玖涯软件开发|java/go/python

Spring Security OAuth2AuthenticationExceptionMixin doesn't work in JDK 17

Describe the bugWith Redis session enabled, GenericJackson2JsonRedisSerializer based on ObjectMapper with OAuth2ClientJa...

Spring Security Improve StrictHttpFirewall error messaging

Better error strings for invalid header and parameter values.We have had an outstanding ticket with Cloudflare (https://...

Spring Security WebSecurityConfigurerAdapter migration strange outcome

Describe the bugSome time ago I performed the Spring Security 5.7 migration in our codebase. I noticed that the order of...

Spring Security CookieRequestCache ignores user Locale

Describe the bugWhen using a CookieRequestCache, the first request after authentication is served using the platform's d...

Spring Security Cannot reproduce scrypt encoded password

SCryptPasswordEncoder provides encode() method but the salt is generated internally each time call the method.To reprodu...

Spring Security how to register a global filter

Hello,Is there any way XML/Java config to register a global filter which will be invoked in all the security filter chai...

Spring Security OAuth2 Client - JdbcOAuth2AuthorizedClientService - Issue with PostgreSQL

Describe the bugI receive an exception from the Postgres driver due to type mismatches when using the default functional...

Spring Security Update OAuth2 docs landing page with examples

In order to highlight the configuration improvements of gh-11783, we need a place in the docs to add some code examples ...

Spring Security ServerHttpSecurity can't set multiple authentication managers

SummaryThe documentation seems to support allowing different authentication managers for different authentication specs ...

Spring Security Missing or invalid expire time on OAuth token cause unnecessary reauthorize requests

Expected BehaviorI had legacy OAuth2 authorization server which I can't change, it issues Access token without expiratio...

Spring Security DaoAuthenticationProvider is autoconfigured when more than one AuthenticationProvider is registered

Describe the bugBy default, the AuthenticationManagerBuilderis autoconfigured with an AuthenticationProvider, if registe...

Spring Security Support nested suspend calls for Kotlin coroutines

PrePostAdviceReactiveMethodInterceptor does not currently support nested suspend calls for Kotlin coroutines.We should u...

Spring Security Multiple Servlets (MvcRequestMatcher & AntPathRequestMatcher)

development environmentjdk 17,spring boot 3+, spring 6+, cxf 4+When I inject CXFServlet into spring, spring security can...

Spring Security Consider CSRF protection with a fixed custom header

OWASP lists Custom Request Headers in their CSRF cheat sheet, which says "the client appends a custom header to requests...

Spring Security Verification Credentials with SAML2 Metadata in Spring Security

I'm using Spring Security SAML2 for authentication in my application. We're populating the identity provider details usi...

Spring Security Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found

Describe the bugMethod springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.Web...