A generic AuthenticationFilter class was added in #6506 to v5.2, but there still isn't any documentation to explain why ...

Some users are having a hard time configuring their environment to work with the Spring Security codebase.We should revi...

According to the Webflux documentation it is allowed to use the return type ResponseEntity<Mono<T>>Neither A...

The DefaultMethodSecurityExpressionHandler.createEvaluationContext method calls private access createSecurityExpressionR...

authentication-bug.zipSpring boot 3.2.3Code to reproduce is attached. Start own authorization server before and update p...

https://github.com/spring-projects/spring-security/blob/docs-build/build.gradle#L15-L21https://github.com/spring-project...

We need to provide support for OAuth 2.0 Token Exchange RFC 8693Related #6053 Comment From: William1104Hi, This feature ...

Oauth client with Linkedin login doesn't work on Spring Boot 3.1.1, spring-security-oauth2-client-6.1.6, spring-security...

Describe the bugjava.lang.UnsupportedOperationException: null at java.base/java.util.Collections$EmptyMap.computeIfPr...

Support custom return types for for SpEL method security through the use of providing a Converter of that return type to...

It would be nice if we supported AuthrozationDecision return types for Method Security SpEL. This would allow method sec...

We should strongly consider removing the com.nimbusds:oauth2-oidc-sdk dependency as it has caused a number of issues ove...

Dependency convergence conflict for com.nimbusds:nimbus-jose-jwt using Spring Boot version 3.1.3 / Spring Security versi...

We support filtering the results of collections, but it would be nice to filter non-collection types. I haven't decided ...

It's common to compose the OAuth2TokenValidator<Jwt> defaults with additional validators. Here is an example from ...

All the docs for 5.x series seems to show "Page Not Found" error.https://docs.spring.io/spring-security/reference/5.8/wh...

Describe the bugIf I use class-level annotation @PreAuthorize it's going to be ignored for methods from the parent class...

Hello again,I am not aware how to continue - because Java says it is not Serializable:org.springframework.core.convert.C...

SummaryPassword reuse is a serious problem for users and the source of many different hacks. It would be awesome if we c...

Describe the bugSince Spring Security 2.6 throwing an AuthenticationException inside an AuthenticationProvider causes th...