玖涯软件开发|java/go/python

Spring Security CSRF Support for SameSite

SummaryAn alternative to using the synchronizer token pattern is to use the approach described in https://tools.ietf.org...

Spring Security Same Site Cookie Attribute Feature Request

SummaryIt would be nice if Spring Security would allow a developer an easy way to set authentication cookies to have the...

Spring Security Add saml2Logout Kotlin DSL support

Describe the bugA clear and concise description of what the bug is.To ReproduceSteps to reproduce the behavior.Expected ...

Spring Security Improve Documentation

Each section of Spring Security's reference manual should be reviewed in consideration of the following structure:Start ...

Spring Security "Span wasn't started - an observation must be started (not only created)" (Micrometer) due to observation handling in Spring Security Web?

Describe the bugIn all of our Spring WebFlux-based applications having integrated Spring Security Web and Micrometer, we...

Spring Security Replace "Spring Boot 2.x" with "Spring Boot"

Expected BehaviorDocs should reference "Spring Boot" without "2.x".Current BehaviorThe docs currently refer to "Spring B...

Spring Security Add reasonable timeout to JwtDecoderProviderConfigurationUtils and NimbusJwtDecoder

Expected BehaviorThese classes should use reasonable default timeouts to avoid the possibility of a connection hanging.C...

Spring Security Migration from 4.x to 5.x

SummaryProvide a Migration from 4.x to 5.x guidePasswordEncoderIn the meantime, please refer to [PasswordEncoder javadoc...

Spring Security Updating mockk from 1.13.3 to 1.13.4 causes test failures

Some example failures include:java.lang.ClassCastException: class org.slf4j.helpers.NOPLogger cannot be cast to class ch...

Spring Security SEC-1945: Encapsulation of Pre/PostAuthorize expressions in custom annotations and combining them on methods

Jan Novotný (Migrated from SEC-1945) said:I would like to raise an idea for further discussion. When using PreAuthorize ...

Spring Security Add support for HSM

Many applications will not deal with keys at all but will instead send data to a service like Vault to be encrypted, dec...

Spring Security Add option to prefetch jwks before first request, and refresh it in background

Expected BehaviorJWKS fetching should not have influence on response times on resource server. It should be fetched imme...

Spring Security Add support for JWT/JWE

We should provide support for encrypting / decrypting the claims set of a JWE (JSON Web Encryption).Comment From: jgrand...

Spring Security SEC-3104: Security annotation error customization

Gökhan Öner (Migrated from SEC-3104) said:@PreAuthorize, @PostAuthorize, @Secured annotation can have a parameter to poi...

Spring Security Support Specifying Identifier for relying-party-registrations Element

When using <relying-party-registrations> to configure a RelyingPartyRegistrationRepository, it would be helpful to...

Spring Security Add BearerTokenAuthenticationConverter

Need to add BearerTokenAuthenticationConverter that implements AuthenticationConverter. Perhaps, it is worth extract som...

Spring Security org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler$CachedCsrfTokenSupplier not Serializable

Describe the bugWhen serializing and deserializing pages in the cache store in a upgraded wicket application (upgraded f...