Spring Security DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can return null

  • 2025-01-18 08:17:56
  • 355
In some cases DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(OAuth2AuthorizationCodeGrantRequest) can retu...

Spring Security Fix constant value in XContentTypeOptionsServerHttpHeadersWriter

  • 2025-01-18 08:17:54
  • 161
Forward port of #13155 Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit...

Spring Security Fix constant value in XContentTypeOptionsServerHttpHeadersWriter

  • 2025-01-18 08:17:51
  • 161
Forward-port of #13155 Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit...

Spring Security Fix constant value in XContentTypeOptionsServerHttpHeadersWriter

  • 2025-01-18 08:17:49
  • 161
Forward-port of #13155 Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit...

Spring Security Fix constant value in XContentTypeOptionsServerHttpHeadersWriter

  • 2025-01-18 08:17:46
  • 2132
The value in https://github.com/spring-projects/spring-security/blob/613165b86c6f12da21675d410b3b22a9ae7a0b7b/web/src/ma...

Spring Security Migration to EnableMethodSecurity break Transactional on custom PermissionEvaluator

  • 2025-01-18 08:17:42
  • 3560
Hello,I perform the migration from EnableGlobalMethodSecurity to EnableMethodSecurity.So I :1. Change the annotation2. S...

Spring Security Race condition on remember-me cookie when doing requests in parallel

  • 2025-01-18 08:17:39
  • 7488
Describe the bugSo I've build frontent application which doing two requests in parallel:- GET /user/info (authenticated ...

Spring Security The logoutFilter request matcher is hardcode to POST method

  • 2025-01-18 08:17:37
  • 3531
I have troubles with this hardcoded POST method, as in my application we do not post logout url and only use get, possib...

Spring Security R2dbcReactiveOAuth2AuthorizedClientService.loadAuthorizedClient query Exception

  • 2025-01-18 08:17:30
  • 618
I attempted to log in using oauth2 authorization, but the R2dbcReactiveOAuth2AuthorizedClientService.loadAuthorizedClien...

Spring Security TokenBasedRememberMeServices Refreshing Token Between Multiple Requests Results in Cookie theft Exception

  • 2025-01-18 08:17:27
  • 1471
Currently the autoLogin cookie function protected UserDetails processAutoLoginCookie(String[] cookieTokens, ...

Spring Security processAutoLoginCookie Concurrency problem - Inconsistent token value

  • 2025-01-18 08:17:25
  • 22750
Thanks for all the great work, just a minor problem maybe worth mentioning. SetupI have spring-boot app using spring-sec...

Spring Security BUG : Cors changing SimpleUrlMapping with CorsConfig to ResourceHttpRequestHandler

  • 2025-01-18 08:17:22
  • 2769
Describe the bugHave a SimpleUrlMapping with CorsConfig passing all test for several months now. Am testing with Cors an...

Spring Security http://www.springframework.org/schema/security/spring-security.xsd returns 404

  • 2025-01-18 08:17:19
  • 1217
Expected behaviorhttp://www.springframework.org/schema/security/spring-security.xsd returns 404should't it return/point-...

Spring Security SecuredAuthorizationManager should allow customizing underlying authorization manager

  • 2025-01-18 08:17:14
  • 562
Dependent on https://github.com/spring-projects/spring-security/issues/12232, exposing this authorization manager will a...

Spring Security Add native-image support for PreAuthorize

  • 2025-01-18 08:17:11
  • 6086
The security-method sample in spring-native branch sb-3.0.x. uses @PreAuthorize on a controller. The resulting native im...

Spring Security Support for JWT Header TYP as "at+jwt"

  • 2025-01-18 08:17:08
  • 1752
This is a follow-up issue:* originally described in https://github.com/spring-projects/spring-security/issues/9900 (whic...

Spring Security Simplify registering a custom (Reactive)OAuth2AuthorizedClientProvider

  • 2025-01-18 08:17:05
  • 2240
To specify a custom OAuth2AuthorizedClientProvider requires specifying a number of other things as well:@Beanpublic OAut...

Spring Security Role Hierarchy in authorizeHttpRequests() of HttpSecurity

  • 2025-01-18 08:17:03
  • 4677
Expected BehaviorHttpSecurity's authorizeHttpRequests() uses role hierarchy defined as a bean or defined as a separate m...

Spring Security authorization-grant-type does not support common name "jwt-bearer"

  • 2025-01-18 08:17:00
  • 3891
Describe the bugIt is possible to use "urn:ietf:params:oauth:grant-type:jwt-bearer" as a valid authorization-grant-type....

Spring Security AuthorityAuthorizationManager never using defined role hierarchy

  • 2025-01-18 08:16:57
  • 2503
Describe the bugDefined role hierarchy is not picked up by AuthorityAuthorizationManager. Role hierarchy: ROLE_SUPERUSER...
上一页 下一页
.