I am sorry, English is not my first language. If you do not understand, please send email to me, zhangbin.zj@gmail.com. ...

Expected BehaviorWhen a user is authenticated with several OPs, it should be possible to access his different identities...

Given that OpenSamlAuthenticationTokenConverter is the default authentication converter used by spring-security-config w...

Because the saml2Login DSL calls HttpSecurity#authenticationProvider to register its AuthenticationProvider, this overri...

With the following issues closed we've added the ability to configure the security of an application without needing the...

If spring-security support such extension:@FunctionalInterfacepublic interface UserAuthorityMapper { Collection<? ...

Hi, beginning with 5.8.5 I'm getting an issue where when I'm trying to add dynamic servlets the appserver is replying wi...

It should also take OAuth2WebSecurityExpressionHandlerCurrently WebExpressionAuthorizationManager support for OAuth2WebS...

First of all, the following part is obsolete,https://docs.spring.io/spring-security/reference/servlet/authorization/expr...

For an application to direct Spring Security to use MvcRequestMatcher, it is necessary to use requestMatchers(RequestMat...

Expected BehaviorThe currently generated login and logout pages include 2 CSS from Bootstrap CDN. The first CSS (bootstr...

After learning about the new authorization configuration support in HttpSecurity::authorizeHttpRequests and seeing the d...

Describe the bugCollectionFilterer and the like use a HashSet to store elements to be removed which in turn calls equals...

My Java application uses spring security and Saml2 as a service provider. I am able to integrate with the identity provi...

The RememberMe docs is pretty light on configuration samples, there are only XML configuration fragments.It should be im...

In the servelet/authorization/arcitecture reference, method return statement is omitted.Current Reference Content@Beanst...

Expected BehaviorThe following code should work: @Bean public SecurityFilterChain securityFilterChain(HttpSecurity htt...

Expected BehaviorSpring security test cases make extensive use of TestOidcUsers.create() and similar classes. see https:...

SummaryDocumentation here and here shows example of how to get Authentication token using ReactiveSecurityContextHolder....

The snapshot build should use the latest Spring Framework, Data, Boot, and Reactor snapshots that align with the release...