We are configuring HttpSecurity to use a different SecurityContextRepository via http.securityContext().securityContextR...

Describe the bugContextAwareServerHttpSecurity visibility does not allow it to be proxied via an Aspect call. Any attemp...

https://docs.spring.io/spring-security/reference/5.8/servlet/authorization/authorize-requests.html#filtersecurityinterce...

Servlet spec states that include dispatch:... cannot set headers or call any method that affects the headers of the resp...

We are using spring-security-saml2-core version 1.0.10 extensively. Since, end of life is announced we are migrating to ...

SummaryI am building a Spring based application that delegates authentication to an OIDC provider like Keycloak. The OID...

Describe the bugWe are migrating an application from spring boot 2.7.5 to 3.0, the application is failing to start with ...

SummaryWhen configuring WebFluxSecurityConfiguration and WebMvcSecurityConfiguration, following problem would occour at ...

this mvc version:`@Bean @Order(Ordered.HIGHEST_PRECEDENCE) public SecurityFilterChain authorizationServerSecurityF...

I hope to add a feature for registering filters. When I want to develop a class similar to FormLogiConfigurer, I need to...

Describe the bugWhen a rest resource is protected by a SecurityFilterChain as a oauth2ResourceServer with jwt enabled an...

We should improve (refresh) CSRF documentation in Spring Security 6.Comment From: sjohnrRelated gh-12646Comment From: sj...

When I use web.ignoring().antMatchers() I'd like to see a DEBUG message instead of a WARNING for each ignored pattern.I'...

Comment From: marcusdacoregioThere is already such implementation https://github.com/spring-projects/spring-security/blo...

[ ] WebSecurity#ignoring[ ] LdapAuthenticationProviderConfigurer#passwordCompare[ ] AuthenticationManagerBuilder#ldapAut...

Describe the bugWith Spring Boot 3.0.5, I have the following Security Configuration and CSRF works as expected. package ...

The Kotlin DSL to configure HTTP security doesn't work as shown in the documentation.The following example doesn't compi...

When I am using webflux, the MessageSourceAccessor.getDefaultLocale() obtained by MessageSourceAccessor.getMessage() is ...

Expected BehaviorUsing the following RoleHierarchyImpl, I would expect ROLE_ADMIN contains ROLE_EDITOR_A and ROLE_EDITOR...

SummaryAs per the spring doc multiple filter chains can be configured as below <bean id="filterChainProxy" class="org...