For reactive applications, the default implementation of BodyExtractor<Mono<OAuth2AccessTokenResponse>, Reactiv...

ContextUsing Spring Boot 3.3.0 with:spring-boot-starter-oauth2-authorization-serverspring-boot-starter-oauth2-clientspri...

When an application requests /login/saml2/sso/okta, the default entry point for IdPs to POST a SAMLResponse, the endpoin...

Reactive Spring Security is always creating the Session even when NoOpServerSecurityContextRepository specified for secu...

Describe the bugVersion: 6.2.7, Spring Boot 3.2.11Defining a WebFilter bean that mutates HttpHeaders results in HTTP Err...

Dear Spring Security Developers,I have been reviewing your test code and noticed an issue with repeated creation of mock...

Expected BehaviorThe documentation should clarify that when using HttpSecurity#addFilterBefore(), the specified filter w...

It would be nice to implement session based OneTimeTokenService. Now this is difficult to do, because OneTimeTokenServic...

Describe the bugOIDC Backchannel Logout does not allow logout tokens having typ header of logout+jwt. By default the log...

Getting following connection error with AWS Elasticache (production)2024-10-19T08:33:26.374Z INFO 1 --- [BFFApplication]...

Describe the bugA clear and concise description of what the bug is.First of all. i made the code about SSE Without Sprin...

Describe the bugURL deserialization from the REDIRECT_URI cookie in CookieRequestCache fails and results in a 500 Intern...

Expected BehaviorCan use YescriptPasswordEncoder.Current BehaviorThere's no YescriptPasswordEncoder in the selection.Con...

I integrated redis with spring session and spring security 5.5.4 and respected the An error has occurredCould not read ...

Currently there is not way enforce the Principle of least privilege with respect to Handler Mappings and method security...

Describe the bug- I'm using Spring Security 6.4.0-M4 (via Spring Boot 3.4.0-M3)- I have set @EnableMethodSecurity(jsr250...

hello , firstly sorry for my bad english.I have a food store application. Application has some .permitAll() endpoints an...

Due to https://github.com/spring-projects/spring-framework/issues/33699, the main build is failing. Because there is no ...

We should add the ability to specify the loginPage() for the oauth2Login() DSL in ServerHttpSecurity while preserving ot...

We should consider removing PortResolver as it leads to confusion is likely no longer necessary.See gh-8140 gh-12971