gh-13090@Configuration@EnableWebSecuritypublic class OAuth2ClientSecurityConfig { @Bean public SecurityFilterChain...

This link is 404 d. thanks for deleting the samples my friends good work https://github.com/spring-projects/spring-secu...

Expected BehaviorDefaultOAuth2AuthorizationRequestResolver should provide a way to customize authorizationRequestMatcher...

SummaryI'm trying to use the AuthorizationManager as a supersedes for AccessDecisionManagerand AccessDecisionVoter, to i...

Describe the bugAfter upgrading the Spring Security to version 5.8.0 signature validation of the SAML Logout Response wo...

https://github.com/spring-projects/spring-security/blob/a4e13c520b351c48378d0287167e53cfc581de46/core/src/main/java/org/...

Contextif my scope has openid, it will return null and then use the OidcAuthorizationCodeAuthenticationProviderBut I hop...

I have already used oAuth2LoginReactiveAuthenticationManager.authenticate for authentication, but I will still need to l...

Expected BehaviorOpenSaml4AuthenticationProvider should be extendable.Current BehaviorOpenSaml4AuthenticationProvider is...

Expected Behaviorhttps://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf#740 defines it.It is useful whe...

Expected BehaviorBy allowing construction of an OrRequestMatcher/AndRequestMatcher from a List<? extends RequestMatch...

Current BehaviorRight now the only cross check validation between the returning SAML response and the outgoing SAML requ...

SummaryWe may want to put additional manual check when allowUriQueryParameter=false to make sure client is not insecure...

SecurityAuthorizationManager currently caches an AuthorizationManager per method/class pair.The memory footprint this re...

In order to publish the metadata endpoint, we should do:DefaultRelyingPartyRegistrationResolver relyingPartyRegistration...

To improve handling of CsrfToken instances generated by a CsrfTokenRepository, consider adding a generic type similar to...

The links between 5.8 and 6.0 migration docs point to a specific version (5.8.0 and 6.0.0 respectively). We should link ...

Describe the bugI have enabled CSRF on my spring cloud API gateway server. I have angular as my GUI framework which call...

This issue is a theme for the Spring Security 6.1 release. Issues that relate to this will be added below.Build Improvem...

Comment From: marcusdacoregioClosed via https://github.com/spring-projects/spring-security/commit/bcf090662374b662b9744a...