玖涯软件开发|java/go/python

Spring Security Allow customization of Provider Configuration Metadata for Client Registration

It would be nice to have a means to add entries or modify entries in the ClientRegistration.ProviderDetails.configuratio...

Spring Security Broken documentation link for 6.4.0-M1

On https://spring.io/projects/spring-security#learn the link for 6.4.0-M1 links to https://docs.spring.io/spring-securit...

Spring Security Enhance the BackChannelLogoutConfigurer to make the session cookie name configurable.

Expected BehaviorThe BackChannelLogoutConfigurer should make the session cookie name for the OidcBackChannelLogoutHandle...

Spring Security Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect

Documentation for ServletBearerExchangeFilterFunction is incomplete or incorrect, as it mentions this regarding locating...

Spring Security Back-Channel Logout fails with cookie-based CSRF protection

Describe the bugI'm trying to configure Back-Channel Logout on an OAuth2 BFF: a reactive Spring Cloud Gateway instance c...

Spring Security Using spring native to build errors

Describe the bugAfter the construction is completed, there is an error running exeTo ReproduceExecuted build command: mv...

Spring Security Easier SAML metadata configuration via DSL

Expected BehaviorSome or all of these to be available in some form:http.saml2Metadata(saml -> saml .metadataUrl(&q...

Spring Security OAuth2 - Support customizing OAuth2AuthenticationToken through a single AuthenticationProvider

ContextIn my project, I am supporting multiple ways of logging in:- "internal" user store (in-memory or in-database), - ...

Spring Security Add expiry-aware refreshing asserting party repository

With the introduction of #15394, an implementation that uses MetadataResolver would be handy as several of its implement...

Spring Security Validate asserting party metadata signature

Various elements in metadata can be digitally signed. Although signatures are optional, according to SAML specification,...

Spring Security Add repository for returing Asserting Party Metadata

Like RelyingPartyRegistrationRepository, it would be nice to have an interface to represent loading asserting party meta...

Spring Security DefaultRelyingPartyRegistrationResolver should provide the end user to resolve URL with custom URL templates

Expected BehaviorIn DefaultRelyingPartyRegistrationResolver class, there is a private static method resolve() method tha...

Spring Security NPE in DefaultOAuth2User.getName function

Describe the bugProblem is a possible NullPointerException (NPE) in DefaultOAuth2User.getName.To ReproduceGet null value...

Spring Security StrictHttpFirewall#setAllowedHeaderNames should augment with existing Predicate

Expected BehaviorStrictHttpFirewall#setAllowedHeaderNames either should augment the existing predicate with Predicate#an...

Spring Security Add XML support for OIDC backchannel logout

Expected BehaviorOIDC backchannel logout should be configured easily using XML security configuration by Spring namespac...

Spring Security Use Spring SSL bundle in SAML2 signing

Expected BehaviorWhen acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificat...

Spring Security Using sec:authorize in JSPX causes 'java.lang.NullPointerException: Cannot invoke "jakarta.servlet.ServletRegistration.getClassName()" because "registration" is null'

Hello,We are encountering an issue with the sec:authorize expression in JSPX files after upgrading to Spring Security 6....