Expected BehaviorThere seems to be no standard on what JWT contains to communicate client authorities. At the moment Spr...

Describe the bugThe class org.springframework.security.cas.authentication.EhCacheBasedTicketCache has been removed in sp...

It would be nice if we supported throwing AccessDeniedException for Method Security SpEL. This would allow method securi...

Describe the bugMissingServletRequestParameterException happened in the application, but AuthenticationEntryPoint is inv...

How to convert Http Api to Reactive Http API? It would be great if we have bridge between 2 APIsComment From: frantictic...

While working on #14831 I noticed that many default lambda-based factories can be moved to classes where they are used, ...

Describe the bugThe code line setContinueOnErrorThe default value of continueOnError is false, but the java doc describe...

Expected BehaviorAllow more customization or inheritance for CasAuthenticationEntrypointCurrent BehaviorCasAuthenticatio...

I have using webflux together with oauth2-client dependency and I have observing some problems on iPhone and Safari brow...

have integrated SAML with Spring Security, and recently upgraded to spring 3.0.6. After upgrading the SAML integration i...

I would really like to see the ability to add your own custom ResourceRetriever to NimbusJwtDecoder. For example, I woul...

Describe the bugWhen I use Expression-Based Access Control according to the spring security document of 6.0.2 I'm gettin...

I have several UserDetailsService - one for users of a mobile application with a jdbc-based implementation and LdapUserD...

Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/7d398dce6bbb2d1ee6002d...

Rick Jensen (Migrated from SEC-1823) said:With Active Directory (AD), groups can be nested within each other. In fact, i...

When https://github.com/spring-projects/spring-security/pull/14712 was merged, a package tangle was introduced from the ...

The InitializeUserDetailsBeanManagerConfigurer should inject the PasswordEncoder into the constructor of DaoAuthenticati...

Latest Spring Security 6.2.3 breaks AOT for native image (I've been asked to recreate this issue here).Config:1. Spring ...

SummarySince SEC-1915 the ActiveDirectoryLdapAuthenticationProvider provides means to insert a custom searchFilter to se...

Describe the bugThe url is configured with no need to verify permissions, but after carrying the token in the header, th...