Spring Security Add Support for One-Time Token Login

  • 2025-01-18 09:37:02
  • 855
We should add support for one time token authentication, one common example is magic links sent in email or a text code ...

Spring Security StrictServerWebExchangeFirewall breaks spring-cloud-gateways RemoveRequestHeaderGatewayFilterFactory

  • 2025-01-18 09:37:00
  • 1438
Describe the bugWith the update to spring-boot-3.3.5, our spring-cloud-gateway application breaks within the built-in "R...

Spring Security ServerBearerTokenAuthenticationConverter does not support form encoded body parameter

  • 2025-01-18 09:36:57
  • 1547
Describe the bugWhen using opaque tokens with an OAuth 2 resource server, webflux's ServerBearerTokenAuthenticationConve...

Spring Security Further document adding types to the Jackson allowlist

  • 2025-01-18 09:36:54
  • 977
Given some of the responses in #4370, it would likely be helpful to add to the Jackson documentation, detailing the rati...

Spring Security Custom reactiveUserDetail or custom reactiveAuthenProvider , maximumSessions() not working

  • 2025-01-18 09:36:52
  • 1179
Describe the bugWhen i custom reactiveUserDetail or custom reactiveAuthenProvider , maximumSessions() not working **code...

Spring Security UnsupportedOperationException when an http header is being added to a mutated ServerWebExchange request due to the new StrictFirewallHttpHeaders class

  • 2025-01-18 09:36:49
  • 4369
Spring Boot 3.3.5 includes spring-security-web-6.3.4.jar. The newly introduced class org.springframework.security.web.se...

Spring Security OpenID Connect 1.0 UserService customization doesn't work

  • 2025-01-18 09:36:47
  • 2505
Describe the bugThe example here doesn't work.To ReproduceJust repeat the customization and see that the requests are no...

Spring Security Consider Supporting Externalized OpenSAML Initialization

  • 2025-01-18 09:36:44
  • 6947
Hello Team,I'm currently spring security 6.2 which internally uses OpenSAML 4.3 Java library to handle the SAML assertio...

Spring Security login url for Saml 2.0 is not working after migration to spring boot 3.3.4 from 2.7.18

  • 2025-01-18 09:36:41
  • 12456
Describe the bugI've migrated from spring boot 2.7.18 to spring boot 3.3.4, I've a SAML 2.0 with OpenSaml in my project,...

Spring Security Consider removing one level of the OIDC Backchannel Logout DSL

  • 2025-01-18 09:36:36
  • 767
To active OIDC Back-Channel Logout support in the DSL, an application does this:http .oidcLogout((oidc) -> oidc.ba...

Spring Security java.lang.StackOverflowError: null - Customize RestOperations / NimbusJwtDecoder

  • 2025-01-18 09:36:33
  • 6840
Describe the bugReferring to: #8882When defining a custom NimbusJwtDecoder i am receiving a java.lang.StackOverflowError...

Spring Security Unable to override saml2logout success url

  • 2025-01-18 09:36:30
  • 2990
Expected BehaviorOn successful saml2logout, there must be successUrl or handler that will redirect to page of our choice...

Spring Security Supporting logout+jwt for back-channel logout with spring-webflux

  • 2025-01-18 09:36:27
  • 3326
Expected BehaviorWe are using an IDP that sends back-channel logout request with a token type set as logout+jwt which sh...

Spring Security HttpHeaders#writableHttpHeaders not effective with read-only delegate

  • 2025-01-18 09:36:24
  • 1252
As described in https://github.com/spring-cloud/spring-cloud-gateway/issues/3570#issuecomment-2437407696 starting with S...

Spring Security Allow ClientRegistrations HTTP Client (RestTemplate) to be configurable

  • 2025-01-18 09:36:22
  • 2918
Expected BehaviorClientRegistrations RestTemplate is configurable.Current BehaviorClientRegistrations RestTemplate is no...

Spring Security SecurityContextHolder is not populated in @BeforeAll/PostConstruct within @WithUserDetails

  • 2025-01-18 09:36:18
  • 5615
Describe the bugI'm not sure if this is the intended behavior where SecurityContextHolder is not populated or accessible...

Spring Security Allow AbstractRestClientOAuth2AccessTokenResponseClient to be extended

  • 2025-01-18 09:36:15
  • 3776
I have a legacy OAuth2 API I need to use, and it requires the use of a password grant. Support for password grants was r...

Spring Security Possible bug in AbstractRequestMatcherRegistry#requireOnlyPathMappedDispatcherServlet? (DispatcherServlet not found when resolving request matcher)

  • 2025-01-18 09:36:13
  • 9532
Describe the bugOnce I added a DispatcherServlet to my EAR application deployed on JBoss 7.4, I started to get the follo...

Spring Security Provide AbstractOneTimeTokenService

  • 2025-01-18 09:36:10
  • 1810
To reduce code duplication between InMemoryOneTimeTokenService and JdbcOneTimeTokenService, need to separate out the sha...

Spring Security Support Reactive One-Time Tokens in a Clustered Environment

  • 2025-01-18 09:36:07
  • 1327
To support reactive one-time token login for a clustered environment, need to implement R2dbcReactiveOneTimeTokenService...
上一页 下一页
.