The documentation says spring security can be used without spring boot (https://docs.spring.io/spring-security/reference...

This looks like a bug:It's the only method not implemented? @Override public Mono<ReactiveSessionInformation&gt...

Expected Behaviorwhen this is used: @Bean SecurityFilterChain configure(HttpSecurity http, AuthorizationManager<R...

Bug descriptionFound in version: 5.8.13Fix required in: 5.8.x (required to enable migration to Spring Security 6).While ...

Hi, I have a Spring OAuth Client (BFF), between a Public Angular Client, and an Auth0 Authorization server. When I login...

Probably my last BFF bug, before I shift to Tailwind and Angular (hopefully). It's been an epic 3 month journey so far i...

spring security version 6.3.1i did implement Jwt tocken, but by trying to access protected resource without auth i get b...

After upgrading from Spring Boot 3.1.* to Spring Boot 3.2.0 which includes Spring Security 6.2.0, responses of REST serv...

Hi, Is there a way of preventing a security context from being called twice?I have an API Gateway, with a Token Relay fi...

Given that several tests rely on method parameter names being inspected reflectively, we should configure Eclipse and VS...

Related to https://github.com/spring-projects/spring-security/issues/12534 and https://github.com/spring-projects/spring...

Forward port of #15658Comment From: jzheauxClosed in 0cab7c8f15ab98e97b10458d63ed3d85601b0903 and 1118b0ec63b87de00957f5...

Describe the bugI am running a Spring Boot web application with JDK 21 with the following versions/components:springBoot...

To add an advisor to AuthorizationAdvisorProxyFactory is simple:List<AuthorizationAdvisor> advisors = ...Authoriza...

Related gh-15021See also spring-io/develocity-conventions#82 and spring-io/develocity-conventions#89Comment From: sjohnr...

The workflow does not seem to be marking the duplicate PRs consistently.One example run is this one, where it didn't fin...

I noticed that the class DefaultReactiveOAuth2AuthorizedClientManager relies on passing in Authorized Client instances t...

Describe the bugAuth ManagerDespite doing this, @Configurationinternal class OAuth2AuthorizedManagerConfig { private ...

Spring Security ACL is, by its current implementation, based on SQL databases which joins together all 4 tables (sid, cl...

ContextCurrently, the default Spring Security login and logout pages are styled using Bootstrap CSS. The version we use ...