In light of https://github.com/spring-projects/spring-security/issues/13794, we should consider adding tests to Spring S...

Describe the bugAfter upgrading an app to Spring Boot 3, a working filter chain that works in the latest Spring Boot 2 v...

Comment From: andreilisaHello @jzheaux, I would like to work on it if it is actual, but I will need some details.What in...

Describe the bug12307 is now closed. So I created this issue.In this comment it suggests to use this to configure PortMa...

Describe the bugorg.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter doesn't work while $...

SummaryRefresh tokens don't support timeouts - if refresh token expires application will keep trying to refresh access t...

Based on conversations and my own experiences getting into Spring Ecosystem, Spring Security stands as a large obstacle ...

Expected BehaviorThe link associated with Spring Security’s Filters instances in the AuthenticationManager section of th...

In current the documentation for Matching Methods with Custom Pointcuts there are examples of custom pointcut in Java/Ko...

Forward port of #14218Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/...

We should provide an implementation of Reactive Method Security that leverages ReactiveAuthorizationManager similar to g...

Update SecurityNamespaceHandler to require 6.2Add spring-security-6.2.rnc and spring-security-6.2.xsdUpdate spring.schem...

Question SummaryIf applicable, please mention:Environment: Cloud FoundryAdditional informationI want to migrate a applic...

Describe the bugA normally successful (using Postman) OAuth2 authentication using a WordPress OAuth2 plugin as a custom ...

Describe the bugUsing SecurityMockMvcRequestPostProcessors.csrf() gives invalid CSRF token when configuration contains c...

SummaryI ❤️ the new OidcClientInitiatedServerLogoutSuccessHandler in Spring Security 5.2! The only problem I see with it...

I have configured OIDC backchannel logout in an application with a context-path. Issuing the logout from the provider d...

In #12570, it was decided to make the OIDC Back-Channel Logout API private for now to allow the feature to be released a...

Spring security has a massive number of configuration options and it can be quite overwhelming to know which combination...

Describe the bugSome spring.security counters contain still wrong value after active counter were fixed#14031At least th...