玖涯软件开发|java/go/python

Spring Security Facing Invalid destination [http://localhost:8090/saml/SSO] for SAML response while executing fed-saml-example

Hello guys,I am trying to upgrade the Saml package in our project.Trying with the example https://github.com/stnor/fed-s...

Spring Security Support prompt in OIDC flows

SummarySome workflows in OpenID Connect are dependent on being able to use prompt=none to asynchronously refresh the ses...

Spring Security Consider adding dependency convergence detection

We should consider adding dependency convergence detection to our build to prevent issues like gh-13843. For example, th...

Spring Security Authorized users are not recognized as authorized (403 error)

There is an issueWith standart basic security config where all authorized users are permitted for all pages@Beanpublic S...

Spring Security Request to add Custom Properties to AuthenticationConfiguration

Dear. Spring DevelopersAlthough late, I sincerely hope that you receive many blessings in the new year.Expected Behavior...

Spring Security @PreAuthorize #parameters null in Spring Security 6.1.x (Spring Boot 3.2.x)

Describe the bugIn Spring Boot 3.2.x (Spring Security 6.1.x) my @Components used in @PreAuthorize annotations receive al...

Spring Security WebTestUtilsTestRuntimeHints should implement RuntimeHintsRegistrar

The javadoc for TestRuntimeHintsRegistrar says:This API serves as a companion to the core RuntimeHintsRegistrar API. If ...

Spring Security Test using @WithMockUser fails with 401 UNAUTHORIZED with 3.2

Describe the bugThe following test works with 3.1, but fails with 401 UNAUTHORIZED with 3.2:To Reproduce@SpringBootTest(...

Spring Security java.lang.IllegalArgumentException: Context does not have an entry for key [class io.micrometer.core.instrument.Timer$Sample]

Describe the bugSpring Boot: 3.1.2Spring Security: 6.1.2Micrometer: 1.11.2Micrometer Tracing: 1.1.3Possibly related issu...

Spring Security Re-add support for CAS

The CAS client (4.0.0-SNAPSHOT) has just been updated to JDK 17 + Jakarta EE.https://github.com/apereo/java-cas-client/c...

Spring Security Compatibility with Virtual Threads (Project Loom)

This is a Spring wide initiative for the end of the year and Spring Framework has https://github.com/spring-projects/sp...

Spring Security Spring Security with Active Directory shows Property 'userDn' not set - anonymous context will be used for read-write operations INFO message even if anonymous is disabled in HttpSecurity settings

Describe the bugI use AD to authenticate user which works as expected. I have class like below:Note that I have enabled...

Spring Security ObservationWebFilterChainDecorator cancel signal triggers Observation::start

Describe the bugThe ObservationWebFilterChainDecorator should not call start in an onCancel trigger when wrapping a WebF...

Spring Security Spring Security OAuth2 authentication always to the failureUrl after token request successful

The issue is asked on stackoverflow https://stackoverflow.com/questions/77664281/spring-security-oauth2-authentication-a...

Spring Security Invalid Certificate - PKIX Path - RestTemplate

Describe the bugCaused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https:/...

Spring Security GET /login? responds with 405

Hello, I have found a weird behaviour that I cannot explain:in case of missing auth, the request gets forwarded to /logi...

Spring Security Support Sending Json Body instead of Multipart Form Data during WebClientReactive ClientCredentials TokenRequest

I want to send the Oauth Token request sent in case of Grant type Client Credentials as a JSON object{ "grantType" : ...