sdk:11.20.1")Curren...

When my interface accesses WebFilterChainProxy , my request cannot be modified. This error is reported to me.Comment Fro...

error mssage : The bean 'conversionServicePostProcessor', defined in class path resource [org/springframework/security/c...

Describe the bugIn the 6.4-RC1 release RestClient support is being upgraded to provide more or less the same functionali...

Please see https://github.com/spring-projects/spring-security/issues/15319#issuecomment-2198695646 for details on what t...

If an authorized object is sent to Spring Data, for example using CrudRepository#save, the call fails since it tries to ...

Describe the bugOverriding WebClient in ReactiveOidcIdTokenDecoderFactory was implemented in one part of https://github....

Hi,there seems to be a strange behavior, when there is a Security Configuration which exposes AuthenticationProviders as...

All OpenSamlXXX components should attempt to initialize OpenSAML.For example, when OpenSaml5AssertingPartyMetadataReposi...

Describe the bugUsing Authorizing Arbitrary Objects of Spring Security in combination with a Pageable Spring Data result...

Spring Security does not use the ServerExchangeRejectedHandler Bean when exposed.We should fix this, but in the meantime...

Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.We should fix this, but in the meantime use...

Describe the bugWe upgraded to Spring Boot 3.3.5, which brought in Spring Security 6.3.4. This is the latest. We are now...

Superseded by https://github.com/spring-projects/spring-framework/issues/33789Related https://github.com/spring-cloud/s...

Expected BehaviorA switch to trun on logging to show the requests and responses in the Authorization Code Flow for the c...

Expected BehaviorI expected the builder method of AnonymousConfigurer.authorities(authorities) to take a List<? exten...

When using @AuthorizeReturnObject on a controller method like so:@AuthorizeReturnObject@GetMapping(...)public MyObject g...