SummaryI'd like the ability to use method security annotations (e.g. @PreAuthorize) on both synchronous and reactive met...

Given I created a custom JWT decoder as described in the Spring OAuth2 Resource Server Documentation with NimbusJwtDecod...

I'm currently in the process of migrating my application's authentication from Spring Security SAML Extension to Spring ...

Expected BehaviorMember authorizationRequestCustomizer of DefaultOAuth2AuthorizationRequestResolver is of type Consumer&...

Rob Winch (Migrated from SEC-2409) said:Spring Security's ACL implementation allows users to determine if a access is al...

We should look into how to make the SAML 2.0 support native compatible. At first, it seems not viable for the Spring Sec...

org.springframework.security:spring-security-oauth2-jose:jar:6.2.3 has a dependency to com.nimbusds:nimbus-jose-jwt:jar:...

The documentation for Spring Security, section Servlet Architecture -> Architecture mentions the following: "The Req...

There are quite a few authorization servers (see how many users have commented on gh-10018) that do not URL Encode the C...

We should add some information for the following client authentication methods:client_secret_basicclient_secret_postnone...

This issue is related to gh-10538 and will address validating certificate-bound "opaque" access tokens for both the Serv...

Describe the bugI recently upgraded from Boot 2.7 to 3.2.7.Since then I am getting a lot of java.lang.IllegalStateExcept...

Describe the bugI am using Spring MVC to create a service and Spring WebFlux to use WebClient. WebClient uses JWT to aut...

Describe the bugversion- spring boot 3.0.1- spring security 6.0.1not execute .permitAll()just not registered controller....

Expected BehaviorFor my testing environment, I have specified a user in memory as shown below. Per the documentation, it...

Describe the bugAfter upgrading to spring-security 6, permitAll configuration does NOT work as expected. When using an A...

Custom method for has permissions is being invoked in PreAuthorize. Method customHasPermission checks for the permission...

Describe the bugWhen token expires_in is less then 62 seconds two requests are made instead of 1.To ReproduceIn token re...

I'm usingSpring Boot 3.2.5Spring Security 6.2.4Describe the bugWhile playing around with Custom DSL, I noticed adding an...

Hi Spring Security Team 🙂 ContextHow has this issue affected you?Just a minor inconvenience when updating to 6.2What are...