玖涯软件开发|java/go/python

Spring Security Support custom GrantedAuthorities strategy for ActiveDirectoryLdapAuthenticationProvider

SummaryIn connection with using ActiveDirectoryLdapAuthenticationProvider it is only possible to extract memberOf in the...

Spring Security Allow authorities loading customization in ActiveDirectoryLdapAuthenticationProvider

Expected BehaviorYou can change ActiveDirectoryLdapAuthenticationProvider's loadUserAuthorities behavior somehow (by ext...

Spring Security Support GrantedAuthorityDefaults Bean in authorizeHttpRequests Kotlin DSL

OverviewIn the Java DSL configuration, the role prefix is correctly applied based on the configured GrantedAuthorityDefa...

Spring Security Simplify MVC-based authentication

It's common in an application to use Spring MVC to publish a custom login page, for example like so:@GetMapping("/l...

Spring Security Add OpenFGA Support

We should look into adding OpenFGA support See https://openfga.dev/Some NOTES for myself:[ ] We can use Testcontainers s...

Spring Security Session Cookie name cannot be changed in OIDC back channel logout handler

Describe the bugIn OidcBackChannelLogoutHandler.java for Spring Security 6.3.0 (and earlier), the session cookie name is...

Spring Security Incorrect documentation for OIDC Back-Channel Logout

Describe the bughttps://docs.spring.io/spring-security/reference/servlet/oauth2/login/logout.html states that you need a...

Spring Security default SpringOpaqueTokenIntrospector always returns empty authorities

The default principal created for an OAuth2 resource server opaque token does not include the token scopes in the author...

Spring Security AbstractRequestMatcherRegistry#requestMatchers should pick MvcRequestMatcher when using MockMvc

Because MockMvc's mock servlet context does not return any servlet registrations, Spring Security will pick AntPathReque...

Spring Security Improve CVE-2023-34035 detection

:zap: UPDATE :zap:: A proposed solution is available in the latest 6.2 snapshot build. Please see this comment for detai...

Spring Security Unable to obtain SecurityContext when using @PathVariable

Describe the bugA request cannot obtain a SecurityContextusing @PathVariable, but using @RequestParam can obtain a Secur...

Spring Security Uses deprecated method

In https://github.com/spring-projects/spring-security/blob/5.4.x/samples/boot/helloworld/src/main/java/org/springframewo...

Spring Security Reactive JWT Decoder not picking up algo from jwk but non reactive version works

Describe the bugReactiveJwtDecoders.fromIssuerLocation("https://thomasmiller.eu.authz.cloudentity.io/thomasmiller/test")...

Spring Security signWith() in version 6 makes big problem when trying to verify JWT on client-side

There is a problem in SpringSecurity 6 when signing JWT. For example, I have these 2 methods in my application:` publi...

Spring Security Logic of secured endpoint (Mono ResponseEntity) is invoked for authenticated requests but HTTP 401 is returned

Describe the bugAfter migrating from SpringBoot 2.7.7 to Spring Boot 3.0.2 I observed that REST endpoints which return a...

Spring Security Spring Cloud Gateway - TokenRelayGatewayFilter - Fetching of access token by refresh token run into stale token error response

Describe the bugHi,We are using Spring Cloud Gateway as BFF for a frontend application which is written in next.js and c...