Describe the bugAfter migrating to Spring Security 6 and replacing the deprecated authorizeRequests(...) method with aut...

In the Spring Security 6.1.1,The javadoc for the setFilterErrorDispatch method of the AuthorizationFilter class states t...

Currently we have support for Password Based Login in Spring Security. But I can't find any support for Login With OTP o...

We should support phc password storage as described in OWASP Password Storage Cheat Sheet.

Describe the bugI'm converting my application from the Spring Security OAuth 2.5.2 version to the 5.6.9And I see differe...

Making Spring Security's actions observable at runtime will help make applications more secure. Following recommendation...

This issue is a theme for the Spring Security 6.2 release. Issues that relate to this will be added below.Documentation ...

Providing both Java and XML configuration support requires higher maintenance overhead. We should consider removing XML ...

In modern applications authorization decisions for different end points can take a look at many attributes of a request,...

We should consider introducing a new component model for authentication and authorization with the main goal of improvin...

We should consider introducing a new authorization rules model.Defining the authorization rules should be simple and nat...

We should consider redesigning the configuration model with the main goal of simplifying usage.The new configuration mod...

We should consider removing underused modules and APIs in Spring Security 7.0 to help reduce the maintenance and support...

When building a large application with many modules I want to be able to define spring security configuration in each mo...

Mattias Severson (Migrated from SEC-2083) said:When using annotations to filter collections based, e.g. @PostFilter("has...

In order to account for blockers to the release process such as checking dependency update exclusions, updating dependen...

In new Spring Security, what should I do to replace these code follw:@Override protected void configure(Authenticatio...

Describe the bugAfter implementing CSRF protection for SPAs following Spring's official guide, where it's stated that "R...

Describe the bugin issue https://github.com/spring-projects/spring-security/issues/10032After authentication, a new Secu...

Describe the bugCurrent version 6.1.0When I use the composite annotation to include @EnableMethodSecurity, similar to @C...