玖涯软件开发|java/go/python

Spring Security Document what is the difference between new requestMatchers and securityMatchers

Expected BehaviorIs it possible to have a more detailled documentation about the difference betwenn new requestMatchers ...

Spring Security Why is UsernamePasswordAuthenticationFilter a GenericFilterBean and not OncePerRequestFilter?

Why is UsernamePasswordAuthenticationFilter a GenericFilterBean and not a OncePerRequestFilter?Comment From: jzheauxUsua...

Spring Security Cache miss for REQUEST dispatch to 'url' (previous null). Performing MatchableHandlerMapping lookup. This is logged once only at WARN level, and every time at TRACE.

I recently upgraded our Spring Boot application from version 2.4.3 to 3.3.3. Although I saw some tickets related to this...

Spring Security Can some addresses printed on the Default Security Filter Chain be hidden

2024-11-05 17:41:22.348 INFO 22832 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any req...

Spring Security Make it easier to determine where a filter chain has been defined

Expected BehaviorWhen there a multiple filter chains configured for any request, Spring Security should make it as easy ...

Spring Security AbstractAuthenticationFilterConfigurer: add defaultSuccessUrl() function which doesn't override the successHandler field, or the variant with successHandler parameter

Expected BehaviorFor FormLoginConfigurer, builder chain defaultSuccessUrl().<...>.successHandler() applies results...

Spring Security A way to re-enable CSRF for OAuth2 bearer token requests

We have user-facing services which are accessed via OAuth2 proxy, so they are configured as resource server and bearer t...

Spring Security Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x

Hello,would it be possible please to upgrade Nimbus dependency in Spring Security 5.8.x?The library is vulnerable to htt...

Spring Security Make name resolution configurable in OpenSamlLogoutRequestValidator

Describe the bugSpring SAML considers NameID to hold username, populates Saml2AuthenticatedPrincipal#name with NameID va...

Spring Security ServerBearerTokenAuthenticationConverter validates parameters when not enabled

ServerBearerTokenAuthenticationConverter validates the query parameter access_token when allowUriQueryParameter is false...

Spring Security An empty-string bearer token should result in an appropriate HTTP status code

Describe the bugIf allowFormEncodedBodyParameter or allowUriQueryParameter of DefaultBearerTokenResolver is set to true,...

Spring Security Updating to spring-security-web-6.3.4 breaks http request header mutation feature

We use org.springframework.http.server.reactive.ServerHttpRequest#mutate to add a header into a HTTP request in a class ...

Spring Security HttpHeaders cannot be mutated with firewalled requests from StrictServerWebExchangeFirewall

Describe the bugSince spring-security 6.3.4 headers from firewalled requests from the new StrictServerWebExchangeFirewal...

Spring Security StrictServerWebExchangeFirewall behavior in Spring-Security-Web 6.3.4

Expected BehaviorStrictServerWebExchangeFirewall should be overridable so that allowEncodedSlashes can be set.Current Be...

Spring Security No permission to download dependencies from repo.spring.io when building documentation

I tried to build the documentation via ./gradlew :spring-security-docs:antora, but the following exception occurred.FAIL...

Spring Security Allow Saml2MetadataFilter to work without AssertingPartyDetails in RelyingPartyRegistration

Expected BehaviorSaml2MetadataFilter should not require information about an identity provider / asserting party in orde...

Spring Security (Spring Boot 2.7->3.2) Duplicate @PreAuthorize annotation error across class hierarchy

Describe the bugI have an abstract class that has the @PreAuthorize annotation. Its subclass also has an identical @PreA...

Spring Security Add deprecation notice for missing leading slashes

Some MVC frameworks allow for leaving out the leading slash from request mappings:@ApplicationPath("app")Which...

Spring Security Release 5.8.15

Comment From: drdpovHey @rwinch could you please clarify regarding this version, I saw that 5.8.x is out of support (acc...

Spring Security The SCrypt class does not exist, but it is used in the internal implementation of SCryptPasswordEncoder

The problemThe SCrypt class does not exist, but it is used in the internal implementation of SCryptPasswordEncoder. SCry...

上一页下一页

1
…
520
521
522
523
524
…
2246

.