The existence of https://docs.spring.io/spring-security/site/docs/6.1.10-SNAPSHOT/api/ gives the impression that it may ...

(Follow up of https://github.com/spring-projects/spring-framework/issues/33164)Our Webservice that uses WebFlux returns ...

@EnableMethodSecurity, and more specifically MethodSecurityAdvisorRegistrar registers each Spring Security method interc...

Sometimes, possibly due to a race condition, the deployDocs task fails in the following way:rm: cannot remove ‘/var/www/...

Condor (Migrated from SEC-2127) said:I have 3 related problems with the Spring Security CAS client:1. My web application...

I'm persisting data to Redis, for my Spring Boot application. This requires me to create a custom Jackson Object Mapper ...

Describe the bugI have encountered an issue with the Spring SAML library that leads to incorrect token validation during...

There is only documentation incidental to anonymous access about @CurrentSecurityContext. There should be a dedicated se...

Expected BehaviorSpring applications with sessions optionally expose an "observable" of session events (something like a...

Spring LDAP 3 introduced LdapClient, a fluent alternative to LdapTemplate similar to WebClient and RestClient. It would ...

A recent update in Spring Framework causes classes that use @Mock to mock TestContext to fail. Updating tests to mock Te...

Describe the bugWhen using AbstractSecurityWebSocketMessageBrokerConfigurer we can override sameOriginDisabled and enabl...

I get this Serialisation Error with Redis, and don't know how to fix it?Can anyone help?More details here:https://stacko...

Expected BehaviorOption to add/modify/remove SAML20AssertionValidators.attributeValidator especially subjects (BearerSub...

Expected BehaviorI have found one inconsistency in the spring security documentation.More specifically on this page http...

It would be nice if we could improve the support of @AuthenticationPrincipal meta-annotations to align with method secur...

When trying to build Spring Security when disconnected from the Internet, the Structure101 plugin complains with:Unknown...

William Gorder (Migrated from SEC-2983) said:Is there a good reason for not returning MutableUser.delegate in the InMem...

I wasn't sure if this was a contradiction. It says here that the session cookie should be called: JSESSIONIDhttps://docs...

The given test:public class HandleTests { @Test public void test() { AuthorizationProxyFactory proxyFactory ...