For Spring Boot 3.1.6 with Spring Security where the respective version used behind the scene is 6.1.5Consider the follo...

Describe the bugSpring Security, even if configured with SessionCreationPolicy.NEVER or SessionCreationPolicy.STATELESS ...

Describe the bugHttpSecurity configuration with securityMatcher and oauth2Login(withDefaults()) leads to 404 for some OA...

When upgrading to Spring Boot 2.7.11 and later we started having sessions even though we have explicitly configured the ...

Describe the bugEach RelyingParty can specify its own logout URL properties, but doing that results in having to change ...

This PR introduced the SecurityMockMvcResultHandlers with the exportTestSecurityContext method. It works well when using...

When I use the reactive WebFilter in a webflux application no AuthenticationEvents are publishedComment From: rwinchThan...

Looking at 6.2.0-RC2, we have this new method, which is good:https://github.com/spring-projects/spring-security/blob/449...

SummaryWhen Spring Async annotation is used, it is often instructed to set SecurityContextHolder.setStrategyName(Securit...

Expected BehaviorThe issue I am encountering relates to the fact that while Spring Session / Security is saving my sessi...

Hi, For my Spring Resource server, instead of hitting the Auth0 endpoint for a public key on EVERY token verify request,...

Spring security 6.1 is in Enterprise support but we do need to update the dependency of org.bouncycastle.bcpkix.jdk15on ...

This filter init and configure in OAuth2LoginConfigurer In both init and configure method, no set this propertyHow shoul...

Describe the bugI`m using Oauth2 WebClient to do some rest calls outside of ServerWebExchange scope. In my environment J...

This would simplify the resolution of an OneTimeToken. Currently, a OneTimeTokenService should be injected and a OneTime...

Describe the bugThe core HttpSecurity builder supports dispatcherTypeMatchers, but FilterInvocation throws UnsupportedOp...

So applications can do:@Bean OidcSessionRegistry sessionRegistry() { return new InMemoryOidcSessionRegistry();}This i...

Describe the bugWhen using Spring boot in version 3.2.1, together with Redis-base session store, session invalidation fa...

The current OIDC back-channel logout support saves the end-user's CSRF token to use in a self-logout call when the back-...

Several Security components use SecurityAnnotationScanners to look for annotations and apply Security's expression templ...