Spring Security Deploying Spring Boot 3.1.5 to Tomcat (Spring Security 6.1.5)

  • 2025-01-18 08:43:18
  • 2850
Unable to deploy Spring Boot Application 3.1.5 into Tomcat 10.1.14 with JDK 17.0.8.(Spring Security 6.1.5)I got this er...

Spring Security Factory method 'securityFilterChain' threw exception with message: This method cannot decide whether these patterns are Spring MVC patterns or not

  • 2025-01-18 08:43:15
  • 3791
Describe the bugAn error message from //.requestMatchers("/error").permitAll() This method cannot decide whether these p...

Spring Security Spring Security Persistent Authentication not working in case RequestAttributeSecurityContextRepository

  • 2025-01-18 08:43:13
  • 3250
Describe the bugHTTP GraphQL call which includes two internal calls to REQUEST and ASYNC dispatchers.Custom Auth filter ...

Spring Security AuthorizationManager[Before/After]ReactiveMethodInterceptor doesn't support Kotlin coroutines

  • 2025-01-18 08:43:10
  • 3662
Expected BehaviorAuthorizationManager[Before/After]ReactiveMethodInterceptor should suport Kotlin coroutinesCurrent Beha...

Spring Security JdbcUserDetailsManager does not implements UserDetailsPasswordService

  • 2025-01-18 08:43:05
  • 7391
SummaryJdbcUserDetailsManager does not implements UserDetailsPasswordService like InMemoryUserDetailsManagerActual Behav...

Spring Security Broken link in the servlet starting page adoc

  • 2025-01-18 08:43:03
  • 814
Describe the bugThere's one of the links on the home page that does not lead you to the desired section. This is because...

Spring Security JdbcUserDetailsManager does not implement UserDetailsPasswordService, which causes passwords not to be upgraded

  • 2025-01-18 08:43:00
  • 704
Describe the bugWhile testing spring authorization server I noticed my client secrets were updated, but not my user secr...

Spring Security Fixed call back issue

  • 2025-01-18 08:42:56
  • 740
After enabling fixed session protection, the authorization information of SecurityContextHolder is not updated when the ...

Spring Security ClientCredentialsReactiveOAuth2AuthorizedClientProvider not thread-safe

  • 2025-01-18 08:42:48
  • 6851
We are using spring-security-oauth2-client with client credentials flow in a batch application to call a service that is...

Spring Security Rename cloneSamples to cloneRepository

  • 2025-01-18 08:42:45
  • 219
We should rename the cloneSamples task to cloneRepository to promote reusability. We can pass the arguments that we need...

Spring Security Saml2MetadataFilter response should configure writer to UTF-8

  • 2025-01-18 08:42:43
  • 479
In this line, the Saml2MetadataFilter sends out the response without specifying an encoding. The response will therefore...

Spring Security Make it easier to create a WebExpressionAuthorizationManager with a custom expressionHandler

  • 2025-01-18 08:42:41
  • 8338
It's not easy to customize WebExpressionAuthorizationManager with a custom expressionHandler, when defining the web secu...

Spring Security PermitAll routes returns 401 when token provided is expired or an invalid string

  • 2025-01-18 08:42:38
  • 2512
Describe the bugWhen someone tries to access public API with invalid access token in HttpOnly cookie format or in Author...

Spring Security Support suspend functions with @EnableReactiveMethodSecurity

  • 2025-01-18 08:42:36
  • 665
As a follow up to gh-13764, the following classes can be updated to support suspended functions with Kotlin coroutines:A...

Spring Security DefaultLoginPageGeneratingFilter should be able to handle AuthenticationExceptions without message

  • 2025-01-18 08:42:32
  • 2695
Describe the bugRight now DefaultLoginPageGeneratingFilter#getLoginErrorMessage can return nullable exception message. T...

Spring Security Spring Security in-app authenticatin/authorization role mappings vs J2EE in-web-container authentication/authorization role mappings

  • 2025-01-18 08:42:30
  • 7399
Expected BehaviorIf using Spring Security in-app authentication/authorization, I would like the flexibility I have when ...

Spring Security OAuth2 client: default redirection to login page is done on wrong socket when SSL is enabled (authorization-server instead of client)

  • 2025-01-18 08:42:27
  • 30885
Describe the bugSSL is enabled by default for my spring-boot apps (I have set SERVER_SSL_KEY_PASSWORD, SERVER_SSL_KEY_ST...

Spring Security UnsupportedOperationException in AbstractRequestMatcherRegistry#requestMatchers using programmatically defined ContextLoaderListener

  • 2025-01-18 08:42:24
  • 63641
DescriptionAfter upgrading Spring Security from version 5.8.4 to 5.8.6, the ApplicationContext configured via AbstractAn...

Spring Security PermitAll routes returns 401 when token's provided, but expired.

  • 2025-01-18 08:42:21
  • 2693
Describe the bugPermitAll routes returns 401 when token is provided, but expired. Main problem with BearerTokenAuthentic...

Spring Security Spring Security documentation confuses "idempotent" with "read-only" in CSRF section

  • 2025-01-18 08:42:18
  • 605
The documentation confuses idempotent with read-only:https://docs.spring.io/spring-security/reference/features/exploits/...
上一页 下一页
.