玖涯软件开发|java/go/python

Spring Security Allow providing of custom WebClient to the oauth2 resource server configuration

Expected BehaviorI'd expect to have a method similar to http.oauth2ResourceServer(oauth2 -> oauth2.webClient(myCustom...

Spring Security RememberMeAuthenticationFilter will not call chain.doFilter(request, response) when he has successHandler

Describe the bugRememberMeAuthenticationFilter will not call chain.doFilter(request, response) when he has successHandle...

Spring Security SessionCreationPolicy.STATELESS is not applied in custom DSL

Hi,I am aware that this has already been discussed in #13840, but- in my opinion - this is a bug. Let me provide some de...

Spring Security RoleHierarchy is ignored with GlobalMethodSecurityConfiguration and @Secured annotation

Describe the bugUsing @EnableGlobalMethodSecurity(securedEnabled = true) does not work with injected RoleHierarchyFor @S...

Spring Security requestMatchers("").not() API is not present in Spring Security 6

Describe the bugIn Spring Security 5 request matchers there is a possibility to invert the .hasRole with the .not method...

Spring Security Change to Using Saml2AuthenticationRequestResolver instead of Saml2AuthenticationRequestFactory

Hello, We have custom SamlAuthenticationRequestFactory implements Saml2AuthenticationRequestFactorywith override createA...

Spring Security AuthorizationManagers should allow a configurable default AuthorizationDecision

When all delegates abstain, AuthorizationManagers's composition implementations return a default AuthorizationDecision. ...

Spring Security Easier way to define Role Hierarchy

Disclaimer: I'm hesitant to create this issue for sometime as this is quite subjective, but I thought that I still want ...

Spring Security Convert custom claim in NimbusOpaqueTokenIntrospector

Expected BehaviorOur current OAuth2 provider returns a custom claim for the roles, which I would like to convert.Current...

Spring Security PR builds are missing Develocity (Gradle Enterprise) credentials

Build scans should be published to ge.spring.io -or- not published at all for PR builds. Credentials (environment variab...

Spring Security Extract SessionManagementFilter into different components

Expected BehaviorThe SessionManagementFilter features should be separated into different components so users can use laz...

Spring Security Support Resource resolution for jwk-set-uri

The new 5.3.0 release includes the very useful Boot property for setting a specific JWT key in public-key-location. Howe...

Spring Security New approach to AuthenticationManager

In my previous project i had AuthenticationManager configured like this:@Bean AuthenticationManager authenticationMan...

Spring Security spring-security-oauth2-autoconfigure migrating to spring-boot-starter-oauth2-client

Describe the bugWhen I use spring-security-oauth2-autoconfigure, my server returns me the authorities information in the...

Spring Security SEC-2427: Subsequent requests from the same browser break remember me function and throws CookieTheftException

Vertonur Sunimi (Migrated from SEC-2427) said:Prerequisite: Browser with authenticated rememberme cookie stored.Reproduc...

Spring Security OAuth2RefreshTokenAuthenticationProvider java.lang.ClassCastException: class java.util.LinkedHashMap cannot be cast to class org.springframework.security.core.Authentication (java.util.LinkedHashMap is in module java.base of loader 'bootstrap'; org.springframework.security.core.Authentication is in unnamed module of loader 'app')

Hello, I'm getting an errorjava.lang.ClassCastException: class java.util.LinkedHashMap cannot be cast to class org.sprin...