玖涯软件开发|java/go/python

Spring Security IpAddressMatcher Performance

Expected BehaviorGiven that the following String.format in IpAddressMatcher happens regardless of whether it's a valid i...

Spring Security RequestCacheConfigurer default request matcher doesn't allow saving POST requests when csrf is enabled

SummaryIn a web application with Spring Security 4.2.x, RequestCacheConfigurer configures a default request matcher that...

Spring Security Missing native-image reflection hint for .oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer.jwt(Customizer.withDefaults()))

Describe the bugJDK 21, GraalVM 21, Okta Oauth2 employee , Spring Boot 2.3.1File WebSecurityConfig.javaimport org.spring...

Spring Security Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain': Failed to instantiate [org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy]: Constructor threw exception

Describe the bugAccording to the official website,defining required components. When the annotation is set to @ enableWe...

Spring Security Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method

DescriptionWe are experiencing an issue where exceptions thrown by the decode method are not being caught as expected wh...

Spring Security Configure Dependabot for docs-build's build.gradle

Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/7a8f9b446e5a5fd913b96e...

Spring Security Use micrometer context-propagation to propagate auth between threadlocal and reactor ops

In spring mvc with reactive API, it uses a custom reactor subscriber, SecurityReactorContextSubscriber, to propagate the...

Spring Security Spring Security 6.x / Single Page Web Application / CSRF - formLogin not working anymore

Describe the bugI have a Spring Boot 3.x application (with Spring Security 6.x). The frontend is Angular 15.2.x. I am fo...

Spring Security Kotlin DSL should contain formLogin.usernameParameter and formLogin.passwordParameter

Expected BehaviorThe FormLoginDsl should contain usernameParameter and passwordParameter properties.formLogin { usernam...

Spring Security Allow retrieving username from SAML Assertion Attributes

Expected BehaviorUsername (in the sense of Principal Name) can be released by IdP AuthnRequest's Assertion in NameID ele...

Spring Security SessionManagementSpec missing on latest release

Hi.I saw that there was an issue regarding the Max Sessions on WebFlux (https://github.com/spring-projects/spring-securi...

Spring Security WebSessionServerOAuth2AuthorizedClientRepository should not store entire ClientRegistration in every session

Expected BehaviorThe implementation does not store ClientRegistration in WebSession but uses ReactiveClientRegistrationR...

Spring Security Customization of AccessDeniedException Message and Check Method Usage in AuthorizationManager

Expected BehaviorI want to customize the AuthorizationManager and the AccessDeniedException message.Current BehaviorThe ...

Spring Security There is a typo in the JavaDoc for the hasPermission method in the SecurityExpressionOperations class

hello.There is a typo in the JavaDoc for the hasPermission method in the SecurityExpressionOperations classhttps://githu...

Spring Security Reactive Method Security not working with kotlin from Spring boot version 3.0.3 :The returnType class java.lang.Object on public java.lang.Object

Describe the bugWhen using reactive method security on a Kotlin spring boot reactive app with coroutines, I am getting a...