玖涯软件开发|java/go/python

Spring Security Disabling credentials erasure on custom AuthenticationManager is not working

Describe the bugIn the documentation there is an example on how to customize the AuthenticationManager:https://docs.spri...

Spring Security Spring Security 6.3.0 SecurityContextHolder thread error

like https://github.com/spring-projects/spring-security/issues/13866, But there seems to be a difference.WebSecurityConf...

Spring Security Method Security Enhancements

I'm creating this as a parent issue to some method security enhancements that I think would be nice.[x] #14480[x] #14596...

Spring Security Provide Native Hints for Beans used in Method Security Annotations

We should look into how to provide native hints for bean methods used inside Method Security annotations.Currently, in o...

Spring Security Support for JWT Header TYP as "at+jwt"

Expected BehaviorCurrently, if the JWT is having typ as "at+jwt", the token is rejected with message "Failed to authenti...

Spring Security InitializeUserDetailsBeanManagerConfigurer does configure a DaoAuthenticationProvider without Encoder although there are encoders found

Hi,using spring-security 6.3.3 the InitializeUserDetailsBeanManagerConfigurer does have this code:PasswordEncoder passwo...

Spring Security CSRF disable not working - getting error "Could not verify the provided CSRF token because no token was found to compare"

Despite disabling csrf, spring is throwing error "Could not verify the provided CSRF token because no token was found to...

Spring Security Allow the customization of the Reactive Method Security MethodSecurityExpressionHandler

SummaryI need to customize the behavior of the reactive method security expression handler. In the non reactive version ...

Spring Security Provide Runtime Hints for objects authorized by @AuthorizeReturnObject

Related to #14652 Native applications currently need to manually register their authorization proxy classes using a Bean...

Spring Security Add API for Registering Security Hints

Some Security AOT hints depend on infrastructural beans like AuthorizationProxyFactory to function. As such, it would be...

Spring Security Throw AuthorizationDeniedException when AuthorizationResult is available

Expected BehaviorIt would be very useful if the AccessDeniedException contained the AuthorizationDecision which led to t...

Spring Security how about adding query string back to form login url in LoginUrlAuthenticationEntryPoint.java

https://github.com/spring-projects/spring-security/blob/33495441b56ec6ce9e85b5e824460b2b4984f7e6/web/src/main/java/org/s...

Spring Security CasAuthenticationEntryPoint does not support multiple service addresses

protected String createServiceUrl(HttpServletRequest request, HttpServletResponse response) {return WebUtils.constructSe...

Spring Security Support Retrieving Authorized Proxy Target Object

Related to https://github.com/spring-projects/spring-security/issues/15746Given that authorized objects use setOpaque, t...

Spring Security OpenSaml4AuthenticationProvider.class at spring-security-saml2-service-provider v5.8.14 compiled for jdk11

Describe the bugHi,We're trying to use spring-security-saml2-service-provider in our JDK8 based platform, so we are acce...

Spring Security SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module

Describe the bugCAS support was removed in Sping Security 6: https://github.com/spring-projects/spring-security/issues/1...

Spring Security 5.8.12: @Secured annotation on subclasses is not read by SecuredAuthorizationManager when method in superclass was called

If I have 2 classes,public abstract class AbstractService { public void doSmth() {...}}@Secured("SECURE")@S...